jdeville05/pantree
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement full backend API for Pantree Phase 1 MVP

Browse Source
This commit is contained in:
Azriel
2026-05-10 04:57:26 +00:00
parent d755eea792
commit 03a2cfb748
32 changed files with 4139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

240
tests/auth.test.js Normal file
View File

@@ -0,0 +1,240 @@
'use strict';
const request = require('supertest');
const app = require('../../src/main/app');
const { setDb } = require('../../src/db/knex');
const { createTestDb } = require('../helpers/testDb');
describe('Auth Routes', () => {
let db;
beforeEach(() => {
db = createTestDb();
setDb(db);
});
// ── POST /v1/auth/signup ────────────────────────────────────────────────────
describe('POST /v1/auth/signup', () => {
it('creates a new user and returns token', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1', name: 'Jane Doe' });
expect(res.status).toBe(201);
expect(res.body.user.email).toBe('jane@example.com');
expect(res.body.user.name).toBe('Jane Doe');
expect(res.body.token).toBeDefined();
expect(res.body.expires_at).toBeDefined();
// password_hash must never appear in response
expect(res.body.user.password_hash).toBeUndefined();
});
it('lowercases email on storage', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'JANE@EXAMPLE.COM', password: 'password1', name: 'Jane' });
expect(res.status).toBe(201);
expect(res.body.user.email).toBe('jane@example.com');
});
it('returns 409 when email already registered', async () => {
await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1', name: 'Jane' });
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1', name: 'Jane Again' });
expect(res.status).toBe(409);
expect(res.body.code).toBe('CONFLICT');
});
it('returns 409 for case-insensitive duplicate email', async () => {
await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1', name: 'Jane' });
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'JANE@EXAMPLE.COM', password: 'password1', name: 'Jane' });
expect(res.status).toBe(409);
});
it('returns 400 for invalid email', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'not-an-email', password: 'password1', name: 'Jane' });
expect(res.status).toBe(400);
expect(res.body.code).toBe('VALIDATION_ERROR');
});
it('returns 400 for password shorter than 8 chars', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'short', name: 'Jane' });
expect(res.status).toBe(400);
});
it('returns 400 for non-alphanumeric password', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'p@ssword1', name: 'Jane' });
expect(res.status).toBe(400);
});
it('returns 400 when name is missing', async () => {
const res = await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1' });
expect(res.status).toBe(400);
});
it('returns 400 when body is empty', async () => {
const res = await request(app).post('/v1/auth/signup').send({});
expect(res.status).toBe(400);
});
});
// ── POST /v1/auth/signin ────────────────────────────────────────────────────
describe('POST /v1/auth/signin', () => {
beforeEach(async () => {
await request(app)
.post('/v1/auth/signup')
.send({ email: 'jane@example.com', password: 'password1', name: 'Jane' });
});
it('returns token on valid credentials', async () => {
const res = await request(app)
.post('/v1/auth/signin')
.send({ email: 'jane@example.com', password: 'password1' });
expect(res.status).toBe(200);
expect(res.body.token).toBeDefined();
expect(res.body.user.email).toBe('jane@example.com');
});
it('is case-insensitive for email', async () => {
const res = await request(app)
.post('/v1/auth/signin')
.send({ email: 'JANE@EXAMPLE.COM', password: 'password1' });
expect(res.status).toBe(200);
});
it('returns 401 for wrong password', async () => {
const res = await request(app)
.post('/v1/auth/signin')
.send({ email: 'jane@example.com', password: 'wrongpass' });
expect(res.status).toBe(401);
expect(res.body.code).toBe('UNAUTHORIZED');
});
it('returns 401 for unknown email', async () => {
const res = await request(app)
.post('/v1/auth/signin')
.send({ email: 'nobody@example.com', password: 'password1' });
expect(res.status).toBe(401);
});
it('returns 400 when fields are missing', async () => {
const res = await request(app)
.post('/v1/auth/signin')
.send({ email: 'jane@example.com' });
expect(res.status).toBe(400);
});
});
// ── POST /v1/auth/password-reset ────────────────────────────────────────────
describe('POST /v1/auth/password-reset', () => {
it('always returns 200 regardless of email existence', async () => {
const res = await request(app)
.post('/v1/auth/password-reset')
.send({ email: 'nobody@example.com' });
expect(res.status).toBe(200);
expect(res.body.message).toMatch(/reset link/i);
});
it('returns 400 for invalid email', async () => {
const res = await request(app)
.post('/v1/auth/password-reset')
.send({ email: 'not-an-email' });
expect(res.status).toBe(400);
});
});
// ── DELETE /v1/auth/account ─────────────────────────────────────────────────
describe('DELETE /v1/auth/account', () => {
it('soft-deletes the authenticated user account', async () => {
const signupRes = await request(app)
.post('/v1/auth/signup')
.send({ email: 'delete@example.com', password: 'password1', name: 'Delete Me' });
const token = signupRes.body.token;
const res = await request(app)
.delete('/v1/auth/account')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(204);
// Verify account is soft-deleted
const users = db.getTable('users');
const user = users.find((u) => u.email === 'delete@example.com');
expect(user.deleted_at).toBeDefined();
expect(user.deletion_scheduled_at).toBeDefined();
});
it('returns 401 without token', async () => {
const res = await request(app).delete('/v1/auth/account');
expect(res.status).toBe(401);
});
});
// ── POST /v1/auth/restore-account ──────────────────────────────────────────
describe('POST /v1/auth/restore-account', () => {
it('restores a soft-deleted account', async () => {
const signupRes = await request(app)
.post('/v1/auth/signup')
.send({ email: 'restore@example.com', password: 'password1', name: 'Restore Me' });
const token = signupRes.body.token;
await request(app)
.delete('/v1/auth/account')
.set('Authorization', `Bearer ${token}`);
const res = await request(app)
.post('/v1/auth/restore-account')
.send({ email: 'restore@example.com', password: 'password1' });
expect(res.status).toBe(200);
expect(res.body.user.deleted_at).toBeNull();
expect(res.body.message).toMatch(/restored/i);
});
it('returns 401 for wrong credentials', async () => {
const res = await request(app)
.post('/v1/auth/restore-account')
.send({ email: 'nobody@example.com', password: 'password1' });
expect(res.status).toBe(401);
});
});
});

305
tests/helpers/testDb.js Normal file
View File

@@ -0,0 +1,305 @@
'use strict';
/**
* In-memory database stub for tests.
