groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: groombook/api:dev-to-uat-gro-2155
Branches Tags
groombook/api:main groombook/api:gro-2381-agents-contributing groombook/api:flea/uat-to-main-gro-2359-api groombook/api:uat groombook/api:dev groombook/api:release/main-GRO-2342-api groombook/api:release/main-GRO-2319-api groombook/api:flea/promote-main-gro-2311 groombook/api:promote/GRO-2319-api-to-uat groombook/api:feat/GRO-2319-portal-waitlist-surfacing groombook/api:flea/promote-main-gro-2172 groombook/api:dev-to-uat-gro-2311 groombook/api:flea/gro-2311-seed-portal-statusbadge-appts groombook/api:promote/gro-2172-pets-to-uat groombook/api:fix/gro-2172-pet-extended-fields groombook/api:uat-to-main-gro-2299 groombook/api:flea/promote-main-gro-2294 groombook/api:promote/dev-to-uat-gro-2299 groombook/api:gro-2299-redact-patch-settings groombook/api:flea/promote-gro-2294-uat groombook/api:flea/gro-2294-route-opt-hardening groombook/api:flea/uat-to-main-gro-2157-frozen groombook/api:promote/dev-to-uat-gro-2225 groombook/api:flea/gro-2157-navigation-export groombook/api:flea/gro-2235-waitlist-duplicate-409 groombook/api:feat/gro-2225-uat-seed-route-cohort groombook/api:flea/uat-to-main-gro-2234-api groombook/api:flea/dev-to-uat-gro-2156 groombook/api:flea-flicker/gro-2234-portal-session-sliding-ttl groombook/api:release/main-6120b96 groombook/api:flea/gro-2156-travel-buffer-reorder groombook/api:release/main-eb92f99 groombook/api:fix/gro-2214-portal-waitlist-validation groombook/api:fix/gro-2203-portal-pet-patch-uuid-validation groombook/api:dev-to-uat-gro-2155 groombook/api:feat/gro-2155-route-optimize-endpoints-dev groombook/api:fix/gro-2163-migrate-pre-dns-wait groombook/api:fix/gro-2187-portal-photokey-hijack groombook/api:dev-to-uat-gro-2154 groombook/api:feat/gro-2154-geocoding-endpoints-dev groombook/api:flea-flicker/gro-2197-ci-api-gate groombook/api:dev-to-uat-gro-2153 groombook/api:dev-to-uat-gro-2187 groombook/api:fix/gro-2187-portal-pets-patch groombook/api:dev-to-uat-gro-2129 groombook/api:flea-flicker/gro-2123-cleanup-stale-seed-duplicate groombook/api:dev-to-uat-gro-2123 groombook/api:flea-flicker/gro-2123-seed-advisory-lock groombook/api:promote/dev-to-uat-gro-2100 groombook/api:flea/gro-2100-uat-groomer-pet-linkage groombook/api:flea/gro-2062-owner-bypass-audit groombook/api:flea/gro-2052-rbac-betterauth-user-autoprovision groombook/api:dogfather/gro-2013-promote-uat groombook/api:flea/gro-2013-owner-bypass-deployed-tree groombook/api:flea/gro-2033-idempotent-pet-profile-migrations groombook/api:fix/gro-2014-profile-summary-error-handling groombook/api:flea/gro-2000-uat-password-source-doc groombook/api:fix/gro-1999-uat-seed-extra-large groombook/api:fix/gro-1983-seed-pnpm-baked groombook/api:fix/GRO-1979-coat-type-pet-size-enum-fix groombook/api:fleaflicker/GRO-1962-deterministic-testcoopper-rocky groombook/api:flea/gro-1977-seed-idempotency groombook/api:fix/GRO-1977-seed-credential-idempotency groombook/api:promote/dev-to-uat-gro-1971 groombook/api:fix/gro-1971-coat-type-enum-missing-short groombook/api:fix/GRO-1962-uat-seed-pet-medicalalerts groombook/api:flea/GRO-1955-fix-uc-undefined-seed groombook/api:fix/GRO-1909-migrate-corepack-offline groombook/api:fix/GRO-1953-coat-type-short-missing groombook/api:fleaflicker/gro-medical-alert-types-behavioral-skin groombook/api:fleaflicker/gro-1921-uat-reset-full-seed groombook/api:flea/GRO-1945-pets-visitcount-hotfix groombook/api:fix/GRO-1935-uat-customer-client-seed groombook/api:fix/GRO-1914-seed-typeof groombook/api:feature/GRO-1898-extended-pet-profile-seed groombook/api:seed/extended-profile-fields-gro-1898 groombook/api:fix/gro-1889-reset-demo-data-pnpm groombook/api:promote/dev-to-uat-gro-1866 groombook/api:fix/gro-1866-qa-fixes groombook/api:fix/gro-1866-sso-bridge groombook/api:fix/gro-1850-pet-profile-migration groombook/api:promote/dev-to-uat-gro-1790 groombook/api:flea-flicker/pet-profile-summary groombook/api:ff/gro-1765-trigger-ci groombook/api:promo/gro-1764-uat groombook/api:ci/gro-1757-build groombook/api:fix/gro-1757-sso-auto-provision groombook/api:fix/gro-1754-uat-ci groombook/api:fix/gro-1754-trigger-ci-v2 groombook/api:fix/gro-1752-factories-v2 groombook/api:fix/gro-1752-factories-only groombook/api:fix/gro-1746-apply-uat-seed-to-root-src groombook/api:fix/gro-1752-extended-pet-profile-fields groombook/api:promo/gro-1749-uat groombook/api:fix/gro-1749-uat-seed-sync groombook/api:fix/gro-1743-uat-seed-data groombook/api:fix/gro-1480-portal-pets-patch groombook/api:fix/gro-1678-econnreset-robustness groombook/api:fix/gro-1576-ci-provenance-false groombook/api:fix/gro-1575-ci-provenance groombook/api:fix/gro-1566-api-health-auth-bypass groombook/api:fix/gro-1544-api-health-endpoint groombook/api:fix/gro-1533-migration-0031-coat-type groombook/api:fix/gro-1533-missing-migration-0032 groombook/api:fix/gro-1533-missing-migration-journal groombook/api:revert/gro-1533-dockerfile-fix groombook/api:fix/gro-1533-revert-dockefile-build-change groombook/api:flea-flicker/gro-1531-seed-db-filter groombook/api:fix/gro-1522-ci-images-node22 groombook/api:pr-44 groombook/api:flea-flicker/gro-1509-better-auth-account-not-linked groombook/api:flea-flicker/gro-1162-pet-buffer-time groombook/api:fix/gro-1461-uat-playbook-auto-provision groombook/api:flea-flicker/pet-profile-editor groombook/api:fix/gro-1441-remove-duplicate-coat-props groombook/api:fix/gro-1390-pets-test-mock-hoisting groombook/api:fix/gro-1395-drizzle-orm-root-dep groombook/api:gitea/migrate-workflows groombook/api:flea-flicker/fix-gro-1370-ts-and-test-errors groombook/api:fix/api/add-devdep-drizzle-orm-fix-vitest groombook/api:pr-19 groombook/api:flea-flicker/uat-email-password-seed groombook/api:fleaflicker/gro-1272-v2 groombook/api:fleaflicker/gro-1272-auto-provision-staff groombook/api:add-renovate-config groombook/api:flea-flicker/gro-1231-pnpm-workspace-dockerfile groombook/api:fix/GRO-1202-rate-limit-override groombook/api:fix/typescript-errors groombook/api:flea-flicker/pet-profile-extended-fields groombook/api:fix/uat-tester-oidc-sub groombook/api:flea-flicker/fix-authprovider-mock-path groombook/api:flea-flicker/auto-create-staff-oauth-users-v2 groombook/api:flea-flicker/auto-create-staff-oauth-users groombook/api:docs/GRO-1099-uat-playbook-api groombook/api:flea-flicker/fix-ci-install-deps-v2 groombook/api:flea-flicker/fix-ci-install-deps
..
pull from: groombook/api:fix/gro-1754-uat-ci
Branches Tags
groombook/api:main groombook/api:gro-2381-agents-contributing groombook/api:flea/uat-to-main-gro-2359-api groombook/api:uat groombook/api:dev groombook/api:release/main-GRO-2342-api groombook/api:release/main-GRO-2319-api groombook/api:flea/promote-main-gro-2311 groombook/api:promote/GRO-2319-api-to-uat groombook/api:feat/GRO-2319-portal-waitlist-surfacing groombook/api:flea/promote-main-gro-2172 groombook/api:dev-to-uat-gro-2311 groombook/api:flea/gro-2311-seed-portal-statusbadge-appts groombook/api:promote/gro-2172-pets-to-uat groombook/api:fix/gro-2172-pet-extended-fields groombook/api:uat-to-main-gro-2299 groombook/api:flea/promote-main-gro-2294 groombook/api:promote/dev-to-uat-gro-2299 groombook/api:gro-2299-redact-patch-settings groombook/api:flea/promote-gro-2294-uat groombook/api:flea/gro-2294-route-opt-hardening groombook/api:flea/uat-to-main-gro-2157-frozen groombook/api:promote/dev-to-uat-gro-2225 groombook/api:flea/gro-2157-navigation-export groombook/api:flea/gro-2235-waitlist-duplicate-409 groombook/api:feat/gro-2225-uat-seed-route-cohort groombook/api:flea/uat-to-main-gro-2234-api groombook/api:flea/dev-to-uat-gro-2156 groombook/api:flea-flicker/gro-2234-portal-session-sliding-ttl groombook/api:release/main-6120b96 groombook/api:flea/gro-2156-travel-buffer-reorder groombook/api:release/main-eb92f99 groombook/api:fix/gro-2214-portal-waitlist-validation groombook/api:fix/gro-2203-portal-pet-patch-uuid-validation groombook/api:dev-to-uat-gro-2155 groombook/api:feat/gro-2155-route-optimize-endpoints-dev groombook/api:fix/gro-2163-migrate-pre-dns-wait groombook/api:fix/gro-2187-portal-photokey-hijack groombook/api:dev-to-uat-gro-2154 groombook/api:feat/gro-2154-geocoding-endpoints-dev groombook/api:flea-flicker/gro-2197-ci-api-gate groombook/api:dev-to-uat-gro-2153 groombook/api:dev-to-uat-gro-2187 groombook/api:fix/gro-2187-portal-pets-patch groombook/api:dev-to-uat-gro-2129 groombook/api:flea-flicker/gro-2123-cleanup-stale-seed-duplicate groombook/api:dev-to-uat-gro-2123 groombook/api:flea-flicker/gro-2123-seed-advisory-lock groombook/api:promote/dev-to-uat-gro-2100 groombook/api:flea/gro-2100-uat-groomer-pet-linkage groombook/api:flea/gro-2062-owner-bypass-audit groombook/api:flea/gro-2052-rbac-betterauth-user-autoprovision groombook/api:dogfather/gro-2013-promote-uat groombook/api:flea/gro-2013-owner-bypass-deployed-tree groombook/api:flea/gro-2033-idempotent-pet-profile-migrations groombook/api:fix/gro-2014-profile-summary-error-handling groombook/api:flea/gro-2000-uat-password-source-doc groombook/api:fix/gro-1999-uat-seed-extra-large groombook/api:fix/gro-1983-seed-pnpm-baked groombook/api:fix/GRO-1979-coat-type-pet-size-enum-fix groombook/api:fleaflicker/GRO-1962-deterministic-testcoopper-rocky groombook/api:flea/gro-1977-seed-idempotency groombook/api:fix/GRO-1977-seed-credential-idempotency groombook/api:promote/dev-to-uat-gro-1971 groombook/api:fix/gro-1971-coat-type-enum-missing-short groombook/api:fix/GRO-1962-uat-seed-pet-medicalalerts groombook/api:flea/GRO-1955-fix-uc-undefined-seed groombook/api:fix/GRO-1909-migrate-corepack-offline groombook/api:fix/GRO-1953-coat-type-short-missing groombook/api:fleaflicker/gro-medical-alert-types-behavioral-skin groombook/api:fleaflicker/gro-1921-uat-reset-full-seed groombook/api:flea/GRO-1945-pets-visitcount-hotfix groombook/api:fix/GRO-1935-uat-customer-client-seed groombook/api:fix/GRO-1914-seed-typeof groombook/api:feature/GRO-1898-extended-pet-profile-seed groombook/api:seed/extended-profile-fields-gro-1898 groombook/api:fix/gro-1889-reset-demo-data-pnpm groombook/api:promote/dev-to-uat-gro-1866 groombook/api:fix/gro-1866-qa-fixes groombook/api:fix/gro-1866-sso-bridge groombook/api:fix/gro-1850-pet-profile-migration groombook/api:promote/dev-to-uat-gro-1790 groombook/api:flea-flicker/pet-profile-summary groombook/api:ff/gro-1765-trigger-ci groombook/api:promo/gro-1764-uat groombook/api:ci/gro-1757-build groombook/api:fix/gro-1757-sso-auto-provision groombook/api:fix/gro-1754-uat-ci groombook/api:fix/gro-1754-trigger-ci-v2 groombook/api:fix/gro-1752-factories-v2 groombook/api:fix/gro-1752-factories-only groombook/api:fix/gro-1746-apply-uat-seed-to-root-src groombook/api:fix/gro-1752-extended-pet-profile-fields groombook/api:promo/gro-1749-uat groombook/api:fix/gro-1749-uat-seed-sync groombook/api:fix/gro-1743-uat-seed-data groombook/api:fix/gro-1480-portal-pets-patch groombook/api:fix/gro-1678-econnreset-robustness groombook/api:fix/gro-1576-ci-provenance-false groombook/api:fix/gro-1575-ci-provenance groombook/api:fix/gro-1566-api-health-auth-bypass groombook/api:fix/gro-1544-api-health-endpoint groombook/api:fix/gro-1533-migration-0031-coat-type groombook/api:fix/gro-1533-missing-migration-0032 groombook/api:fix/gro-1533-missing-migration-journal groombook/api:revert/gro-1533-dockerfile-fix groombook/api:fix/gro-1533-revert-dockefile-build-change groombook/api:flea-flicker/gro-1531-seed-db-filter groombook/api:fix/gro-1522-ci-images-node22 groombook/api:pr-44 groombook/api:flea-flicker/gro-1509-better-auth-account-not-linked groombook/api:flea-flicker/gro-1162-pet-buffer-time groombook/api:fix/gro-1461-uat-playbook-auto-provision groombook/api:flea-flicker/pet-profile-editor groombook/api:fix/gro-1441-remove-duplicate-coat-props groombook/api:fix/gro-1390-pets-test-mock-hoisting groombook/api:fix/gro-1395-drizzle-orm-root-dep groombook/api:gitea/migrate-workflows groombook/api:flea-flicker/fix-gro-1370-ts-and-test-errors groombook/api:fix/api/add-devdep-drizzle-orm-fix-vitest groombook/api:pr-19 groombook/api:flea-flicker/uat-email-password-seed groombook/api:fleaflicker/gro-1272-v2 groombook/api:fleaflicker/gro-1272-auto-provision-staff groombook/api:add-renovate-config groombook/api:flea-flicker/gro-1231-pnpm-workspace-dockerfile groombook/api:fix/GRO-1202-rate-limit-override groombook/api:fix/typescript-errors groombook/api:flea-flicker/pet-profile-extended-fields groombook/api:fix/uat-tester-oidc-sub groombook/api:flea-flicker/fix-authprovider-mock-path groombook/api:flea-flicker/auto-create-staff-oauth-users-v2 groombook/api:flea-flicker/auto-create-staff-oauth-users groombook/api:docs/GRO-1099-uat-playbook-api groombook/api:flea-flicker/fix-ci-install-deps-v2 groombook/api:flea-flicker/fix-ci-install-deps

1 Commits
dev-to-uat-gro-2155 .. fix/gro-1754-uat-ci

Author SHA1 Message Date
Flea Flicker dd83f29736 chore: trigger CI from uat for GRO-1754 2026-05-25 23:22:04 +00:00
46 changed files with 1430 additions and 6309 deletions
Expand all files Collapse all files
.ci-trigger
-1
View File
@@ -1 +0,0 @@
GRO-1757 direct push CI trigger - 2026-05-26T00:15:41Z
.gitea/workflows/ci.yml
+9 -47
View File
@@ -2,9 +2,9 @@ name: CI
on:
push:
branches: [main, dev, uat]
branches: [main, dev]
pull_request:
branches: [main, dev, uat]
branches: [main, dev]
workflow_dispatch:
inputs:
ref:
@@ -32,12 +32,10 @@ jobs:
run: pnpm install --frozen-lockfile
- name: Typecheck
run: |
pnpm run typecheck
pnpm --filter @groombook/db typecheck
run: pnpm --filter @groombook/api typecheck
- name: Lint
run: pnpm run lint
run: pnpm --filter @groombook/api lint
test:
name: Test
@@ -58,7 +56,7 @@ jobs:
run: pnpm install --frozen-lockfile
- name: Run tests
run: pnpm run test
run: pnpm --filter @groombook/api test
docker:
name: Build & Push Docker Images
@@ -98,6 +96,7 @@ jobs:
file: Dockerfile
target: runner
push: true
provenance: false
tags: |
git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
@@ -112,23 +111,13 @@ jobs:
file: Dockerfile
target: migrate
push: true
provenance: false
tags: |
git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/migrate:latest' || '' }}
cache-from: type=registry,ref=git.farh.net/groombook/cache:migrate
cache-to: type=registry,ref=git.farh.net/groombook/cache:migrate,mode=max
- name: Smoke test migrate image (blackhole npmjs.org)
run: |
set -euo pipefail
IMAGE="git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}"
docker pull "$IMAGE"
docker run --rm \
--add-host registry.npmjs.org:127.0.0.1 \
--entrypoint="" \
"$IMAGE" \
pnpm --version
- name: Build and push Seed image
uses: docker/build-push-action@v6
with:
@@ -137,6 +126,7 @@ jobs:
file: Dockerfile
target: seed
push: true
provenance: false
tags: |
git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/seed:latest' || '' }}
@@ -151,37 +141,9 @@ jobs:
file: Dockerfile
target: reset
push: true
provenance: false
tags: |
git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/reset:latest' || '' }}
cache-from: type=registry,ref=git.farh.net/groombook/cache:reset
cache-to: type=registry,ref=git.farh.net/groombook/cache:reset,mode=max
- name: Smoke test seed image (blackhole npmjs.org)
run: |
set -euo pipefail
IMAGE="git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}"
docker pull "$IMAGE"
# GRO-1985: pnpm must be a real binary, not a Corepack shim, and must
# not try to reach registry.npmjs.org on invocation.
docker run --rm \
--add-host registry.npmjs.org:127.0.0.1 \
--entrypoint="" \
"$IMAGE" \
sh -c 'set -e; test "$(which pnpm)" = "/usr/local/bin/pnpm"; pnpm --version'
echo "seed image: pnpm resolves to /usr/local/bin/pnpm and runs offline ✓"
- name: Smoke test reset image (blackhole npmjs.org)
run: |
set -euo pipefail
IMAGE="git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}"
docker pull "$IMAGE"
# GRO-1985: pnpm must be a real binary, not a Corepack shim, and must
# not try to reach registry.npmjs.org on invocation. Validates the
# hard requirement from the issue: reset runs offline.
docker run --rm \
--add-host registry.npmjs.org:127.0.0.1 \
--entrypoint="" \
"$IMAGE" \
sh -c 'set -e; test "$(which pnpm)" = "/usr/local/bin/pnpm"; echo "HOME=$HOME"; pnpm --version'
echo "reset image: pnpm resolves to /usr/local/bin/pnpm, HOME=/tmp, runs offline ✓"
Dockerfile
+3 -19
View File
@@ -1,14 +1,5 @@
FROM node:22-alpine AS base
# Install pnpm as a real binary via npm (not corepack shim) so runtime
# invocations of `pnpm` work without DNS access to registry.npmjs.org.
# The corepack shim delegates to corepack, which re-validates against
# npmjs.org on first use — that fails in air-gapped UAT seed/migrate/reset
# Jobs. GRO-1983 / GRO-1889 / GRO-1909 / GRO-1981 / GRO-1985.
RUN npm install -g pnpm@9.15.4
# Belt-and-braces: disable Corepack's download fallback so that even if a
# Corepack shim is somehow invoked at runtime, it will not try to fetch
# pnpm from registry.npmjs.org. Belt for the real-binary trousers. GRO-1985.
ENV COREPACK_ENABLE_DOWNLOAD_FALLBACK=0
RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
WORKDIR /app
# Install deps
@@ -20,6 +11,7 @@ RUN pnpm install --frozen-lockfile
# Build
FROM deps AS builder
RUN mkdir -p /home/node/.cache/node/corepack
COPY packages/ packages/
COPY src/ src/
COPY tsconfig.json ./
@@ -29,9 +21,7 @@ RUN pnpm --filter @groombook/types build && \
# Runtime
FROM node:22-alpine AS runner
RUN npm install -g pnpm@9.15.4
# Same defence-in-depth as base: no Corepack fallback. GRO-1985.
ENV COREPACK_ENABLE_DOWNLOAD_FALLBACK=0
RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
WORKDIR /app
ENV NODE_ENV=production
@@ -52,18 +42,12 @@ CMD ["node", "dist/index.js"]
# Migrate stage — runs drizzle-kit migrate against the database
FROM builder AS migrate
# pnpm needs a writable HOME for any config/state it writes. With
# readOnlyRootFilesystem: true and runAsUser: 1000, /home/node is read-only.
# The job pods mount a writable emptyDir at /tmp; point HOME there. GRO-1985.
ENV HOME=/tmp
CMD ["pnpm", "--filter", "@groombook/db", "migrate"]
# Seed stage — populates the database with test data
FROM builder AS seed
ENV HOME=/tmp
CMD ["pnpm", "--filter", "@groombook/db", "seed"]
# Reset stage — drops all tables, re-runs migrations, and re-seeds
FROM builder AS reset
ENV HOME=/tmp
CMD ["pnpm", "--filter", "@groombook/db", "reset"]
UAT_PLAYBOOK.md
-160
View File
@@ -19,45 +19,6 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
- OIDC authentication provider configured
- Seed data present (clients, pets, services, staff)
### Source of truth for UAT passwords (GRO-2000)
The `UAT_SUPER_PASSWORD` / `UAT_GROOMER_PASSWORD` / `UAT_TESTER_PASSWORD` / `UAT_CUSTOMER_PASSWORD` env vars the test orchestrator uses **must** be pulled from the live `seed-uat-passwords` Secret in the UAT cluster — never from a captured shell value, a previous run's `.env`, or a copy of the SealedSecret committed before the latest rotation.
**Canonical recipe** (works from any host with `kubectl` + cluster credentials):
```bash
SUPER=$(kubectl get secret seed-uat-passwords -n groombook-uat \
-o jsonpath='{.data.super-password}' | base64 -d)
GROOMER=$(kubectl get secret seed-uat-passwords -n groombook-uat \
-o jsonpath='{.data.groomer-password}' | base64 -d)
TESTER=$(kubectl get secret seed-uat-passwords -n groombook-uat \
-o jsonpath='{.data.tester-password}' | base64 -d)
CUSTOMER=$(kubectl get secret seed-uat-passwords -n groombook-uat \
-o jsonpath='{.data.customer-password}' | base64 -d)
```
**Why:** the Bitnami SealedSecret `apps/overlays/uat/ss-seed-uat-passwords.yaml` (in `groombook/infra`) is the single source of truth. The UAT `reset-demo-data` CronJob re-hashes these values into the `account` table on every run (idempotent — GRO-1977). A captured env var from a previous generation will not match the current hash, producing 401 `INVALID_EMAIL_OR_PASSWORD`. If the live login still 401s after pulling from the SealedSecret, the seed Job is stale — trigger `kubectl create job --from=cronjob/reset-demo-data -n groombook-uat manual-seed-$$` and retry.
**How to apply:** at the start of every UAT run that touches TC-API-1.4 / 1.5 / 1.6 / 1.7 / 3.18 / 3.21 / 3.23, refresh these four env vars from the cluster before issuing the sign-in request.
### rbac auto-provision for Better-Auth customers (GRO-2052)
> Applies to TC-API-3.16 / 3.19a / 3.19b / 3.19c (customer-as-owner profile-summary paths) and any future case where the test user authenticates via Better-Auth email/password and the route relies on `resolveStaffMiddleware` to resolve a `staff` row.
**Pre-condition (rbac auto-provision):** The test user must have a row in the Better-Auth `user` table (email/password sign-in creates this automatically — see TC-API-1.6 / 1.7). On first authenticated call, `resolveStaffMiddleware` (`./src/middleware/rbac.ts`) auto-provisions a `groomer` staff row keyed by `staff.user_id = user.id` (Better-Auth branch fires before the legacy OIDC `account` branch).
**Verify the auto-provision fired** by querying the DB after the first authenticated call:
```sql
SELECT user_id, role FROM staff WHERE user_id = '<test-user-id>';
```
Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the OIDC `account` branch and 403'd, or the user has no `user` row — fix the test sign-in path before re-running.
**Why this matters:** without the auto-provision branch, Better-Auth email/password customers (e.g. `uat-customer@groombook.dev`) have no `account` row for the OIDC providers, so `resolveStaffMiddleware` falls through to `403 "Forbidden: no staff record found for authenticated user"` *before* `pets.ts` can run the owner-bypass added in GRO-2013. The owner-bypass code is unreachable unless the auto-provision has fired. A green TC-API-3.19a therefore implicitly proves the auto-provision worked; if 3.19a fails with the pre-fix 403, the auto-provision branch is missing from the deployed `./src` tree (see [GRO-2052](/GRO/issues/GRO-2052)).
**How to apply:** for every run of TC-API-3.16 / 3.19a / 3.19b / 3.19c, sign in via TC-API-1.6 (email+password) first to guarantee the `user` row exists, then run the profile-summary call, then assert the `staff` row above before declaring pass.
## Test Cases
### 4.0 Health Check
@@ -80,8 +41,6 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
| TC-API-1.8 | Email+password — invalid password | POST /api/auth/sign-in/email with wrong password | 400 Bad Request, error returned |
| TC-API-1.9 | Email+password — unknown user | POST /api/auth/sign-in/email with non-existent email | 400 Bad Request, error returned |
| TC-API-1.10 | Auto-provision on first OIDC login | First login as a Better-Auth user with no existing staff record | 200 OK, access granted; groomer staff record auto-created with name/email from user table |
> **Note (GRO-1977):** Seed credential provisioning is idempotent — re-running the seed with updated `SEED_UAT_*_PASSWORD` env vars rotates stored credential hashes. TC-API-1.4 through TC-API-1.7 now return 200 for all 4 UAT personas (previously returned 401 due to frozen-hash bug).
| TC-API-1.11 | Existing staff unaffected by OIDC login | Login as uat-groomer@groombook.dev (email+password), then GET /api/staff to find that record | 200 OK, staff record unchanged — no duplicate created, original role and isSuperUser preserved |
| TC-API-1.12 | Auto-provisioned role and superUser flags | After TC-API-1.10, GET /api/staff and inspect the auto-created record | role = "groomer", isSuperUser = false, active = true |
| TC-API-1.13 | Name fallback — user.name present | Auto-provision where Better-Auth user has name set | Staff name = user.name value from user table |
@@ -89,26 +48,6 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
| TC-API-1.15 | Name fallback — no name, no email | Auto-provision where Better-Auth user has name = null, email = null | Staff name = "Unknown" |
| TC-API-1.16 | OIDC login — Terraform-provisioned user | Initiate OIDC login as any UAT persona (uat-super, uat-groomer, uat-customer, uat-tester), complete authentik callback | 200 OK, session created — no account_not_linked error |
#### SSO Login Journey (Authentik OIDC end-to-end)
| # | Scenario | Steps | Pass Criteria | Fail Criteria |
|---|----------|-------|---------------|---------------|
| TC-API-1.17 | SSO redirect to Authentik | Navigate to app → sign-in page shown → click "Sign in with SSO" | Redirected to Authentik at auth.farh.net | 403 error, redirect loop, no SSO button |
| TC-API-1.18 | Authenticate with valid OIDC credentials | At Authentik login page, enter valid credentials and authenticate | Redirected back to app with valid session | Redirect loop, 403, missing session cookie |
| TC-API-1.19 | SSO user auto-provisioned as groomer | Complete SSO login as a user with no pre-existing staff record | 200 response; groomer staff record auto-created; session active | 403 Forbidden, staff record not created |
| TC-API-1.20 | Existing staff record resolves correctly | Complete SSO login as uat-groomer (pre-existing staff) | 200 OK, correct staff identity resolved, no duplicate record created | 403, duplicate record, wrong staff data |
| TC-API-1.21 | SSO session grants dashboard access | After TC-API-1.18 SSO login, GET /api/staff/me | 200 OK, valid staff record returned, correct role displayed | 401/403, missing session, wrong identity |
#### OOBE Flow Post-Login
| # | Scenario | Steps | Pass Criteria | Fail Criteria |
|---|----------|-------|---------------|---------------|
| TC-API-1.22 | Fresh DB reports needsSetup | On a fresh DB (no super user), GET /api/setup/status | needsSetup: true returned | needsSetup: false when it should be true |
| TC-API-1.23 | Configure OIDC via auth-provider endpoint | POST /api/setup/auth-provider with valid OIDC config | 200 OK, auth provider configured, no 403 | 403, setup blocked, invalid config rejected |
| TC-API-1.24 | Complete setup creates super user | POST /api/setup with business name (after TC-API-1.23) | First user becomes super user, setup completes | Setup errors, 403 on admin endpoints |
| TC-API-1.25 | Super user accesses admin features | After TC-API-1.24, GET /api/staff/me and verify isSuperUser: true | isSuperUser: true, admin endpoints accessible | 403 on admin, isSuperUser: false |
| TC-API-1.26 | Auto-provision skipped during OOBE | During fresh setup (needsSetup: true), complete OIDC login — verify no duplicate staff record created before setup completes | No duplicate staff, OOBE completes successfully | Duplicate staff record, 403 before setup, auto-provision interferes with OOBE |
### 4.2 Client Management
| # | Scenario | Steps | Expected |
@@ -120,24 +59,6 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
| TC-API-2.5 | Disable client | PATCH /api/clients/{id} with status: "disabled" | 200 OK, client marked as disabled |
| TC-API-2.6 | Delete client | DELETE /api/clients/{id}?confirm=true | 200 OK, client deleted (if no appointments) |
#### Client Geocoding — Route Optimization (GRO-2154, Phase 1.3)
Geocoding turns a client's street address into `latitude`/`longitude` + `geocodedAt`. Provider is driven by `businessSettings.routeOptimizationProvider` (default Nominatim/OpenStreetMap, 1 req/sec; optional Google fallback). All explicit geocode endpoints are **manager-only**.
