Phase 1a: shared schemas, service layer, server tooling

- shared/schemas/: move Zod schemas out of routes so client + server share them - shared/types.ts: inferred types and enums for cross-package use - server tsconfig rootDir raised to ".." so shared/ compiles in-tree - server/src/services/: ticket, comment, cti, user, auth, notification (stub), search (stub) - Routes thinned to validate-delegate-return; business logic now testable in isolation - server/src/lib/httpError.ts: typed HttpError replaces ad-hoc throw shapes - server/src/lib/logger.ts: pino structured logging replaces console.log - autoClose job delegates to ticketService.closeStale() - express-rate-limit on /api/auth/login (10 / 15min / IP) - vitest + vitest-mock-extended; 20 service-level tests cover auth, ticket, comment, user flows - CI: lint + test jobs before docker builds Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 15:34:57 -04:00
parent 27d2ab0f0d
commit aff52e5672
38 changed files with 1260 additions and 2119 deletions
@@ -0,0 +1,83 @@
+import { describe, it, expect } from 'vitest';
+import { prismaMock } from '../test/setup';
+import { addComment, deleteComment } from './commentService';
+import { HttpError } from '../lib/httpError';
+
+describe('commentService.addComment', () => {
+  it('404s when ticket not found', async () => {
+    prismaMock.ticket.findFirst.mockResolvedValue(null);
+    await expect(addComment('V1', 'body', 'u1')).rejects.toMatchObject({ status: 404 });
+  });
+
+  it('accepts either id or displayId and writes audit + comment', async () => {
+    prismaMock.ticket.findFirst.mockResolvedValue({
+      id: 'tid',
+      displayId: 'V111',
+      title: 't',
+      overview: 'o',
+      severity: 3,
+      status: 'OPEN',
+      categoryId: 'c',
+      typeId: 'ty',
+      itemId: 'i',
+      assigneeId: null,
+      createdById: 'u1',
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      resolvedAt: null,
+    });
+    prismaMock.comment.create.mockResolvedValue({
+      id: 'cid',
+      body: 'hi',
+      ticketId: 'tid',
+      authorId: 'u1',
+      createdAt: new Date(),
+    });
+
+    await addComment('V111', 'hi', 'u1');
+    expect(prismaMock.comment.create).toHaveBeenCalledWith(
+      expect.objectContaining({ data: expect.objectContaining({ ticketId: 'tid', body: 'hi' }) }),
+    );
+    expect(prismaMock.auditLog.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.objectContaining({ action: 'COMMENT_ADDED', detail: 'hi' }),
+      }),
+    );
+  });
+});
+
+describe('commentService.deleteComment', () => {
+  const baseComment = {
+    id: 'cid',
+    body: 'x',
+    ticketId: 'tid',
+    authorId: 'author1',
+    createdAt: new Date(),
+  };
+
+  it('rejects non-author non-admin with 403', async () => {
+    prismaMock.comment.findUnique.mockResolvedValue(baseComment);
+    await expect(
+      deleteComment('cid', { id: 'other', role: 'AGENT' }),
+    ).rejects.toMatchObject({ status: 403 });
+  });
+
+  it('allows the author to delete', async () => {
+    prismaMock.comment.findUnique.mockResolvedValue(baseComment);
+    await expect(deleteComment('cid', { id: 'author1', role: 'AGENT' })).resolves.toBeUndefined();
+    expect(prismaMock.comment.delete).toHaveBeenCalled();
+  });
+
+  it('allows admin to delete', async () => {
+    prismaMock.comment.findUnique.mockResolvedValue(baseComment);
+    await expect(deleteComment('cid', { id: 'other', role: 'ADMIN' })).resolves.toBeUndefined();
+    expect(prismaMock.comment.delete).toHaveBeenCalled();
+  });
+
+  it('404s when comment missing', async () => {
+    prismaMock.comment.findUnique.mockResolvedValue(null);
+    await expect(
+      deleteComment('missing', { id: 'u', role: 'ADMIN' }),
+    ).rejects.toThrow(HttpError);
+  });
+});