* Replaces the real Knex/PostgreSQL connection with a lightweight
* object that simulates table operations using plain JS Maps.
*
* Usage: const db = createTestDb(); setDb(db);
*/
function makeTable(rows = []) {
return [...rows];
}
/**
* Creates a minimal Knex-like query builder stub backed by in-memory arrays.
* Supports: insert, where, whereRaw, whereIn, whereNull, whereNotNull,
* first, select, update, delete, returning, orderBy,
* leftJoin, groupBy, raw, transaction.
*/
function createTestDb(initialData = {}) {
const tables = {};
function getTable(name) {
if (!tables[name]) tables[name] = [];
return tables[name];
}
function seedTable(name, rows) {
tables[name] = [...rows];
}
// Seed initial data
for (const [name, rows] of Object.entries(initialData)) {
seedTable(name, rows);
}
// ── Query Builder ────────────────────────────────────────────────────────────
function queryBuilder(tableName) {
let _rows = null; // lazy — resolved on terminal op
let _filters = [];
let _insertData = null;
let _updateData = null;
let _doDelete = false;
let _returning = false;
let _orderByField = null;
let _orderByDir = 'asc';
let _selectFields = null;
let _limit1 = false;
let _joins = [];
let _groupByField = null;
let _rawSelects = [];
function getRows() {
if (_rows !== null) return _rows;
return getTable(tableName);
}
function applyFilters(rows) {
return rows.filter((row) => {
for (const f of _filters) {
if (!f(row)) return false;
}
return true;
});
}
const qb = {
where(condOrField, val) {
if (typeof condOrField === 'object') {
for (const [k, v] of Object.entries(condOrField)) {
_filters.push((row) => row[k] === v);
}
} else {
_filters.push((row) => row[condOrField] === val);
}
return qb;
},
whereRaw(expr, params) {
// Support: 'LOWER(email) = ?' and 'item_name_lower = LOWER(?)'
const lowerEmailMatch = expr.match(/LOWER\((\w+)\)\s*=\s*\?/i);
const lowerFieldMatch = expr.match(/(\w+)\s*=\s*LOWER\(\?\)/i);
if (lowerEmailMatch) {
const field = lowerEmailMatch[1];
const val = params[0].toLowerCase();
_filters.push((row) => (row[field] || '').toLowerCase() === val);
} else if (lowerFieldMatch) {
const field = lowerFieldMatch[1];
const val = params[0].toLowerCase();
_filters.push((row) => (row[field] || '') === val);
}
return qb;
},
whereIn(field, vals) {
_filters.push((row) => vals.includes(row[field]));
return qb;
},
whereNull(field) {
_filters.push((row) => row[field] == null);
return qb;
},
whereNotNull(field) {
_filters.push((row) => row[field] != null);
return qb;
},
select(...fields) {
_selectFields = fields.flat();
return qb;
},
orderBy(field, dir = 'asc') {
_orderByField = field;
_orderByDir = dir;
return qb;
},
groupBy() {
_groupByField = true;
return qb;
},
leftJoin(otherTable, leftKey, rightKey) {
_joins.push({ otherTable, leftKey, rightKey });
return qb;
},
raw(sql) {
_rawSelects.push(sql);
return sql; // knex.raw returns the string in our stub
},
insert(data) {
_insertData = Array.isArray(data) ? data : [data];
return qb;
},
update(data) {
_updateData = data;
return qb;
},
delete() {
_doDelete = true;
return qb;
},
returning() {
_returning = true;
return qb;
},
first() {
_limit1 = true;
return qb;
},
// Terminal: await qb
then(resolve, reject) {
try {
resolve(execute());
} catch (e) {
reject(e);
}
},
};
function execute() {
const table = getTable(tableName);
if (_insertData) {
const inserted = _insertData.map((d) => {
const row = {
id: d.id || require('uuid').v4(),
...d,
created_at: d.created_at || new Date().toISOString(),
updated_at: d.updated_at || new Date().toISOString(),
last_modified: d.last_modified || new Date().toISOString(),
};
// Compute generated columns
if (row.item_name !== undefined) {
row.item_name_lower = row.item_name.toLowerCase();
}
table.push(row);
return row;
});
return _returning ? inserted : inserted.length;
}
if (_doDelete) {
const before = table.length;
const toDelete = applyFilters(table);
for (const row of toDelete) {
const idx = table.indexOf(row);
if (idx !== -1) table.splice(idx, 1);
}
return _returning ? toDelete : before - table.length;
}
if (_updateData) {
const matched = applyFilters(table);
const updated = matched.map((row) => {
Object.assign(row, _updateData, {
updated_at: new Date().toISOString(),
});
if (row.item_name !== undefined) {
row.item_name_lower = row.item_name.toLowerCase();
}
return row;
});
return _returning ? updated : updated.length;
}
// SELECT
let rows = applyFilters(table);
// Apply joins (simplified — just attach joined fields)
for (const join of _joins) {
const otherRows = getTable(join.otherTable);
const [leftTable, leftField] = join.leftKey.split('.');
const [, rightField] = join.rightKey.split('.');
rows = rows.map((row) => {
const matches = otherRows.filter((o) => o[rightField] === row[leftField || 'id']);
if (matches.length === 0) return { ...row, _joined: [] };
return matches.map((m) => ({ ...row, ...m, _joined: true }));
}).flat();
}
if (_orderByField) {
rows = [...rows].sort((a, b) => {
const av = a[_orderByField] || '';
const bv = b[_orderByField] || '';
const cmp = String(av).localeCompare(String(bv));
return _orderByDir === 'desc' ? -cmp : cmp;