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-API-2.7 | Geocode single client (success) | As **manager**, `POST /api/clients/{id}/geocode` for a client with a valid, real address (e.g. a seed client) | 200 OK; body `{ status: "geocoded", latitude, longitude, geocodedAt, formattedAddress, provider }`. Subsequent `GET /api/clients/{id}` shows the same non-null `latitude`/`longitude`/`geocodedAt` persisted |
| TC-API-2.8 | Geocode single client — no address | As manager, `POST /api/clients/{id}/geocode` for a client whose `address` is null/blank | 422; `{ status: "no_address", message: "...no address on file..." }` (clear, actionable) |
| TC-API-2.9 | Geocode single client — unresolvable/ambiguous address | As manager, set a nonsense address (e.g. `"asdkjhqweoui 99999"`) then `POST /api/clients/{id}/geocode` | 422; `{ status: "unresolved", message: "Address could not be resolved..." }` so groomers/managers know to correct it |
| TC-API-2.10 | Geocode single client — not found | As manager, `POST /api/clients/00000000-0000-0000-0000-000000000000/geocode` | 404 `{ error: "Not found" }` |
| TC-API-2.11 | Geocode endpoint is manager-only | As **groomer** or **receptionist**, `POST /api/clients/{id}/geocode` | 403 Forbidden (role not permitted) |
| TC-API-2.12 | Batch geocode un-geocoded clients | As manager, `POST /api/clients/geocode-batch?limit=10` on a DB with un-geocoded clients | 200 OK; body `{ provider, processed, geocoded, unresolved, errors, remaining, outcomes[] }`. `processed` ≤ 10; `remaining` reflects un-geocoded clients beyond this batch. Re-run while `remaining > 0` to finish (throttled to provider rate limit) |
| TC-API-2.13 | Batch geocode — invalid limit | As manager, `POST /api/clients/geocode-batch?limit=0` (or non-numeric) | 400 `{ error: "limit must be a positive integer" }` |
| TC-API-2.14 | Batch geocode — manager-only | As groomer/receptionist, `POST /api/clients/geocode-batch` | 403 Forbidden |
| TC-API-2.15 | Auto-geocode on create | As manager/receptionist, `POST /api/clients` with a valid `address` | 201 Created; response includes a `geocoding` object (`status: "geocoded"` for a resolvable address) and the persisted client carries `latitude`/`longitude`/`geocodedAt`. Creating without an address succeeds with no `geocoding` field |
| TC-API-2.16 | Auto-geocode on address update | As manager/receptionist, `PATCH /api/clients/{id}` changing `address` to a new valid value | 200 OK; response includes a `geocoding` object and refreshed coordinates. Patching unrelated fields (e.g. `name`) does NOT re-geocode (no `geocoding` field) |
| TC-API-2.17 | Clearing address drops coordinates | As manager/receptionist, `PATCH /api/clients/{id}` with `address: ""` | 200 OK; `latitude`/`longitude`/`geocodedAt` reset to null (no stale pin) |
### 4.3 Pet Management
| # | Scenario | Steps | Expected |
@@ -157,34 +78,6 @@ Geocoding turns a client's street address into `latitude`/`longitude` + `geocode
| TC-API-3.13 | Reject too many temperamentFlags | POST /api/pets with 21 temperamentFlags | 400 Bad Request, max 20 flags enforced |
| TC-API-3.14 | Reject too many preferredCuts | POST /api/pets with 21 preferredCuts | 400 Bad Request, max 20 cuts enforced |
| TC-API-3.15 | Reject too many medicalAlerts | POST /api/pets with 51 medicalAlerts | 400 Bad Request, max 50 alerts enforced |
| TC-API-3.16 | Get pet profile summary | GET /api/pets/{id}/profile-summary | 200 OK, aggregated profile with grooming history, visit count, upcoming appointment |
| TC-API-3.17 | Get pet profile summary — groomer restricted | GET /api/pets/{id}/profile-summary as groomer with no pet linkage | 403 Forbidden |
| TC-API-3.18 | Get pet profile summary — visitCount returns full count | GET /api/pets/{id}/profile-summary with 2+ completed appointments | visitCount >= 2 (not capped at 1) |
| TC-API-3.19 | Get pet profile summary — upcomingAppointment excludes past | GET /api/pets/{id}/profile-summary with a past confirmed/scheduled appointment | upcomingAppointment is null (past appointments filtered by startTime >= now) |
| TC-API-3.19a | Get pet profile summary — customer owner-bypass (GRO-2013) | Sign in as `uat-customer@groombook.dev`; `POST /api/portal/session-from-auth`; then `GET /api/pets/{ownPetId}/profile-summary` with header `X-Impersonation-Session-Id: {sessionId}` for either of the customer's seeded pets (`c0000001-0000-0000-0000-000000000002` UAT Pup Alpha, `c0000001-0000-0000-0000-000000000003` UAT Pup Beta) | 200 OK, aggregated profile returned (owner-bypass: customer with valid portal session for pet's clientId is allowed even though rbac.ts auto-provisions them as a `groomer` staff row with no appointment linkage) |
| TC-API-3.19b | Get pet profile summary — customer cross-tenant blocked (GRO-2013) | Sign in as `uat-customer@groombook.dev`; reuse the customer's sessionId from TC-API-3.19a; `GET /api/pets/{otherClientPetId}/profile-summary` for a pet owned by a different client (`c0000002-...` or any non-customer pet) | 403 Forbidden (owner-bypass requires session.clientId === pet.clientId) |
| TC-API-3.19c | Get pet profile summary — customer without portal session header | Same as TC-API-3.19a but omit the `X-Impersonation-Session-Id` header | 403 Forbidden (no owner-bypass without valid portal session) |
| TC-API-3.19d | Get pet profile summary — owner-bypass writes audit row (GRO-2063) | Same setup as TC-API-3.19a (sign in as `uat-customer@groombook.dev`, establish a portal session for the customer's own clientId, call `GET /api/pets/{ownPetId}/profile-summary` with `X-Impersonation-Session-Id: {sessionId}` and a 200 OK response). Then call `GET /api/impersonation/sessions/{sessionId}/audit-log` and confirm there is exactly one entry with `action === "read_profile_summary"`, `pageVisited` matching the profile-summary path, and `metadata` containing `petId` and `actorStaffId` for the customer. Repeat TC-API-3.19b (cross-tenant attempt) and confirm NO new `read_profile_summary` row was written for the cross-tenant attempt. | 200 OK on the profile-summary call AND an audit log entry is present with the correct shape (defense-in-depth audit row; bypass attempts against other clients must NOT log) |
| TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
| TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
| TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |
#### Seed Data Verification (GRO-1898)
> As of PR #98, UAT seed data populates all 5 extended profile fields for every pet, including the 5 deterministic UAT test client pets (Alpha, Bravo, Charlie, Delta, Echo). This enables manual verification of extended profile rendering without requiring a DB reset.
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-API-3.20 | GET /api/clients returns seed data | GET /api/clients | 200 OK, array with 1+ clients (UAT seed creates 500 + 5 deterministic UAT clients) |
| TC-API-3.21 | GET /api/pets/{id} returns extended fields for seed pet | Pick any pet ID from UAT test clients (uat-alpha through uat-echo pet names: TestBuddy, TestMax, TestCooper, TestRocky, TestDuke) and GET /api/pets/{id} | 200 OK; coatType, temperamentScore, temperamentFlags, medicalAlerts, preferredCuts all non-null |
| TC-API-3.22 | Verify medicalAlerts shape | GET /api/pets/{id} for any pet with non-empty medicalAlerts | medicalAlerts is an array; each entry has type, description, severity |
| TC-API-3.23 | Verify UAT test pet Charlie has behavioral alert | GET /api/pets/{id} where name = "TestCooper" (pet for uat-charlie@groombook.dev) | medicalAlerts includes an entry with type: "behavioral", severity: "low" or "high" |
| TC-API-3.24 | Verify UAT test pet Delta has skin alert | GET /api/pets/{id} where name = "TestRocky" (pet for uat-delta@groombook.dev) | medicalAlerts includes an entry with type: "skin" |
| TC-API-3.25 | Verify 30+ total pets in UAT DB | GET /api/pets then count total | 30+ pets returned (UAT seed creates 500 random-pool + 5 UAT test clients + 2 UAT customer = 507 total) |
| TC-API-3.26 | Verify 25-35% medicalAlerts distribution | GET /api/pets (first 30 pets), count how many have non-empty medicalAlerts | Ratio is 25-35% (seed uses rand() < 0.3 for ~30% distribution) |
| TC-API-3.27 | Verify coat_type enum has all seed values | After UAT seed completes, inspect the coat_type enum on the UAT DB — it must contain: short, medium, long, double, wire, silky, curly, hairless | UAT seed jobs (`reset-demo-data`, `seed-test-data`) complete 1/1 with no `enum_in` error; coat_type includes all 8 values used by seed.ts `coatTypePool` |
| TC-API-3.28 | Verify pet_size_category enum has all seed values | After UAT seed completes, inspect the pet_size_category enum on the UAT DB — it must contain: small, medium, large, extra_large | UAT seed jobs (`reset-demo-data`, `seed-test-data`) complete 1/1 with no `enum_in` error; pet_size_category includes all 4 values used by seed.ts `petSizeCategoryPool` (regression for GRO-1999, mirrors TC-API-3.27) |
| TC-API-3.29 | Verify `reset-demo-data` CronJob does not fail with FK 23503 on `invoice_tip_splits` (GRO-2123) | Trigger the CronJob manually: `kubectl create job --from=cronjob/reset-demo-data verify-gro2123 -n groombook-uat`. Wait for pod to terminate. Inspect logs: `kubectl logs -n groombook-uat -l job-name=verify-gro2123` | Pod reaches `Completed` state; logs show `✓ Acquired seed advisory lock` and `✓ Released seed advisory lock` from `seed.ts`; no `PostgresError: … violates foreign key constraint "invoice_tip_splits_invoice_id_invoices_id_fk"` (code 23503); final counts unchanged (500 clients, ~4000 invoices) |
### 4.4 Appointment Scheduling
@@ -211,33 +104,6 @@ Geocoding turns a client's street address into `latitude`/`longitude` + `geocode
| TC-API-5.4 | Update service | PATCH /api/services/{id} with updated fields | 200 OK, service updated |
| TC-API-5.5 | Delete service | DELETE /api/services/{id} | 200 OK, service deleted |
#### 4.5.1 Seed/Reset idempotency (GRO-2064)
Services seeding is now keyed on the deterministic `services.id` (not `name`) and
the reset path now `TRUNCATE`s `services` alongside the other dynamic tables.
This means:
- Running the seed Job twice in a row (no reset in between) converges to the
same catalogue — no `services_pkey` collision.
- A `pnpm reset` followed by `pnpm seed` (or a CronJob reset fire) leaves the
catalogue exactly matching `servicesDef` (10 rows, ids `b0000001-…-001`
`…-00a`), regardless of any stale rows that were present beforehand.
- Mixed `seedKnownUsers` + full `seed()` invocations are safe — the
`demoSvcs` subset (Bath & Brush, Full Groom Small/Medium, Nail Trim) is
keyed on ids `…-001`, `…-002`, `…-003`, `…-005` and the upsert target
is `services.id`, so the same-id / different-name collision that broke
GRO-2033 (id `…-004` = "Nail Trim" vs servicesDef `…-004` =
"Full Groom — Large") cannot recur.
**UAT regression** (verify after a new image is rolled out):
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-SEED-1 | Reset → seed converges | `kubectl -n groombook exec deploy/api -- pnpm reset && pnpm seed` | Seed completes 1/1, `services` count = 10, all ids match `servicesDef` |
| TC-SEED-2 | Idempotent re-seed | Re-run `pnpm seed` without reset | Seed completes 1/1, no `services_pkey` errors, `services` count still 10 |
| TC-SEED-3 | Catalogue matches servicesDef | `psql -c "SELECT id, name FROM services ORDER BY id"` | Rows `…-001``…-00a` with names "Bath & Brush"…"Sanitary Trim" exactly as in `servicesDef` |
| TC-SEED-4 | Demo subset coexists | Run `seedKnownUsers` then full `seed` | No collision, demo subset (4 services) ends up with the same rows the full seed would write |
### 4.6 Staff Management
| # | Scenario | Steps | Expected |
@@ -273,14 +139,6 @@ This means:
| TC-API-8.5 | Add waitlist entry | POST /api/portal/waitlist with pet and service | 201 Created, waitlist entry created |
| TC-API-8.6 | View portal invoices | GET /api/portal/invoices | 200 OK, list of client's invoices returned |
| TC-API-8.7 | Pay multiple invoices | POST /api/portal/invoices/pay-multiple with invoice IDs | 200 OK, payment intent created |
| TC-API-8.8 | SSO bridge — valid Better Auth session | POST /api/portal/session-from-auth with valid Better Auth session cookie (authenticated SSO user with matching client email) | 201 Created, `{sessionId, clientId, clientName}` returned |
| TC-API-8.9 | SSO bridge — no Better Auth session | POST /api/portal/session-from-auth without Better Auth session cookie | 401 Unauthorized |
| TC-API-8.10 | SSO bridge — no matching client | POST /api/portal/session-from-auth with valid Better Auth session for a user with no client record | 404 Not Found, error "No client record found for this user" |
| TC-API-8.11 | SSO bridge — returned session works on portal routes | After TC-API-8.8, use returned sessionId as `X-Impersonation-Session-Id` header on GET /api/portal/me | 200 OK, client profile returned |
| TC-API-8.12 | Portal GET pets returns extended fields (GRO-2187) | Establish a portal session (TC-API-8.8), then `GET /api/portal/pets` with `X-Impersonation-Session-Id` | 200 OK; each pet includes `coatType`, `petSizeCategory`, `healthAlerts`, `preferredCuts`, `medicalAlerts` (in addition to id/name/breed/weight/birthDate/photoUrl/notes) |
| TC-API-8.13 | Portal pet update — owner success + persistence (GRO-2187, fixes [GRO-1480](/GRO/issues/GRO-1480) §5.23) | With a portal session for the pet's owner, `PATCH /api/portal/pets/{petId}` with body `{ "name": "...", "breed": "...", "weightKg": 18.25, "healthAlerts": "...", "coatType": "double", "petSizeCategory": "xlarge", "preferredCuts": ["teddy bear"], "medicalAlerts": [{"type":"allergy","description":"oatmeal","severity":"medium"}] }` | 200 OK; response reflects the update with `petSizeCategory: "extra_large"` (web `xlarge` → DB `extra_large`). A follow-up `GET /api/portal/pets` shows the persisted values |
| TC-API-8.14 | Portal pet update — non-owner blocked (GRO-2187) | `PATCH /api/portal/pets/{petId}` for a pet owned by a different client, using another client's portal session | 403 Forbidden (or 404 if pet id is unknown); no mutation persisted |
| TC-API-8.15 | Portal pet update — invalid enum rejected (GRO-2187) | `PATCH /api/portal/pets/{petId}` with `coatType: "fluffy"` or `petSizeCategory: "gigantic"` | 422 Unprocessable Entity; pet unchanged |
### 4.9 Waitlist
@@ -358,24 +216,6 @@ This means:
| TC-API-15.6 | Reject missing required fields | POST /api/admin/buffer-rules with service only | 400 Bad Request, species and sizeCategory required |
| TC-API-15.7 | Booking uses buffer | Book appointment for pet with sizeCategory; verify duration reflects buffer | 201 Created, appointment duration includes buffer time |
### 4.16 Route Optimization — Route CRUD + Optimize (GRO-2155, Phase 2.1)
A groomer's daily route is one row per `(staffId, routeDate)` in `groomer_routes`, with ordered `route_stops`. `POST /api/routes/optimize` pulls the day's non-cancelled appointments whose client is geocoded (GRO-2154), orders them (Google Directions `optimizeWaypoints` when a key is configured in `businessSettings.googleMapsApiKey`, else an offline nearest-neighbor heuristic), and persists `stopOrder`, `travelMinsFromPrev`, `travelDistanceKmFromPrev` plus route `totalTravelMins`/`totalDistanceKm`/`optimizedAt`. **Auth: manager (any groomer's route) or groomer (own route only); receptionists have no access.** Pre-condition: at least one geocoded client with appointments on the target date for the staff member (use §4.2 geocoding + a seed groomer).
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-API-16.1 | Fetch daily route (auto-create draft) | As **manager**, `GET /api/routes/daily?staffId={groomerId}&date=YYYY-MM-DD` for a date with no existing route | 200 OK; body `{ route, stops }`. `route.status` is `"draft"`, `route.staffId`/`routeDate` match, `stops` is `[]`. Re-calling returns the same route row (no duplicate) |
| TC-API-16.2 | Optimize a multi-stop day | As manager, with ≥2 geocoded appointments for the groomer on the date, `POST /api/routes/optimize` body `{ "staffId": "{groomerId}", "date": "YYYY-MM-DD" }` | 200 OK; `route.status: "optimized"`, `optimizedAt` set, `totalTravelMins`/`totalDistanceKm` populated. `stops` ordered by `stopOrder` (1..N); first stop has `travelMinsFromPrev: null`, the rest positive. `provider` is `"nearest_neighbor"` (no Google key in UAT). Each stop carries `bufferMins` (default 15) |
| TC-API-16.3 | Re-optimize replaces prior order | As manager, run TC-API-16.2 twice | Second call returns 200; stops fully replaced (no duplicate `route_stops`, `stopOrder` still contiguous 1..N), `optimizedAt` refreshed |
| TC-API-16.4 | Skips un-geocoded appointments | As manager, optimize a day where one appointment's client has no coordinates | 200 OK; that appointment is absent from `stops` and listed under `skipped[]` with `reason: "client address is not geocoded"`; a corresponding entry appears in `warnings[]` |
| TC-API-16.5 | Empty / single-stop day | As manager, optimize a date with 0 (or 1) geocoded appointments | 200 OK; `route.status: "optimized"`, `totalTravelMins: 0`, `totalDistanceKm: "0.00"`. For 1 stop, `stops` has one entry with `travelMinsFromPrev: null` |
| TC-API-16.6 | >25 stops chunked with warning | As manager, optimize a day with >25 geocoded appointments | 200 OK; `chunked: true`, `subRouteCount ≥ 2`, a `warnings[]` entry mentions sub-routes; all appointments appear exactly once with contiguous `stopOrder` |
| TC-API-16.7 | Groomer reads own route | As **groomer**, `GET /api/routes/daily?date=YYYY-MM-DD` (omit staffId, or pass own id) | 200 OK; route resolves to the groomer's own `staffId` |
| TC-API-16.8 | Groomer cannot access another's route | As groomer, `GET /api/routes/daily?staffId={otherGroomerId}&date=...` or `POST /api/routes/optimize` with another `staffId` | 403 Forbidden (`groomers may only access their own route`) |
| TC-API-16.9 | Receptionist denied | As **receptionist**, `GET /api/routes/daily?...` or `POST /api/routes/optimize` | 403 Forbidden (role not permitted) |
| TC-API-16.10 | Manager must supply staffId | As manager, `POST /api/routes/optimize` body `{ "date": "YYYY-MM-DD" }` (no staffId) | 400 `{ error: "staffId is required" }` |
| TC-API-16.11 | Invalid date rejected | `GET /api/routes/daily?staffId=...&date=06-08-2026` (wrong format) | 400 validation error (`date must be YYYY-MM-DD`) |
## Pass/Fail Criteria
**Pass:**
apps/api/package.json
+2 -2
View File
@@ -12,8 +12,8 @@
"test": "vitest run",
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate",
"db:seed": "pnpm --filter @groombook/db seed",
"db:reset": "pnpm --filter @groombook/db reset",
"db:seed": "tsx src/db/seed.ts",
"db:reset": "tsx src/db/reset.ts && drizzle-kit migrate && tsx src/db/seed.ts",
"db:studio": "drizzle-kit studio"
},
"dependencies": {
apps/api/src/__tests__/petProfileSummary.test.ts
-517
View File
@@ -1,517 +0,0 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import { Hono } from "hono";
import type { AppEnv, StaffRow } from "../middleware/rbac.js";
import { petsRouter } from "../routes/pets.js";
// ─── Mock staff fixtures ──────────────────────────────────────────────────────
const MANAGER: StaffRow = {
id: "staff-manager-id",
oidcSub: "oidc-manager-sub",
userId: null,
role: "manager",
isSuperUser: true,
name: "Manager McManager",
email: "manager@example.com",
active: true,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
};
const GROOMER: StaffRow = {
id: "staff-groomer-id",
oidcSub: "oidc-groomer-sub",
userId: null,
role: "groomer",
isSuperUser: false,
name: "Groomer McGroome",
email: "groomer@example.com",
active: true,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
};
// ─── Mutable mock state ───────────────────────────────────────────────────────
const CLIENT_ID = "client-uuid-summary";
const PET_ID = "pet-uuid-summary";
interface MockState {
pets: Record<string, unknown>[];
appointments: Record<string, unknown>[];
groomingLogs: Record<string, unknown>[];
staffMembers: Record<string, unknown>[];
services: Record<string, unknown>[];
impersonationSessions: Record<string, unknown>[];
}
let mock: MockState;
function resetMock() {
mock = {
pets: [{
id: PET_ID,
clientId: CLIENT_ID,
name: "Biscuit",
species: "dog",
breed: "Golden Retriever",
weightKg: "30.00",
dateOfBirth: null,
healthAlerts: null,
groomingNotes: null,
cutStyle: null,
shampooPreference: null,
specialCareNotes: null,
customFields: {},
photoKey: null,
photoUploadedAt: null,
image: null,
coatType: "double",
temperamentScore: 3,
temperamentFlags: ["gentle"],
medicalAlerts: [],
preferredCuts: ["puppy cut"],
createdAt: new Date("2024-01-01"),
updatedAt: new Date("2024-01-01"),
}],
appointments: [
{
id: "appt-completed-1",
clientId: CLIENT_ID,
petId: PET_ID,
serviceId: "service-1",
staffId: "staff-groomer-id",
batherStaffId: null,
status: "completed",
startTime: new Date("2024-06-01T09:00:00Z"),
endTime: new Date("2024-06-01T11:00:00Z"),
notes: null,
priceCents: 6000,
seriesId: null,
seriesIndex: null,
groupId: null,
confirmationStatus: "confirmed",
confirmedAt: null,
cancelledAt: null,
confirmationToken: null,
customerNotes: null,
createdAt: new Date("2024-05-15"),
updatedAt: new Date("2024-05-15"),
},
{
id: "appt-upcoming-1",
clientId: CLIENT_ID,
petId: PET_ID,
serviceId: "service-2",
staffId: "staff-groomer-id",
batherStaffId: null,
status: "confirmed",
startTime: new Date("2024-12-01T09:00:00Z"),
endTime: new Date("2024-12-01T11:00:00Z"),
notes: null,
priceCents: 6500,
seriesId: null,
seriesIndex: null,
groupId: null,
confirmationStatus: "confirmed",
confirmedAt: null,
cancelledAt: null,
confirmationToken: null,
customerNotes: null,
createdAt: new Date("2024-11-01"),
updatedAt: new Date("2024-11-01"),
},
],
groomingLogs: [
{
id: "log-1",
petId: PET_ID,
appointmentId: "appt-completed-1",
staffId: "staff-groomer-id",
cutStyle: "puppy cut",
productsUsed: "oatmeal shampoo",
notes: "Trimmed nails",
groomedAt: new Date("2024-06-01T10:00:00Z"),
createdAt: new Date("2024-06-01T10:00:00Z"),
},
],
staffMembers: [
{
id: "staff-groomer-id",
name: "Groomer McGroome",
email: "groomer@example.com",
role: "groomer",
isSuperUser: false,
active: true,
oidcSub: "oidc-groomer-sub",
userId: null,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
},
{
id: "staff-manager-id",
name: "Manager McManager",
email: "manager@example.com",
role: "manager",
isSuperUser: true,
active: true,
oidcSub: "oidc-manager-sub",
userId: null,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
},
],
services: [
{ id: "service-1", name: "Full Groom", description: null, basePriceCents: 6000, durationMinutes: 120, active: true, createdAt: new Date(), updatedAt: new Date() },
{ id: "service-2", name: "Bath & Brush", description: null, basePriceCents: 4000, durationMinutes: 60, active: true, createdAt: new Date(), updatedAt: new Date() },
],
impersonationSessions: [
{
id: "sess-owner",
staffId: "staff-groomer-id",
clientId: CLIENT_ID,
reason: "sso-bridge",
status: "active",
startedAt: new Date("2024-11-01"),
endedAt: null,
expiresAt: new Date("2099-01-01T00:00:00Z"),
createdAt: new Date("2024-11-01"),
},
],
};
}
vi.mock("../db/index.js", () => {
const pets = new Proxy({ _name: "pets" }, { get: (t, p) => p === "_name" ? "pets" : {} });
const appointments = new Proxy({ _name: "appointments" }, { get: (t, p) => p === "_name" ? "appointments" : {} });
const groomingVisitLogs = new Proxy({ _name: "groomingVisitLogs" }, { get: (t, p) => p === "_name" ? "groomingVisitLogs" : {} });
const staff = new Proxy({ _name: "staff" }, { get: (t, p) => p === "_name" ? "staff" : {} });
const services = new Proxy({ _name: "services" }, { get: (t, p) => p === "_name" ? "services" : {} });
const impersonationSessions = new Proxy({ _name: "impersonationSessions" }, { get: (t, p) => p === "_name" ? "impersonationSessions" : {} });
// Tracks { [tableName]: { [alias]: SQLExpression } } for the current select() call
let selectedColumns: Record<string, Record<string, unknown>> = {};
function makeChainable(rows: unknown[]) {
const arr = rows as unknown[];
return new Proxy(arr, {
get(target, prop) {
if (prop === "where" || prop === "orderBy" || prop === "limit" || prop === "leftJoin" || prop === "from") {
return () => makeChainable(target);
}
if (prop === Symbol.iterator) {
return function* () { for (const v of target) yield v; };
}
if (prop === Symbol.asyncIterator) {
return async function* () { for (const v of target) yield v; };
}
// @ts-expect-error proxy
return target[prop];
},
});
}
// sql mock: returns an object with .as() so drizzle's select() can alias it
function sqlMock(_strings: TemplateStringsArray, ..._params: unknown[]) {
const queryString = _strings[0];
const asFn = (alias: string) => ({
sql: { queryChunks: [_strings[0]] },
fieldAlias: alias,
getSQL() { return this.sql; },
});
return { queryChunks: [queryString], as: asFn };
}
return {
getDb: () => ({
select: (cols?: Record<string, unknown>) => {
selectedColumns = {};
if (cols) {
// Inspect cols to find sql-aliased expressions and their aliases
for (const [alias, expr] of Object.entries(cols)) {
if (expr && typeof expr === "object" && "as" in expr && typeof (expr as Record<string, unknown>).as === "function") {
const aliased = (expr as { as: (a: string) => { fieldAlias: string; sql: unknown } }).as(alias);
// Detect count(*) queries
if (typeof aliased.sql === "object" && aliased.sql !== null && "queryChunks" in (aliased.sql as Record<string, unknown>) && String((aliased.sql as { queryChunks?: unknown[] }).queryChunks).includes("count")) {
// Store count query intent — we'll resolve it in from()
if (!selectedColumns["appointments"]) selectedColumns["appointments"] = {};
selectedColumns["appointments"][alias] = { _isCountQuery: true };
}
}
}
}
return {
from: (table: unknown) => {
const name = (table as { _name?: string })._name;
const tableCols = selectedColumns[name] || {};
// If this table has a count query, return computed count result
const countQueryEntry = Object.entries(tableCols).find(([, v]) =>
typeof v === "object" && v !== null && "_isCountQuery" in v
);
if (countQueryEntry) {
const [countAlias] = countQueryEntry;
const count = (name === "appointments" ? mock.appointments : [])
.filter((row: Record<string, unknown>) => row.status === "completed").length;
return makeChainable([{ [countAlias]: count }]);
}
if (name === "pets") return makeChainable(mock.pets);
if (name === "appointments") return makeChainable(mock.appointments);
if (name === "groomingVisitLogs") return makeChainable(mock.groomingLogs);
if (name === "staff") return makeChainable(mock.staffMembers);
if (name === "services") return makeChainable(mock.services);
if (name === "impersonationSessions") return makeChainable(mock.impersonationSessions);
return makeChainable([]);
},
};
},
insert: () => ({ values: () => ({ returning: () => [{}] }) }),
update: () => ({ set: () => ({ where: () => ({ returning: () => [{}] }) }) }),
delete: () => ({ where: () => ({ returning: () => [{}] }) }),
}),
pets,
appointments,
groomingVisitLogs,
staff,
services,
impersonationSessions,
and: vi.fn((a: unknown, b: unknown) => [a, b]),
desc: vi.fn((c: unknown) => c),
eq: vi.fn((_col: unknown, _val: unknown) => ({ col: _col, val: _val })),
exists: vi.fn(() => true),
gte: vi.fn((a: unknown, b: unknown) => ({ col: a, val: b })),
or: vi.fn((a: unknown, b: unknown) => [a, b]),
sql: sqlMock,
};
});
// ─── Helpers ──────────────────────────────────────────────────────────────────
function makeApp(staff: StaffRow = MANAGER) {
const app = new Hono<AppEnv>();
app.use("*", async (c, next) => {
c.set("staff", staff);
await next();
});
return app.route("/pets", petsRouter);
}
// ─── Tests ────────────────────────────────────────────────────────────────────
describe("GET /:id/profile-summary", () => {
beforeEach(resetMock);
it("returns 404 for non-existent pet", async () => {
const app = makeApp();
mock.pets = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(404);
});
it("returns 403 for groomer with no pet linkage", async () => {
const app = makeApp(GROOMER);
// Groomer has no linkage to this pet's client — clear appointments
mock.appointments = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(403);
});
it("returns complete aggregated profile for manager", async () => {
const app = makeApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.id).toBe(PET_ID);
expect(body.name).toBe("Biscuit");
expect(body.species).toBe("dog");
expect(body.recentGroomingHistory).toBeInstanceOf(Array);
expect(body.lastVisitDate).toBeTruthy();
expect(body.visitCount).toBeGreaterThanOrEqual(0);
});
it("groomer with pet linkage returns 200", async () => {
const app = makeApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
it("recentGroomingHistory is limited to 10 entries", async () => {
const app = makeApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.recentGroomingHistory.length).toBeLessThanOrEqual(10);
});
it("returns null upcomingAppointment when none scheduled", async () => {
const app = makeApp(MANAGER);
mock.appointments = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.upcomingAppointment).toBeNull();
});
});
describe("GET /:id/profile-summary — visitCount", () => {
beforeEach(resetMock);
it("returns visitCount >= 2 when pet has 2+ completed appointments", async () => {
const app = makeApp(MANAGER);
// Add a second completed appointment
mock.appointments = [
...mock.appointments,
{
id: "appt-completed-2",
clientId: CLIENT_ID,
petId: PET_ID,
serviceId: "service-1",
staffId: "staff-groomer-id",
batherStaffId: null,
status: "completed",
startTime: new Date("2024-07-01T09:00:00Z"),
endTime: new Date("2024-07-01T11:00:00Z"),
notes: null,
priceCents: 6000,
seriesId: null,
seriesIndex: null,
groupId: null,
confirmationStatus: "confirmed",
confirmedAt: null,
cancelledAt: null,
confirmationToken: null,
customerNotes: null,
createdAt: new Date("2024-06-15"),
updatedAt: new Date("2024-06-15"),
},
];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.visitCount).toBeGreaterThanOrEqual(2);
});
it("returns visitCount = 0 when no completed appointments", async () => {
const app = makeApp(MANAGER);
mock.appointments = mock.appointments.map((a) => ({ ...a, status: "cancelled" }));
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.visitCount).toBe(0);
});
});
describe("GET /:id/profile-summary — empty history", () => {
beforeEach(resetMock);
it("returns empty history array when no grooming logs", async () => {
const app = makeApp(MANAGER);
mock.groomingLogs = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.recentGroomingHistory).toEqual([]);
expect(body.lastVisitDate).toBeNull();
});
});
describe("GET /:id/profile-summary — owner-bypass via X-Impersonation-Session-Id (GRO-2013)", () => {
beforeEach(resetMock);
// Simulates the rbac.ts auto-provisioned "groomer" that a customer gets on first login:
// role=groomer, no linkage to any appointment.
const CUSTOMER_STAFF: StaffRow = {
id: "staff-customer-id",
oidcSub: null,
userId: "user-customer-id",
role: "groomer",
isSuperUser: false,
name: "UAT Customer",
email: "uat-customer@groombook.dev",
active: true,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
};
it("customer with valid portal session for pet's client returns 200 (owner-bypass)", async () => {
const app = makeApp(CUSTOMER_STAFF);
// Groomer has no appointment linkage — proves the bypass is via portal session, not linkage.
mock.appointments = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-owner" },
});
expect(res.status).toBe(200);
const body = await res.json();
expect(body.id).toBe(PET_ID);
expect(body.name).toBe("Biscuit");
expect(body.clientId).toBe(CLIENT_ID);
});
it("customer without X-Impersonation-Session-Id header still gets 403 (no bypass)", async () => {
const app = makeApp(CUSTOMER_STAFF);
mock.appointments = [];
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(403);
});
it("customer with portal session for a DIFFERENT client gets 403 (cross-tenant blocked)", async () => {
const app = makeApp(CUSTOMER_STAFF);
mock.appointments = [];
mock.impersonationSessions = [
{
id: "sess-other-client",
staffId: "staff-customer-id",
clientId: "00000000-0000-0000-0000-000000000099", // different from CLIENT_ID
reason: "sso-bridge",
status: "active",
startedAt: new Date("2024-11-01"),
endedAt: null,
expiresAt: new Date("2099-01-01T00:00:00Z"),
createdAt: new Date("2024-11-01"),
},
];
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-other-client" },
});
expect(res.status).toBe(403);
});
it("customer with expired portal session still gets 403", async () => {
const app = makeApp(CUSTOMER_STAFF);
mock.appointments = [];
mock.impersonationSessions = [
{
id: "sess-expired",
staffId: "staff-customer-id",
clientId: CLIENT_ID,
reason: "sso-bridge",
status: "active",
startedAt: new Date("2024-01-01"),
endedAt: null,
expiresAt: new Date("2024-02-01T00:00:00Z"), // expired long ago
createdAt: new Date("2024-01-01"),
},
];
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-expired" },
});
expect(res.status).toBe(403);
});
it("manager does NOT need the impersonation header (existing role check still works)", async () => {
const app = makeApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
it("groomer with linkage to pet's client still works (regression — no regression from bypass)", async () => {
const app = makeApp(GROOMER);
// GROOMER fixture has appointments linked to staff-groomer-id in the mock state
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
});
apps/api/src/__tests__/seed-uat-credentials.test.ts
+5 -82
View File
@@ -67,7 +67,6 @@ let dbAccounts: AccountRow[] = [];
let dbStaff: StaffRow[] = [];
let insertedUsers: UserRow[] = [];
let insertedAccounts: AccountRow[] = [];
let updatedAccounts: Array<{ id: string; password: string }> = [];
let updatedStaff: Array<{ id: string; userId: string }> = [];
const originalEnv = { ...process.env };
@@ -78,7 +77,6 @@ function resetMock() {
dbStaff = [];
insertedUsers = [];
insertedAccounts = [];
updatedAccounts = [];
updatedStaff = [];
process.env = { ...originalEnv };
}
@@ -175,11 +173,7 @@ async function seedUatCredentials(
);
if (existingAccount) {
// Idempotent update: re-hash the current env password and update the stored hash.
