feat(quality): Sprint 2 pre-deploy gates and server smoke tests

Extract Express app factory for testability, add Vitest/Supertest API smoke tests, root npm run check script, and deployment docs. Fix express-rate-limit IPv6 keyGenerator for feedback limiter. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 15:17:46 +02:00
parent 4ef56aeb8f
commit 0edf4a789c
12 changed files with 2163 additions and 112 deletions
@@ -0,0 +1,48 @@
+import { describe, it, expect, vi, beforeAll } from 'vitest'
+import request from 'supertest'
+
+vi.mock('./db.js', () => ({
+  prisma: {
+    $queryRaw: vi.fn().mockResolvedValue([{ '?column?': 1 }])
+  }
+}))
+
+const { createApp } = await import('./app.js')
+
+describe('API smoke', () => {
+  const app = createApp()
+
+  beforeAll(() => {
+    process.env.SESSION_SECRET =
+      process.env.SESSION_SECRET ?? 'test-session-secret-minimum-32-characters-long'
+    process.env.ORIGIN = process.env.ORIGIN ?? 'http://localhost:5173'
+    process.env.RP_ID = process.env.RP_ID ?? 'localhost'
+  })
+
+  it('GET /api/health returns ok when database is reachable', async () => {
+    const res = await request(app).get('/api/health')
+    expect(res.status).toBe(200)
+    expect(res.body.status).toBe('ok')
+    expect(res.body.database).toBe('connected')
+  })
+
+  it('GET /api/logbooks requires session', async () => {
+    const res = await request(app).get('/api/logbooks')
+    expect(res.status).toBe(401)
+    expect(res.body.error).toMatch(/Unauthorized/i)
+  })
+
+  it('POST /api/sync/push requires session', async () => {
+    const res = await request(app)
+      .post('/api/sync/push')
+      .send({ items: [] })
+    expect(res.status).toBe(401)
+    expect(res.body.error).toMatch(/Unauthorized/i)
+  })
+
+  it('GET /api/collaboration/invite-details requires token query', async () => {
+    const res = await request(app).get('/api/collaboration/invite-details')
+    expect(res.status).toBe(400)
+    expect(res.body.error).toMatch(/Token/i)
+  })
+})