});
}
// Aggregate for groupBy (count)
if (_groupByField) {
const grouped = {};
for (const row of rows) {
const key = row.id;
if (!grouped[key]) {
grouped[key] = { ...row, item_count: 0, checked_count: 0 };
}
if (row._joined) {
grouped[key].item_count++;
if (row.checked_off) grouped[key].checked_count++;
}
}
rows = Object.values(grouped);
}
if (_limit1) return rows[0] || null;
return rows;
}
return qb;
}
// ── Transaction stub ─────────────────────────────────────────────────────────
async function transaction(fn) {
// Pass the same db proxy as the transaction context
return fn(proxy);
}
// ── Raw stub ─────────────────────────────────────────────────────────────────
function raw(sql) {
return sql;
}
const proxy = new Proxy(
{ transaction, raw, _tables: tables, seedTable, getTable },
{
get(target, prop) {
if (prop in target) return target[prop];
return (tableName) => queryBuilder(tableName || prop);
},
apply(target, thisArg, args) {
return queryBuilder(args[0]);
},
}
);
// Make proxy callable as a function: db('tableName')
return new Proxy(function () {}, {
apply(target, thisArg, args) {
return queryBuilder(args[0]);
},
get(target, prop) {
if (prop === 'transaction') return transaction;
if (prop === 'raw') return raw;
if (prop === '_tables') return tables;
if (prop === 'seedTable') return seedTable;
if (prop === 'getTable') return getTable;
return (tableName) => queryBuilder(tableName || prop);
},
});
}
module.exports = { createTestDb };

308
tests/pantry.test.js Normal file
View File

@@ -0,0 +1,308 @@
'use strict';
const request = require('supertest');
const app = require('../../src/main/app');
const { setDb } = require('../../src/db/knex');
const { createTestDb } = require('../helpers/testDb');
const { issueToken } = require('../../src/utils/jwt');
function makeUser(overrides = {}) {
return {
id: require('uuid').v4(),
email: 'jane@example.com',
name: 'Jane Doe',
profile_picture_url: null,
email_verified: true,
deleted_at: null,
deletion_scheduled_at: null,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
...overrides,
};
}
describe('Pantry Routes', () => {
let db;
let user;
let token;
beforeEach(() => {
user = makeUser();
db = createTestDb({ users: [user] });
setDb(db);
token = issueToken(user).token;
});
// ── GET /v1/pantry ──────────────────────────────────────────────────────────
describe('GET /v1/pantry', () => {
it('returns empty items array for new user', async () => {
const res = await request(app)
.get('/v1/pantry')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.items).toEqual([]);
expect(res.body.synced_at).toBeDefined();
});
it('returns pantry items for authenticated user', async () => {
db.seedTable('pantry_items', [
{
id: 'item-1',
user_id: user.id,
item_name: 'Flour',
item_name_lower: 'flour',
quantity: 5,
last_modified: new Date().toISOString(),
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get('/v1/pantry')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.items).toHaveLength(1);
expect(res.body.items[0].item_name).toBe('Flour');
});
it('returns 401 without token', async () => {
const res = await request(app).get('/v1/pantry');
expect(res.status).toBe(401);
});
it('does not return items belonging to other users', async () => {
const otherUser = makeUser({ id: 'other-user-id', email: 'other@example.com' });
db.seedTable('pantry_items', [
{
id: 'item-other',
user_id: otherUser.id,
item_name: 'Sugar',
item_name_lower: 'sugar',
quantity: 2,
last_modified: new Date().toISOString(),
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get('/v1/pantry')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.items).toHaveLength(0);
});
});
// ── POST /v1/pantry ─────────────────────────────────────────────────────────
describe('POST /v1/pantry', () => {
it('adds a new pantry item', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 5 });
expect(res.status).toBe(201);
expect(res.body.item.item_name).toBe('Flour');
expect(res.body.item.quantity).toBe(5);
expect(res.body.item.id).toBeDefined();
});
it('returns 409 for duplicate item (case-insensitive)', async () => {
await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 5 });
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 3 });
expect(res.status).toBe(409);
expect(res.body.code).toBe('DUPLICATE_ITEM');
});
it('returns 409 for duplicate with different capitalisation', async () => {
await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Protein Powder', quantity: 1 });
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'PROTEIN POWDER', quantity: 1 });
expect(res.status).toBe(409);
});
it('returns 400 for zero quantity', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 0 });
expect(res.status).toBe(400);
});
it('returns 400 for negative quantity', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: -1 });
expect(res.status).toBe(400);
});
it('returns 400 for fractional quantity', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 1.5 });
expect(res.status).toBe(400);
});
it('returns 400 for missing item_name', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ quantity: 5 });