const { hashPassword } = await import("better-auth/crypto");
const passwordHash = await hashPassword(password);
existingAccount.password = passwordHash;
updatedAccounts.push({ id: existingAccount.id, password: passwordHash });
// skip — already has credential account
} else {
// Use Better-Auth's hashPassword so test helper matches production seed.ts
const { hashPassword } = await import("better-auth/crypto");
@@ -318,9 +312,9 @@ describe("seedUatCredentials — credential provisioning logic", () => {
expect(updatedStaff).toHaveLength(0);
});
// ── AC-5: idempotent — does not insert duplicate records ───────────────────
// ── AC-5: idempotent — skips when user already exists ───────────────────────
it("AC-5: re-running does not insert duplicate user or account records", async () => {
it("AC-5: re-running does not duplicate user or account records (idempotent)", async () => {
process.env.SEED_UAT_CUSTOMER_PASSWORD = TEST_PASSWORD;
const preExistingUsers: UserRow[] = [
@@ -336,96 +330,25 @@ describe("seedUatCredentials — credential provisioning logic", () => {
},
];
// First call — nothing inserted (user + account pre-exist)
await seedUatCredentials([UAT_ACCOUNTS[2]!], {
users: preExistingUsers,
accounts: preExistingAccounts,
staff: [],
});
// No inserts — user and account already exist
expect(insertedUsers).toHaveLength(0);
expect(insertedAccounts).toHaveLength(0);
});
// ── AC-5b: password rotation on re-seed ─────────────────────────────────────
it("AC-5b: re-running with a new password updates the stored credential hash", async () => {
const OLD_PASSWORD = "old-password-abc";
const NEW_PASSWORD = "new-password-xyz";
process.env.SEED_UAT_CUSTOMER_PASSWORD = NEW_PASSWORD;
const preExistingUsers: UserRow[] = [
{ id: "pre-existing-user", email: "uat-customer@groombook.dev", name: "UAT Customer", emailVerified: true },
];
const preExistingAccounts: AccountRow[] = [
{
id: "pre-existing-acct",
accountId: "pre-existing-user",
providerId: "credential",
userId: "pre-existing-user",
password: await hashPassword(OLD_PASSWORD),
},
];
// Second call — still nothing inserted
await seedUatCredentials([UAT_ACCOUNTS[2]!], {
users: preExistingUsers,
accounts: preExistingAccounts,
staff: [],
});
// No new records inserted
expect(insertedUsers).toHaveLength(0);
expect(insertedAccounts).toHaveLength(0);
// Password WAS updated to the new env value
expect(updatedAccounts).toHaveLength(1);
expect(updatedAccounts[0]!.id).toBe("pre-existing-acct");
// New hash is valid Better-Auth format (salt:key, each hex)
const newHashParts = updatedAccounts[0]!.password.split(":");
expect(Buffer.from(newHashParts[0]!, "hex")).toHaveLength(16);
expect(Buffer.from(newHashParts[1]!, "hex")).toHaveLength(64);
});
// ── AC-8: existing account password IS updated (not frozen at first-seed) ──
it("AC-8: re-seeding with a changed password env var updates the stored hash", async () => {
const ORIGINAL_PASSWORD = "original-password";
const ROTATED_PASSWORD = "rotated-password-456";
process.env.SEED_UAT_CUSTOMER_PASSWORD = ROTATED_PASSWORD;
const preExistingUsers: UserRow[] = [
{ id: "pre-existing-user", email: "uat-customer@groombook.dev", name: "UAT Customer", emailVerified: true },
];
// Account was created with the original password on first seed
const originalHash = await hashPassword(ORIGINAL_PASSWORD);
const preExistingAccounts: AccountRow[] = [
{
id: "pre-existing-acct",
accountId: "pre-existing-user",
providerId: "credential",
userId: "pre-existing-user",
password: originalHash,
},
];
// Re-seed with the rotated password env var
await seedUatCredentials([UAT_ACCOUNTS[2]!], {
users: preExistingUsers,
accounts: preExistingAccounts,
staff: [],
});
// No new user or account created
expect(insertedUsers).toHaveLength(0);
expect(insertedAccounts).toHaveLength(0);
// The pre-existing account's password WAS updated (not frozen at first-seed).
// hashPassword uses a random salt so we verify by format + that it is a new,
// different valid hash from the original.
const updatedAcct = preExistingAccounts[0]!;
expect(updatedAcct.password).toBeDefined();
expect(updatedAcct.password).toMatch(/^[a-f0-9]{32}:[a-f0-9]{128}$/);
expect(updatedAcct.password).not.toBe(originalHash); // it actually changed
});
// ── AC-6: missing env var skips with warning ────────────────────────────────
apps/api/src/db/seed.ts
+1260
View File
File diff suppressed because it is too large Load Diff
apps/api/src/routes/admin/seed.ts
+1 -1
View File
@@ -46,7 +46,7 @@ const UAT_CLIENT = {
const UAT_PETS = [
{ name: "Bella", species: "Dog", breed: "Poodle", coatType: "curly" as const, weightKg: "20.00" },
{ name: "Max", species: "Dog", breed: "Labrador Retriever", coatType: "smooth" as const, weightKg: "30.00" },
{ name: "Max", species: "Dog", breed: "Labrador Retriever", coatType: "short" as const, weightKg: "30.00" },
];
const DEMO_SERVICES = [
apps/api/src/routes/pets.ts
+1 -167
View File
@@ -1,7 +1,7 @@
import { Hono } from "hono";
import { zValidator } from "@hono/zod-validator";
import { z } from "zod/v3";
import { and, desc, eq, exists, getDb, gte, groomingVisitLogs, impersonationSessions, or, pets, appointments, staff, services, sql } from "../db/index.js";
import { and, eq, exists, getDb, or, pets, appointments } from "../db/index.js";
import type { AppEnv } from "../middleware/rbac.js";
import {
getPresignedUploadUrl,
@@ -283,169 +283,3 @@ petsRouter.get("/:petId/photo", async (c) => {
const url = await getPresignedGetUrl(pet.photoKey);
return c.json({ url, photoKey: pet.photoKey, photoUploadedAt: pet.photoUploadedAt });
});
// ─── Profile Summary ───────────────────────────────────────────────────────────
async function groomerLinkageCheck(
db: ReturnType<typeof getDb>,
clientId: string,
staffRow: NonNullable<AppEnv["Variables"]["staff"]>
): Promise<boolean> {
const [linkage] = await db
.select({ id: appointments.id })
.from(appointments)
.where(
and(
eq(appointments.clientId, clientId),
or(
eq(appointments.staffId, staffRow.id),
eq(appointments.batherStaffId, staffRow.id)
)
)
)
.limit(1);
return !!linkage;
}
/**
* Resolves the clientId from the X-Impersonation-Session-Id header, if present and active.
* Used by staff routes to allow a customer (auto-provisioned as a `groomer` staff row
* by rbac.ts) to access their own pet's data when they are the rightful owner.
*
* Returns null when the header is missing, the session is unknown/expired/ended, or the
* session exists but has no clientId — callers should treat null as "no owner-bypass".
*/
async function resolveImpersonationClientId(
db: ReturnType<typeof getDb>,
c: { req: { header: (name: string) => string | undefined } }
): Promise<string | null> {
const sessionId = c.req.header("X-Impersonation-Session-Id");
if (!sessionId) return null;
const [session] = await db
.select({ clientId: impersonationSessions.clientId, status: impersonationSessions.status, expiresAt: impersonationSessions.expiresAt })
.from(impersonationSessions)
.where(eq(impersonationSessions.id, sessionId))
.limit(1);
if (!session) return null;
if (session.status !== "active") return null;
if (session.expiresAt <= new Date()) return null;
return session.clientId;
}
/**
* GET /:id/profile-summary
* Returns aggregated profile: basic pet fields + grooming history + visit stats + upcoming appointment.
* Groomer RBAC: same visibility rules as GET /:id.
* Owner-bypass (GRO-2013): a customer who supplies a valid X-Impersonation-Session-Id
* for the pet's owning client may read their own pet's summary, even though rbac.ts
* auto-provisions them as a `groomer` staff row with no appointment linkage.
*/
petsRouter.get("/:id/profile-summary", async (c) => {
const db = getDb();
const petId = c.req.param("id");
const staffRow = c.get("staff");
const isGroomer = staffRow?.role === "groomer";
const [row] = await db.select().from(pets).where(eq(pets.id, petId));
if (!row) return c.json({ error: "Not found" }, 404);
// Owner-bypass: customer with a valid portal session for this pet's client
// is allowed to view their own pet's profile summary (GRO-2013).
let isOwner = false;
if (isGroomer) {
const ownerClientId = await resolveImpersonationClientId(db, c);
isOwner = !!ownerClientId && ownerClientId === row.clientId;
}
if (isGroomer && !isOwner) {
const hasLinkage = await groomerLinkageCheck(db, row.clientId, staffRow);
if (!hasLinkage) return c.json({ error: "Forbidden" }, 403);
}
// Recent grooming history: last 10, with staff name join
const historyRows = await db
.select({
id: groomingVisitLogs.id,
petId: groomingVisitLogs.petId,
appointmentId: groomingVisitLogs.appointmentId,
staffId: groomingVisitLogs.staffId,
staffName: staff.name,
cutStyle: groomingVisitLogs.cutStyle,
productsUsed: groomingVisitLogs.productsUsed,
notes: groomingVisitLogs.notes,
groomedAt: groomingVisitLogs.groomedAt,
createdAt: groomingVisitLogs.createdAt,
})
.from(groomingVisitLogs)
.leftJoin(staff, eq(staff.id, groomingVisitLogs.staffId))
.where(eq(groomingVisitLogs.petId, petId))
.orderBy(desc(groomingVisitLogs.groomedAt))
.limit(10);
const recentGroomingHistory = historyRows.map((r) => ({
id: r.id,
petId: r.petId,
appointmentId: r.appointmentId,
staffId: r.staffId,
staffName: r.staffName,
cutStyle: r.cutStyle,
productsUsed: r.productsUsed,
notes: r.notes,
groomedAt: r.groomedAt?.toISOString() ?? null,
createdAt: r.createdAt?.toISOString() ?? null,
}));
const lastVisitDate = historyRows[0]?.groomedAt?.toISOString() ?? null;
// Completed appointment count for this pet
const [{ count: visitCount }] = await db
.select({ count: sql<number>`count(*)::int` })
.from(appointments)
.where(and(eq(appointments.petId, petId), eq(appointments.status, "completed")));
// Upcoming appointment: next scheduled or confirmed
const [nextAppt] = await db
.select({
id: appointments.id,
serviceId: appointments.serviceId,
staffId: appointments.staffId,
startTime: appointments.startTime,
endTime: appointments.endTime,
status: appointments.status,
serviceName: services.name,
staffName: staff.name,
})
.from(appointments)
.leftJoin(services, eq(services.id, appointments.serviceId))
.leftJoin(staff, eq(staff.id, appointments.staffId))
.where(
and(
eq(appointments.petId, petId),
or(eq(appointments.status, "scheduled"), eq(appointments.status, "confirmed")),
gte(appointments.startTime, new Date())
)
)
.orderBy(appointments.startTime)
.limit(1);
const upcomingAppointment = nextAppt
? {
id: nextAppt.id,
serviceId: nextAppt.serviceId,
serviceName: nextAppt.serviceName,
staffId: nextAppt.staffId,
staffName: nextAppt.staffName,
startTime: nextAppt.startTime?.toISOString() ?? null,
endTime: nextAppt.endTime?.toISOString() ?? null,
status: nextAppt.status,
}
: null;
return c.json({
...row,
recentGroomingHistory,
lastVisitDate,
visitCount,
upcomingAppointment,
});
});
packages/db/migrations/0034_extend_pet_profile_columns.sql
-8
View File
@@ -1,8 +0,0 @@
-- Migration: 0034_extend_pet_profile_columns.sql
-- GRO-1850: Adds temperament_score, temperament_flags, medical_alerts,
-- and preferred_cuts columns to the pets table.
ALTER TABLE "pets" ADD COLUMN "temperament_score" integer;
ALTER TABLE "pets" ADD COLUMN "temperament_flags" jsonb DEFAULT '[]';
ALTER TABLE "pets" ADD COLUMN "medical_alerts" jsonb DEFAULT '[]';
ALTER TABLE "pets" ADD COLUMN "preferred_cuts" jsonb DEFAULT '[]';
packages/db/migrations/0035_add_missing_coat_type_values.sql
-9
View File
@@ -1,9 +0,0 @@
-- Migration: 0035_add_missing_coat_type_values.sql
-- Adds missing values to coat_type enum that seed.ts requires but which were
-- omitted from the 0031_buffer_rules.sql CREATE TYPE statement (migration drift).
-- 0031 created: 'smooth', 'double', 'wire', 'curly', 'long', 'hairless'
-- Missing (from schema.ts coatTypeEnum): 'short', 'medium', 'silky'
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'medium';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'silky';
packages/db/migrations/0035_add_short_to_coat_type_enum.sql
-14
View File
@@ -1,14 +0,0 @@
-- Migration: 0035_add_short_to_coat_type_enum.sql
-- GRO-1953: Adds missing "short" value to the coat_type enum so that seed data
-- (which uses coatTypePool including "short") can be inserted without error.
--
-- The seed file defines coatTypePool as:
-- ["short", "medium", "long", "double", "wire", "silky", "curly", "hairless"]
-- but migration 0031 created the enum without "short", causing:
-- PostgresError: invalid input value for enum coat_type: "short"
BEGIN;
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
COMMIT;
packages/db/migrations/0036_add_missing_coat_type_values.sql
-9
View File
@@ -1,9 +0,0 @@
-- Migration: 0036_add_missing_coat_type_values.sql
-- Adds missing values to coat_type enum that seed.ts requires but which were
-- omitted from the 0031_buffer_rules.sql CREATE TYPE statement (migration drift).
-- 0031 created: 'smooth', 'double', 'wire', 'curly', 'long', 'hairless'
-- Missing (from schema.ts coatTypeEnum): 'short', 'medium', 'silky'
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'medium';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'silky';
packages/db/migrations/0037_add_extra_large_to_pet_size_category.sql
-19
View File
@@ -1,19 +0,0 @@
-- Migration: 0037_add_extra_large_to_pet_size_category.sql
-- GRO-1979: Adds the 'extra_large' value to the pet_size_category enum.
--
-- 0031_buffer_rules.sql created pet_size_category with values
-- ('small', 'medium', 'large', 'xlarge'), but seed.ts and the drizzle
-- schema (PetSizeCategory type) both use 'extra_large' — a mismatch that
-- caused the UAT seed job to fail with:
-- invalid input value for enum pet_size_category: "extra_large"
--
-- 0035/0036 (GRO-1971) registered 'short'/'medium'/'silky' in coat_type.
-- This migration is the pet_size_category counterpart: register
-- 'extra_large' so seed.ts can write the value the schema declares.
--
-- Postgres restriction: ALTER TYPE ADD VALUE cannot run inside a
-- transaction block. The drizzle migrate runner does not wrap
-- individual statements in an explicit transaction, so this applies
-- as a single auto-commit DDL.
ALTER TYPE "pet_size_category" ADD VALUE IF NOT EXISTS 'extra_large';
packages/db/migrations/0038_register_extra_large_pet_size_category.sql
-4
View File
@@ -1,4 +0,0 @@
-- GRO-1999: 0037 was skipped on existing DBs due to a below-high-water-mark
-- journal timestamp. Re-register extra_large with a monotonic timestamp so
-- the existing UAT/persistent DBs apply it. Idempotent.
ALTER TYPE "pet_size_category" ADD VALUE IF NOT EXISTS 'extra_large';
packages/db/migrations/0039_extend_pet_profile_columns_idempotent.sql
-27
View File
@@ -1,27 +0,0 @@
-- Migration: 0039_extend_pet_profile_columns_idempotent.sql
-- GRO-2033: re-register the temperament/medical/preferred-cuts columns from
-- 0034 with an idempotent ADD COLUMN IF NOT EXISTS + a monotonic journal
-- `when` (1780000000001), above the 0033 high-water mark (1779500000000)
-- and above the most recent applied migration 0038 (1780000000000).
--
-- 0034_extend_pet_profile_columns.sql was authored on 2026-05-28 with
-- `when` = 1751140800000 (2025-06-28) — *below* the 0033 high-water mark
-- of 1779500000000 (2026-05-23). drizzle-orm@0.38.4
-- (pg-core/dialect.js#migrate) only applies a migration when
-- `migration.folderMillis > lastDbMigration.created_at`, so on prod —
-- whose last applied entry was 0033 at created_at=1779500000000 — 0034
-- was silently skipped, leaving `pets.temperament_score` (and friends)
-- missing. The migrate Job still exits 0 ("migrations applied
-- successfully!") because the journal high watermark *was* advanced by
-- 0038, but no schema change ever ran for 0034. Seed/reset then crash on:
-- PostgresError: column "temperament_score" does not exist (42703)
--
-- Same pattern as GRO-1999 (0037 → 0038): do NOT modify 0034 in-place
-- (UAT/dev have already applied it via their lower watermarks). Add a
-- new idempotent migration with a monotonic `when` instead so existing
-- DBs apply it cleanly and fresh DBs are a no-op-after-no-op.
ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "temperament_score" integer;
ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "temperament_flags" jsonb DEFAULT '[]';
ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "medical_alerts" jsonb DEFAULT '[]';
ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "preferred_cuts" jsonb DEFAULT '[]';
packages/db/migrations/0040_register_missing_coat_type_values.sql
-26
View File
@@ -1,26 +0,0 @@
-- Migration: 0040_register_missing_coat_type_values.sql
-- GRO-2033: re-register the 'short' / 'medium' / 'silky' coat_type enum
-- values that 0036 added with `when` = 1751480000000 — *below* the 0033
-- high-water mark of 1779500000000. drizzle-orm@0.38.4
-- (pg-core/dialect.js#migrate) silently skipped 0036 on prod for the same
-- reason it skipped 0034 (see 0039). 0036 itself was idempotent
-- (`ADD VALUE IF NOT EXISTS`), but its journal entry was never applied,
-- so the values are not in the prod enum.
--
-- Same pattern as GRO-1999 (0037 → 0038) and 0039: do NOT modify 0036 in
-- place. Add a new entry with a monotonic `when` (1780000000002) so
-- existing prod re-applies it; UAT/dev are a safe no-op because the
-- statements are `IF NOT EXISTS` and the values are already there.
--
-- Postgres restriction: `ALTER TYPE ... ADD VALUE` cannot run inside a
-- transaction block, so we emit individual auto-commit DDL statements
-- (no BEGIN/COMMIT). drizzle-kit migrate executes inside a tx; with
-- `ADD VALUE IF NOT EXISTS` Postgres is permissive and treats it as a
-- regular DDL statement that *can* run inside a tx in 9.6+ when no new
-- value is actually added. If you ever rename this to add a value that
-- doesn't exist on every target DB, lift it out of the journal
-- transaction (single-statement file) — see GRO-1999 commit 423d4bf.
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'medium';
ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'silky';
packages/db/migrations/0041_route_optimization.sql
-66
View File
@@ -1,66 +0,0 @@
-- Migration: 0041_route_optimization.sql
-- Route optimization schema: geocoding columns on clients, groomerRoutes +
-- routeStops tables, and route settings on business_settings.
-- Written idempotently so it is safe to re-run.
-- ─── Enums ────────────────────────────────────────────────────────────────────
DO $$ BEGIN
CREATE TYPE "route_status" AS ENUM ('draft', 'optimized', 'in_progress', 'completed');
EXCEPTION WHEN duplicate_object THEN NULL;
END $$;
-- ─── Clients: geocoding columns ───────────────────────────────────────────────
ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "latitude" double precision;
ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "longitude" double precision;
ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "geocoded_at" timestamp;
-- ─── Business settings: route optimization config ─────────────────────────────
ALTER TABLE "business_settings"
ADD COLUMN IF NOT EXISTS "default_travel_buffer_mins" integer NOT NULL DEFAULT 15;
ALTER TABLE "business_settings"
ADD COLUMN IF NOT EXISTS "route_optimization_provider" text DEFAULT 'nominatim';
-- Encrypted at rest at the application layer (AES-256-GCM).
ALTER TABLE "business_settings"
ADD COLUMN IF NOT EXISTS "google_maps_api_key" text;
-- ─── Groomer routes table ─────────────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS "groomer_routes" (
"id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
"staff_id" uuid NOT NULL REFERENCES "staff"("id") ON DELETE CASCADE,
"route_date" date NOT NULL,
"status" "route_status" NOT NULL DEFAULT 'draft',
"total_travel_mins" integer,
"total_distance_km" numeric(8, 2),
"optimized_at" timestamp,
"created_at" timestamp NOT NULL DEFAULT now(),
"updated_at" timestamp NOT NULL DEFAULT now(),
CONSTRAINT "uq_groomer_routes_staff_date" UNIQUE ("staff_id", "route_date")
);
CREATE INDEX IF NOT EXISTS "idx_groomer_routes_staff_id"
ON "groomer_routes"("staff_id");
-- ─── Route stops table ────────────────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS "route_stops" (
"id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
"route_id" uuid NOT NULL REFERENCES "groomer_routes"("id") ON DELETE CASCADE,
"appointment_id" uuid NOT NULL REFERENCES "appointments"("id") ON DELETE CASCADE,
"stop_order" integer NOT NULL,
"latitude" double precision NOT NULL,
"longitude" double precision NOT NULL,
"travel_mins_from_prev" integer,
"travel_distance_km_from_prev" numeric(8, 2),
"buffer_mins" integer NOT NULL DEFAULT 15,
"created_at" timestamp NOT NULL DEFAULT now(),
"updated_at" timestamp NOT NULL DEFAULT now(),
CONSTRAINT "uq_route_stops_route_appointment" UNIQUE ("route_id", "appointment_id"),
CONSTRAINT "uq_route_stops_route_order" UNIQUE ("route_id", "stop_order")
);
CREATE INDEX IF NOT EXISTS "idx_route_stops_route_id"
ON "route_stops"("route_id");
packages/db/migrations/meta/0034_snapshot.json
-210
View File
@@ -1,210 +0,0 @@
{
"id": "0034_extend_pet_profile_columns",
"prevId": "b3a381ca-f7a4-450f-aa7e-fdc2d652dc97",
"version": "7",
"dialect": "postgresql",
"tables": {
"public.pets": {
"name": "pets",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "uuid",
"primaryKey": true,
"notNull": true,
"default": "gen_random_uuid()"
},
"client_id": {
"name": "client_id",
"type": "uuid",
"primaryKey": false,
"notNull": true
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true
},
"species": {
"name": "species",
"type": "text",
"primaryKey": false,
"notNull": true
},
"breed": {
"name": "breed",
"type": "text",
"primaryKey": false,
"notNull": false
},
"weight_kg": {
"name": "weight_kg",
"type": "numeric(5, 2)",
"primaryKey": false,
"notNull": false
},
"date_of_birth": {
"name": "date_of_birth",
"type": "timestamp",
"primaryKey": false,
"notNull": false
},
"health_alerts": {
"name": "health_alerts",
"type": "text",
"primaryKey": false,
"notNull": false
},
"grooming_notes": {
"name": "grooming_notes",
"type": "text",
"primaryKey": false,
"notNull": false
},
"cut_style": {
"name": "cut_style",
"type": "text",
"primaryKey": false,
"notNull": false
},
"shampoo_preference": {
"name": "shampoo_preference",
"type": "text",
"primaryKey": false,
"notNull": false
},
"special_care_notes": {
"name": "special_care_notes",
"type": "text",
"primaryKey": false,
"notNull": false
},
"coat_type": {
"name": "coat_type",
"type": "coat_type",
"primaryKey": false,
"notNull": false
},
"pet_size_category": {
"name": "pet_size_category",
"type": "pet_size_category",
"primaryKey": false,
"notNull": false
},
"temperament_score": {
"name": "temperament_score",
"type": "integer",
"primaryKey": false,
"notNull": false
},
"temperament_flags": {
"name": "temperament_flags",
"type": "jsonb",
"primaryKey": false,
"notNull": false,
"default": "'[]'::jsonb"
},
"medical_alerts": {
"name": "medical_alerts",
"type": "jsonb",
"primaryKey": false,
"notNull": false,
"default": "'[]'::jsonb"
},
"preferred_cuts": {
"name": "preferred_cuts",
"type": "jsonb",
"primaryKey": false,
"notNull": false,
"default": "'[]'::jsonb"
},
"custom_fields": {
"name": "custom_fields",
"type": "jsonb",
"primaryKey": false,
"notNull": true,
"default": "'{}'::jsonb"
},
"photo_key": {
"name": "photo_key",
"type": "text",
"primaryKey": false,
"notNull": false
},
"photo_uploaded_at": {
"name": "photo_uploaded_at",
"type": "timestamp",
"primaryKey": false,
"notNull": false
},
"image": {
"name": "image",
"type": "text",
"primaryKey": false,
"notNull": false
},
"created_at": {
"name": "created_at",
"type": "timestamp",
"primaryKey": false,
"notNull": true,
"default": "now()"
},
"updated_at": {
"name": "updated_at",
"type": "timestamp",
"primaryKey": false,
"notNull": true,
"default": "now()"
}
},
"indexes": {},
"foreignKeys": {
"pets_client_id_clients_id_fk": {
"name": "pets_client_id_clients_id_fk",
"tableFrom": "pets",
"tableTo": "clients",
"columnsFrom": [
"client_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
}
},
"enums": {
"coat_type": {
"name": "coat_type",
"values": [
"short",
"medium",
"long",
"wire",
"double",
"hairless",
"curly"
]
},
"pet_size_category": {
"name": "pet_size_category",
"values": [
"small",
"medium",
"large",
"extra_large"
]
}
},
"nativeEnums": {}
}
packages/db/migrations/meta/_journal.json
-49
View File
@@ -239,55 +239,6 @@
"when": 1779500000000,
"tag": "0033_add_services_default_buffer_minutes",
"breakpoints": true
},
{
"idx": 34,
"version": "7",
"when": 1751140800000,
"tag": "0034_extend_pet_profile_columns",
"breakpoints": true
},
{
"idx": 36,
"version": "7",
"when": 1751480000000,
"tag": "0036_add_missing_coat_type_values",
"breakpoints": true
},
{
"idx": 37,
"version": "7",
"when": 1751500000000,
"tag": "0037_add_extra_large_to_pet_size_category",
"breakpoints": true
},
{
"idx": 38,
"version": "7",
"when": 1780000000000,
"tag": "0038_register_extra_large_pet_size_category",
"breakpoints": true
},
{
"idx": 39,
"version": "7",
"when": 1780000000001,
"tag": "0039_extend_pet_profile_columns_idempotent",
"breakpoints": true
},
{
"idx": 40,
"version": "7",
"when": 1780000000002,
"tag": "0040_register_missing_coat_type_values",
"breakpoints": true
},
{
"idx": 41,
"version": "7",
"when": 1780000000003,
"tag": "0041_route_optimization",
"breakpoints": true
}
]
}
packages/db/package.json
+3 -4
View File
@@ -18,10 +18,9 @@
"scripts": {
"build": "tsc --project .",
"generate": "drizzle-kit generate",
"wait-for-db": "node ./scripts/wait-for-db.mjs",
"migrate": "node ./scripts/wait-for-db.mjs && drizzle-kit migrate",
"seed": "node ./scripts/wait-for-db.mjs && tsx src/seed.ts",
"reset": "node ./scripts/wait-for-db.mjs && tsx src/reset.ts && drizzle-kit migrate && tsx src/seed.ts",
"migrate": "drizzle-kit migrate",
"seed": "tsx src/seed.ts",
"reset": "tsx src/reset.ts && drizzle-kit migrate && tsx src/seed.ts",
"studio": "drizzle-kit studio",
"typecheck": "tsc --noEmit"
},
packages/db/scripts/wait-for-db.mjs
-104
View File
@@ -1,104 +0,0 @@
#!/usr/bin/env node
// wait-for-db.mjs
//
// GRO-2163: wait for / retry DNS resolution of the database hostname derived
// from DATABASE_URL before invoking `drizzle-kit migrate`. The first attempt
// of a fresh migrate-schema pod occasionally hits a transient CoreDNS miss
// (EAI_AGAIN) on `groombook-postgres-rw.<ns>.svc`; with backoffLimit: 2 the
// retry pod usually wins, but three unlucky attempts in a row trips
// BackoffLimitExceeded. Resolving once here, with backoff, removes the dice
// roll at the source so the first attempt reliably succeeds.
//
// Mirrors the belt-and-braces pattern used in GRO-1985 (no Corepack
// download fallback): we don't try to outsmart CoreDNS, we just don't ask
// drizzle-kit to do the very first DNS lookup of a freshly-scheduled pod.