expect(res.status).toBe(400);
});
it('returns 400 for blank item_name', async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: ' ', quantity: 5 });
expect(res.status).toBe(400);
});
it('returns 401 without token', async () => {
const res = await request(app)
.post('/v1/pantry')
.send({ item_name: 'Flour', quantity: 5 });
expect(res.status).toBe(401);
});
});
// ── PUT /v1/pantry/:item_id ─────────────────────────────────────────────────
describe('PUT /v1/pantry/:item_id', () => {
let itemId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 5 });
itemId = res.body.item.id;
});
it('updates quantity of existing item', async () => {
const res = await request(app)
.put(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${token}`)
.send({ quantity: 10 });
expect(res.status).toBe(200);
expect(res.body.item.quantity).toBe(10);
});
it('returns 404 for non-existent item', async () => {
const res = await request(app)
.put('/v1/pantry/00000000-0000-0000-0000-000000000000')
.set('Authorization', `Bearer ${token}`)
.send({ quantity: 10 });
expect(res.status).toBe(404);
});
it('returns 404 for item belonging to another user', async () => {
const otherUser = makeUser({ id: 'other-id', email: 'other@example.com' });
const otherToken = issueToken(otherUser).token;
const res = await request(app)
.put(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${otherToken}`)
.send({ quantity: 10 });
expect(res.status).toBe(404);
});
it('returns 400 for invalid quantity', async () => {
const res = await request(app)
.put(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${token}`)
.send({ quantity: -5 });
expect(res.status).toBe(400);
});
});
// ── DELETE /v1/pantry/:item_id ──────────────────────────────────────────────
describe('DELETE /v1/pantry/:item_id', () => {
let itemId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/pantry')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Butter', quantity: 2 });
itemId = res.body.item.id;
});
it('deletes an existing pantry item', async () => {
const res = await request(app)
.delete(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(204);
// Verify item is gone
const getRes = await request(app)
.get('/v1/pantry')
.set('Authorization', `Bearer ${token}`);
expect(getRes.body.items).toHaveLength(0);
});
it('records a tombstone for sync', async () => {
await request(app)
.delete(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${token}`);
const tombstones = db.getTable('deleted_records');
expect(tombstones.some((t) => t.record_id === itemId)).toBe(true);
});
it('returns 404 for non-existent item', async () => {
const res = await request(app)
.delete('/v1/pantry/00000000-0000-0000-0000-000000000000')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(404);
});
it('returns 404 for item belonging to another user', async () => {
const otherUser = makeUser({ id: 'other-id', email: 'other@example.com' });
const otherToken = issueToken(otherUser).token;
const res = await request(app)
.delete(`/v1/pantry/${itemId}`)
.set('Authorization', `Bearer ${otherToken}`);
expect(res.status).toBe(404);
});
});
});

220
tests/recipes.test.js Normal file
View File

@@ -0,0 +1,220 @@
'use strict';
const request = require('supertest');
const app = require('../../src/main/app');
const { setDb } = require('../../src/db/knex');
const { createTestDb } = require('../helpers/testDb');
const { issueToken } = require('../../src/utils/jwt');
const { v4: uuidv4 } = require('uuid');
function makeUser(overrides = {}) {
return {
id: uuidv4(),
email: 'jane@example.com',
name: 'Jane Doe',
profile_picture_url: null,
email_verified: true,
deleted_at: null,
deletion_scheduled_at: null,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
...overrides,
};
}
const RECIPE_ID = '00000000-0000-0000-0000-000000000001';
function makeRecipe(overrides = {}) {
return {
id: RECIPE_ID,
name: 'Classic Pancakes',
instructions: '1. Mix. 2. Cook.',
servings: 4,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
...overrides,
};
}
function makeIngredients(recipeId = RECIPE_ID) {
return [
{
id: uuidv4(),
recipe_id: recipeId,
item_name: 'flour',
item_name_lower: 'flour',
quantity: '2.0000',
unit: 'cups',
},
{
id: uuidv4(),
recipe_id: recipeId,
item_name: 'milk',
item_name_lower: 'milk',
quantity: '1.5000',
unit: 'cups',
},
{
id: uuidv4(),
recipe_id: recipeId,
item_name: 'eggs',
item_name_lower: 'eggs',
quantity: '2.0000',
unit: 'whole',
},
];
}
describe('Recipe Routes', () => {
let db;
let user;
let token;
beforeEach(() => {
user = makeUser();
db = createTestDb({
users: [user],
recipes: [makeRecipe()],
recipe_ingredients: makeIngredients(),
pantry_items: [],
});
setDb(db);
token = issueToken(user).token;
});
// ── GET /v1/recipes ─────────────────────────────────────────────────────────
describe('GET /v1/recipes', () => {
it('returns all recipes with availability', async () => {
const res = await request(app)
.get('/v1/recipes')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.recipes).toHaveLength(1);
expect(res.body.recipes[0].name).toBe('Classic Pancakes');
expect(res.body.recipes[0].availability).toBeDefined();
expect(res.body.synced_at).toBeDefined();
});
it('shows missing_all when pantry is empty', async () => {
const res = await request(app)
.get('/v1/recipes')
.set('Authorization', `Bearer ${token}`);
expect(res.body.recipes[0].availability.status).toBe('missing_all');
expect(res.body.recipes[0].availability.available_count).toBe(0);
expect(res.body.recipes[0].availability.total_count).toBe(3);
});
it('shows can_make when all ingredients are in pantry', async () => {
db.seedTable('pantry_items', [
{ id: uuidv4(), user_id: user.id, item_name: 'flour', item_name_lower: 'flour', quantity: 5, last_modified: new Date().toISOString(), created_at: new Date().toISOString(), updated_at: new Date().toISOString() },
{ id: uuidv4(), user_id: user.id, item_name: 'milk', item_name_lower: 'milk', quantity: 2, last_modified: new Date().toISOString(), created_at: new Date().toISOString(), updated_at: new Date().toISOString() },
{ id: uuidv4(), user_id: user.id, item_name: 'eggs', item_name_lower: 'eggs', quantity: 6, last_modified: new Date().toISOString(), created_at: new Date().toISOString(), updated_at: new Date().toISOString() },
]);
const res = await request(app)
.get('/v1/recipes')
.set('Authorization', `Bearer ${token}`);
expect(res.body.recipes[0].availability.status).toBe('can_make');
expect(res.body.recipes[0].availability.available_count).toBe(3);
});
it('shows partial when some ingredients are in pantry', async () => {
db.seedTable('pantry_items', [
{ id: uuidv4(), user_id: user.id, item_name: 'flour', item_name_lower: 'flour', quantity: 5, last_modified: new Date().toISOString(), created_at: new Date().toISOString(), updated_at: new Date().toISOString() },
]);
const res = await request(app)
.get('/v1/recipes')
.set('Authorization', `Bearer ${token}`);
expect(res.body.recipes[0].availability.status).toBe('partial');
expect(res.body.recipes[0].availability.available_count).toBe(1);
expect(res.body.recipes[0].availability.missing_ingredients).toContain('milk');
});
it('filters to available only with ?filter=available', async () => {
const res = await request(app)
.get('/v1/recipes?filter=available')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.recipes).toHaveLength(0); // pantry is empty
});
it('returns 401 without token', async () => {
const res = await request(app).get('/v1/recipes');
expect(res.status).toBe(401);
});
it('returns 400 for invalid scale', async () => {
const res = await request(app)
.get('/v1/recipes?scale=5')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(400);
});
});
// ── GET /v1/recipes/:recipe_id ──────────────────────────────────────────────
describe('GET /v1/recipes/:recipe_id', () => {
it('returns full recipe detail', async () => {
const res = await request(app)
.get(`/v1/recipes/${RECIPE_ID}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.recipe.name).toBe('Classic Pancakes');
expect(res.body.recipe.instructions).toBeDefined();
expect(res.body.recipe.ingredients).toHaveLength(3);
expect(res.body.recipe.scaled_servings).toBe(4);
});
it('scales ingredient quantities with ?scale=2', async () => {
const res = await request(app)
.get(`/v1/recipes/${RECIPE_ID}?scale=2`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.recipe.scaled_servings).toBe(8);
const flour = res.body.recipe.ingredients.find((i) => i.item_name === 'flour');
expect(flour.quantity).toBe(4.0);
});
it('marks in_pantry correctly', async () => {
db.seedTable('pantry_items', [
{ id: uuidv4(), user_id: user.id, item_name: 'flour', item_name_lower: 'flour', quantity: 5, last_modified: new Date().toISOString(), created_at: new Date().toISOString(), updated_at: new Date().toISOString() },
]);
const res = await request(app)
.get(`/v1/recipes/${RECIPE_ID}`)
.set('Authorization', `Bearer ${token}`);
const flour = res.body.recipe.ingredients.find((i) => i.item_name === 'flour');
const milk = res.body.recipe.ingredients.find((i) => i.item_name === 'milk');
expect(flour.in_pantry).toBe(true);
expect(milk.in_pantry).toBe(false);
});
it('returns 404 for non-existent recipe', async () => {
const res = await request(app)
.get('/v1/recipes/00000000-0000-0000-0000-999999999999')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(404);
expect(res.body.code).toBe('NOT_FOUND');
});
it('returns 400 for invalid scale value', async () => {
const res = await request(app)
.get(`/v1/recipes/${RECIPE_ID}?scale=10`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(400);
});
});
});

525
tests/shopping.test.js Normal file
View File

@@ -0,0 +1,525 @@
'use strict';
const request = require('supertest');
const app = require('../../src/main/app');
const { setDb } = require('../../src/db/knex');
const { createTestDb } = require('../helpers/testDb');
const { issueToken } = require('../../src/utils/jwt');
const { v4: uuidv4 } = require('uuid');
function makeUser(overrides = {}) {
return {
id: uuidv4(),
email: 'jane@example.com',
name: 'Jane Doe',
profile_picture_url: null,
email_verified: true,
deleted_at: null,
deletion_scheduled_at: null,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
...overrides,
};
}