//
// Configuration (env):
// WAIT_FOR_DB_MAX_ATTEMPTS default 12 (~30s of total wait at default backoff)
// WAIT_FOR_DB_BASE_DELAY_MS default 500
// WAIT_FOR_DB_MAX_DELAY_MS default 5000
// WAIT_FOR_DB_SKIP default unset; set to "1" to skip (debug only)
//
// On success: exit 0. On exhaustion: exit 1 so the Job's backoff is
// preserved (we don't want to silently mask a real outage by giving up
// after 30s and letting drizzle-kit fail with a less-actionable error).
import { setTimeout as delay } from "node:timers/promises";
import dns from "node:dns/promises";
const MAX_ATTEMPTS = Number(process.env.WAIT_FOR_DB_MAX_ATTEMPTS ?? 12);
const BASE_DELAY_MS = Number(process.env.WAIT_FOR_DB_BASE_DELAY_MS ?? 500);
const MAX_DELAY_MS = Number(process.env.WAIT_FOR_DB_MAX_DELAY_MS ?? 5000);
function parseHost(databaseUrl) {
try {
return new URL(databaseUrl).hostname || null;
} catch {
return null;
}
}
async function resolveOnce(host) {
const start = Date.now();
const result = await dns.lookup(host);
return { address: result.address, ms: Date.now() - start };
}
async function main() {
if (process.env.WAIT_FOR_DB_SKIP === "1") {
console.log("[wait-for-db] WAIT_FOR_DB_SKIP=1, skipping");
return;
}
const databaseUrl = process.env.DATABASE_URL;
if (!databaseUrl) {
// Don't gate the migrate on a misconfigured env — let drizzle-kit fail
// loudly with its own clear error.
console.warn("[wait-for-db] DATABASE_URL not set; skipping");
return;
}
const host = parseHost(databaseUrl);
if (!host) {
console.warn(`[wait-for-db] could not parse hostname from DATABASE_URL; skipping`);
return;
}
console.log(
`[wait-for-db] host=${host} max_attempts=${MAX_ATTEMPTS} ` +
`base_delay_ms=${BASE_DELAY_MS} max_delay_ms=${MAX_DELAY_MS}`,
);
for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
try {
const { address, ms } = await resolveOnce(host);
console.log(`[wait-for-db] ok attempt=${attempt} host=${host} -> ${address} (${ms}ms)`);
return;
} catch (err) {
const code = err?.code ?? "UNKNOWN";
const transient = code === "EAI_AGAIN" || code === "ENOTFOUND" || code === "EAI_NODATA";
if (!transient) {
// Hard error (e.g. invalid hostname): surface and let drizzle-kit fail
// with a real error rather than spinning.
console.error(`[wait-for-db] non-transient DNS error attempt=${attempt} code=${code}: ${err.message}`);
process.exit(1);
}
if (attempt === MAX_ATTEMPTS) {
console.error(
`[wait-for-db] exhausted attempts=${MAX_ATTEMPTS} host=${host} last_code=${code}; exiting 1`,
);
process.exit(1);
}
const backoff = Math.min(
MAX_DELAY_MS,
BASE_DELAY_MS * 2 ** (attempt - 1) + Math.floor(Math.random() * BASE_DELAY_MS),
);
console.log(
`[wait-for-db] transient attempt=${attempt} code=${code} retry_in_ms=${backoff}`,
);
await delay(backoff);
}
}
}
main().catch((err) => {
console.error(`[wait-for-db] fatal: ${err?.message ?? err}`);
process.exit(1);
});
packages/db/src/factories.ts
-3
View File
@@ -78,9 +78,6 @@ export function buildClient(overrides: Partial<ClientRow> = {}): ClientRow {
stripeCustomerId: null,
status: "active",
disabledAt: null,
latitude: null,
longitude: null,
geocodedAt: null,
createdAt: new Date("2025-01-01T00:00:00Z"),
updatedAt: new Date("2025-01-01T00:00:00Z"),
...overrides,
packages/db/src/schema.ts
-82
View File
@@ -1,7 +1,5 @@
import {
boolean,
date,
doublePrecision,
index,
integer,
jsonb,
@@ -142,10 +140,6 @@ export const clients = pgTable(
stripeCustomerId: text("stripe_customer_id"),
status: clientStatusEnum("status").notNull().default("active"),
disabledAt: timestamp("disabled_at"),
// Geocoded coordinates for route optimization; null until geocoded.
latitude: doublePrecision("latitude"),
longitude: doublePrecision("longitude"),
geocodedAt: timestamp("geocoded_at"),
createdAt: timestamp("created_at").notNull().defaultNow(),
updatedAt: timestamp("updated_at").notNull().defaultNow(),
},
@@ -561,16 +555,6 @@ export const businessSettings = pgTable("business_settings", {
accentColor: text("accent_color").notNull().default("#8b7355"),
messagingPhoneNumber: text("messaging_phone_number"),
telnyxMessagingProfileId: text("telnyx_messaging_profile_id"),
// Route optimization settings.
defaultTravelBufferMins: integer("default_travel_buffer_mins")
.notNull()
.default(15),
routeOptimizationProvider: text("route_optimization_provider").default(
"nominatim"
),
// Encrypted at rest at the application layer (AES-256-GCM), mirroring
// the handling of authProviderConfigs.clientSecret.
googleMapsApiKey: text("google_maps_api_key"),
createdAt: timestamp("created_at").notNull().defaultNow(),
updatedAt: timestamp("updated_at").notNull().defaultNow(),
});
@@ -674,69 +658,3 @@ export const bufferRules = pgTable(
index("idx_buffer_rules_service_id").on(t.serviceId),
]
);
// ─── Route Optimization ───────────────────────────────────────────────────────
export const routeStatusEnum = pgEnum("route_status", [
"draft",
"optimized",
"in_progress",
"completed",
]);
// A groomer's optimized route for a single day. One row per (staff, date).
export const groomerRoutes = pgTable(
"groomer_routes",
{
id: uuid("id").primaryKey().defaultRandom(),
staffId: uuid("staff_id")
.notNull()
.references(() => staff.id, { onDelete: "cascade" }),
routeDate: date("route_date", { mode: "string" }).notNull(),
status: routeStatusEnum("status").notNull().default("draft"),
// Populated once the route is optimized.
totalTravelMins: integer("total_travel_mins"),
totalDistanceKm: numeric("total_distance_km", { precision: 8, scale: 2 }),
optimizedAt: timestamp("optimized_at"),
createdAt: timestamp("created_at").notNull().defaultNow(),
updatedAt: timestamp("updated_at").notNull().defaultNow(),
},
(t) => [
// One route per groomer per day.
unique("uq_groomer_routes_staff_date").on(t.staffId, t.routeDate),
index("idx_groomer_routes_staff_id").on(t.staffId),
]
);
// An ordered stop within a groomer's route, tied to an appointment.
export const routeStops = pgTable(
"route_stops",
{
id: uuid("id").primaryKey().defaultRandom(),
routeId: uuid("route_id")
.notNull()
.references(() => groomerRoutes.id, { onDelete: "cascade" }),
appointmentId: uuid("appointment_id")
.notNull()
.references(() => appointments.id, { onDelete: "cascade" }),
stopOrder: integer("stop_order").notNull(),
latitude: doublePrecision("latitude").notNull(),
longitude: doublePrecision("longitude").notNull(),
// Null for the first stop in the route.
travelMinsFromPrev: integer("travel_mins_from_prev"),
travelDistanceKmFromPrev: numeric("travel_distance_km_from_prev", {
precision: 8,
scale: 2,
}),
bufferMins: integer("buffer_mins").notNull().default(15),
createdAt: timestamp("created_at").notNull().defaultNow(),
updatedAt: timestamp("updated_at").notNull().defaultNow(),
},
(t) => [
// An appointment appears at most once per route.
unique("uq_route_stops_route_appointment").on(t.routeId, t.appointmentId),
// Stop order is unique within a route.
unique("uq_route_stops_route_order").on(t.routeId, t.stopOrder),
index("idx_route_stops_route_id").on(t.routeId),
]
);
packages/db/src/seed.ts
+109 -571
View File
@@ -20,7 +20,6 @@ import postgres from "postgres";
import { drizzle } from "drizzle-orm/postgres-js";
import { eq, and, sql } from "drizzle-orm";
import * as schema from "./schema.js";
import type { MedicalAlert } from "@groombook/types";
// ── Seed profile configuration ─────────────────────────────────────────────
@@ -244,59 +243,6 @@ const groomingNotes = [
"Previous clipper burn — be gentle on belly",
];
// ── Extended pet profile pools ─────────────────────────────────────────────────
const temperamentFlagPool: string[] = [
"friendly",
"anxious-with-strangers",
"good-with-kids",
"leash-reactive",
"vocal",
"high-energy",
"calm-on-table",
"treat-motivated",
];
const medicalAlertPool: MedicalAlert[] = [
{ id: "", type: "allergies", description: "Seasonal allergies — monitor skin", severity: "low" },
{ id: "", type: "allergies", description: "Chicken allergy — avoid poultry-based treats", severity: "high" },
{ id: "", type: "joint", description: "Hip dysplasia — handle with care", severity: "medium" },
{ id: "", type: "joint", description: "Arthritis — anti-inflammatory medication on file", severity: "medium" },
{ id: "", type: "dental", description: "Dental disease — extractions in history", severity: "medium" },
{ id: "", type: "dental", description: "Baby teeth retained — vet monitor", severity: "low" },
{ id: "", type: "heart", description: "Heart murmur grade II — avoid stress", severity: "high" },
{ id: "", type: "heart", description: "Murmur cleared by vet last year", severity: "low" },
{ id: "", type: "other", description: "Eye ulcer history — be careful around face", severity: "medium" },
{ id: "", type: "other", description: "Seizure history — avoid flashing lights", severity: "high" },
{ id: "", type: "other", description: "Luxating patella — short walks only", severity: "medium" },
{ id: "", type: "other", description: "Ear infections — dry thoroughly after bath", severity: "low" },
{ id: "", type: "behavioral", description: "Anxiety — calm environment preferred", severity: "low" },
{ id: "", type: "behavioral", description: "Fear-based aggression — approach with caution", severity: "high" },
{ id: "", type: "skin", description: "Contact dermatitis — avoid harsh chemicals", severity: "medium" },
{ id: "", type: "skin", description: "Hot spots — monitor and report any worsening", severity: "high" },
];
const preferredCutPool: string[] = [
"Puppy Cut",
"Teddy Bear Cut",
"Lion Cut",
"Breed Standard",
"Summer Shave",
"Kennel Cut",
"Lamb Cut",
"Continental Clip",
"Sporting Clip",
"Sanitary Trim",
"Face & Feet Trim",
"Full Groom",
];
type CoatType = (typeof schema.coatTypeEnum.enumValues)[number];
type PetSizeCategory = (typeof schema.petSizeCategoryEnum.enumValues)[number];
const coatTypePool: CoatType[] = ["short", "medium", "long", "double", "wire", "silky", "curly", "hairless"];
const petSizeCategoryPool: PetSizeCategory[] = ["small", "medium", "large", "extra_large"];
const appointmentNotes = [
null, null, null, null,
"Client requested extra brushing",
@@ -389,21 +335,78 @@ const servicesDef = [
{ id: "b0000001-0000-0000-0000-00000000000a", name: "Sanitary Trim", desc: "Hygienic trim of paw pads, face, and sanitary areas", price: 2500, dur: 20 },
];
// ── UAT staff account seeding (shared between seed paths) ─────────────────────
// ── Known-users-only seed (prod/demo) ───────────────────────────────────────
/**
* Seeds or upserts the deterministic UAT staff accounts with numeric OIDC subs
* from SEED_UAT_*_OIDC_SUB / SEED_UAT_GROOMER_OIDC_SUBS env vars.
*
* In the full seed path this must run AFTER random staff are created so the
* deterministic upserts land on the correct rows (groomers referenced by the
* UAT test-client appointment logic use groomers[0] etc.).
*
* In seedKnownUsers() this replaces the inline UAT-staff block.
* Seeds only the minimal known users for prod/demo environments.
* Creates: Demo Manager staff + Demo Client + Demo Dog + basic services.
* Idempotent: skips creation if records already exist.
*/
async function seedUatStaffAccounts(
db: ReturnType<typeof drizzle>,
): Promise<string | null> {
async function seedKnownUsers() {
const url = process.env.DATABASE_URL;
if (!url) {
console.error("DATABASE_URL is not set");
process.exit(1);
}
const client = postgres(url, { max: 5 });
const db = drizzle(client, { schema });
console.log("Seeding known users (prod/demo mode)...\n");
const KNOWN_STAFF_ID = "00000000-0000-0000-0000-000000000001";
const DEMO_CLIENT_ID = "00000000-0000-0000-0000-000000000002";
const DEMO_PET_ID = "00000000-0000-0000-0000-000000000003";
// ── Staff: Demo Manager ──
const [existingStaff] = await db
.select()
.from(schema.staff)
.where(eq(schema.staff.email, "demo-manager@groombook.dev"))
.limit(1);
if (existingStaff) {
console.log(`✓ Staff '${existingStaff.name}' already exists — skipping`);
} else {
await db.insert(schema.staff).values({
id: KNOWN_STAFF_ID,
name: "Demo Manager",
email: "demo-manager@groombook.dev",
oidcSub: "demo-manager-001",
role: "manager",
isSuperUser: true,
active: true,
});
console.log("✓ Created staff 'Demo Manager' (oidcSub: demo-manager-001)");
}
// ── Staff: SEED_ADMIN_EMAIL admin ──
const adminEmail = process.env.SEED_ADMIN_EMAIL;
if (adminEmail) {
const adminName = process.env.SEED_ADMIN_NAME ?? "Admin";
const ADMIN_STAFF_ID = "00000000-0000-0000-0000-000000000002";
const [existingAdmin] = await db
.select()
.from(schema.staff)
.where(eq(schema.staff.email, adminEmail))
.limit(1);
if (existingAdmin) {
console.log(`✓ Staff admin '${existingAdmin.name}' already exists — skipping`);
} else {
await db.insert(schema.staff).values({
id: ADMIN_STAFF_ID,
name: adminName,
email: adminEmail,
oidcSub: adminEmail,
role: "manager",
isSuperUser: true,
active: true,
});
console.log(`✓ Created staff admin '${adminName}' (${adminEmail})`);
}
}
// ── Staff: UAT Super User (oidcSub from SEED_UAT_SUPER_OIDC_SUB env var) ──
const uatSuperOidcSub = process.env.SEED_UAT_SUPER_OIDC_SUB;
if (uatSuperOidcSub) {
@@ -571,342 +574,25 @@ async function seedUatStaffAccounts(
}
}
// ── Client: UAT Customer ─────────────────────────────────────────────────────
// Only uat-customer is a real end-user who needs a clients row.
// uat-groomer and uat-super are staff — they have staff records, not client records.
const UAT_CUSTOMER_ID = "c0000001-0000-0000-0000-000000000001";
const [uatCustomerRow] = await db
.select()
.from(schema.clients)
.where(eq(schema.clients.email, "uat-customer@groombook.dev"))
.limit(1);
let uatCustomerClientId: string;
if (uatCustomerRow) {
uatCustomerClientId = uatCustomerRow.id;
console.log(`✓ UAT Customer client record already exists — skipping`);
} else {
const [created] = await db
.insert(schema.clients)
.values({
id: UAT_CUSTOMER_ID,
email: "uat-customer@groombook.dev",
name: "UAT Customer",
phone: "555-0102",
address: "1 UAT Lane, Test City, CA 90210",
})
.returning();
uatCustomerClientId = created!.id;
console.log(`✓ Created client 'UAT Customer' for SSO bridge`);
}
// ── Pets: UAT Customer's dogs ────────────────────────────────────────────────
const uatCustomerPets = [
{ id: "c0000001-0000-0000-0000-000000000002", name: "UAT Pup Alpha", species: "Dog", breed: "Beagle", weight: "12.00", dob: "2022-03-10", image: "/demo-pets/dog-beagle.png" },
{ id: "c0000001-0000-0000-0000-000000000003", name: "UAT Pup Beta", species: "Dog", breed: "Labrador", weight: "28.00", dob: "2021-07-22", image: "/demo-pets/dog-labrador.png" },
];
for (const pet of uatCustomerPets) {
const [existing] = await db
.select()
.from(schema.pets)
.where(eq(schema.pets.id, pet.id))
.limit(1);
if (existing) {
// Upsert so extended fields are always populated on re-runs
await db.insert(schema.pets)
.values({
id: pet.id,
clientId: uatCustomerClientId,
name: pet.name,
species: pet.species,
breed: pet.breed,
weightKg: pet.weight,
dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
image: pet.image,
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: [],
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
})
.onConflictDoUpdate({
target: schema.pets.id,
set: {
clientId: uatCustomerClientId,
name: pet.name,
species: pet.species,
breed: pet.breed,
weightKg: pet.weight,
dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
image: pet.image,
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: [],
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
},
});
console.log(`✓ Upserted UAT pet '${pet.name}' with extended fields`);
} else {
await db.insert(schema.pets).values({
id: pet.id,
clientId: uatCustomerClientId,
name: pet.name,
species: pet.species,
breed: pet.breed,
weightKg: pet.weight,
dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
image: pet.image,
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: [],
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
});
console.log(`✓ Created UAT pet '${pet.name}' with extended fields`);
}
}
// ── GRO-2100: deterministic uat-groomer ↔ pet linkage ───────────────────────
// The UAT groomer (`uat-groomer@groombook.dev`, staffId 00000000-0000-0000-0000-000000000004)
// needs at least one linked pet/appointment or GRO-1987 TC-UAT-2/3 cannot run
// (the pet profile-summary endpoint returns 404 instead of 200/403).
//
// We deterministically link the UAT groomer to the UAT customer's first pet
// ("UAT Pup Alpha") and leave the second pet ("UAT Pup Beta") UNLINKED so
// TC-UAT-2 (200) and TC-UAT-3 (403) can both hardcode the stable petIds.
//
// The linkage call itself is performed by the caller AFTER the `services`
// catalogue has been seeded (this helper runs before services exist,
// which previously caused the linkage to be silently skipped on every
// reset). GRO-2100 follow-up.
return uatCustomerClientId;
}
/**
* GRO-2100: create a deterministic completed appointment linking the UAT groomer
* to "UAT Pup Alpha" (c0000001-0000-0000-0000-000000000002). "UAT Pup Beta"
* (c0000001-0000-0000-0000-000000000003) is intentionally left UNLINKED so
* GRO-1987 TC-UAT-3 can verify the 403 forbidden response.
*
* Idempotent: the deterministic appointment id (`a0000001-…-0001`) is the
* upsert key, so re-running the seed on every reset-demo-data CronJob
* (hourly per apps/overlays/uat/reset-cronjob.yaml) is safe.
*/
async function seedUatGroomerLinkage(
db: ReturnType<typeof drizzle>,
customerClientId: string | null,
): Promise<void> {
const uatGroomerEmail = "uat-groomer@groombook.dev";
const LINKED_PET_ID = "c0000001-0000-0000-0000-000000000002"; // UAT Pup Alpha
const APPT_ID = "a0000001-0000-0000-0000-000000000001";
// Skip silently if the UAT Customer client wasn't created (non-UAT seed
// profile, e.g. seedKnownUsers() in an env without the UAT personas).
if (!customerClientId) {
return;
}
// Only run if the UAT groomer staff record actually exists — dev/test seeds
// that don't set SEED_UAT_STAFF_OIDC_SUB should not crash.
const [uatGroomerStaff] = await db
.select({ id: schema.staff.id })
.from(schema.staff)
.where(eq(schema.staff.email, uatGroomerEmail))
.limit(1);
if (!uatGroomerStaff) {
return;
}
// Skip if this exact appointment already exists (idempotent on re-seed).
const [existing] = await db
.select({ id: schema.appointments.id })
.from(schema.appointments)
.where(eq(schema.appointments.id, APPT_ID))
.limit(1);
if (existing) {
console.log(`✓ GRO-2100: uat-groomer linkage appointment already exists — skipping`);
return;
}
// Skip if the linked pet hasn't been seeded yet (defensive: caller should
// ensure pets exist; if the helper is re-ordered later we don't want to
// crash here).
const [linkedPet] = await db
.select({ id: schema.pets.id })
.from(schema.pets)
.where(eq(schema.pets.id, LINKED_PET_ID))
.limit(1);
if (!linkedPet) {
console.warn(`⚠ GRO-2100: UAT Pup Alpha (${LINKED_PET_ID}) not found — skipping uat-groomer linkage`);
return;
}
// The "Bath & Brush" service id is stable across the reset; falls back to
// any active service if it has not been seeded yet (e.g. seedKnownUsers
// runs in isolation).
const BATH_AND_BRUSH_ID = "b0000001-0000-0000-0000-000000000001";
const [bathService] = await db
.select({ id: schema.services.id })
.from(schema.services)
.where(eq(schema.services.id, BATH_AND_BRUSH_ID))
.limit(1);
let serviceId: string;
if (bathService) {
serviceId = bathService.id;
} else {
const [fallback] = await db
.select({ id: schema.services.id })
.from(schema.services)
.where(eq(schema.services.active, true))
.limit(1);
if (!fallback) {
console.warn(`⚠ GRO-2100: no active services found — skipping uat-groomer linkage`);
return;
}
serviceId = fallback.id;
}
// Schedule the completed appointment 7 days ago so the profile-summary's
// "recentGroomingHistory" window (last 10) reliably includes it.
const startTime = new Date();
startTime.setDate(startTime.getDate() - 7);
startTime.setHours(10, 0, 0, 0);
const endTime = new Date(startTime.getTime() + 45 * 60 * 1000);
await db.insert(schema.appointments).values({
id: APPT_ID,
clientId: customerClientId,
petId: LINKED_PET_ID,
serviceId,
staffId: uatGroomerStaff.id,
batherStaffId: null,
status: "completed",
startTime,
endTime,
notes: "GRO-2100: deterministic uat-groomer linkage for TC-UAT-2/3.",
priceCents: null,
confirmationStatus: "confirmed",
});
console.log(
`✓ GRO-2100: linked uat-groomer (${uatGroomerStaff.id}) → UAT Pup Alpha (${LINKED_PET_ID}) via appointment ${APPT_ID}`,
);
}
// ── Known-users-only seed (prod/demo) ───────────────────────────────────────
/**
* Seeds only the minimal known users for prod/demo environments.
* Creates: Demo Manager staff + Demo Client + Demo Dog + basic services.
* Idempotent: skips creation if records already exist.
*/
async function seedKnownUsers() {
const url = process.env.DATABASE_URL;
if (!url) {
console.error("DATABASE_URL is not set");
process.exit(1);
}
const client = postgres(url, { max: 5 });
const db = drizzle(client, { schema });
console.log("Seeding known users (prod/demo mode)...\n");
const KNOWN_STAFF_ID = "00000000-0000-0000-0000-000000000001";
const DEMO_CLIENT_ID = "00000000-0000-0000-0000-000000000002";
const DEMO_PET_ID = "00000000-0000-0000-0000-000000000003";
// ── Staff: Demo Manager ──
const [existingStaff] = await db
.select()
.from(schema.staff)
.where(eq(schema.staff.email, "demo-manager@groombook.dev"))
.limit(1);
if (existingStaff) {
console.log(`✓ Staff '${existingStaff.name}' already exists — skipping`);
} else {
await db.insert(schema.staff).values({
id: KNOWN_STAFF_ID,
name: "Demo Manager",
email: "demo-manager@groombook.dev",
oidcSub: "demo-manager-001",
role: "manager",
isSuperUser: true,
active: true,
});
console.log("✓ Created staff 'Demo Manager' (oidcSub: demo-manager-001)");
}
// ── Staff: SEED_ADMIN_EMAIL admin ──
const adminEmail = process.env.SEED_ADMIN_EMAIL;
if (adminEmail) {
const adminName = process.env.SEED_ADMIN_NAME ?? "Admin";
const ADMIN_STAFF_ID = "00000000-0000-0000-0000-000000000002";
const [existingAdmin] = await db
.select()
.from(schema.staff)
.where(eq(schema.staff.email, adminEmail))
.limit(1);
if (existingAdmin) {
console.log(`✓ Staff admin '${existingAdmin.name}' already exists — skipping`);
} else {
await db.insert(schema.staff).values({
id: ADMIN_STAFF_ID,
name: adminName,
email: adminEmail,
oidcSub: adminEmail,
role: "manager",
isSuperUser: true,
active: true,
});
console.log(`✓ Created staff admin '${adminName}' (${adminEmail})`);
}
}
// ── UAT staff accounts + Better Auth credentials (shared impl) ──────────────
// Extracted into seedUatStaffAccounts() so it runs in both seedKnownUsers()
// and the full seed() UAT branch.
const uatCustomerClientId = await seedUatStaffAccounts(db);
// ── Services: idempotent upsert keyed on `id` ─────────────────────────────
// GRO-2064: previously keyed on `services.name` while writing a
// deterministic `id`. If a stale row existed with the same `id` but a
// different `name`, PostgreSQL raised `services_pkey` (id collision)
// before the name-targeted ON CONFLICT could fire. Switch the conflict
// target to `services.id` so deterministic ids always win; pair with
// `TRUNCATE services … CASCADE` above so each reset rebuilds the
// catalogue from `servicesDef` cleanly. GRO-2033 close-out.
// Id↔name map MUST stay in sync with `servicesDef` (the canonical source
// of truth in the main `seed()` function).
// ── Services: idempotent upsert using name as unique key ─────────────────────
// UNIQUE constraint on services.name (migration 0020) must exist first.
// Uses b0000001-... IDs to match main seed servicesDef for same-named services.
const demoSvcs = [
{ id: "b0000001-0000-0000-0000-000000000001", name: "Bath & Brush", description: "Full bath, blow-dry, brush out, and ear cleaning", basePriceCents: 4500, durationMinutes: 45 },
{ id: "b0000001-0000-0000-0000-000000000002", name: "Full Groom — Small", description: "Complete grooming for dogs under 25 lbs", basePriceCents: 6500, durationMinutes: 60 },
{ id: "b0000001-0000-0000-0000-000000000003", name: "Full Groom — Medium", description: "Complete grooming for dogs 25-50 lbs", basePriceCents: 8000, durationMinutes: 75 },
{ id: "b0000001-0000-0000-0000-000000000005", name: "Nail Trim", description: "Nail clipping and filing", basePriceCents: 1500, durationMinutes: 15 },
{ id: "b0000001-0000-0000-0000-000000000004", name: "Nail Trim", description: "Nail clipping and filing", basePriceCents: 1500, durationMinutes: 15 },
];
for (const svc of demoSvcs) {
await db.insert(schema.services)
.values({ ...svc, active: true })
.onConflictDoUpdate({
target: schema.services.id,
set: { name: svc.name, description: svc.description, basePriceCents: svc.basePriceCents, durationMinutes: svc.durationMinutes, active: true },
target: schema.services.name,
set: { description: svc.description, basePriceCents: svc.basePriceCents, durationMinutes: svc.durationMinutes, active: true },
});
}
console.log(`✓ Seeded ${demoSvcs.length} services`);
// GRO-2100: deterministic uat-groomer ↔ UAT Pup Alpha linkage. Must run
// AFTER services are seeded (this helper looks up an active service id
// to attach to the appointment; on a fresh reset there are none yet at
// the time seedUatStaffAccounts() returns).
await seedUatGroomerLinkage(db, uatCustomerClientId);
// ── Client: Demo Client ──
const [existingClient] = await db
.select()
@@ -976,63 +662,6 @@ async function seedKnownUsers() {
// ── Main seed ────────────────────────────────────────────────────────────────
// ── GRO-2123: serialize reset+seed with a Postgres advisory lock ────────
// The reset-demo-data CronJob runs on an hourly schedule. With
// concurrencyPolicy=Replace, a new pod can start while the previous one
// is still mid-seed; the new pod's TRUNCATE then deletes rows the old pod
// is still inserting, producing FK 23503 errors non-deterministically
// (see GRO-2123: invoice_tip_splits → invoices).
//
// We hold a session-level advisory lock for the full duration of the
// seed so that overlapping invocations block then proceed in order —
// not skip. The key is a stable 32-bit constant so it can be referenced
// from runbooks without ambiguity and binds to the single-argument
// `pg_advisory_lock(int)` form, which postgres-js serializes as a plain
// number (no bigint type plumbing required).
const SEED_ADVISORY_LOCK_KEY = 0x47524f4f; // "GROO" in ASCII — arbitrary, stable
/**
* Reserve a dedicated connection from `pool`, take the seed advisory lock
* on it, run `fn`, and release the lock + connection in a try/finally.
*
* CRITICAL: with postgres-js connection pooling, a session-level
* `pg_advisory_lock(KEY)` acquired on one pooled connection and released
* on a *different* one is a no-op (the lock is bound to the session /
* pg-backend that took it). We therefore reserve a dedicated connection
* for the lock and release it from the same reserved connection. The
* seed work itself still runs on the pooled connections.
*/
async function withSeedAdvisoryLock<T>(
pool: ReturnType<typeof postgres>,
fn: () => Promise<T>,
): Promise<T> {
const lockConnection = await pool.reserve();
let lockHeld = false;
try {
await lockConnection`SELECT pg_advisory_lock(${SEED_ADVISORY_LOCK_KEY})`;
lockHeld = true;
console.log(`✓ Acquired seed advisory lock (key=${SEED_ADVISORY_LOCK_KEY})`);
const result = await fn();
await lockConnection`SELECT pg_advisory_unlock(${SEED_ADVISORY_LOCK_KEY})`;
lockHeld = false;
console.log(`✓ Released seed advisory lock`);
return result;
} finally {
if (lockHeld) {
try {
await lockConnection`SELECT pg_advisory_unlock(${SEED_ADVISORY_LOCK_KEY})`;
} catch (err) {
console.error("Failed to release seed advisory lock during cleanup:", err);
}
}
try {
lockConnection.release();
} catch (err) {
console.error("Failed to release reserved lock connection:", err);
}
}
}
async function seed() {
const url = process.env.DATABASE_URL;
if (!url) {
@@ -1050,22 +679,6 @@ async function seed() {
const client = postgres(url, { max: 5 });
const db = drizzle(client, { schema });
// GRO-2123: hold the seed advisory lock for the full body of runSeedBody.
// See the withSeedAdvisoryLock comment for why a reserved connection is
// required (postgres-js pooling would silently drop the lock otherwise).
await withSeedAdvisoryLock(client, async () => {
return await runSeedBody(client, db, profile, cfg);
});
await client.end();
}
async function runSeedBody(
client: ReturnType<typeof postgres>,
db: ReturnType<typeof drizzle>,
profile: SeedProfile,
cfg: ProfileConfig,
): Promise<void> {
console.log(`Seeding Groom Book database (profile: ${profile})...\n`);
// ── Staff ──
@@ -1082,13 +695,7 @@ async function runSeedBody(
({ id: uuid(), name: `Bather ${i + 1}`, email: `bather${i + 1}@groombook.dev`, role: "groomer" as const, isSuperUser: false })
);
// GRO-2064: also TRUNCATE `services` so each reset rebuilds the catalogue
// from `servicesDef` (deterministic IDs + UNIQUE(name)). Stale service rows
// (e.g. a prior `seedKnownUsers` run that wrote a different `name` for the
// same `id`) would otherwise cause the deterministic upsert to PK-collide
// on `services.id` — see CTO review on infra PR #605 (rev #4230). TRUNCATE
// CASCADE handles appointments/invoices FKs to services.id.
await db.execute(sql`TRUNCATE services, impersonation_sessions, impersonation_audit_logs, appointments, invoices, invoice_line_items, invoice_tip_splits, grooming_visit_logs CASCADE`);
await db.execute(sql`TRUNCATE impersonation_sessions, impersonation_audit_logs, appointments, invoices, invoice_line_items, invoice_tip_splits, grooming_visit_logs CASCADE`);
const allStaff = [...managerStaff, ...receptionistStaff, ...groomers, ...bathers];
for (const s of allStaff) {
@@ -1133,17 +740,35 @@ async function runSeedBody(
console.log(`✓ Upserted admin staff '${adminName}' (${adminEmail})`);
}
// ── UAT staff accounts + Better Auth credentials (shared impl) ──────────────
// Seeds deterministic UAT staff with numeric OIDC subs and Better Auth credentials.
// Must run AFTER random staff are created so upserts land correctly.
const uatCustomerClientId = await seedUatStaffAccounts(db);
// ── UAT Groomer Personas (SEED_UAT_GROOMER_EMAILS + SEED_UAT_GROOMER_NAMES) ──
const groomerEmails = process.env.SEED_UAT_GROOMER_EMAILS?.split(",").map((e) => e.trim()).filter(Boolean) ?? [];
const groomerNames = process.env.SEED_UAT_GROOMER_NAMES?.split(",").map((n) => n.trim()).filter(Boolean) ?? [];
const groomerCount = Math.min(groomerEmails.length, groomerNames.length);
for (let i = 0; i < groomerCount; i++) {
const email = groomerEmails[i]!;
const name = groomerNames[i]!;
const staffId = `00000000-0000-0000-0000-${String(5 + i).padStart(12, "0")}`;
await db.insert(schema.staff)
.values({
id: staffId,
name,
email,
oidcSub: email,
role: "groomer",
isSuperUser: false,
active: true,
})
.onConflictDoUpdate({
target: schema.staff.email,
set: { id: staffId, name, role: "groomer", isSuperUser: false, active: true },
});
console.log(`✓ Upserted groomer '${name}' (${email})`);
}
// ── Services ──
// GRO-2064: key the upsert on `services.id` (not `name`) so deterministic
// ids always win, and rely on the TRUNCATE above to clear stale rows before
// the catalogue is rebuilt. The previous name-targeted upsert failed with
// `services_pkey` when a prior run had left a row with the same id but a
// different name (CTO review on infra PR #605, rev #4230).
// Upsert services using name as unique key. With deterministic IDs in
// servicesDef and TRUNCATE clearing downstream tables first, this is
// idempotent: first run inserts, subsequent runs update existing rows.
const serviceIds: string[] = [];
for (const s of servicesDef) {
serviceIds.push(s.id);
@@ -1157,18 +782,12 @@ async function runSeedBody(
active: true,
})
.onConflictDoUpdate({
target: schema.services.id,
set: { name: s.name, description: s.desc, basePriceCents: s.price, durationMinutes: s.dur, active: true },
target: schema.services.name,
set: { description: s.desc, basePriceCents: s.price, durationMinutes: s.dur, active: true },
});
}
console.log(`✓ Created ${servicesDef.length} services`);
// GRO-2100: deterministic uat-groomer ↔ UAT Pup Alpha linkage. Must run
// AFTER services are seeded (this helper looks up an active service id
// to attach to the appointment; on a fresh reset there are none yet at
// the time seedUatStaffAccounts() returns).
await seedUatGroomerLinkage(db, uatCustomerClientId);
// ── Clients & Pets ──
const now = new Date();
const appointmentsBackDate = new Date(now);
@@ -1234,19 +853,6 @@ async function runSeedBody(
specialCareNotes: rand() < 0.1 ? "Vet clearance required before grooming" : null,
customFields: {},
image: petIndex < 250 ? pick(puggleImages) : pick(demoPetImages),
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: (() => {
// ~30% of random-pool pets have alerts — lands squarely in the 2535% AC band
if (rand() < 0.3) {
const count = rand() < 0.7 ? 1 : 2;
return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
}
return [];
})(),
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
});
petRecords.push({ id: petId, clientId });
@@ -1282,12 +888,6 @@ async function runSeedBody(
specialCareNotes: pet.specialCareNotes,
customFields: pet.customFields,
image: pet.image,
temperamentScore: pet.temperamentScore,
temperamentFlags: pet.temperamentFlags,
medicalAlerts: pet.medicalAlerts,
preferredCuts: pet.preferredCuts,
coatType: pet.coatType,
petSizeCategory: pet.petSizeCategory,
},
});
}
@@ -1322,72 +922,8 @@ async function runSeedBody(
.values({ id: uc.id, name: uc.name, email: uc.email, phone: uc.phone, address: uc.address })
.onConflictDoUpdate({ target: schema.clients.id, set: { name: uc.name, email: uc.email, phone: uc.phone, address: uc.address } });
await db.insert(schema.pets)
.values({
id: uc.petId,
clientId: uc.id,
name: uc.petName,
species: "Dog",
breed: uc.petBreed,
weightKg: "25.00",
dateOfBirth: new Date("2021-03-15T00:00:00Z"),
image: pick(demoPetImages),
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: (() => {
// TestCooper always has a behavioral alert; TestRocky always has a skin alert.