const RECIPE_ID = '00000000-0000-0000-0000-000000000001';
describe('Shopping List Routes', () => {
let db;
let user;
let token;
beforeEach(() => {
user = makeUser();
db = createTestDb({
users: [user],
shopping_lists: [],
shopping_list_items: [],
deleted_records: [],
recipes: [
{
id: RECIPE_ID,
name: 'Pancakes',
instructions: '1. Mix. 2. Cook.',
servings: 4,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
],
recipe_ingredients: [
{
id: uuidv4(),
recipe_id: RECIPE_ID,
item_name: 'flour',
item_name_lower: 'flour',
quantity: '2.0000',
unit: 'cups',
},
{
id: uuidv4(),
recipe_id: RECIPE_ID,
item_name: 'milk',
item_name_lower: 'milk',
quantity: '1.5000',
unit: 'cups',
},
],
});
setDb(db);
token = issueToken(user).token;
});
// ── GET /v1/shopping-lists ──────────────────────────────────────────────────
describe('GET /v1/shopping-lists', () => {
it('returns empty array for new user', async () => {
const res = await request(app)
.get('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.shopping_lists).toEqual([]);
expect(res.body.synced_at).toBeDefined();
});
it('returns 401 without token', async () => {
const res = await request(app).get('/v1/shopping-lists');
expect(res.status).toBe(401);
});
});
// ── POST /v1/shopping-lists ─────────────────────────────────────────────────
describe('POST /v1/shopping-lists', () => {
it('creates a new shopping list', async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Weekly Groceries' });
expect(res.status).toBe(201);
expect(res.body.shopping_list.list_name).toBe('Weekly Groceries');
expect(res.body.shopping_list.item_count).toBe(0);
expect(res.body.shopping_list.id).toBeDefined();
});
it('returns 400 for missing list_name', async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({});
expect(res.status).toBe(400);
});
it('returns 400 for empty list_name', async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: '' });
expect(res.status).toBe(400);
});
it('returns 401 without token', async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.send({ list_name: 'Test' });
expect(res.status).toBe(401);
});
});
// ── GET /v1/shopping-lists/:list_id ────────────────────────────────────────
describe('GET /v1/shopping-lists/:list_id', () => {
let listId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'My List' });
listId = res.body.shopping_list.id;
});
it('returns list with items', async () => {
const res = await request(app)
.get(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.shopping_list.id).toBe(listId);
expect(res.body.shopping_list.items).toEqual([]);
});
it('returns 404 for non-existent list', async () => {
const res = await request(app)
.get('/v1/shopping-lists/00000000-0000-0000-0000-000000000000')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(404);
});
it('returns 404 for list belonging to another user', async () => {
const otherUser = makeUser({ id: uuidv4(), email: 'other@example.com' });
const otherToken = issueToken(otherUser).token;
const res = await request(app)
.get(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${otherToken}`);
expect(res.status).toBe(404);
});
});
// ── DELETE /v1/shopping-lists/:list_id ─────────────────────────────────────
describe('DELETE /v1/shopping-lists/:list_id', () => {
let listId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Delete Me' });
listId = res.body.shopping_list.id;
});
it('deletes the shopping list', async () => {
const res = await request(app)
.delete(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(204);
const getRes = await request(app)
.get(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
expect(getRes.status).toBe(404);
});
it('records tombstone for sync', async () => {
await request(app)
.delete(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
const tombstones = db.getTable('deleted_records');
expect(tombstones.some((t) => t.record_id === listId)).toBe(true);
});
it('returns 404 for non-existent list', async () => {
const res = await request(app)
.delete('/v1/shopping-lists/00000000-0000-0000-0000-000000000000')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(404);
});
});
// ── POST /v1/shopping-lists/:list_id/items ──────────────────────────────────
describe('POST /v1/shopping-lists/:list_id/items', () => {
let listId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Groceries' });
listId = res.body.shopping_list.id;
});
it('adds an item to the list', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 2.0, unit: 'cups' });
expect(res.status).toBe(201);
expect(res.body.item.item_name).toBe('flour');
expect(res.body.item.quantity).toBe(2.0);
expect(res.body.merged).toBe(false);
});
it('merges quantities for same name and unit', async () => {
await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 2.0, unit: 'cups' });
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 1.5, unit: 'cups' });
expect(res.status).toBe(201);
expect(res.body.merged).toBe(true);
expect(res.body.item.quantity).toBe(3.5);
expect(res.body.previous_quantity).toBe(2.0);
});
it('merges case-insensitively', async () => {
await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'Flour', quantity: 2.0, unit: 'cups' });
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'FLOUR', quantity: 1.0, unit: 'cups' });
expect(res.body.merged).toBe(true);
expect(res.body.item.quantity).toBe(3.0);
});
it('creates separate items for same name but different unit', async () => {
await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 2.0, unit: 'cups' });
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 100.0, unit: 'g' });
expect(res.body.merged).toBe(false);
const listRes = await request(app)
.get(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
expect(listRes.body.shopping_list.items).toHaveLength(2);
});
it('returns 400 for missing unit', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 2.0 });
expect(res.status).toBe(400);
});
it('returns 400 for zero quantity', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 0, unit: 'cups' });
expect(res.status).toBe(400);
});
it('returns 404 for non-existent list', async () => {
const res = await request(app)
.post('/v1/shopping-lists/00000000-0000-0000-0000-000000000000/items')
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'flour', quantity: 2.0, unit: 'cups' });
expect(res.status).toBe(404);
});
});
// ── PUT /v1/shopping-lists/:list_id/items/:item_id ──────────────────────────
describe('PUT /v1/shopping-lists/:list_id/items/:item_id', () => {
let listId;
let itemId;
beforeEach(async () => {
const listRes = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Update Test' });
listId = listRes.body.shopping_list.id;
const itemRes = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'butter', quantity: 1.0, unit: 'cups' });
itemId = itemRes.body.item.id;
});
it('updates checked_off status', async () => {
const res = await request(app)
.put(`/v1/shopping-lists/${listId}/items/${itemId}`)
.set('Authorization', `Bearer ${token}`)
.send({ checked_off: true });
expect(res.status).toBe(200);
expect(res.body.item.checked_off).toBe(true);
});
it('updates quantity', async () => {
const res = await request(app)
.put(`/v1/shopping-lists/${listId}/items/${itemId}`)
.set('Authorization', `Bearer ${token}`)
.send({ quantity: 3.5 });
expect(res.status).toBe(200);
expect(res.body.item.quantity).toBe(3.5);
});
it('returns 400 when no fields provided', async () => {
const res = await request(app)
.put(`/v1/shopping-lists/${listId}/items/${itemId}`)
.set('Authorization', `Bearer ${token}`)
.send({});
expect(res.status).toBe(400);
});
it('returns 404 for non-existent item', async () => {
const res = await request(app)
.put(`/v1/shopping-lists/${listId}/items/00000000-0000-0000-0000-000000000000`)
.set('Authorization', `Bearer ${token}`)
.send({ checked_off: true });
expect(res.status).toBe(404);
});
});
// ── DELETE /v1/shopping-lists/:list_id/items/:item_id ───────────────────────
describe('DELETE /v1/shopping-lists/:list_id/items/:item_id', () => {
let listId;
let itemId;
beforeEach(async () => {
const listRes = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Delete Item Test' });
listId = listRes.body.shopping_list.id;
const itemRes = await request(app)
.post(`/v1/shopping-lists/${listId}/items`)
.set('Authorization', `Bearer ${token}`)
.send({ item_name: 'sugar', quantity: 1.0, unit: 'cups' });
itemId = itemRes.body.item.id;
});
it('deletes the item', async () => {
const res = await request(app)
.delete(`/v1/shopping-lists/${listId}/items/${itemId}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(204);
const listRes = await request(app)
.get(`/v1/shopping-lists/${listId}`)
.set('Authorization', `Bearer ${token}`);
expect(listRes.body.shopping_list.items).toHaveLength(0);
});
it('records tombstone for sync', async () => {
await request(app)
.delete(`/v1/shopping-lists/${listId}/items/${itemId}`)
.set('Authorization', `Bearer ${token}`);
const tombstones = db.getTable('deleted_records');
expect(tombstones.some((t) => t.record_id === itemId)).toBe(true);
});
it('returns 404 for non-existent item', async () => {
const res = await request(app)
.delete(`/v1/shopping-lists/${listId}/items/00000000-0000-0000-0000-000000000000`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(404);
});
});
// ── POST /v1/shopping-lists/:list_id/add-recipes ────────────────────────────
describe('POST /v1/shopping-lists/:list_id/add-recipes', () => {
let listId;
beforeEach(async () => {
const res = await request(app)
.post('/v1/shopping-lists')
.set('Authorization', `Bearer ${token}`)
.send({ list_name: 'Recipe List' });
listId = res.body.shopping_list.id;
});
it('adds recipe ingredients to the list', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID], scale: 1 });
expect(res.status).toBe(201);
expect(res.body.recipes_added).toBe(1);
expect(res.body.items_created).toBe(2); // flour + milk
expect(res.body.shopping_list.items).toHaveLength(2);
});
it('merges quantities when adding same recipe twice', async () => {
await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID], scale: 1 });
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID], scale: 1 });
expect(res.status).toBe(201);
expect(res.body.items_merged).toBe(2);