// All other UAT test pets follow the 30% random distribution.
// Deterministic alerts on 2 of 507 pets (~0.4%) do not meaningfully shift
// the overall distribution from the 25-35% target band.
if (uc.petName === "TestCooper") {
return pickN(medicalAlertPool.filter((a) => a.type === "behavioral"), 1).map((a) => ({ ...a, id: uuid() }));
}
if (uc.petName === "TestRocky") {
return pickN(medicalAlertPool.filter((a) => a.type === "skin"), 1).map((a) => ({ ...a, id: uuid() }));
}
if (rand() < 0.3) {
const count = rand() < 0.7 ? 1 : 2;
return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
}
return [];
})(),
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
})
.onConflictDoUpdate({
target: schema.pets.id,
set: {
clientId: uc.id,
name: uc.petName,
species: "Dog",
breed: uc.petBreed,
weightKg: "25.00",
dateOfBirth: new Date("2021-03-15T00:00:00Z"),
image: pick(demoPetImages),
temperamentScore: randInt(1, 5),
temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
medicalAlerts: (() => {
// TestCooper always has a behavioral alert; TestRocky always has a skin alert.
// All other UAT test pets follow the 30% random distribution.
// Deterministic alerts on 2 of 507 pets (~0.4%) do not meaningfully shift
// the overall distribution from the 25-35% target band.
if (uc.petName === "TestCooper") {
return pickN(medicalAlertPool.filter((a) => a.type === "behavioral"), 1).map((a) => ({ ...a, id: uuid() }));
}
if (uc.petName === "TestRocky") {
return pickN(medicalAlertPool.filter((a) => a.type === "skin"), 1).map((a) => ({ ...a, id: uuid() }));
}
if (rand() < 0.3) {
const count = rand() < 0.7 ? 1 : 2;
return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
}
return [];
})(),
preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
coatType: pick(coatTypePool),
petSizeCategory: pick(petSizeCategoryPool),
},
});
.values({ id: uc.petId, clientId: uc.id, name: uc.petName, species: "Dog", breed: uc.petBreed, weightKg: "25.00", dateOfBirth: new Date("2021-03-15T00:00:00Z"), image: pick(demoPetImages) })
.onConflictDoUpdate({ target: schema.pets.id, set: { clientId: uc.id, name: uc.petName, species: "Dog", breed: uc.petBreed, weightKg: "25.00", dateOfBirth: new Date("2021-03-15T00:00:00Z"), image: pick(demoPetImages) } });
// Create one completed appointment for this client
const apptId = uuid();
const svcIdx = 0;
@@ -1687,6 +1223,8 @@ async function runSeedBody(
}
console.log(`✓ Created ${visitLogCount} grooming visit logs`);
console.log("\nSeed complete!");
await client.end();
}
seed().catch((err) => {
packages/types/src/index.ts
-31
View File
@@ -225,34 +225,3 @@ export interface MedicalAlert {
}
export type CoatType = "smooth" | "double" | "curly" | "wire" | "long" | "hairless";
export interface GroomingHistoryEntry {
id: string;
petId: string;
appointmentId: string | null;
staffId: string | null;
staffName: string | null;
cutStyle: string | null;
productsUsed: string | null;
notes: string | null;
groomedAt: string;
createdAt: string;
}
export interface UpcomingAppointment {
id: string;
serviceId: string;
serviceName: string;
staffId: string | null;
staffName: string | null;
startTime: string;
endTime: string;
status: AppointmentStatus;
}
export interface PetProfileSummary extends Pet {
recentGroomingHistory: GroomingHistoryEntry[];
lastVisitDate: string | null;
visitCount: number;
upcomingAppointment: UpcomingAppointment | null;
}
src/__tests__/clientGeocoding.test.ts
-192
View File
@@ -1,192 +0,0 @@
import { describe, it, expect, vi } from "vitest";
import {
geocodeClient,
geocodeUngeocodedClients,
resolveClientGeocodingProvider,
} from "../services/clientGeocoding.js";
import {
NominatimGeocodingProvider,
type GeocodeResult,
type GeocodingProvider,
} from "../services/geocoding.js";
// ─── Fakes ──────────────────────────────────────────────────────────────────
/** Fake provider with a scripted geocode behaviour and a call log. */
function fakeProvider(
impl: (address: string) => Promise<GeocodeResult | null>
): GeocodingProvider & { calls: string[] } {
const calls: string[] = [];
return {
name: "nominatim",
minRequestIntervalMs: 0,
calls,
geocode: (address: string) => {
calls.push(address);
return impl(address);
},
};
}
const okResult = (lat: number, lng: number): GeocodeResult => ({
latitude: lat,
longitude: lng,
formattedAddress: "1 Main St, Anytown",
provider: "nominatim",
});
/**
* Minimal db double recording update() set-values. `select()` chains return the
* preloaded `selectQueue` shift()ed per call so different statements get
* different rows (used by geocodeUngeocodedClients: count, then rows).
*/
function fakeDb(selectQueue: unknown[][]) {
const updates: Record<string, unknown>[] = [];
const queue = [...selectQueue];
const chain = () => {
const rows = queue.shift() ?? [];
const proxy: Record<string, unknown> = {};
for (const k of ["from", "where", "orderBy", "limit"]) {
proxy[k] = () => proxy;
}
// Make the chain awaitable / iterable as the resolved rows.
(proxy as { then: unknown }).then = (resolve: (v: unknown) => void) =>
resolve(rows);
(proxy as { [Symbol.iterator]: unknown })[Symbol.iterator] = () =>
(rows as unknown[])[Symbol.iterator]();
return proxy;
};
const db = {
select: () => chain(),
update: () => ({
set: (vals: Record<string, unknown>) => ({
where: () => {
updates.push(vals);
return { returning: async () => [] };
},
}),
}),
updates,
};
return db as unknown as Parameters<typeof geocodeClient>[0] & {
updates: Record<string, unknown>[];
};
}
const clientRow = (over: Record<string, unknown> = {}) =>
({
id: "client-1",
name: "Alice",
email: "a@example.com",
address: "1 Main St",
latitude: null,
longitude: null,
geocodedAt: null,
...over,
}) as unknown as Parameters<typeof geocodeClient>[1];
// ─── geocodeClient ────────────────────────────────────────────────────────────
describe("geocodeClient", () => {
it("persists coordinates and returns a geocoded outcome", async () => {
const db = fakeDb([]);
const provider = fakeProvider(async () => okResult(40.1, -74.2));
const outcome = await geocodeClient(db, clientRow(), provider);
expect(outcome.status).toBe("geocoded");
expect(outcome.latitude).toBe(40.1);
expect(outcome.longitude).toBe(-74.2);
expect(outcome.geocodedAt).toBeTruthy();
expect(db.updates).toHaveLength(1);
expect(db.updates[0]!.latitude).toBe(40.1);
expect(db.updates[0]!.longitude).toBe(-74.2);
expect(db.updates[0]!.geocodedAt).toBeInstanceOf(Date);
});
it("returns no_address and does not persist when address is blank", async () => {
const db = fakeDb([]);
const provider = fakeProvider(async () => okResult(0, 0));
const outcome = await geocodeClient(db, clientRow({ address: " " }), provider);
expect(outcome.status).toBe("no_address");
expect(provider.calls).toHaveLength(0);
expect(db.updates).toHaveLength(0);
});
it("returns unresolved when the provider finds no match", async () => {
const db = fakeDb([]);
const provider = fakeProvider(async () => null);
const outcome = await geocodeClient(db, clientRow(), provider);
expect(outcome.status).toBe("unresolved");
expect(outcome.message).toMatch(/could not be resolved/i);
expect(db.updates).toHaveLength(0);
});
it("returns error (without throwing) when the provider fails", async () => {
const db = fakeDb([]);
const provider = fakeProvider(async () => {
throw new Error("quota exceeded");
});
const outcome = await geocodeClient(db, clientRow(), provider);
expect(outcome.status).toBe("error");
expect(outcome.message).toMatch(/quota exceeded/);
expect(db.updates).toHaveLength(0);
});
});
// ─── geocodeUngeocodedClients ─────────────────────────────────────────────────
describe("geocodeUngeocodedClients", () => {
it("geocodes candidates, tallies outcomes, and reports remaining", async () => {
// First select() = count query, second select() = candidate rows.
const db = fakeDb([
[{ count: 5 }],
[
clientRow({ id: "c1", address: "1 Main St" }),
clientRow({ id: "c2", address: "2 Oak Ave" }),
clientRow({ id: "c3", address: "" }), // no_address
],
]);
const provider = fakeProvider(async (addr) =>
addr === "2 Oak Ave" ? null : okResult(1, 2)
);
const summary = await geocodeUngeocodedClients(db, 50, provider);
expect(summary.processed).toBe(3);
expect(summary.geocoded).toBe(1);
expect(summary.unresolved).toBe(1); // "2 Oak Ave"
expect(summary.remaining).toBe(2); // 5 total - 3 processed
expect(summary.provider).toBe("nominatim");
expect(db.updates).toHaveLength(1); // only the successful one persisted
});
it("clamps the limit to the 1..500 range", async () => {
const db = fakeDb([[{ count: 0 }], []]);
const provider = fakeProvider(async () => okResult(1, 2));
const summary = await geocodeUngeocodedClients(db, 0, provider);
expect(summary.processed).toBe(0);
expect(summary.remaining).toBe(0);
});
});
// ─── resolveClientGeocodingProvider ───────────────────────────────────────────
describe("resolveClientGeocodingProvider", () => {
it("defaults to Nominatim when no settings row exists", async () => {
const db = fakeDb([[]]); // businessSettings select -> empty
const provider = await resolveClientGeocodingProvider(db);
expect(provider).toBeInstanceOf(NominatimGeocodingProvider);
expect(provider.name).toBe("nominatim");
});
it("defaults to Nominatim when provider is unset on settings", async () => {
const db = fakeDb([[{ routeOptimizationProvider: null, googleMapsApiKey: null }]]);
const warn = vi.spyOn(console, "warn").mockImplementation(() => {});
const provider = await resolveClientGeocodingProvider(db);
expect(provider.name).toBe("nominatim");
warn.mockRestore();
});
});
src/__tests__/geocoding.test.ts
-313
View File
@@ -1,313 +0,0 @@
import { describe, it, expect, vi, afterEach } from "vitest";
import {
NominatimGeocodingProvider,
GoogleGeocodingProvider,
resolveGeocodingProvider,
geocodeBatch,
type FetchLike,
} from "../services/geocoding.js";
/** Builds a fake fetch returning a single JSON body, recording the called URLs. */
function fakeFetch(
body: unknown,
init: { ok?: boolean; status?: number; statusText?: string } = {}
): { fetchImpl: FetchLike; calls: string[] } {
const calls: string[] = [];
const fetchImpl: FetchLike = async (url) => {
calls.push(url);
return {
ok: init.ok ?? true,
status: init.status ?? 200,
statusText: init.statusText ?? "OK",
json: async () => body,
};
};
return { fetchImpl, calls };
}
/** Virtual clock whose `sleep` advances `now`, so throttle timing is deterministic. */
function fakeClock() {
const state = { t: 0 };
const sleeps: number[] = [];
return {
now: () => state.t,
sleep: async (ms: number) => {
sleeps.push(ms);
state.t += ms;
},
sleeps,
};
}
const NOMINATIM_ROW = {
lat: "40.7128",
lon: "-74.0060",
display_name: "New York, NY, USA",
};
describe("NominatimGeocodingProvider", () => {
it("parses the top match into a GeocodeResult", async () => {
const { fetchImpl, calls } = fakeFetch([NOMINATIM_ROW]);
const provider = new NominatimGeocodingProvider({ fetchImpl });
const result = await provider.geocode("123 Main St");
expect(result).toEqual({
latitude: 40.7128,
longitude: -74.006,
formattedAddress: "New York, NY, USA",
provider: "nominatim",
});
expect(calls).toHaveLength(1);
expect(calls[0]).toContain("/search");
expect(calls[0]).toContain("q=123+Main+St");
expect(calls[0]).toContain("format=jsonv2");
expect(calls[0]).toContain("limit=1");
});
it("returns null for an empty result set", async () => {
const { fetchImpl } = fakeFetch([]);
const provider = new NominatimGeocodingProvider({ fetchImpl });
expect(await provider.geocode("nowhere at all")).toBeNull();
});
it("returns null for a blank address without calling fetch", async () => {
const { fetchImpl, calls } = fakeFetch([NOMINATIM_ROW]);
const provider = new NominatimGeocodingProvider({ fetchImpl });
expect(await provider.geocode(" ")).toBeNull();
expect(calls).toHaveLength(0);
});
it("throws on a non-OK HTTP response", async () => {
const { fetchImpl } = fakeFetch("rate limited", {
ok: false,
status: 429,
statusText: "Too Many Requests",
});
const provider = new NominatimGeocodingProvider({ fetchImpl });
await expect(provider.geocode("123 Main St")).rejects.toThrow(
/Nominatim geocoding failed: 429/
);
});
it("sends the configured User-Agent and honors a custom base URL", async () => {
const calls: Array<{ url: string; headers?: Record<string, string> }> = [];
const fetchImpl: FetchLike = async (url, opts) => {
calls.push({ url, headers: opts?.headers });
return { ok: true, status: 200, statusText: "OK", json: async () => [NOMINATIM_ROW] };
};
const provider = new NominatimGeocodingProvider({
fetchImpl,
baseUrl: "https://nominatim.example.com/",
userAgent: "TestAgent/9.9",
});
await provider.geocode("123 Main St");
expect(calls[0]!.url).toContain("https://nominatim.example.com/search");
expect(calls[0]!.headers?.["User-Agent"]).toBe("TestAgent/9.9");
});
it("throttles to ~1 req/sec across consecutive calls (first call not delayed)", async () => {
const clock = fakeClock();
const { fetchImpl } = fakeFetch([NOMINATIM_ROW]);
const provider = new NominatimGeocodingProvider({
fetchImpl,
minRequestIntervalMs: 1000,
now: clock.now,
sleep: clock.sleep,
});
await provider.geocode("a");
await provider.geocode("b");
await provider.geocode("c");
// First request immediate; each subsequent waits the full interval.
expect(clock.sleeps).toEqual([1000, 1000]);
});
});
describe("GoogleGeocodingProvider", () => {
const GOOGLE_OK = {
status: "OK",
results: [
{
formatted_address: "1600 Amphitheatre Pkwy, Mountain View, CA",
geometry: { location: { lat: 37.4224, lng: -122.0842 } },
},
],
};
it("parses the first result into a GeocodeResult", async () => {
const { fetchImpl, calls } = fakeFetch(GOOGLE_OK);
const provider = new GoogleGeocodingProvider("test-key", { fetchImpl });
const result = await provider.geocode("1600 Amphitheatre Pkwy");
expect(result).toEqual({
latitude: 37.4224,
longitude: -122.0842,
formattedAddress: "1600 Amphitheatre Pkwy, Mountain View, CA",
provider: "google",
});
expect(calls[0]).toContain("key=test-key");
expect(calls[0]).toContain("address=1600+Amphitheatre+Pkwy");
});
it("returns null on ZERO_RESULTS", async () => {
const { fetchImpl } = fakeFetch({ status: "ZERO_RESULTS", results: [] });
const provider = new GoogleGeocodingProvider("test-key", { fetchImpl });
expect(await provider.geocode("nowhere")).toBeNull();
});
it("throws on an API error status with the error message", async () => {
const { fetchImpl } = fakeFetch({
status: "REQUEST_DENIED",
error_message: "The provided API key is invalid.",
});
const provider = new GoogleGeocodingProvider("bad-key", { fetchImpl });
await expect(provider.geocode("123 Main St")).rejects.toThrow(
/Google geocoding error: REQUEST_DENIED: The provided API key is invalid\./
);
});
it("returns null for a blank address without calling fetch", async () => {
const { fetchImpl, calls } = fakeFetch(GOOGLE_OK);
const provider = new GoogleGeocodingProvider("test-key", { fetchImpl });
expect(await provider.geocode("")).toBeNull();
expect(calls).toHaveLength(0);
});
it("rejects construction with an empty API key", () => {
expect(() => new GoogleGeocodingProvider("")).toThrow(/non-empty API key/);
});
});
describe("resolveGeocodingProvider", () => {
const originalEnv = process.env.GOOGLE_MAPS_API_KEY;
afterEach(() => {
if (originalEnv === undefined) delete process.env.GOOGLE_MAPS_API_KEY;
else process.env.GOOGLE_MAPS_API_KEY = originalEnv;
});
it("defaults to Nominatim when provider is unset", () => {
const provider = resolveGeocodingProvider(null);
expect(provider.name).toBe("nominatim");
});
it("returns Nominatim for an explicit nominatim setting", () => {
const provider = resolveGeocodingProvider({
routeOptimizationProvider: "nominatim",
});
expect(provider.name).toBe("nominatim");
});
it("returns Google and decrypts the stored key when provider is google", () => {
const decrypt = vi.fn().mockReturnValue("decrypted-google-key");
const provider = resolveGeocodingProvider(
{ routeOptimizationProvider: "google", googleMapsApiKey: "enc:abc" },
{ decrypt }
);
expect(provider.name).toBe("google");
expect(decrypt).toHaveBeenCalledWith("enc:abc");
});
it("falls back to Nominatim (with a warning) when google has no usable key", () => {
delete process.env.GOOGLE_MAPS_API_KEY;
const warn = vi.fn();
const provider = resolveGeocodingProvider(
{ routeOptimizationProvider: "google", googleMapsApiKey: null },
{ warn }
);
expect(provider.name).toBe("nominatim");
expect(warn).toHaveBeenCalledOnce();
});
it("falls back to Nominatim (with a warning) when decryption fails", () => {
const decrypt = vi.fn().mockImplementation(() => {
throw new Error("bad ciphertext");
});
const warn = vi.fn();
delete process.env.GOOGLE_MAPS_API_KEY;
const provider = resolveGeocodingProvider(
{ routeOptimizationProvider: "google", googleMapsApiKey: "enc:corrupt" },
{ decrypt, warn }
);
expect(provider.name).toBe("nominatim");
expect(warn).toHaveBeenCalled();
});
it("uses GOOGLE_MAPS_API_KEY env var as a fallback key source", () => {
process.env.GOOGLE_MAPS_API_KEY = "env-key";
const provider = resolveGeocodingProvider({
routeOptimizationProvider: "google",
});
expect(provider.name).toBe("google");
});
});
describe("geocodeBatch", () => {
it("geocodes items in order and preserves keys", async () => {
const { fetchImpl } = fakeFetch([NOMINATIM_ROW]);
const provider = new NominatimGeocodingProvider({
fetchImpl,
minRequestIntervalMs: 0,
});
const outcomes = await geocodeBatch(
[
{ key: "c1", address: "123 Main St" },
{ key: "c2", address: "456 Oak Ave" },
],
provider
);
expect(outcomes.map((o) => o.key)).toEqual(["c1", "c2"]);
expect(outcomes[0]!.result?.latitude).toBe(40.7128);
expect(outcomes[1]!.error).toBeUndefined();
});
it("captures per-item errors and continues the batch", async () => {
let call = 0;
const fetchImpl: FetchLike = async () => {
call += 1;
if (call === 1) {
return { ok: false, status: 500, statusText: "Server Error", json: async () => "" };
}
return { ok: true, status: 200, statusText: "OK", json: async () => [NOMINATIM_ROW] };
};
const provider = new NominatimGeocodingProvider({ fetchImpl, minRequestIntervalMs: 0 });
const outcomes = await geocodeBatch(
[
{ key: 1, address: "bad" },
{ key: 2, address: "good" },
],
provider
);
expect(outcomes[0]!.result).toBeNull();
expect(outcomes[0]!.error).toMatch(/500/);
expect(outcomes[1]!.result?.latitude).toBe(40.7128);
});
it("reports progress for each completed item", async () => {
const { fetchImpl } = fakeFetch([NOMINATIM_ROW]);
const provider = new NominatimGeocodingProvider({ fetchImpl, minRequestIntervalMs: 0 });
const progress: Array<[number, number]> = [];
await geocodeBatch(
[
{ key: "a", address: "1 St" },
{ key: "b", address: "2 St" },
],
provider,
{ onProgress: (completed, total) => progress.push([completed, total]) }
);
expect(progress).toEqual([
[1, 2],
[2, 2],
]);
});
});
src/__tests__/petProfileSummary.test.ts
-631
View File
@@ -1,631 +0,0 @@
/**
* Pet Profile Summary Tests
*
* Covers GET /api/pets/:id/profile-summary in the deployed tree (root src/).
*
* Two suites share one mock harness:
*
* 1. GRO-2013 owner-bypass (the deployed-tree port of #135):
* A customer who is auto-provisioned as a `groomer` staff row by rbac.ts
* (with no appointment linkage) may still read their own pet's summary
* when they supply a valid X-Impersonation-Session-Id whose clientId
* matches the pet's clientId.
*
* 2. GRO-2014 error handling (deployed tree):
* - Empty-body 500 must never escape the route — the onError handler
* converts unhandled errors into a structured JSON 500.
* - Malformed UUIDs must return 404 (not 500 via a Postgres uuid cast).
* - Missing staff context must return 401 (not TypeError on staffRow.id).
* - Pet not found must return 404.
* - Groomer with no appointment linkage must return 403.
* - Manager and groomer with linkage must receive the summary body.
*
* Deployed tree handler: src/routes/pets.ts. The mock queries the
* `appointments` table (the live schema) for visit history, not
* `groomingVisitLogs`.
*/
import { describe, it, expect, vi, beforeEach } from "vitest";
import { Hono } from "hono";
import type { AppEnv, StaffRow } from "../middleware/rbac.js";
// ─── Staff fixtures ──────────────────────────────────────────────────────────
const MANAGER: StaffRow = {
id: "staff-manager-id",
oidcSub: "oidc-manager-sub",
userId: null,
role: "manager",
isSuperUser: true,
name: "Manager McManager",
email: "manager@example.com",
active: true,
icalToken: null,
createdAt: new Date(),
updatedAt: new Date(),
};
const GROOMER: StaffRow = {
...MANAGER,
id: "staff-groomer-id",
oidcSub: "oidc-groomer-sub",
role: "groomer",
isSuperUser: false,
name: "Groomer Gary",
email: "groomer@example.com",
};
/**
* Mirrors the auto-provisioned "groomer" staff row rbac.ts creates for an
* OIDC user (e.g. uat-customer@groombook.dev) on first login: role=groomer,
* no appointment linkage.
*/
const CUSTOMER_STAFF: StaffRow = {
...MANAGER,
id: "staff-customer-id",
oidcSub: null,
userId: "user-customer-id",
role: "groomer",
name: "UAT Customer",
email: "uat-customer@groombook.dev",
};
// ─── Mutable mock state ─────────────────────────────────────────────────────
const CLIENT_ID = "c0000001-0000-0000-0000-000000000001";
const PET_ID = "c0000001-0000-0000-0000-000000000002";
const OTHER_CLIENT_PET_ID = "c0000002-0000-0000-0000-000000000099";
const UNKNOWN_PET_UUID = "00000000-0000-0000-0000-000000000001";
const futureDate = () => new Date(Date.now() + 30 * 60_000);
const pastDate = () => new Date(Date.now() - 5 * 60_000);
function makePet(overrides: Record<string, unknown> = {}) {
return {
id: PET_ID,
clientId: CLIENT_ID,
name: "Biscuit",
species: "dog",
breed: "Golden Retriever",
weightKg: "30.00",
dateOfBirth: null,
healthAlerts: null,
groomingNotes: null,
cutStyle: null,
shampooPreference: null,
specialCareNotes: null,
customFields: {},
petSizeCategory: "large",
coatType: "double",
photoKey: null,
photoUploadedAt: null,
createdAt: new Date("2024-01-01"),
updatedAt: new Date("2024-01-01"),
...overrides,
};
}
function makeAppointment(overrides: Record<string, unknown> = {}) {
return {
id: "appt-1",
clientId: CLIENT_ID,
petId: PET_ID,
serviceId: "service-1",
staffId: GROOMER.id,
batherStaffId: null,
status: "completed",
startTime: new Date("2024-06-01T09:00:00Z"),
endTime: new Date("2024-06-01T11:00:00Z"),
notes: null,
priceCents: 6000,
seriesId: null,
seriesIndex: null,
groupId: null,
confirmationStatus: "confirmed",
confirmedAt: null,
cancelledAt: null,
confirmationToken: null,
customerNotes: null,
createdAt: new Date("2024-05-15"),
updatedAt: new Date("2024-05-15"),
...overrides,
};
}
function makeSession(overrides: Record<string, unknown> = {}) {
return {
id: "sess-owner",
staffId: CUSTOMER_STAFF.id,
clientId: CLIENT_ID,
reason: "sso-bridge",
status: "active",
startedAt: new Date(),
endedAt: null,
expiresAt: futureDate(),
createdAt: new Date(),
...overrides,
};
}
// ─── DB mock state ──────────────────────────────────────────────────────────
let petsTable: Record<string, unknown>[];
let appointmentsTable: Record<string, unknown>[];
let sessionsTable: Record<string, unknown>[];
// selectQueue: queries resolve in FIFO order. Each .from(table) result
// returns a chain that resolves to the next queued row set on a terminal
// call (.where()/.orderBy()/.limit()).
//
// A queued entry of `{ table: "pets", rows: null, throw: "..." }` tells the
// mock to throw instead of returning rows — used by the GRO-2014 "JSON
// envelope on downstream error" test. Any other queued entry with `rows`
// resolves to those rows. An entry with `rows: []` returns an empty array
// (no rows, no throw).
let selectQueue: Array<{
table: string;
rows: unknown[] | null;
throw?: string;
}> = [];
// Captured `db.insert(table).values(vals)` calls. Mirrors the pattern from
// src/__tests__/impersonation.test.ts so the GRO-2063 audit row assertions
// can inspect what the route tried to write without needing a real DB.
let insertCapture: Array<{ table: string; vals: Record<string, unknown> }> = [];
function enqueue(table: string, rows: unknown[] = []) {
selectQueue.push({ table, rows });
}
function enqueueThrow(table: string, message: string) {
selectQueue.push({ table, rows: null, throw: message });
}
function resetMock() {
petsTable = [makePet()];
appointmentsTable = [makeAppointment()];
sessionsTable = [makeSession()];
selectQueue = [];
insertCapture = [];
}
// ─── Module mocks ───────────────────────────────────────────────────────────
vi.mock("@groombook/db", () => {
function makeTable(name: string) {
return new Proxy(
{ _name: name },
{
get(target, prop) {
if (prop === "_name") return name;
if (prop === "$inferSelect") return {};
return { table: name, column: prop };
},
}
);
}
function sqlMock(_strings: TemplateStringsArray, ..._params: unknown[]) {
const queryString = _strings[0];
return {
queryChunks: [queryString],
as: (alias: string) => ({
queryChunks: [queryString],
fieldAlias: alias,
getSQL() { return this.queryChunks; },
}),
};
}
function takeQueuedRows(tableName: string): unknown[] {
const next = selectQueue.shift();
if (next && next.table === tableName) {
if (next.throw) {
throw new Error(next.throw);
}
return next.rows ?? [];
}
return [];
}
// Wrap a finalised result in a Proxy that exposes chainable methods
// and the resolved rows. Each call to a chainable method (where/orderBy/
// limit/...) returns the SAME rows so the route's natural await on the
// chain resolves to the queued data.
function wrapRows(rows: unknown[]): unknown {
return new Proxy(rows, {
get(target, prop: string | symbol) {
if (prop === "where" || prop === "orderBy" || prop === "limit"
|| prop === "leftJoin" || prop === "innerJoin" || prop === "from") {
return () => wrapRows(rows);
}
if (prop === "then") {
return (onFulfilled?: (v: unknown) => unknown, onRejected?: (e: unknown) => unknown) =>
Promise.resolve(rows).then(onFulfilled, onRejected);
}
if (prop === Symbol.iterator) {
return function* () { for (const v of target) yield v; };
}
if (prop === Symbol.asyncIterator) {
return async function* () { for (const v of target) yield v; };
}
// @ts-expect-error proxy access
return target[prop];
},
});
}
return {
getDb: () => ({
select: (_cols?: Record<string, unknown>) => ({
from: (table: { _name?: string }) => wrapRows(takeQueuedRows(table._name ?? "")),
}),
insert: (table: { _name?: string }) => ({
values: (vals: Record<string, unknown>) => {
insertCapture.push({ table: table._name ?? "unknown", vals });
return { returning: () => [{}] };
},
}),
update: () => ({ set: () => ({ where: () => ({ returning: () => [{}] }) }) }),
delete: () => ({ where: () => ({ returning: () => [{}] }) }),
}),
pets: makeTable("pets"),
appointments: makeTable("appointments"),
staff: makeTable("staff"),
services: makeTable("services"),
impersonationSessions: makeTable("impersonationSessions"),
impersonationAuditLogs: makeTable("impersonation_audit_logs"),
and: vi.fn((..._args: unknown[]) => ({})),
desc: vi.fn((c: unknown) => c),
eq: vi.fn((_a: unknown, _b: unknown) => ({})),
exists: vi.fn(() => true),
or: vi.fn((..._args: unknown[]) => ({})),
sql: sqlMock,
};
});
vi.mock("../lib/s3.js", () => ({
getPresignedUploadUrl: vi.fn(),
getPresignedGetUrl: vi.fn(),
deleteObject: vi.fn(),
}));
// ─── Import after mocks are set up ──────────────────────────────────────────
const { petsRouter } = await import("../routes/pets.js");
// ─── App builder ────────────────────────────────────────────────────────────
function buildApp(staffRow: StaffRow | null) {
const app = new Hono<AppEnv>();
app.use("*", async (c, next) => {
if (staffRow) {
c.set("jwtPayload", { sub: staffRow.oidcSub ?? staffRow.userId ?? "" });
c.set("staff", staffRow);
}
await next();
});
app.route("/pets", petsRouter);
return app;
}
// ─── Reset before each test ─────────────────────────────────────────────────
beforeEach(() => {
resetMock();
vi.clearAllMocks();
});
// ─── GRO-2014 error-handling suite ──────────────────────────────────────────
describe("GET /:id/profile-summary — GRO-2014 error handling", () => {
it("returns 404 (not 500) for a malformed UUID path param", async () => {
const app = buildApp(MANAGER);
const res = await app.request("/pets/not-a-uuid/profile-summary");
expect(res.status).toBe(404);
const body = (await res.json()) as { error: string };
expect(body.error).toBe("Not found");
});
it("returns 401 when staff context is missing (defense in depth)", async () => {
const app = buildApp(null);
const res = await app.request(`/pets/${UNKNOWN_PET_UUID}/profile-summary`);
expect(res.status).toBe(401);
const body = (await res.json()) as { error: string };
expect(body.error).toBe("Unauthorized");
});
it("returns 404 when authenticated and pet does not exist", async () => {
enqueue("pets", []);
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${UNKNOWN_PET_UUID}/profile-summary`);
expect(res.status).toBe(404);
const body = (await res.json()) as { error: string };
expect(body.error).toBe("Not found");
});
it("returns 403 when groomer has no appointment linkage to the pet's client", async () => {
enqueue("pets", petsTable);
enqueue("appointments", []); // linkage check returns empty → 403
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(403);
const body = (await res.json()) as { error: string };
expect(body.error).toBe("Forbidden");
});
it("returns 200 with summary for a manager (no groomer linkage check)", async () => {
enqueue("pets", petsTable);
enqueue("appointments", appointmentsTable); // history
enqueue("appointments", [{ count: 1 }]); // visit count
enqueue("appointments", []); // upcoming (none)
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = (await res.json()) as Record<string, unknown>;
expect(body.id).toBe(PET_ID);
expect(body.name).toBe("Biscuit");
expect(body.visitCount).toBe(1);
expect(body.upcomingAppointment).toBeNull();
expect(body.recentGroomingHistory).toBeInstanceOf(Array);
});
it("returns 200 with summary for a groomer with appointment linkage", async () => {
enqueue("pets", petsTable);
enqueue("appointments", [{ id: "appt-1" }]); // linkage found
enqueue("appointments", appointmentsTable); // history
enqueue("appointments", [{ count: 1 }]); // visit count
enqueue("appointments", []); // upcoming
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = (await res.json()) as Record<string, unknown>;
expect(body.id).toBe(PET_ID);
});
it("returns a JSON envelope (not empty body) when a downstream query throws", async () => {
enqueueThrow("pets", "simulated postgres uuid cast failure");
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(500);
const body = (await res.json()) as { error: string };
expect(body.error).toBe("Internal Server Error");
});
});
// ─── GRO-2013 owner-bypass suite ────────────────────────────────────────────
describe("GET /:id/profile-summary — owner-bypass (GRO-2013)", () => {
it("returns 404 when the pet does not exist", async () => {
enqueue("pets", []);
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(404);
});
it("returns 200 with aggregated profile for a manager", async () => {
enqueue("pets", petsTable);
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.id).toBe(PET_ID);
expect(body.name).toBe("Biscuit");
expect(body.recentGroomingHistory).toBeInstanceOf(Array);
expect(body.visitCount).toBe(1);
expect(body.upcomingAppointment).toBeNull();
});
it("returns 200 for a groomer with appointment linkage to the pet's client", async () => {
enqueue("pets", petsTable);
enqueue("appointments", [{ id: "appt-1" }]); // linkage found
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
it("returns 403 for a groomer with no appointment linkage and no bypass header", async () => {
enqueue("pets", petsTable);
enqueue("appointments", []); // no linkage
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(403);
});
it("customer-as-groomer with valid active session for pet's client returns 200", async () => {
enqueue("pets", petsTable);
enqueue("impersonationSessions", sessionsTable); // active session found
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-owner" },
});
expect(res.status).toBe(200);
const body = await res.json();
expect(body.id).toBe(PET_ID);
});
it("customer-as-groomer with no header still gets 403 (no bypass)", async () => {
enqueue("pets", petsTable);
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(403);
});
it("customer-as-groomer with session for a DIFFERENT client gets 403 (cross-tenant blocked)", async () => {
// Session exists but clientId !== pet.clientId → bypass does not apply
// → falls through to groomer linkage check → no linkage → 403
enqueue("pets", petsTable);
enqueue("impersonationSessions", [
makeSession({
id: "sess-other-client",
clientId: "c0000000-0000-0000-0000-000000000099", // different from CLIENT_ID
}),
]);
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-other-client" },
});
expect(res.status).toBe(403);
});
it("customer-as-groomer with expired session still gets 403", async () => {
enqueue("pets", petsTable);
enqueue("impersonationSessions", [
makeSession({ id: "sess-expired", expiresAt: pastDate() }),
]);
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-expired" },
});
expect(res.status).toBe(403);
});
it("customer-as-groomer with ended (status != active) session still gets 403", async () => {
enqueue("pets", petsTable);
enqueue("impersonationSessions", [
makeSession({ id: "sess-ended", status: "ended" }),
]);
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-ended" },
});
expect(res.status).toBe(403);
});
it("customer-as-groomer with unknown session id still gets 403", async () => {
enqueue("pets", petsTable);
enqueue("impersonationSessions", []); // session not found
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-unknown" },
});
expect(res.status).toBe(403);
});
it("manager does NOT need the impersonation header (existing role check still works)", async () => {
enqueue("pets", petsTable);
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(MANAGER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
it("groomer with linkage to pet's client still works (regression — no regression from bypass)", async () => {
enqueue("pets", petsTable);
enqueue("appointments", [{ id: "appt-1" }]); // linkage found
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
});
it("owner-bypass: customer cannot view another client's pet (cross-tenant block)", async () => {
// The customer has a valid session for CLIENT_ID, but the pet belongs
// to a different client → isOwner=false → falls through to groomer
// linkage check → 403.
enqueue("pets", [
makePet({ id: OTHER_CLIENT_PET_ID, clientId: "c0000002-0000-0000-0000-000000000002" }),
]);
enqueue("impersonationSessions", sessionsTable); // valid session, but for CLIENT_ID
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${OTHER_CLIENT_PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-owner" },
});
expect(res.status).toBe(403);
});
});
// ─── GRO-2063 owner-bypass audit write ──────────────────────────────────────
describe("GET /:id/profile-summary — owner-bypass audit row (GRO-2063)", () => {
it("writes exactly one audit row on the owner-bypass success path", async () => {
enqueue("pets", petsTable);
enqueue("impersonationSessions", sessionsTable); // valid active session for CLIENT_ID
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-owner" },
});
expect(res.status).toBe(200);
const auditInserts = insertCapture.filter((c) => c.table === "impersonation_audit_logs");
expect(auditInserts).toHaveLength(1);
const vals = auditInserts[0]!.vals;
expect(vals.action).toBe("read_profile_summary");
expect(vals.sessionId).toBe("sess-owner");
expect(vals.pageVisited).toBe(`/pets/${PET_ID}/profile-summary`);
expect(vals.metadata).toEqual({
petId: PET_ID,
actorStaffId: CUSTOMER_STAFF.id,
});
});
it("does NOT write an audit row on the normal groomer-linkage success path", async () => {
// GROOMER is a "real" groomer with appointment linkage, NOT the
// auto-provisioned customer-as-groomer. No impersonation header is
// present, so the owner-bypass branch never executes.
enqueue("pets", petsTable);
enqueue("appointments", [{ id: "appt-1" }]); // linkage found
enqueue("appointments", appointmentsTable);
enqueue("appointments", [{ count: 1 }]);
enqueue("appointments", []);
const app = buildApp(GROOMER);
const res = await app.request(`/pets/${PET_ID}/profile-summary`);
expect(res.status).toBe(200);
const auditInserts = insertCapture.filter((c) => c.table === "impersonation_audit_logs");
expect(auditInserts).toHaveLength(0);
});
it("does NOT write an audit row when the owner-bypass attempt is denied (cross-tenant)", async () => {
// Customer has a valid session but it points at a different client.
// isOwner=false, falls through to groomer linkage check, returns 403.
enqueue("pets", [
makePet({ id: OTHER_CLIENT_PET_ID, clientId: "c0000002-0000-0000-0000-000000000002" }),
]);
enqueue("impersonationSessions", sessionsTable); // session is for CLIENT_ID
enqueue("appointments", []); // no linkage → 403
const app = buildApp(CUSTOMER_STAFF);
const res = await app.request(`/pets/${OTHER_CLIENT_PET_ID}/profile-summary`, {
headers: { "X-Impersonation-Session-Id": "sess-owner" },
});
expect(res.status).toBe(403);
const auditInserts = insertCapture.filter((c) => c.table === "impersonation_audit_logs");
expect(auditInserts).toHaveLength(0);
});
});
src/__tests__/portalPets.test.ts
-319
View File
@@ -1,319 +0,0 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import { Hono } from "hono";
const CLIENT_ID = "550e8400-e29b-41d4-a716-446655440001";
const OTHER_CLIENT_ID = "550e8400-e29b-41d4-a716-446655440099";
const PET_ID = "880e8400-e29b-41d4-a716-446655440004";
const SESSION_ID = "770e8400-e29b-41d4-a716-446655440003";
const futureDate = () => new Date(Date.now() + 30 * 60 * 1000);
const ACTIVE_SESSION = {
id: SESSION_ID,
clientId: CLIENT_ID,
status: "active" as const,
expiresAt: futureDate(),
createdAt: new Date(),
};
// A persisted pet owned by CLIENT_ID. weightKg is a string because the column is
// numeric (Drizzle serialises numeric to string).
const PET = {
id: PET_ID,
clientId: CLIENT_ID,
name: "Rex",
species: "dog",
breed: "Labrador",
weightKg: "12.50",
dateOfBirth: null,
healthAlerts: null,
groomingNotes: null,
coatType: null,
petSizeCategory: null,
preferredCuts: [],
medicalAlerts: [],
photoKey: null,
};
let selectSessionRow: Record<string, unknown> | null = null;
let selectPetRow: Record<string, unknown> | null = null;
let updatedValues: Record<string, unknown>[] = [];
function resetMock() {
selectSessionRow = null;
selectPetRow = null;
updatedValues = [];
}
vi.mock("@groombook/db", () => {
function makeChainable(data: unknown[]): unknown {
const arr = [...data];
const chain = new Proxy(arr, {
get(target, prop) {
if (prop === "where" || prop === "orderBy" || prop === "limit") {
return () => chain;
}
// @ts-expect-error proxy
return target[prop];
},
});
return chain;
}
function tableProxy(name: string) {
return new Proxy(
{ _name: name },
{ get: (t, p) => (p === "_name" ? name : { table: name, column: p }) }
);
}
const impersonationSessions = tableProxy("impersonationSessions");
const pets = tableProxy("pets");
return {
getDb: () => ({
select: () => ({
from: (table: { _name: string }) => {
if (table._name === "impersonationSessions") {
return makeChainable(selectSessionRow ? [selectSessionRow] : []);
}
if (table._name === "pets") {
return makeChainable(selectPetRow ? [selectPetRow] : []);
}
return makeChainable([]);
},
}),
update: () => ({
set: (vals: Record<string, unknown>) => ({
where: () => ({
returning: () => {
if (selectPetRow) {
updatedValues.push(vals);
return [{ ...selectPetRow, ...vals }];
}
return [];
},
}),
}),
}),
// portalAudit inserts an audit row after the handler; make it a no-op so
// the middleware does not log a swallowed error during tests.
insert: () => ({ values: () => ({ returning: () => [] }) }),
}),
impersonationSessions,
pets,
// Other tables imported by the portal router but unused in these tests.
appointments: tableProxy("appointments"),
waitlistEntries: tableProxy("waitlistEntries"),
clients: tableProxy("clients"),
services: tableProxy("services"),
staff: tableProxy("staff"),
invoices: tableProxy("invoices"),
invoiceLineItems: tableProxy("invoiceLineItems"),
impersonationAuditLogs: tableProxy("impersonationAuditLogs"),
eq: vi.fn(),
and: vi.fn(),
inArray: vi.fn(),
};
});
const { portalRouter } = await import("../routes/portal.js");
const app = new Hono();
app.route("/portal", portalRouter);
function jsonPatch(path: string, body: unknown, headers?: Record<string, string>) {
return app.request(path, {
method: "PATCH",
headers: {
"Content-Type": "application/json",
...headers,
},
body: JSON.stringify(body),
});
}
beforeEach(() => resetMock());
describe("PATCH /portal/pets/:petId", () => {
it("updates an owned pet and persists the mapped columns (200)", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
// Mirrors the groombook/web PetForm payload: it spreads the GET-shaped pet
// (weight, notes, birthDate, photoUrl) and adds the form's edited keys
// (weightKg, healthAlerts, coatType, …). "xlarge" must map to "extra_large".
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{
id: PET_ID,
name: "Rex Updated",
breed: "Golden Retriever",
weight: "12.50",
weightKg: 18.25,
notes: "old grooming notes",
healthAlerts: "Allergic to oatmeal shampoo",
photoUrl: "pets/rex.jpg",
coatType: "double",
petSizeCategory: "xlarge",
preferredCuts: ["teddy bear", "puppy cut"],
medicalAlerts: [
{ id: "a1", type: "allergy", description: "oatmeal", severity: "medium" },
],
},
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.name).toBe("Rex Updated");
expect(body.petSizeCategory).toBe("extra_large");
expect(body.coatType).toBe("double");
const persisted = updatedValues[0]!;
expect(persisted.name).toBe("Rex Updated");
expect(persisted.breed).toBe("Golden Retriever");
// weightKg (form key) wins over weight (GET key) and is stored as a string.
expect(persisted.weightKg).toBe("18.25");
expect(persisted.groomingNotes).toBe("old grooming notes");
expect(persisted.healthAlerts).toBe("Allergic to oatmeal shampoo");
// photoKey is NOT writable via portal PATCH (GRO-2187 S3 key-hijack fix):
// the web form round-trips the GET-shaped photoUrl, but the server must not
// persist it. Photo changes go through the key-validated upload flow.
expect(persisted.photoKey).toBeUndefined();
expect(persisted.coatType).toBe("double");
expect(persisted.petSizeCategory).toBe("extra_large");
expect(persisted.preferredCuts).toEqual(["teddy bear", "puppy cut"]);
expect(persisted.medicalAlerts).toEqual([
{ id: "a1", type: "allergy", description: "oatmeal", severity: "medium" },
]);
expect(persisted.updatedAt).toBeInstanceOf(Date);
});
// GRO-2187 security regression: a portal customer must not be able to set the
// S3 object key. photoKey is consumed server-side by getPresignedGetUrl /
// deleteObject; the upload path guards keys with a pets/{petId}/ prefix, and the
// portal PATCH must not offer a bypass. A foreign/arbitrary photoUrl is accepted
// (Zod strips the unknown key) but must leave photoKey untouched.
it("does not mutate photoKey when a foreign photoUrl is supplied (200)", async () => {
selectSessionRow = ACTIVE_SESSION;
const ownKey = `pets/${PET_ID}/original.jpg`;
selectPetRow = { ...PET, photoKey: ownKey };
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{
name: "Rex",
// attacker-chosen key pointing at another tenant's object
photoUrl: "pets/00000000-0000-0000-0000-0000000000ff/victim-secret.jpg",
},
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(200);
const persisted = updatedValues[0]!;
// The attacker-supplied key never reaches the update payload.
expect(persisted.photoKey).toBeUndefined();
// And the stored key is unchanged from the pet's own value.
const body = await res.json();
expect(body.photoUrl).toBe(ownKey);
});
// The length/array caps live in the Zod schema, so violations are rejected by
// zValidator with 400 (in-handler enum checks are what return 422).
it("returns 400 when a medicalAlert description exceeds the length cap", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{
medicalAlerts: [
{ type: "allergy", description: "x".repeat(2001), severity: "low" },
],
},
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(400);
expect(updatedValues).toHaveLength(0);
});
it("falls back to the weight key when weightKg is absent", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{ weight: "9.75" },
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(200);
expect(updatedValues[0]!.weightKg).toBe("9.75");
});
it("returns 403 when the pet belongs to a different client", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = { ...PET, clientId: OTHER_CLIENT_ID };
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{ name: "Hacker" },
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(403);
expect(updatedValues).toHaveLength(0);
});
it("returns 404 when the pet does not exist", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = null;
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{ name: "Ghost" },
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(404);
});
it("returns 422 for an invalid coatType", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{ coatType: "fluffy" },
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(422);
expect(updatedValues).toHaveLength(0);
});
it("returns 422 for an invalid petSizeCategory", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
const res = await jsonPatch(
`/portal/pets/${PET_ID}`,
{ petSizeCategory: "gigantic" },
{ "X-Impersonation-Session-Id": SESSION_ID }
);
expect(res.status).toBe(422);
expect(updatedValues).toHaveLength(0);
});
it("returns 401 without an impersonation session header", async () => {
selectSessionRow = ACTIVE_SESSION;
selectPetRow = PET;
const res = await jsonPatch(`/portal/pets/${PET_ID}`, { name: "NoAuth" });
expect(res.status).toBe(401);
});
});
src/__tests__/portalSessionFromAuth.test.ts
-206
View File
@@ -1,206 +0,0 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import { Hono } from "hono";
import { getAuth } from "../lib/auth.js";
const CLIENT_ID = "550e8400-e29b-41d4-a716-446655440001";
const CLIENT_EMAIL = "alice@example.com";
const CLIENT_NAME = "Alice Smith";
const UAT_CUSTOMER_ID = "c0000001-0000-0000-0000-000000000001";
const UAT_CUSTOMER_EMAIL = "uat-customer@groombook.dev";
const UAT_CUSTOMER_NAME = "UAT Customer";
const BETTER_AUTH_SESSION = {
user: {
id: "auth-user-001",
email: CLIENT_EMAIL,
name: CLIENT_NAME,
},
session: {
id: "ba-session-001",
expiresAt: new Date(Date.now() + 60 * 60 * 1000),
},
};
const MOCK_CLIENT = {
id: CLIENT_ID,
email: CLIENT_EMAIL,
name: CLIENT_NAME,
};
let mockGetAuth: ReturnType<typeof vi.fn>;
let mockGetSession: ReturnType<typeof vi.fn>;
let insertedSession: Record<string, unknown> | null = null;
let mockClientRow: Record<string, unknown> | null = null;
let mockStaffRow: Record<string, unknown> | null = null;
function makeChainable(data: unknown[]): unknown {
const arr = [...data];
return new Proxy(arr, {
get(target, prop) {
if (prop === "where" || prop === "orderBy" || prop === "limit") {
return () => makeChainable(target);
}
// @ts-expect-error proxy
return target[prop];
},
});
}
vi.mock("@groombook/db", () => {
const impersonationSessions = new Proxy(
{ _name: "impersonationSessions" },
{ get: (t, p) => (p === "_name" ? "impersonationSessions" : { table: "impersonationSessions", column: p }) }
);
const clients = new Proxy(
{ _name: "clients" },
{ get: (t, p) => (p === "_name" ? "clients" : { table: "clients", column: p }) }
);
const staff = new Proxy(
{ _name: "staff" },
{ get: (t, p) => (p === "_name" ? "staff" : { table: "staff", column: p }) }
);
return {
getDb: () => ({
select: () => ({
from: (table: { _name: string }) => {
if (table._name === "clients") {
return makeChainable(mockClientRow ? [mockClientRow] : []);
}
if (table._name === "staff") {
return makeChainable(mockStaffRow ? [mockStaffRow] : []);
}
return makeChainable([]);
},
}),
insert: (table: { _name: string }) => ({
values: (vals: Record<string, unknown>) => ({
returning: () => {
if (table._name === "impersonationSessions") {
insertedSession = { id: "new-session-001", ...vals };
return [insertedSession];
}
return [];
},
}),
}),
}),
impersonationSessions,
clients,
staff,
eq: vi.fn(),
and: vi.fn(),
inArray: vi.fn(),
};
});
vi.mock("../lib/auth.js", () => ({
getAuth: vi.fn(),
}));
const { portalRouter } = await import("../routes/portal.js");
const app = new Hono();
app.route("/portal", portalRouter);
describe("POST /portal/session-from-auth", () => {
beforeEach(() => {
insertedSession = null;
mockClientRow = null;
mockStaffRow = null;
mockGetSession = vi.fn();
mockGetAuth = vi.fn(() => ({
api: {
getSession: mockGetSession,
},
}));
vi.mocked(getAuth).mockImplementation(mockGetAuth);
});
it("returns 401 when no Better Auth session", async () => {
mockGetSession.mockResolvedValue(null);
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(401);
const body = await res.json();
expect(body.error).toBe("Unauthorized");
});
it("returns 404 when authenticated user has no client record", async () => {
mockGetSession.mockResolvedValue(BETTER_AUTH_SESSION);
mockClientRow = null;
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(404);
const body = await res.json();
expect(body.error).toBe("No client record found for this user");
});
it("returns a portal session with sessionId, clientId, clientName when client is found", async () => {
mockGetSession.mockResolvedValue(BETTER_AUTH_SESSION);
mockClientRow = MOCK_CLIENT;
mockStaffRow = { id: "00000000-0000-0000-0000-000000000001" };
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(201);
const body = await res.json();
expect(body).toHaveProperty("sessionId");
expect(body).toHaveProperty("clientId", CLIENT_ID);
expect(body).toHaveProperty("clientName", CLIENT_NAME);
});
it("creates a portal session with reason sso-bridge", async () => {
mockGetSession.mockResolvedValue(BETTER_AUTH_SESSION);
mockClientRow = MOCK_CLIENT;
mockStaffRow = { id: "00000000-0000-0000-0000-000000000001" };
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(201);
expect(insertedSession).not.toBeNull();
expect((insertedSession as Record<string, unknown>).reason).toBe("sso-bridge");
});
it("returns 201 for uat-customer SSO bridge with correct clientId and clientName", async () => {
const uatAuthSession = {
user: {
id: "auth-user-uat-customer",
email: UAT_CUSTOMER_EMAIL,
name: UAT_CUSTOMER_NAME,
},
session: {
id: "ba-session-uat-customer",
expiresAt: new Date(Date.now() + 60 * 60 * 1000),
},
};
mockGetSession.mockResolvedValue(uatAuthSession);
mockClientRow = { id: UAT_CUSTOMER_ID, email: UAT_CUSTOMER_EMAIL, name: UAT_CUSTOMER_NAME };
mockStaffRow = { id: "00000000-0000-0000-0000-000000000001" };
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(201);
const body = await res.json();
expect(body).toHaveProperty("sessionId");
expect(body.clientId).toBe(UAT_CUSTOMER_ID);
expect(body.clientName).toBe(UAT_CUSTOMER_NAME);
expect(insertedSession).not.toBeNull();
expect((insertedSession as Record<string, unknown>).reason).toBe("sso-bridge");
});
it("returns 503 when auth is not configured", async () => {
mockGetAuth.mockImplementation(() => {
throw new Error("Auth not initialized");
});
const res = await app.request("/portal/session-from-auth", {
method: "POST",
});
expect(res.status).toBe(503);
});
});
src/__tests__/rbac.test.ts
+25 -214
View File
@@ -43,103 +43,42 @@ const GROOMER: StaffRow = {
// ─── Mock DB ──────────────────────────────────────────────────────────────────
// staffLookupResult drives every `from(staff)` query that doesn't go through
// the dev-mode `.limit()` shortcut. Tests that want to simulate "no staff row"
// leave it null.
let staffLookupResult: StaffRow | null = null;
// managerFallbackResult is only consumed by the dev-mode `from(staff).limit(1)`
// path (looking up the first manager when AUTH_DISABLED=true and no header).
let managerFallbackResult: StaffRow | null = MANAGER;
// userLookupResult drives `from(user).limit(1)` for the Better-Auth user
// auto-provision branch (GRO-2052). Tests that simulate "no Better-Auth user"
// leave it null.
type UserRow = { id: string; name: string | null; email: string | null };
let userLookupResult: UserRow | null = null;
// accountLookupResult drives `from(account).limit(1)` for the legacy OIDC
// auto-provision branch. Null means "no OIDC account row".
let accountLookupResult: { id: string } | null = null;
// insertReturningResult drives `insert(staff).values(...).returning()` for
// any auto-provision branch that actually creates a staff record. Null means
// the INSERT returned no rows (simulating a DB failure).
let insertReturningResult: StaffRow | null = null;
vi.mock("@groombook/db", () => {
function tableMarker(name: string) {
return new Proxy(
{ _name: name },
{
get(_target, prop) {
if (prop === "_name") return name;
if (prop === "$inferSelect") return {};
return { table: name, column: prop };
},
}
);
}
const staff = tableMarker("staff");
const user = tableMarker("user");
const account = tableMarker("account");
function lookupFor(tableName: string) {
if (tableName === "user") return userLookupResult;
if (tableName === "account") return accountLookupResult;
return staffLookupResult;
}
const staff = new Proxy(
{ _name: "staff" },
{
get(target, prop) {
if (prop === "_name") return "staff";
if (prop === "$inferSelect") return {};
return { table: "staff", column: prop };
},
}
);
return {
getDb: () => ({
select: (_columns?: unknown) => ({
from: (table: { _name?: string }) => {
const name = table?._name ?? "staff";
return {
where: () => ({
limit: () => {
// The user / account auto-provision branches always call
// `.limit(1)`; route to the per-table lookup state.
if (name === "user")
return userLookupResult ? [userLookupResult] : [];
if (name === "account")
return accountLookupResult ? [accountLookupResult] : [];
// dev-mode `from(staff).limit(1)` falls back to the first
// manager when AUTH_DISABLED is set with no header.
return managerFallbackResult ? [managerFallbackResult] : [];
},
[Symbol.iterator]: function* () {
const row = lookupFor(name);
if (row) yield row;
},
0: lookupFor(name),
length: lookupFor(name) ? 1 : 0,
}),
};
},
}),
insert: (_table: unknown) => ({
values: (_v: unknown) => ({
returning: () =>
insertReturningResult ? [insertReturningResult] : [],
}),
}),
update: (_table: unknown) => ({
set: (_v: unknown) => ({
where: () => Promise.resolve(undefined),
select: () => ({
from: () => ({
where: () => ({
limit: () => {
// dev mode fallback to first manager
return managerFallbackResult ? [managerFallbackResult] : [];
},
[Symbol.iterator]: function* () {
if (staffLookupResult) yield staffLookupResult;
},
0: staffLookupResult,
length: staffLookupResult ? 1 : 0,
}),
}),
}),
}),
staff,
user,
account,
eq: vi.fn((_col: unknown, _val: unknown) => ({ col: _col, val: _val })),
and: vi.fn((..._clauses: unknown[]) => ({})),
sql: Object.assign(
vi.fn((..._tpl: unknown[]) => ({})),
{ raw: vi.fn(() => ({})) }
),
};
});
@@ -148,25 +87,16 @@ vi.mock("@groombook/db", () => {
function resetMocks() {
staffLookupResult = null;
managerFallbackResult = MANAGER;
userLookupResult = null;
accountLookupResult = null;
insertReturningResult = null;
}
/** Build a minimal Hono app with jwtPayload pre-set, then apply a middleware. */
function buildApp(
middleware: MiddlewareHandler<AppEnv>,
handler?: (c: Context<AppEnv>) => Response | Promise<Response>,
jwtOverride?: Partial<{ sub: string; email: string; name: string }>
handler?: (c: Context<AppEnv>) => Response | Promise<Response>
) {
const app = new Hono<AppEnv>();
app.use("*", async (c, next) => {
const defaultSub = staffLookupResult?.userId ?? "unknown-sub";
c.set("jwtPayload", {
sub: jwtOverride?.sub ?? defaultSub,
...(jwtOverride?.email !== undefined ? { email: jwtOverride.email } : {}),
...(jwtOverride?.name !== undefined ? { name: jwtOverride.name } : {}),
});
c.set("jwtPayload", { sub: staffLookupResult?.userId ?? "unknown-sub" });
await next();
});
app.use("*", middleware);
@@ -274,125 +204,6 @@ describe("resolveStaffMiddleware", () => {
});
});
// ─── Auto-provision branches (GRO-2052) ───────────────────────────────────────
//
// Each branch creates a staff row on first authenticated request when no row
// exists yet. The Better-Auth branch (user table) is the primary path for
// email/password customers; the OIDC branch (account table) is a fallback for
// legacy authentik/google/github sessions.
describe("resolveStaffMiddleware — auto-provision", () => {
const PROVISIONED: StaffRow = {
...MANAGER,
id: "staff-provisioned-id",
oidcSub: null,
userId: "ba-user-customer",
role: "groomer",
isSuperUser: false,
name: "UAT Customer",
email: "uat-customer@groombook.dev",
};
it("Better-Auth: creates a groomer staff row when user exists but no staff record (GRO-2052)", async () => {
// No existing staff row, no OIDC account row, but a Better-Auth user row.
staffLookupResult = null;
userLookupResult = {
id: "ba-user-customer",
name: "UAT Customer",
email: "uat-customer@groombook.dev",
};
accountLookupResult = null;
insertReturningResult = PROVISIONED;
let capturedStaff: StaffRow | null = null;
const app = buildApp(
resolveStaffMiddleware,
(c) => {
capturedStaff = c.get("staff");
return c.json({ ok: true });
},
{ sub: "ba-user-customer", email: "uat-customer@groombook.dev" }
);
const res = await app.request("/test");
expect(res.status).toBe(200);
expect(capturedStaff).not.toBeNull();
expect(capturedStaff!.role).toBe("groomer");
expect(capturedStaff!.userId).toBe("ba-user-customer");
});
it("Better-Auth: returns 500 if INSERT yields no row", async () => {
staffLookupResult = null;
userLookupResult = {
id: "ba-user-customer",
name: "UAT Customer",
email: "uat-customer@groombook.dev",
};
insertReturningResult = null; // simulate INSERT … RETURNING returning []
const app = buildApp(resolveStaffMiddleware, undefined, {
sub: "ba-user-customer",
email: "uat-customer@groombook.dev",
});
const res = await app.request("/test");
expect(res.status).toBe(500);
const body = await res.json();
expect(body.error).toMatch(/auto-provision failed/i);
});
it("Better-Auth branch runs before OIDC branch (does not require jwt.email)", async () => {
// A Better-Auth user row alone is sufficient: jwt.email is intentionally
// absent. The pre-GRO-2052 code only auto-provisioned inside `if (jwt.email)`.
staffLookupResult = null;
userLookupResult = {
id: "ba-user-customer",
name: "UAT Customer",
email: "uat-customer@groombook.dev",
};
insertReturningResult = PROVISIONED;
const app = buildApp(resolveStaffMiddleware, undefined, {
sub: "ba-user-customer",
});
const res = await app.request("/test");
expect(res.status).toBe(200);
});
it("OIDC fallback: still provisions when user row is missing but account row exists", async () => {
// No staff row, no Better-Auth user, but an OIDC account row.
staffLookupResult = null;
userLookupResult = null;
accountLookupResult = { id: "oidc-account-id" };
insertReturningResult = { ...PROVISIONED, userId: "oidc-sub" };
const app = buildApp(resolveStaffMiddleware, undefined, {
sub: "oidc-sub",
email: "oidc-user@example.com",
});
const res = await app.request("/test");
expect(res.status).toBe(200);
});
it("falls through to 403 when neither Better-Auth user nor OIDC account row exists", async () => {
staffLookupResult = null;
userLookupResult = null;
accountLookupResult = null;
const app = buildApp(resolveStaffMiddleware, undefined, {
sub: "ghost-sub",
email: "ghost@example.com",
});
const res = await app.request("/test");
expect(res.status).toBe(403);
const body = await res.json();
expect(body.error).toMatch(/no staff record/i);
});
});
// ─── requireRole tests ────────────────────────────────────────────────────────
describe("requireRole", () => {
src/__tests__/routeOptimization.test.ts
-184
View File
@@ -1,184 +0,0 @@
import { describe, it, expect } from "vitest";
import {
haversineKm,
estimateLeg,
nearestNeighborOrder,
optimizeRoute,
MAX_STOPS_PER_ROUTE,
type RouteStopInput,
} from "../services/routeOptimization.js";
import type { FetchLike } from "../services/geocoding.js";
/** Builds a fake fetch returning a single JSON body, recording called URLs. */
function fakeFetch(
body: unknown,
init: { ok?: boolean; status?: number; statusText?: string } = {}
): { fetchImpl: FetchLike; calls: string[] } {
const calls: string[] = [];
const fetchImpl: FetchLike = async (url) => {
calls.push(url);
return {
ok: init.ok ?? true,
status: init.status ?? 200,
statusText: init.statusText ?? "OK",
json: async () => body,
};
};
return { fetchImpl, calls };
}
function stop(appointmentId: string, lat: number, lng: number): RouteStopInput {
return { appointmentId, latitude: lat, longitude: lng };
}
describe("haversineKm", () => {
it("is zero for the same point", () => {
expect(haversineKm({ latitude: 40, longitude: -74 }, { latitude: 40, longitude: -74 })).toBe(0);
});
it("approximates 1 degree of latitude as ~111km", () => {
const d = haversineKm({ latitude: 0, longitude: 0 }, { latitude: 1, longitude: 0 });
expect(d).toBeGreaterThan(110);
expect(d).toBeLessThan(112);
});
});
describe("estimateLeg", () => {
it("applies the circuity factor and average speed", () => {
const a = { latitude: 0, longitude: 0 };
const b = { latitude: 0, longitude: 1 };
const { distanceKm, mins } = estimateLeg(a, b);
// ~111km straight * 1.3 circuity ≈ 144.6km; at 40km/h ≈ 217 min
expect(distanceKm).toBeGreaterThan(140);
expect(distanceKm).toBeLessThan(150);
expect(mins).toBeGreaterThan(200);
expect(mins).toBeLessThan(230);
expect(Number.isInteger(mins)).toBe(true);
});
});
describe("nearestNeighborOrder", () => {
it("returns trivial order for 0 or 1 points", () => {
expect(nearestNeighborOrder([])).toEqual([]);
expect(nearestNeighborOrder([{ latitude: 1, longitude: 1 }])).toEqual([0]);
});
it("greedily visits the nearest unvisited point", () => {
// Points on a line; scrambled input order.
const points = [
{ latitude: 0, longitude: 0 }, // 0 (start)
{ latitude: 0, longitude: 5 }, // 1 (far)
{ latitude: 0, longitude: 1 }, // 2
{ latitude: 0, longitude: 2 }, // 3
];
expect(nearestNeighborOrder(points, 0)).toEqual([0, 2, 3, 1]);
});
});
describe("optimizeRoute — nearest-neighbor fallback (no API key)", () => {
it("returns an empty route for no stops", async () => {
const r = await optimizeRoute([]);
expect(r.stops).toHaveLength(0);
expect(r.totalTravelMins).toBe(0);
expect(r.totalDistanceKm).toBe(0);
expect(r.provider).toBe("nearest_neighbor");
expect(r.chunked).toBe(false);
});
it("handles a single stop with null travel-from-prev", async () => {
const r = await optimizeRoute([stop("a", 40, -74)]);
expect(r.stops).toHaveLength(1);
expect(r.stops[0]!.travelMinsFromPrev).toBeNull();
expect(r.stops[0]!.travelDistanceKmFromPrev).toBeNull();
expect(r.totalTravelMins).toBe(0);
});
it("orders multiple stops greedily and sums totals", async () => {
const stops = [
stop("start", 0, 0),
stop("far", 0, 5),
stop("near1", 0, 1),
stop("near2", 0, 2),
];
const r = await optimizeRoute(stops);
expect(r.provider).toBe("nearest_neighbor");
expect(r.stops.map((s) => s.appointmentId)).toEqual([
"start",
"near1",
"near2",
"far",
]);
// First stop has no inbound leg.
expect(r.stops[0]!.travelMinsFromPrev).toBeNull();
// Remaining stops have positive travel.
for (const s of r.stops.slice(1)) {
expect(s.travelMinsFromPrev!).toBeGreaterThan(0);
expect(s.travelDistanceKmFromPrev!).toBeGreaterThan(0);
}
const summed = r.stops.reduce((acc, s) => acc + (s.travelMinsFromPrev ?? 0), 0);
expect(r.totalTravelMins).toBe(summed);
});
});
describe("optimizeRoute — Google Directions path", () => {
it("uses optimized waypoint order and real leg metrics, dropping the return leg", async () => {
const stops = [stop("A", 0, 0), stop("B", 0, 1), stop("C", 0, 2)];
// waypoints = [B, C]; optimizer reorders them to [C, B] (waypoint_order [1,0]).