expect(res.body.items_created).toBe(0);
const flour = res.body.shopping_list.items.find((i) => i.item_name === 'flour');
expect(flour.quantity).toBe(4.0); // 2 + 2
});
it('scales ingredient quantities', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID], scale: 2 });
expect(res.status).toBe(201);
const flour = res.body.shopping_list.items.find((i) => i.item_name === 'flour');
expect(flour.quantity).toBe(4.0); // 2 * 2
});
it('returns 400 for empty recipe_ids', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [] });
expect(res.status).toBe(400);
});
it('returns 400 for invalid scale', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID], scale: 5 });
expect(res.status).toBe(400);
});
it('returns 404 for non-existent recipe', async () => {
const res = await request(app)
.post(`/v1/shopping-lists/${listId}/add-recipes`)
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: ['00000000-0000-0000-0000-999999999999'] });
expect(res.status).toBe(404);
});
it('returns 404 for non-existent list', async () => {
const res = await request(app)
.post('/v1/shopping-lists/00000000-0000-0000-0000-000000000000/add-recipes')
.set('Authorization', `Bearer ${token}`)
.send({ recipe_ids: [RECIPE_ID] });
expect(res.status).toBe(404);
});
});
});

166
tests/sync.test.js Normal file
View File

@@ -0,0 +1,166 @@
'use strict';
const request = require('supertest');
const app = require('../../src/main/app');
const { setDb } = require('../../src/db/knex');
const { createTestDb } = require('../helpers/testDb');
const { issueToken } = require('../../src/utils/jwt');
const { v4: uuidv4 } = require('uuid');
function makeUser(overrides = {}) {
return {
id: uuidv4(),
email: 'jane@example.com',
name: 'Jane Doe',
profile_picture_url: null,
email_verified: true,
deleted_at: null,
deletion_scheduled_at: null,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
...overrides,
};
}
describe('Sync Route', () => {
let db;
let user;
let token;
beforeEach(() => {
user = makeUser();
db = createTestDb({
users: [user],
pantry_items: [],
shopping_lists: [],
shopping_list_items: [],
deleted_records: [],
});
setDb(db);
token = issueToken(user).token;
});
describe('GET /v1/sync', () => {
it('returns full sync when no since param', async () => {
const res = await request(app)
.get('/v1/sync')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.full_sync).toBe(true);
expect(res.body.server_timestamp).toBeDefined();
expect(res.body.pantry).toBeDefined();
expect(res.body.shopping_lists).toBeDefined();
});
it('returns delta sync when since param provided', async () => {
const since = new Date(Date.now() - 60000).toISOString(); // 1 minute ago
const res = await request(app)
.get(`/v1/sync?since=${encodeURIComponent(since)}`)
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(200);
expect(res.body.full_sync).toBe(false);
});
it('includes pantry items in full sync', async () => {
db.seedTable('pantry_items', [
{
id: uuidv4(),
user_id: user.id,
item_name: 'Flour',
item_name_lower: 'flour',
quantity: 5,
last_modified: new Date().toISOString(),
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get('/v1/sync')
.set('Authorization', `Bearer ${token}`);
expect(res.body.pantry.items).toHaveLength(1);
expect(res.body.pantry.items[0].item_name).toBe('Flour');
expect(res.body.pantry.items[0].deleted).toBe(false);
});
it('includes shopping lists in full sync', async () => {
const listId = uuidv4();
db.seedTable('shopping_lists', [
{
id: listId,
user_id: user.id,
list_name: 'Weekly',
last_modified: new Date().toISOString(),
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get('/v1/sync')
.set('Authorization', `Bearer ${token}`);
expect(res.body.shopping_lists.lists).toHaveLength(1);
expect(res.body.shopping_lists.lists[0].list_name).toBe('Weekly');
});
it('includes deleted_ids for tombstoned pantry items', async () => {
const deletedId = uuidv4();
const since = new Date(Date.now() - 60000).toISOString();
db.seedTable('deleted_records', [
{
id: uuidv4(),
user_id: user.id,
record_type: 'pantry_item',
record_id: deletedId,
deleted_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get(`/v1/sync?since=${encodeURIComponent(since)}`)
.set('Authorization', `Bearer ${token}`);
expect(res.body.pantry.deleted_ids).toContain(deletedId);
});
it('returns 401 without token', async () => {
const res = await request(app).get('/v1/sync');
expect(res.status).toBe(401);
});
it('returns 400 for invalid since timestamp', async () => {
const res = await request(app)
.get('/v1/sync?since=not-a-date')
.set('Authorization', `Bearer ${token}`);
expect(res.status).toBe(400);
});
it('does not return data belonging to other users', async () => {
const otherUser = makeUser({ id: uuidv4(), email: 'other@example.com' });
db.seedTable('pantry_items', [
{
id: uuidv4(),
user_id: otherUser.id,
item_name: 'Sugar',
item_name_lower: 'sugar',
quantity: 3,
last_modified: new Date().toISOString(),
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
},
]);
const res = await request(app)
.get('/v1/sync')
.set('Authorization', `Bearer ${token}`);
expect(res.body.pantry.items).toHaveLength(0);
});
});
});