// legs: A->C, C->B, B->A(return). The return leg must be dropped.
const { fetchImpl, calls } = fakeFetch({
status: "OK",
routes: [
{
waypoint_order: [1, 0],
legs: [
{ distance: { value: 2000 }, duration: { value: 600 } }, // A->C
{ distance: { value: 1000 }, duration: { value: 300 } }, // C->B
{ distance: { value: 3000 }, duration: { value: 900 } }, // B->A (return, dropped)
],
},
],
});
const r = await optimizeRoute(stops, { googleApiKey: "key", fetchImpl });
expect(r.provider).toBe("google");
expect(r.stops.map((s) => s.appointmentId)).toEqual(["A", "C", "B"]);
expect(r.stops[0]!.travelMinsFromPrev).toBeNull();
expect(r.stops[1]!.travelDistanceKmFromPrev).toBe(2); // 2000m -> 2km
expect(r.stops[1]!.travelMinsFromPrev).toBe(10); // 600s -> 10min
expect(r.stops[2]!.travelDistanceKmFromPrev).toBe(1); // 1000m
expect(r.stops[2]!.travelMinsFromPrev).toBe(5); // 300s
expect(r.totalDistanceKm).toBe(3);
expect(r.totalTravelMins).toBe(15);
expect(decodeURIComponent(calls[0]!)).toContain("optimize:true");
});
it("falls back to the heuristic when Google returns a non-OK status", async () => {
const stops = [stop("A", 0, 0), stop("B", 0, 1), stop("C", 0, 2)];
const { fetchImpl } = fakeFetch({ status: "REQUEST_DENIED", error_message: "bad key" });
const r = await optimizeRoute(stops, { googleApiKey: "key", fetchImpl });
// Provider label reflects the chosen strategy (google requested) but a
// warning records the degradation and stops are still ordered.
expect(r.stops).toHaveLength(3);
expect(r.warnings.some((w) => w.includes("offline heuristic"))).toBe(true);
expect(r.stops[0]!.travelMinsFromPrev).toBeNull();
});
});
describe("optimizeRoute — >25 stop chunking", () => {
it("splits into sub-routes with a warning and continuous stop ordering", async () => {
const stops: RouteStopInput[] = [];
for (let i = 0; i < MAX_STOPS_PER_ROUTE + 5; i++) {
stops.push(stop(`s${i}`, 0, i * 0.1));
}
const r = await optimizeRoute(stops);
expect(r.chunked).toBe(true);
expect(r.subRouteCount).toBe(2);
expect(r.warnings.some((w) => w.includes("sub-routes"))).toBe(true);
expect(r.stops).toHaveLength(MAX_STOPS_PER_ROUTE + 5);
// Only the very first stop of the whole route lacks an inbound leg.
expect(r.stops[0]!.travelMinsFromPrev).toBeNull();
expect(r.stops.slice(1).every((s) => s.travelMinsFromPrev !== null)).toBe(true);
// All appointment ids preserved exactly once.
expect(new Set(r.stops.map((s) => s.appointmentId)).size).toBe(stops.length);
});
});
src/index.ts
-15
View File
@@ -20,7 +20,6 @@ import { settingsRouter } from "./routes/settings.js";
import { authProviderRouter } from "./routes/authProvider.js";
import { searchRouter } from "./routes/search.js";
import { bufferRulesRouter } from "./routes/buffer-rules.js";
import { routesRouter } from "./routes/routes.js";
import { getObject } from "./lib/s3.js";
import { calendarRouter } from "./routes/calendar.js";
import { setupRouter } from "./routes/setup.js";
@@ -221,10 +220,6 @@ api.use("/reports/*", requireRole("manager"));
api.use("/invoices/*", requireRole("manager", "groomer"));
api.use("/impersonation/*", requireRole("manager"));
// Route optimization: manager (any groomer's route) or groomer (own route only,
// enforced in-handler). Receptionists have no access. (GRO-2155)
api.use("/routes/*", requireRole("manager", "groomer"));
// Manager + Receptionist only (groomers have no access): appointment-groups, grooming-logs, waitlist
api.use("/appointment-groups/*", requireRole("manager", "receptionist"));
api.use("/grooming-logs/*", requireRole("manager", "receptionist"));
@@ -240,15 +235,6 @@ api.on(
requireRole("manager", "receptionist", "groomer")
);
// Route-optimization geocoding endpoints are manager-only (GRO-2154), stricter
// than the general client write guard below. Registered FIRST so receptionists
// are rejected here before the manager+receptionist guard can admit them.
api.on(
["POST"],
["/clients/geocode-batch", "/clients/:clientId/geocode"],
requireRole("manager")
);
// Clients, appointments: all roles may read; only manager + receptionist may write
api.on(
["POST", "PUT", "PATCH", "DELETE"],
@@ -288,7 +274,6 @@ api.route("/admin/auth-provider", authProviderRouter);
api.route("/admin/seed", adminSeedRouter);
api.route("/search", searchRouter);
api.route("/buffer-rules", bufferRulesRouter);
api.route("/routes", routesRouter);
const port = Number(process.env.PORT ?? 3000);
await initAuth();
src/lib/auth.ts
+1 -1
View File
@@ -172,7 +172,7 @@ export async function initAuth(): Promise<void> {
clientSecret: oidcClientSecret,
issuerUrl: oidcIssuer,
internalBaseUrl: process.env.OIDC_INTERNAL_BASE,
scopes: "openid profile email role",
scopes: "openid profile email",
};
console.log("[auth] Using env var config (no DB config found)");
}
src/middleware/rbac.ts
+4 -90
View File
@@ -1,5 +1,5 @@
import type { MiddlewareHandler } from "hono";
import { and, eq, getDb, sql, staff, account, user } from "@groombook/db";
import { and, eq, getDb, sql, staff } from "@groombook/db";
export type StaffRole = "groomer" | "receptionist" | "manager";
export type StaffRow = typeof staff.$inferSelect;
@@ -22,7 +22,7 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
c,
next
) => {
// Better-Auth\'s own routes handle their own auth — skip staff resolution
// Better-Auth's own routes handle their own auth — skip staff resolution
// OOBE setup routes also handle their own auth — staff record is created during setup
if (c.req.path.startsWith("/api/auth/") || c.req.path.startsWith("/api/setup")) {
await next();
@@ -110,92 +110,6 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
return;
}
}
// Auto-provision for Better-Auth users (GRO-2052): the user signed in via
// Better-Auth (email/password, magic link, etc.), so a row exists in `user`
// for jwt.sub but no `account` provider row is required. Create a minimal
// groomer staff record on first login. This is the primary auto-provision
// path; the OIDC branch below remains as a fallback for legacy accounts
// that exist in `account` but not in `user`.
const [userRow] = await db
.select({ id: user.id, name: user.name, email: user.email })
.from(user)
.where(eq(user.id, jwt.sub))
.limit(1);
if (userRow) {
const emailPrefix = userRow.email ? userRow.email.split("@")[0] : "Unknown";
const name = userRow.name?.trim() || jwt.name?.trim() || emailPrefix;
const [newStaff] = await db
.insert(staff)
.values({
userId: jwt.sub,
email: userRow.email ?? jwt.email ?? "",
name,
role: "groomer",
isSuperUser: false,
active: true,
} as Parameters<typeof db.insert>[0] extends { values: infer V } ? V : never)
.returning()!;
if (!newStaff) {
return c.json({ error: "Forbidden: auto-provision failed" }, 500);
}
console.log(
`[rbac] auto-provisioned staff record for Better-Auth user: ${jwt.sub} -> staff:${newStaff.id} (${name})`
);
c.set("staff", newStaff);
await next();
return;
}
// Auto-provision for OIDC users: check if jwt.sub has an OAuth/OIDC account
// (e.g. authentik). If so, create a groomer staff record on the fly. This
// is kept for backward compatibility with legacy OIDC sessions whose user
// row may not yet exist in the Better-Auth `user` table.
if (jwt.email) {
const [oidcAccount] = await db
.select({ id: account.id })
.from(account)
.where(
and(
eq(account.userId, jwt.sub),
sql`${account.providerId} IN (\'authentik\', \'google\', \'github\')`
)
)
.limit(1);
if (oidcAccount) {
// Derive name: prefer jwt.name, fall back to email prefix, then "Unknown"
const emailPrefix = jwt.email ? jwt.email.split("@")[0] : "Unknown";
const name = jwt.name?.trim() || emailPrefix;
const [newStaff] = await db
.insert(staff)
.values({
userId: jwt.sub,
email: (jwt.email ?? "") as string,
name,
role: "groomer",
isSuperUser: false,
active: true,
} as Parameters<typeof db.insert>[0] extends { values: infer V } ? V : never)
.returning()!;
if (!newStaff) {
return c.json({ error: "Forbidden: auto-provision failed" }, 500);
}
console.log(
`[rbac] auto-provisioned staff record for OIDC user: ${jwt.sub} -> staff:${newStaff.id} (${name})`
);
c.set("staff", newStaff);
await next();
return;
}
}
return c.json(
{ error: "Forbidden: no staff record found for authenticated user" },
403
@@ -221,7 +135,7 @@ export function requireRole(
if (!(allowedRoles as string[]).includes(staffRow.role)) {
return c.json(
{
error: `Forbidden: role \'${staffRow.role}\' is not permitted to access this resource`,
error: `Forbidden: role '${staffRow.role}' is not permitted to access this resource`,
},
403
);
@@ -254,7 +168,7 @@ export function requireRoleOrSuperUser(
{
error: hasAllowedRole
? "Forbidden: super user privileges required"
: `Forbidden: role \'${staffRow.role}\' is not permitted`,
: `Forbidden: role '${staffRow.role}' is not permitted`,
},
403
);
src/routes/admin/seed.ts
+1 -1
View File
@@ -46,7 +46,7 @@ const UAT_CLIENT = {
const UAT_PETS = [
{ name: "Bella", species: "Dog", breed: "Poodle", coatType: "curly", weightKg: "20.00" },
{ name: "Max", species: "Dog", breed: "Labrador Retriever", coatType: "smooth", weightKg: "30.00" },
{ name: "Max", species: "Dog", breed: "Labrador Retriever", coatType: "short", weightKg: "30.00" },
];
const DEMO_SERVICES = [
src/routes/clients.ts
+3 -121
View File
@@ -3,61 +3,9 @@ import { zValidator } from "@hono/zod-validator";
import { z } from "zod/v3";
import { and, eq, exists, getDb, or, clients, appointments } from "@groombook/db";
import type { AppEnv } from "../middleware/rbac.js";
import {
geocodeClient,
geocodeUngeocodedClients,
resolveClientGeocodingProvider,
type ClientGeocodeOutcome,
} from "../services/clientGeocoding.js";
export const clientsRouter = new Hono<AppEnv>();
type ClientRow = typeof clients.$inferSelect;
/**
* Best-effort auto-geocode of a freshly created/updated client (GRO-2154).
* Never throws: a flaky geocoding backend must not break client mutations.
* Returns the (possibly coordinate-enriched) row plus a structured outcome the
* caller surfaces under a `geocoding` field so ambiguous addresses are visible.
*/
async function autoGeocodeClient(
db: ReturnType<typeof getDb>,
row: ClientRow
): Promise<{ row: ClientRow; outcome: ClientGeocodeOutcome }> {
try {
const provider = await resolveClientGeocodingProvider(db);
const outcome = await geocodeClient(db, row, provider);
const enriched =
outcome.status === "geocoded"
? {
...row,
latitude: outcome.latitude,
longitude: outcome.longitude,
geocodedAt: outcome.geocodedAt
? new Date(outcome.geocodedAt)
: row.geocodedAt,
}
: row;
return { row: enriched, outcome };
} catch (err) {
return {
row,
outcome: {
clientId: row.id,
status: "error",
message: `Auto-geocode failed: ${
err instanceof Error ? err.message : String(err)
}`,
latitude: null,
longitude: null,
geocodedAt: null,
formattedAddress: null,
provider: null,
},
};
}
}
const createClientSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().email(),
@@ -143,59 +91,9 @@ clientsRouter.post("/", zValidator("json", createClientSchema), async (c) => {
const db = getDb();
const body = c.req.valid("json");
const [row] = await db.insert(clients).values(body).returning();
if (!row) return c.json({ error: "Failed to create client" }, 500);
// Auto-geocode on create when an address is supplied (GRO-2154). Best-effort:
// the client is created regardless; the `geocoding` field surfaces failures.
if (body.address && body.address.trim()) {
const { row: enriched, outcome } = await autoGeocodeClient(db, row);
return c.json({ ...enriched, geocoding: outcome }, 201);
}
return c.json(row, 201);
});
// Geocode a single client's address and persist coordinates (manager-only;
// enforced by the route guard in index.ts).
clientsRouter.post("/:clientId/geocode", async (c) => {
const db = getDb();
const clientId = c.req.param("clientId");
const [client] = await db
.select()
.from(clients)
.where(eq(clients.id, clientId));
if (!client) return c.json({ error: "Not found" }, 404);
const provider = await resolveClientGeocodingProvider(db);
const outcome = await geocodeClient(db, client, provider);
// Map outcome to an HTTP status so the result is unambiguous to the caller:
// geocoded -> 200, provider error -> 502, no_address/unresolved -> 422.
const status =
outcome.status === "geocoded"
? 200
: outcome.status === "error"
? 502
: 422;
return c.json(outcome, status);
});
// Batch-geocode un-geocoded clients with provider-rate-limited throttling
// (manager-only). Processes up to ?limit clients (default 50, max 500) per call;
// re-invoke while `remaining` > 0 to finish large datasets.
clientsRouter.post("/geocode-batch", async (c) => {
const db = getDb();
const limitRaw = c.req.query("limit");
let limit = 50;
if (limitRaw !== undefined) {
limit = Number(limitRaw);
if (!Number.isFinite(limit) || limit <= 0) {
return c.json({ error: "limit must be a positive integer" }, 400);
}
}
const summary = await geocodeUngeocodedClients(db, limit);
return c.json(summary);
});
// Update a client (including status changes)
const patchClientSchema = createClientSchema.partial().extend({
status: z.enum(["active", "disabled"]).optional(),
@@ -225,29 +123,13 @@ clientsRouter.patch(
}
delete setValues.smsOptOut;
// Auto-geocode on address change (GRO-2154). If the address was cleared,
// drop any stale coordinates so a disabled/blank address never keeps a pin.
const addressProvided = Object.prototype.hasOwnProperty.call(body, "address");
const trimmedAddress =
typeof body.address === "string" ? body.address.trim() : undefined;
if (addressProvided && !trimmedAddress) {
setValues.latitude = null;
setValues.longitude = null;
setValues.geocodedAt = null;
}
const [updated] = await db
const [row] = await db
.update(clients)
.set(setValues)
.where(eq(clients.id, c.req.param("id")))
.returning();
if (!updated) return c.json({ error: "Not found" }, 404);
if (addressProvided && trimmedAddress) {
const { row: enriched, outcome } = await autoGeocodeClient(db, updated);
return c.json({ ...enriched, geocoding: outcome });
}
return c.json(updated);
if (!row) return c.json({ error: "Not found" }, 404);
return c.json(row);
}
);
src/routes/pets.ts
+1 -235
View File
@@ -1,21 +1,7 @@
import { Hono } from "hono";
import { zValidator } from "@hono/zod-validator";
import { z } from "zod/v3";
import {
and,
desc,
eq,
exists,
getDb,
impersonationAuditLogs,
impersonationSessions,
or,
pets,
appointments,
staff,
services,
sql,
} from "@groombook/db";
import { and, eq, exists, getDb, or, pets, appointments } from "@groombook/db";
import type { AppEnv } from "../middleware/rbac.js";
import {
getPresignedUploadUrl,
@@ -25,23 +11,6 @@ import {
export const petsRouter = new Hono<AppEnv>();
// Convert Zod validation errors from 422 to 400 and ensure any thrown error
// returns a structured JSON body rather than Hono's default empty-body 500.
// GRO-2014: profile-summary previously bubbled unhandled errors and produced
// an empty-body 500. Mirror the onError pattern already used in invoices.ts
// and reports.ts so every error has a JSON envelope.
petsRouter.onError((err, c) => {
if (err instanceof z.ZodError) {
return c.json({ error: "Validation failed", issues: err.issues }, 400);
}
console.error("[pets] unhandled error", err);
return c.json({ error: "Internal Server Error" }, 500);
});
// UUID format used by all pet routes — guards path params against malformed
// values before they hit Drizzle / Postgres uuid columns (which would throw).
const uuidSchema = z.string().uuid();
const createPetSchema = z.object({
clientId: z.string().uuid(),
name: z.string().min(1).max(200),
@@ -128,209 +97,6 @@ petsRouter.get("/:id", async (c) => {
return c.json(row);
});
/**
* Resolves the clientId from the X-Impersonation-Session-Id header, if present and active.
* Used by staff routes to allow a customer (auto-provisioned as a `groomer` staff row
* by rbac.ts) to access their own pet's data when they are the rightful owner.
*
* Returns null when the header is missing, the session is unknown/expired/ended, or the
* session exists but has no clientId — callers should treat null as "no owner-bypass".
*/
async function resolveImpersonationClientId(
db: ReturnType<typeof getDb>,
c: { req: { header: (name: string) => string | undefined } }
): Promise<string | null> {
const sessionId = c.req.header("X-Impersonation-Session-Id");
if (!sessionId) return null;
const [session] = await db
.select({
clientId: impersonationSessions.clientId,
status: impersonationSessions.status,
expiresAt: impersonationSessions.expiresAt,
})
.from(impersonationSessions)
.where(eq(impersonationSessions.id, sessionId))
.limit(1);
if (!session) return null;
if (session.status !== "active") return null;
if (session.expiresAt <= new Date()) return null;
return session.clientId;
}
/**
* Defense-in-depth audit write for the staff-side owner-bypass path in
* GET /pets/:id/profile-summary. Mirrors the failure-isolation pattern in
* src/middleware/portalAudit.ts: errors are logged but never thrown, so a
* misbehaving audit insert cannot turn a working read into a 500.
*
* Called only when the owner-bypass actually fires (i.e. the requester is a
* groomer-role staff row with no appointment linkage, but supplies a valid
* X-Impersonation-Session-Id whose clientId matches the pet's owner). The
* `petId` and `actorStaffId` are written inside `metadata` because the
* impersonation_audit_logs schema has no first-class columns for them and
* adding a migration is out of scope.
*/
async function writeOwnerBypassAudit(
db: ReturnType<typeof getDb>,
args: {
sessionId: string;
petId: string;
actorStaffId: string;
pageVisited: string;
}
): Promise<void> {
try {
await db.insert(impersonationAuditLogs).values({
sessionId: args.sessionId,
action: "read_profile_summary",
pageVisited: args.pageVisited,
metadata: { petId: args.petId, actorStaffId: args.actorStaffId },
});
} catch (err) {
console.error("[pets] failed to write owner-bypass audit log:", err);
}
}
petsRouter.get("/:id/profile-summary", async (c) => {
const db = getDb();
const petId = c.req.param("id");
// GRO-2014: validate UUID format before hitting Postgres. Passing a non-UUID
// string to a uuid column makes the driver throw, which previously surfaced
// as an empty-body 500 to clients.
const parsedId = uuidSchema.safeParse(petId);
if (!parsedId.success) {
return c.json({ error: "Not found" }, 404);
}
// Defense in depth: resolveStaffMiddleware should always populate `staff`
// for protected routes (or short-circuit with 401/403 of its own). Guard
// anyway so a misconfigured route mount can't trigger a TypeError on
// staffRow.id when the linkage check runs.
const staffRow = c.get("staff");
if (!staffRow) {
return c.json({ error: "Unauthorized" }, 401);
}
const isGroomer = staffRow.role === "groomer";
// Fetch the pet
const [pet] = await db.select().from(pets).where(eq(pets.id, petId));
if (!pet) return c.json({ error: "Not found" }, 404);
// Owner-bypass (GRO-2013): a customer who supplies a valid
// X-Impersonation-Session-Id for the pet's owning client may read their
// own pet's summary, even though rbac.ts auto-provisions them as a
// `groomer` staff row with no appointment linkage.
let isOwner = false;
if (isGroomer) {
const headerSessionId = c.req.header("X-Impersonation-Session-Id");
const ownerClientId = await resolveImpersonationClientId(db, c);
isOwner = !!ownerClientId && ownerClientId === pet.clientId;
if (isOwner && headerSessionId) {
// GRO-2063: defense-in-depth audit row. Only fires when the bypass
// is actually granted; never on the normal groomer-linkage path,
// 403/404/401, or when the header is absent. Failure is swallowed
// (try/catch inside writeOwnerBypassAudit) so this can never turn a
// working read into a 500.
await writeOwnerBypassAudit(db, {
sessionId: headerSessionId,
petId: pet.id,
actorStaffId: staffRow.id,
pageVisited: c.req.path,
});
}
}
// Groomer RBAC: check appointment linkage to this pet's client
if (isGroomer && !isOwner) {
const [linkage] = await db
.select({ id: appointments.id })
.from(appointments)
.where(
and(
eq(appointments.clientId, pet.clientId),
or(
eq(appointments.staffId, staffRow.id),
eq(appointments.batherStaffId, staffRow.id)
)
)
)
.limit(1);
if (!linkage) return c.json({ error: "Forbidden" }, 403);
}
// Recent grooming history — last 10 completed appointments
const recentHistory = await db
.select({
id: appointments.id,
startTime: appointments.startTime,
notes: appointments.notes,
serviceName: services.name,
staffName: staff.name,
})
.from(appointments)
.innerJoin(services, eq(appointments.serviceId, services.id))
.leftJoin(staff, eq(appointments.staffId, staff.id))
.where(and(eq(appointments.petId, petId), eq(appointments.status, "completed")))
.orderBy(desc(appointments.startTime))
.limit(10);
// Visit count (completed appointments)
const [countRow] = await db
.select({ count: sql<number>`count(*)::int` })
.from(appointments)
.where(and(eq(appointments.petId, petId), eq(appointments.status, "completed")));
const visitCount = countRow?.count ?? 0;
// Upcoming appointment (next scheduled or confirmed)
const [upcoming] = await db
.select({
id: appointments.id,
startTime: appointments.startTime,
notes: appointments.notes,
confirmationStatus: appointments.confirmationStatus,
serviceName: services.name,
})
.from(appointments)
.innerJoin(services, eq(appointments.serviceId, services.id))
.where(
and(
eq(appointments.petId, petId),
or(eq(appointments.status, "scheduled"), eq(appointments.status, "confirmed"))
)
)
.orderBy(appointments.startTime)
.limit(1);
return c.json({
id: pet.id,
name: pet.name,
species: pet.species,
breed: pet.breed,
coatType: pet.coatType,
petSizeCategory: pet.petSizeCategory,
weightKg: pet.weightKg,
dateOfBirth: pet.dateOfBirth,
recentGroomingHistory: recentHistory.map((h) => ({
id: h.id,
startTime: h.startTime,
notes: h.notes,
serviceName: h.serviceName,
staffName: h.staffName,
})),
visitCount,
upcomingAppointment: upcoming
? {
id: upcoming.id,
startTime: upcoming.startTime,
notes: upcoming.notes,
confirmationStatus: upcoming.confirmationStatus,
serviceName: upcoming.serviceName,
}
: null,
});
});
petsRouter.post("/", zValidator("json", createPetSchema), async (c) => {
const db = getDb();
const { weightKg, dateOfBirth, customFields, ...rest } = c.req.valid("json");
src/routes/portal.ts
+2 -227
View File
@@ -36,7 +36,7 @@ portalRouter.post(
return c.json({ error: "Client not found" }, 404);
}
const DEMO_STAFF_ID = process.env.DEMO_STAFF_ID ?? "00000000-0000-0000-0000-000000000001";
const DEMO_STAFF_ID = "00000000-0000-0000-0000-000000000001";
let staffId = DEMO_STAFF_ID;
const [demoStaff] = await db
@@ -71,82 +71,6 @@ portalRouter.post(
}
);
// Bridge Better Auth session → portal session for real SSO customers (GRO-1866).
// Registered BEFORE the /* middleware so it is NOT subject to validatePortalSession.
import { getAuth } from "../lib/auth.js";
portalRouter.post("/session-from-auth", async (c) => {
let auth;
try {
auth = getAuth();
} catch {
return c.json({ error: "Authentication not configured" }, 503);
}
const session = await auth.api.getSession({
headers: c.req.raw.headers,
});
if (!session) {
return c.json({ error: "Unauthorized" }, 401);
}
const db = getDb();
const [client] = await db
.select()
.from(clients)
.where(eq(clients.email, session.user.email))
.limit(1);
if (!client) {
return c.json({ error: "No client record found for this user" }, 404);
}
const DEMO_STAFF_ID = process.env.DEMO_STAFF_ID ?? "00000000-0000-0000-0000-000000000001";
let staffId = DEMO_STAFF_ID;
const [demoStaff] = await db
.select({ id: staff.id })
.from(staff)
.where(eq(staff.id, DEMO_STAFF_ID))
.limit(1);
if (!demoStaff) {
const [firstStaff] = await db
.select({ id: staff.id })
.from(staff)
.where(eq(staff.active, true))
.limit(1);
if (!firstStaff) {
return c.json({ error: "No staff records found" }, 500);
}
staffId = firstStaff.id;
}
const [portalSession] = await db
.insert(impersonationSessions)
.values({
staffId,
clientId: client.id,
reason: "sso-bridge",
expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000),
})
.returning();
if (!portalSession) {
return c.json({ error: "Failed to create session" }, 500);
}
return c.json(
{
sessionId: portalSession.id,
clientId: client.id,
clientName: client.name,
},
201
);
});
// Apply middleware to all portal routes
portalRouter.use("/*", validatePortalSession, portalAudit);
@@ -225,158 +149,9 @@ portalRouter.get("/pets", async (c) => {
const clientId = c.get("portalClientId");
const clientPets = await db.select().from(pets).where(eq(pets.clientId, clientId));
return c.json(clientPets.map(p => ({
id: p.id,
name: p.name,
breed: p.breed,
weight: p.weightKg,
birthDate: p.dateOfBirth,
photoUrl: p.photoKey,
notes: p.groomingNotes,
coatType: p.coatType,
petSizeCategory: p.petSizeCategory,
healthAlerts: p.healthAlerts,
preferredCuts: p.preferredCuts,
medicalAlerts: p.medicalAlerts,
})));
return c.json(clientPets.map(p => ({ id: p.id, name: p.name, breed: p.breed, weight: p.weightKg, birthDate: p.dateOfBirth, photoUrl: p.photoKey, notes: p.groomingNotes })));
});
// ─── Customer-facing pet update ───────────────────────────────────────────────
//
// The customer portal pet-profile form (groombook/web) saves edits via
// PATCH /api/portal/pets/:petId. The web payload mixes the keys returned by
// GET /portal/pets (weight, birthDate, photoUrl, notes) with the form's own
// edited keys (weightKg, healthAlerts, coatType, …), so we accept both spellings
// and map each to its `pets` column. Ownership is enforced exactly like the
// appointment-notes handler: 404 if the pet does not exist, 403 if it belongs to
// another client.
// Allowed enum values mirror packages/db/src/schema.ts coatTypeEnum /
// petSizeCategoryEnum. Kept as plain string lists so an invalid value can be
// rejected with 422 in-handler (zValidator failures would surface as 400).
const PORTAL_COAT_TYPES: readonly string[] = ["short", "medium", "long", "double", "wire", "silky", "curly", "hairless"];
const PORTAL_PET_SIZES: readonly string[] = ["small", "medium", "large", "extra_large"];
// The web size dropdown emits "xlarge"; the DB enum value is "extra_large".
const PORTAL_PET_SIZE_ALIASES: Record<string, string> = { xlarge: "extra_large" };
const portalMedicalAlertSchema = z.object({
id: z.string().optional(),
type: z.string().max(2000),
description: z.string().max(2000),
severity: z.enum(["low", "medium", "high"]),
});
const portalPetUpdateSchema = z.object({
name: z.string().min(1).max(200).optional(),
breed: z.string().max(200).nullable().optional(),
// weightKg is the form's edited key; weight is the GET-shaped key. Accept both.
weightKg: z.union([z.number(), z.string()]).nullable().optional(),
weight: z.union([z.number(), z.string()]).nullable().optional(),
birthDate: z.string().nullable().optional(),
notes: z.string().max(2000).nullable().optional(),
healthAlerts: z.string().max(2000).nullable().optional(),
// photoUrl/photoKey are intentionally NOT writable here: photoKey is a trusted
// S3 object key consumed server-side (getPresignedGetUrl / deleteObject), and the
// upload path (pets.ts) already enforces a pets/{petId}/ prefix guard against key
// hijacking. Photo changes go through the dedicated upload + /photo/confirm flow.
// The web form round-trips the GET-shaped photoUrl; Zod strips it as an unknown key.
// coatType / petSizeCategory validated in-handler so bad values return 422.
coatType: z.string().nullable().optional(),
petSizeCategory: z.string().nullable().optional(),
preferredCuts: z.array(z.string().max(2000)).max(50).nullable().optional(),
medicalAlerts: z.array(portalMedicalAlertSchema).max(50).nullable().optional(),
});
portalRouter.patch(
"/pets/:petId",
zValidator("json", portalPetUpdateSchema),
async (c) => {
const db = getDb();
const petId = c.req.param("petId");
const body = c.req.valid("json");
const clientId = c.get("portalClientId");
const [pet] = await db
.select()
.from(pets)
.where(eq(pets.id, petId))
.limit(1);
if (!pet) {
return c.json({ error: "Not found" }, 404);
}
if (pet.clientId !== clientId) {
return c.json({ error: "Forbidden" }, 403);
}
const updateData: Record<string, unknown> = { updatedAt: new Date() };
if (body.name !== undefined) updateData.name = body.name;
if (body.breed !== undefined) updateData.breed = body.breed;
if (body.weightKg !== undefined || body.weight !== undefined) {
const w = body.weightKg ?? body.weight;
updateData.weightKg = w === null || w === undefined ? null : String(w);
}
if (body.birthDate !== undefined) {
updateData.dateOfBirth = body.birthDate ? new Date(body.birthDate) : null;
}
if (body.notes !== undefined) updateData.groomingNotes = body.notes;
if (body.healthAlerts !== undefined) updateData.healthAlerts = body.healthAlerts;
// photoKey is intentionally not writable here — see portalPetUpdateSchema note.
// Photo changes go through the key-validated upload + /photo/confirm flow.
if (body.coatType !== undefined) {
if (body.coatType !== null && !PORTAL_COAT_TYPES.includes(body.coatType)) {
return c.json({ error: "Invalid coatType" }, 422);
}
updateData.coatType = body.coatType;
}
if (body.petSizeCategory !== undefined) {
let size: string | null = body.petSizeCategory;
if (size !== null) {
size = PORTAL_PET_SIZE_ALIASES[size] ?? size;
if (!PORTAL_PET_SIZES.includes(size)) {
return c.json({ error: "Invalid petSizeCategory" }, 422);
}
}
updateData.petSizeCategory = size;
}
if (body.preferredCuts !== undefined) updateData.preferredCuts = body.preferredCuts ?? [];
if (body.medicalAlerts !== undefined) updateData.medicalAlerts = body.medicalAlerts ?? [];
const [updated] = await db
.update(pets)
.set(updateData)
.where(eq(pets.id, petId))
.returning();
if (!updated) {
return c.json({ error: "Not found" }, 404);
}
return c.json({
id: updated.id,
name: updated.name,
breed: updated.breed,
weight: updated.weightKg,
birthDate: updated.dateOfBirth,
photoUrl: updated.photoKey,
notes: updated.groomingNotes,
coatType: updated.coatType,
petSizeCategory: updated.petSizeCategory,
healthAlerts: updated.healthAlerts,
preferredCuts: updated.preferredCuts,
medicalAlerts: updated.medicalAlerts,
});
}
);
portalRouter.get("/invoices", async (c) => {
const db = getDb();
const clientId = c.get("portalClientId");
src/routes/routes.ts
-284
View File
@@ -1,284 +0,0 @@
import { Hono } from "hono";
import { zValidator } from "@hono/zod-validator";
import { z } from "zod/v3";
import {
and,
asc,
eq,
gte,
lt,
ne,
getDb,
appointments,
businessSettings,
clients,
groomerRoutes,
routeStops,
} from "@groombook/db";
import type { AppEnv, StaffRow } from "../middleware/rbac.js";
import {
optimizeRoute,
resolveRouteGoogleApiKey,
type RouteStopInput,
} from "../services/routeOptimization.js";
export const routesRouter = new Hono<AppEnv>();
const dailyQuerySchema = z.object({
staffId: z.string().uuid().optional(),
date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "date must be YYYY-MM-DD"),
});
const optimizeBodySchema = z.object({
staffId: z.string().uuid().optional(),
date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "date must be YYYY-MM-DD"),
});
/**
* Resolves the target staffId for the request and enforces the groomer-own /
* manager authorization rule. Groomers may only act on their own route; if a
* groomer omits staffId it defaults to their own. Returns either the resolved
* id or an error tuple the caller turns into a JSON response.
*/
function resolveTargetStaffId(
staffRow: StaffRow | undefined,
requestedStaffId: string | undefined
): { staffId: string } | { error: string; status: 400 | 403 } {
const isGroomer = staffRow?.role === "groomer";
if (isGroomer) {
if (requestedStaffId && requestedStaffId !== staffRow.id) {
return {
error: "Forbidden: groomers may only access their own route",
status: 403,
};
}
return { staffId: staffRow.id };
}
// Manager: staffId is required (no implicit self — managers plan others' days).
if (!requestedStaffId) {
return { error: "staffId is required", status: 400 };
}
return { staffId: requestedStaffId };
}
/** Day window [date 00:00:00Z, nextDay 00:00:00Z) for filtering appointments. */
function dayBounds(date: string): { start: Date; end: Date } {
const start = new Date(`${date}T00:00:00.000Z`);
const end = new Date(start.getTime() + 24 * 60 * 60 * 1000);
return { start, end };
}
/** Loads a route's persisted stops, enriched with appointment + client detail. */
async function loadRouteStops(db: ReturnType<typeof getDb>, routeId: string) {
return db
.select({
id: routeStops.id,
appointmentId: routeStops.appointmentId,
stopOrder: routeStops.stopOrder,
latitude: routeStops.latitude,
longitude: routeStops.longitude,
travelMinsFromPrev: routeStops.travelMinsFromPrev,
travelDistanceKmFromPrev: routeStops.travelDistanceKmFromPrev,
bufferMins: routeStops.bufferMins,
appointmentStartTime: appointments.startTime,
appointmentEndTime: appointments.endTime,
appointmentStatus: appointments.status,
clientId: clients.id,
clientName: clients.name,
clientAddress: clients.address,
})
.from(routeStops)
.innerJoin(appointments, eq(routeStops.appointmentId, appointments.id))
.innerJoin(clients, eq(appointments.clientId, clients.id))
.where(eq(routeStops.routeId, routeId))
.orderBy(asc(routeStops.stopOrder));
}
/**
* GET /api/routes/daily?staffId=&date=
* Fetches (creating a draft if absent) the daily route for a groomer, with all
* persisted stops. Auth: groomer (own) or manager.
*/
routesRouter.get("/daily", zValidator("query", dailyQuerySchema), async (c) => {
const db = getDb();
const { staffId: requestedStaffId, date } = c.req.valid("query");
const resolved = resolveTargetStaffId(c.get("staff"), requestedStaffId);
if ("error" in resolved) {
return c.json({ error: resolved.error }, resolved.status);
}
const staffId = resolved.staffId;
let [route] = await db
.select()
.from(groomerRoutes)
.where(
and(
eq(groomerRoutes.staffId, staffId),
eq(groomerRoutes.routeDate, date)
)
);
if (!route) {
// Create a draft route so the day is addressable before optimization.
[route] = await db
.insert(groomerRoutes)
.values({ staffId, routeDate: date, status: "draft" })
.returning();
}
const stops = await loadRouteStops(db, route!.id);
return c.json({ route, stops });
});
/**
* POST /api/routes/optimize { staffId, date }
* Generates or re-optimizes the daily route: pulls the day's geocoded
* appointments, optimizes the visiting order (Google Directions when a key is
* configured, else nearest-neighbor), and persists the ordered stops + totals.
* Auth: groomer (own) or manager.
*/
routesRouter.post(
"/optimize",
zValidator("json", optimizeBodySchema),
async (c) => {
const db = getDb();
const { staffId: requestedStaffId, date } = c.req.valid("json");
const resolved = resolveTargetStaffId(c.get("staff"), requestedStaffId);
if ("error" in resolved) {
return c.json({ error: resolved.error }, resolved.status);
}
const staffId = resolved.staffId;
const { start, end } = dayBounds(date);
// Pull the day's non-cancelled appointments for this groomer, joined to the
// client coordinates. Ordered by start time so the earliest booking anchors
// the route.
const dayAppointments = await db
.select({
appointmentId: appointments.id,
startTime: appointments.startTime,
clientId: clients.id,
clientName: clients.name,
latitude: clients.latitude,
longitude: clients.longitude,
})
.from(appointments)
.innerJoin(clients, eq(appointments.clientId, clients.id))
.where(
and(
eq(appointments.staffId, staffId),
gte(appointments.startTime, start),
lt(appointments.startTime, end),
ne(appointments.status, "cancelled")
)
)
.orderBy(asc(appointments.startTime));
const stopInputs: RouteStopInput[] = [];
const skipped: Array<{ appointmentId: string; clientName: string; reason: string }> =
[];
for (const appt of dayAppointments) {
if (appt.latitude == null || appt.longitude == null) {
skipped.push({
appointmentId: appt.appointmentId,
clientName: appt.clientName,
reason: "client address is not geocoded",
});
continue;
}
stopInputs.push({
appointmentId: appt.appointmentId,
latitude: appt.latitude,
longitude: appt.longitude,
});
}
const [settings] = await db.select().from(businessSettings).limit(1);
const bufferMins = settings?.defaultTravelBufferMins ?? 15;
const googleApiKey = await resolveRouteGoogleApiKey(db);
const optimized = await optimizeRoute(stopInputs, { googleApiKey });
const warnings = [...optimized.warnings];
if (skipped.length > 0) {
warnings.push(
`${skipped.length} appointment(s) were skipped because the client address is not geocoded.`
);
}
const now = new Date();
const route = await db.transaction(async (tx) => {
// Upsert the route row for (staffId, date).
const [existing] = await tx
.select()
.from(groomerRoutes)
.where(
and(
eq(groomerRoutes.staffId, staffId),
eq(groomerRoutes.routeDate, date)
)
);
const [routeRow] = existing
? await tx
.update(groomerRoutes)
.set({
status: "optimized",
totalTravelMins: optimized.totalTravelMins,
totalDistanceKm: optimized.totalDistanceKm.toFixed(2),
optimizedAt: now,
updatedAt: now,
})
.where(eq(groomerRoutes.id, existing.id))
.returning()
: await tx
.insert(groomerRoutes)
.values({
staffId,
routeDate: date,
status: "optimized",
totalTravelMins: optimized.totalTravelMins,
totalDistanceKm: optimized.totalDistanceKm.toFixed(2),
optimizedAt: now,
})
.returning();
// Replace stops: clear prior ordering, insert the freshly optimized one.
await tx.delete(routeStops).where(eq(routeStops.routeId, routeRow!.id));
if (optimized.stops.length > 0) {
await tx.insert(routeStops).values(
optimized.stops.map((s, i) => ({
routeId: routeRow!.id,
appointmentId: s.appointmentId,
stopOrder: i + 1,
latitude: s.latitude,
longitude: s.longitude,
travelMinsFromPrev: s.travelMinsFromPrev,
travelDistanceKmFromPrev:
s.travelDistanceKmFromPrev == null
? null
: s.travelDistanceKmFromPrev.toFixed(2),
bufferMins,
}))
);
}
return routeRow!;
});
const stops = await loadRouteStops(db, route.id);
return c.json({
route,
stops,
provider: optimized.provider,
chunked: optimized.chunked,
subRouteCount: optimized.subRouteCount,
skipped,
warnings,
});
}
);
src/services/clientGeocoding.ts
-212
View File
@@ -1,212 +0,0 @@
import {
getDb,
businessSettings,
clients,
and,
eq,
isNull,
sql,
} from "@groombook/db";
import {
resolveGeocodingProvider,
type GeocodingProvider,
type GeocodeResult,
} from "./geocoding.js";
/**
* Client geocoding orchestration (GRO-2154, Phase 1.3 of Route Optimization).
*
* Bridges the provider-agnostic {@link GeocodingProvider} layer (GRO-2153) and
* the `clients` table: resolves the configured provider from `businessSettings`,
* geocodes a client's address, and persists `latitude`/`longitude`/`geocodedAt`.
*
* Outcomes are returned as structured {@link ClientGeocodeOutcome} values so that
* callers (the geocode endpoints and the auto-geocode create/update hook) can
* surface clear, actionable feedback — groomers need to know when an address is
* ambiguous or unresolvable, not just that "something failed".
*/
type Db = ReturnType<typeof getDb>;
type ClientRow = typeof clients.$inferSelect;
/** Status of a single client geocode attempt. */
export type ClientGeocodeStatus =
/** Coordinates resolved and persisted. */
| "geocoded"
/** Client has no (non-blank) address on file — nothing to geocode. */
| "no_address"
/** Provider returned no match; the address is ambiguous or unrecognized. */
| "unresolved"
/** Provider call failed (transport, quota, bad key). Coordinates unchanged. */
| "error";
/** Structured, UI-surfaceable result of geocoding one client. */
export interface ClientGeocodeOutcome {
clientId: string;
status: ClientGeocodeStatus;
/** Human-readable explanation, safe to show to managers/groomers. */
message: string;
latitude: number | null;
longitude: number | null;
geocodedAt: string | null;
/** Provider-normalized address, when a match was found. */
formattedAddress: string | null;
/** Provider that produced (or attempted) this result. */
provider: string | null;
}
/**
* Builds the geocoding provider for the current business settings. A single
* provider instance should be reused across a batch so its internal rate limiter
* throttles the whole run (e.g. Nominatim's 1 req/sec policy).
*/
export async function resolveClientGeocodingProvider(
db: Db
): Promise<GeocodingProvider> {
const [settings] = await db.select().from(businessSettings).limit(1);
return resolveGeocodingProvider(settings ?? null);
}
/**
* Geocodes a single client row through the given provider and persists the
* result on success. Never throws on provider failure — transport/quota errors
* are captured as an `"error"` outcome so callers (especially the create/update
* auto-geocode hook) are not broken by a flaky geocoding backend.
*/
export async function geocodeClient(
db: Db,
client: ClientRow,
provider: GeocodingProvider
): Promise<ClientGeocodeOutcome> {
const base = {
clientId: client.id,
latitude: null as number | null,
longitude: null as number | null,
geocodedAt: null as string | null,
formattedAddress: null as string | null,
provider: provider.name as string | null,
};
const address = client.address?.trim();
if (!address) {
return {
...base,
status: "no_address",
message: "Client has no address on file, so it cannot be geocoded.",
};
}
let result: GeocodeResult | null;
try {
result = await provider.geocode(address);
} catch (err) {
return {
...base,
status: "error",
message: `Geocoding provider (${provider.name}) failed: ${
err instanceof Error ? err.message : String(err)
}`,
};
}
if (!result) {
return {
...base,
status: "unresolved",
message: `Address could not be resolved to a location: "${address}". Please verify or correct the address.`,
};
}
const geocodedAt = new Date();
await db
.update(clients)
.set({
latitude: result.latitude,
longitude: result.longitude,
geocodedAt,
updatedAt: geocodedAt,
})
.where(eq(clients.id, client.id));
return {
clientId: client.id,
status: "geocoded",
message: `Geocoded via ${result.provider} to ${result.latitude}, ${result.longitude}.`,
latitude: result.latitude,
longitude: result.longitude,
geocodedAt: geocodedAt.toISOString(),
formattedAddress: result.formattedAddress,
provider: result.provider,
};
}
/** Summary returned by {@link geocodeUngeocodedClients}. */
export interface BatchGeocodeSummary {
provider: string;
/** Number of clients processed in this invocation. */
processed: number;
geocoded: number;
unresolved: number;
errors: number;
/** Un-geocoded clients with an address that were NOT processed (over `limit`). */
remaining: number;
/** Per-client outcomes for everything processed this invocation. */
outcomes: ClientGeocodeOutcome[];
}
/**
* Batch-geocodes clients that have an address but no `geocodedAt` yet, throttled
* by the active provider's rate limiter.
*
* Because Nominatim allows only ~1 req/sec, geocoding every un-geocoded client in
* a single HTTP request would risk timeouts on large datasets. Each invocation
* therefore processes at most `limit` clients (default 50, clamped 1..500) and
* reports `remaining`; managers re-run until `remaining` is 0.
*/
export async function geocodeUngeocodedClients(
db: Db,
limit = 50,
injectedProvider?: GeocodingProvider
): Promise<BatchGeocodeSummary> {
const effectiveLimit = Math.min(Math.max(Math.trunc(limit) || 0, 1), 500);
const provider =
injectedProvider ?? (await resolveClientGeocodingProvider(db));
// Un-geocoded = geocodedAt IS NULL with a non-blank address.
const candidateFilter = and(
isNull(clients.geocodedAt),
sql`${clients.address} IS NOT NULL AND length(trim(${clients.address})) > 0`
);
const countRows = await db
.select({ count: sql<number>`count(*)::int` })
.from(clients)
.where(candidateFilter);
const totalRemaining = countRows[0]?.count ?? 0;
const rows = await db
.select()
.from(clients)
.where(candidateFilter)
.orderBy(clients.createdAt)
.limit(effectiveLimit);
const outcomes: ClientGeocodeOutcome[] = [];
for (const row of rows) {
outcomes.push(await geocodeClient(db, row, provider));
}
const geocoded = outcomes.filter((o) => o.status === "geocoded").length;
const unresolved = outcomes.filter((o) => o.status === "unresolved").length;
const errors = outcomes.filter((o) => o.status === "error").length;
return {
provider: provider.name,
processed: outcomes.length,
geocoded,
unresolved,
errors,
remaining: Math.max(totalRemaining - outcomes.length, 0),
outcomes,
};
}
src/services/geocoding.ts
-419
View File
@@ -1,419 +0,0 @@
import { decryptSecret } from "@groombook/db";
/**
* Abstracted geocoding service layer (GRO-2153, Phase 1.2 of Route Optimization).
*
* Provides a provider-agnostic interface for turning a street address into
* latitude/longitude coordinates, with two concrete implementations:
*
* - {@link NominatimGeocodingProvider} — OpenStreetMap Nominatim (default, free,
* self-hostable). Enforces the public Nominatim usage policy of at most one
* request per second.
* - {@link GoogleGeocodingProvider} — Google Geocoding API (optional fallback,
* requires an API key stored encrypted at rest in `businessSettings`).
*
* Provider selection is driven by `businessSettings.routeOptimizationProvider`
* via {@link resolveGeocodingProvider}. A {@link geocodeBatch} helper geocodes a
* list of addresses while respecting the active provider's rate limit.
*/
/** Identifier for a supported geocoding backend. Mirrors `route_optimization_provider`. */
export type GeocodingProviderName = "nominatim" | "google";
/** Successful geocoding result in WGS84 decimal degrees. */
export interface GeocodeResult {
latitude: number;
longitude: number;
/** Provider-normalized display address, when available. */
formattedAddress: string | null;
/** Which provider produced this result. */
provider: GeocodingProviderName;
}
/** Abstract geocoding provider contract. */
export interface GeocodingProvider {
/** Stable provider identifier. */
readonly name: GeocodingProviderName;
/**
* Minimum milliseconds to leave between consecutive requests. Used both by the
* provider's internal rate limiter and by {@link geocodeBatch} so callers do
* not need to know provider-specific limits.
*/
readonly minRequestIntervalMs: number;
/**
* Geocode a single address.
* @returns the top match, or `null` when the address is blank or unresolvable.
* @throws on transport failures or provider-level errors (e.g. quota, bad key).
*/
geocode(address: string): Promise<GeocodeResult | null>;
}
// --- Constants -------------------------------------------------------------
/** Nominatim usage policy: at most 1 request per second. */
const NOMINATIM_RATE_LIMIT_MS = 1000;
const DEFAULT_NOMINATIM_BASE_URL = "https://nominatim.openstreetmap.org";
/** Nominatim requires a descriptive User-Agent identifying the application. */
const DEFAULT_NOMINATIM_USER_AGENT = "GroomBook/1.0 (+https://groombook.app route-optimization)";
const GOOGLE_GEOCODE_BASE_URL = "https://maps.googleapis.com/maps/api/geocode/json";
/**
* Google permits a high request rate; a small floor keeps batch traffic polite
* without throttling interactive single calls.
*/
const GOOGLE_RATE_LIMIT_MS = 20;
// --- Injectable primitives (for testability) -------------------------------
/** Minimal `fetch` shape this module depends on. Defaults to the global `fetch`. */
export type FetchLike = (
input: string,
init?: { headers?: Record<string, string> }
) => Promise<{
ok: boolean;
status: number;
statusText: string;
json(): Promise<unknown>;
}>;
type NowFn = () => number;
type SleepFn = (ms: number) => Promise<void>;
const defaultSleep: SleepFn = (ms) =>
new Promise((resolve) => setTimeout(resolve, ms));
const defaultFetch: FetchLike = (input, init) =>
(globalThis.fetch as unknown as FetchLike)(input, init);
/**
* Serializes async tasks and guarantees at least `intervalMs` between the start
* of consecutive tasks. A failing task never wedges the queue.
*/
class RateLimiter {
// Negative infinity so the very first task never waits.
private last = Number.NEGATIVE_INFINITY;
private chain: Promise<unknown> = Promise.resolve();
constructor(
private readonly intervalMs: number,
private readonly now: NowFn = Date.now,
private readonly sleep: SleepFn = defaultSleep
) {}
run<T>(task: () => Promise<T>): Promise<T> {
const result = this.chain.then(async () => {
if (this.intervalMs > 0) {
const elapsed = this.now() - this.last;
const wait = this.intervalMs - elapsed;
if (wait > 0) await this.sleep(wait);
}
this.last = this.now();
return task();
});
// Keep the queue alive regardless of whether this task resolves or rejects.
this.chain = result.then(
() => undefined,
() => undefined
);
return result;
}
}
function normalizeAddress(address: string): string {
return address.trim();
}
// --- Nominatim provider ----------------------------------------------------
interface NominatimSearchRow {
lat?: string;
lon?: string;
display_name?: string;
}
export interface NominatimProviderOptions {
/** Override the Nominatim instance base URL (e.g. a self-hosted mirror). */
baseUrl?: string;
/** User-Agent header identifying this application, per Nominatim policy. */
userAgent?: string;
/** Minimum spacing between requests; defaults to the 1 req/sec policy. */
minRequestIntervalMs?: number;
fetchImpl?: FetchLike;
now?: NowFn;
sleep?: SleepFn;
}
export class NominatimGeocodingProvider implements GeocodingProvider {
readonly name = "nominatim" as const;
readonly minRequestIntervalMs: number;
private readonly baseUrl: string;
private readonly userAgent: string;
private readonly fetchImpl: FetchLike;
private readonly limiter: RateLimiter;
constructor(options: NominatimProviderOptions = {}) {
this.baseUrl = (options.baseUrl ?? DEFAULT_NOMINATIM_BASE_URL).replace(/\/+$/, "");
this.userAgent = options.userAgent ?? DEFAULT_NOMINATIM_USER_AGENT;
this.minRequestIntervalMs = options.minRequestIntervalMs ?? NOMINATIM_RATE_LIMIT_MS;
this.fetchImpl = options.fetchImpl ?? defaultFetch;
this.limiter = new RateLimiter(this.minRequestIntervalMs, options.now, options.sleep);
}
async geocode(address: string): Promise<GeocodeResult | null> {
const query = normalizeAddress(address);
if (!query) return null;
return this.limiter.run(async () => {
const url = new URL(`${this.baseUrl}/search`);
url.searchParams.set("q", query);
url.searchParams.set("format", "jsonv2");
url.searchParams.set("limit", "1");
const res = await this.fetchImpl(url.toString(), {
headers: { "User-Agent": this.userAgent },
});
if (!res.ok) {
throw new Error(
`Nominatim geocoding failed: ${res.status} ${res.statusText}`
);
}
const body = (await res.json()) as NominatimSearchRow[];
if (!Array.isArray(body) || body.length === 0) return null;
const top = body[0]!;
const latitude = Number(top.lat);
const longitude = Number(top.lon);
if (!Number.isFinite(latitude) || !Number.isFinite(longitude)) return null;
return {
latitude,
longitude,
formattedAddress: top.display_name ?? null,
provider: this.name,
};
});
}
}
// --- Google provider -------------------------------------------------------
interface GoogleGeocodeResponse {
status: string;
error_message?: string;
results?: Array<{
formatted_address?: string;
geometry?: { location?: { lat?: number; lng?: number } };
}>;
}
export interface GoogleProviderOptions {
baseUrl?: string;
minRequestIntervalMs?: number;
fetchImpl?: FetchLike;
now?: NowFn;
sleep?: SleepFn;
}
export class GoogleGeocodingProvider implements GeocodingProvider {
readonly name = "google" as const;
readonly minRequestIntervalMs: number;
private readonly apiKey: string;
private readonly baseUrl: string;
private readonly fetchImpl: FetchLike;
private readonly limiter: RateLimiter;
constructor(apiKey: string, options: GoogleProviderOptions = {}) {
if (!apiKey) {
throw new Error("GoogleGeocodingProvider requires a non-empty API key");
}
this.apiKey = apiKey;
this.baseUrl = options.baseUrl ?? GOOGLE_GEOCODE_BASE_URL;
this.minRequestIntervalMs = options.minRequestIntervalMs ?? GOOGLE_RATE_LIMIT_MS;
this.fetchImpl = options.fetchImpl ?? defaultFetch;
this.limiter = new RateLimiter(this.minRequestIntervalMs, options.now, options.sleep);
}
async geocode(address: string): Promise<GeocodeResult | null> {
const query = normalizeAddress(address);
if (!query) return null;
return this.limiter.run(async () => {
const url = new URL(this.baseUrl);
url.searchParams.set("address", query);
url.searchParams.set("key", this.apiKey);
const res = await this.fetchImpl(url.toString());
if (!res.ok) {
throw new Error(
`Google geocoding failed: ${res.status} ${res.statusText}`
);
}
const body = (await res.json()) as GoogleGeocodeResponse;
if (body.status === "ZERO_RESULTS") return null;
if (body.status !== "OK") {
const detail = body.error_message ? `: ${body.error_message}` : "";
throw new Error(`Google geocoding error: ${body.status}${detail}`);
}
const top = body.results?.[0];
const location = top?.geometry?.location;
const latitude = location?.lat;
const longitude = location?.lng;
if (
typeof latitude !== "number" ||
typeof longitude !== "number" ||
!Number.isFinite(latitude) ||
!Number.isFinite(longitude)
) {
return null;
}
return {
latitude,
longitude,
formattedAddress: top?.formatted_address ?? null,
provider: this.name,
};
});
}
}
// --- Provider selection ----------------------------------------------------
/** Subset of `businessSettings` relevant to geocoding provider selection. */
export interface GeocodingSettings {
routeOptimizationProvider?: string | null;
/** Google API key, encrypted at rest (AES-256-GCM via `encryptSecret`). */
googleMapsApiKey?: string | null;
}
export interface ResolveProviderOptions {
/** Decryption function for the stored Google key. Defaults to `decryptSecret`. */
decrypt?: (ciphertext: string) => string;
/** Options forwarded to the constructed provider (base URL, fetch, timing). */
nominatim?: NominatimProviderOptions;
google?: GoogleProviderOptions;
/** Sink for non-fatal selection warnings. Defaults to `console.warn`. */
warn?: (message: string) => void;
}
/**
* Resolves the Google API key from settings (decrypting the at-rest value) or,
* as a development convenience, from the `GOOGLE_MAPS_API_KEY` env var.
* Returns `null` when no usable key is available.
*/
function resolveGoogleApiKey(
settings: GeocodingSettings,
decrypt: (ciphertext: string) => string,
warn: (message: string) => void
): string | null {
const stored = settings.googleMapsApiKey?.trim();
if (stored) {
try {
const decrypted = decrypt(stored).trim();
if (decrypted) return decrypted;
} catch (err) {
warn(
`Failed to decrypt googleMapsApiKey; falling back to Nominatim: ${
err instanceof Error ? err.message : String(err)
}`
);
return null;
}
}
const fromEnv = process.env.GOOGLE_MAPS_API_KEY?.trim();
return fromEnv ? fromEnv : null;
}
/**
* Selects a geocoding provider based on `businessSettings.routeOptimizationProvider`.
*
* - `"google"` returns a {@link GoogleGeocodingProvider} when a usable key exists,
* otherwise warns and falls back to Nominatim.
* - Any other value (including `null`/`undefined`) returns a
* {@link NominatimGeocodingProvider}.
*/
export function resolveGeocodingProvider(
settings: GeocodingSettings | null | undefined,
options: ResolveProviderOptions = {}
): GeocodingProvider {
const warn = options.warn ?? ((message: string) => console.warn(message));
const decrypt = options.decrypt ?? decryptSecret;
const requested = settings?.routeOptimizationProvider ?? "nominatim";
if (requested === "google") {
const apiKey = resolveGoogleApiKey(settings ?? {}, decrypt, warn);
if (apiKey) {
return new GoogleGeocodingProvider(apiKey, options.google);
}
warn(
"routeOptimizationProvider is 'google' but no usable API key was found; falling back to Nominatim"
);
}
return new NominatimGeocodingProvider(options.nominatim);
}
// --- Batch geocoding -------------------------------------------------------
/** Input item for {@link geocodeBatch}: a caller-defined key and its address. */
export interface BatchGeocodeItem<K> {
key: K;
address: string;
}
/** Per-item outcome from {@link geocodeBatch}. */
export interface BatchGeocodeOutcome<K> {
key: K;
address: string;
/** Resolved coordinates, or `null` when unresolvable. */
result: GeocodeResult | null;
/** Present when the geocode call threw; the batch continues past errors. */
error?: string;
}
export interface GeocodeBatchOptions<K> {
/** Invoked after each item completes; useful for progress reporting. */
onProgress?: (
completed: number,
total: number,
outcome: BatchGeocodeOutcome<K>
) => void;
}
/**
* Geocodes a list of addresses sequentially through the given provider. The
* provider's internal rate limiter enforces throttling (e.g. Nominatim's
* 1 req/sec), so addresses are processed one at a time and individual failures
* are captured per item rather than aborting the whole batch.
*/
export async function geocodeBatch<K>(
items: ReadonlyArray<BatchGeocodeItem<K>>,
provider: GeocodingProvider,
options: GeocodeBatchOptions<K> = {}
): Promise<Array<BatchGeocodeOutcome<K>>> {
const outcomes: Array<BatchGeocodeOutcome<K>> = [];
for (const item of items) {
let outcome: BatchGeocodeOutcome<K>;
try {
const result = await provider.geocode(item.address);
outcome = { key: item.key, address: item.address, result };
} catch (err) {
outcome = {
key: item.key,
address: item.address,
result: null,
error: err instanceof Error ? err.message : String(err),
};
}
outcomes.push(outcome);
options.onProgress?.(outcomes.length, items.length, outcome);
}
return outcomes;
}
src/services/routeOptimization.ts
-413
View File
@@ -1,413 +0,0 @@
import { businessSettings, decryptSecret, type Db } from "@groombook/db";
import type { FetchLike } from "./geocoding.js";
/**
* Route optimization service (GRO-2155, Phase 2.1 of Route Optimization).
*
* Given a groomer's geocoded stops for a day, produces an optimized visiting
* order plus per-leg and total travel estimates. Two strategies:
*
* - {@link optimizeWithGoogle}: Google Maps Directions API with
* `optimizeWaypoints: true` (real road durations/distances), used when a
* Google Maps API key is configured.
* - {@link nearestNeighborOrder}: an offline nearest-neighbor TSP heuristic over
* great-circle distance, used as the default free / no-API-key fallback.
*
* Both strategies share the same public {@link optimizeRoute} orchestrator,
* which also handles the >25-stop edge case by chunking into sub-routes (the
* Google Directions waypoint cap) and surfacing a warning.
*/
/** Google Directions allows origin + destination + up to 23 waypoints = 25
* points per request. We cap a sub-route at 25 stops and chunk beyond that. */
export const MAX_STOPS_PER_ROUTE = 25;
/** Average driving speed (km/h) used to convert distance into travel minutes in
* the offline heuristic. Tuned for mixed urban/suburban mobile-groomer routes. */
export const AVG_SPEED_KMH = 40;
/** Multiplier applied to great-circle distance to approximate real road
* distance in the offline heuristic (straight-line underestimates driving). */
export const ROAD_CIRCUITY_FACTOR = 1.3;
const EARTH_RADIUS_KM = 6371;
/** A geocoded stop to be ordered. `appointmentId` ties it back to the schedule. */
export interface RouteStopInput {
appointmentId: string;
latitude: number;
longitude: number;
}
/** A single stop in the optimized order, with travel from the previous stop. */
export interface OptimizedStop {
appointmentId: string;
latitude: number;
longitude: number;
/** Null for the first stop of the whole route. */
travelMinsFromPrev: number | null;
/** Null for the first stop of the whole route. Kilometres, 2-dp. */
travelDistanceKmFromPrev: number | null;
}
export type RouteOptimizationProvider = "google" | "nearest_neighbor";
export interface OptimizedRoute {
provider: RouteOptimizationProvider;
stops: OptimizedStop[];
totalTravelMins: number;
/** Kilometres, rounded to 2 decimal places. */
totalDistanceKm: number;
/** True when the route was split into multiple sub-routes (>25 stops). */
chunked: boolean;
subRouteCount: number;
/** Non-fatal advisories for the caller to surface to the user. */
warnings: string[];
}
export interface OptimizeRouteOptions {
/** Google Maps API key. When absent, the nearest-neighbor heuristic is used. */
googleApiKey?: string | null;
/** Injectable fetch for testing the Google path. Defaults to global fetch. */
fetchImpl?: FetchLike;
}
const defaultFetch: FetchLike = (input, init) =>
(globalThis.fetch as unknown as FetchLike)(input, init);
// ─── Geometry helpers ───────────────────────────────────────────────────────
function toRadians(deg: number): number {
return (deg * Math.PI) / 180;
}
/** Great-circle distance between two coordinates, in kilometres. */
export function haversineKm(
a: { latitude: number; longitude: number },
b: { latitude: number; longitude: number }
): number {
const dLat = toRadians(b.latitude - a.latitude);
const dLon = toRadians(b.longitude - a.longitude);
const lat1 = toRadians(a.latitude);
const lat2 = toRadians(b.latitude);
const h =
Math.sin(dLat / 2) ** 2 +
Math.cos(lat1) * Math.cos(lat2) * Math.sin(dLon / 2) ** 2;
return 2 * EARTH_RADIUS_KM * Math.asin(Math.min(1, Math.sqrt(h)));
}
/** Round to 2 decimal places, returning a finite number. */
function round2(n: number): number {
return Math.round(n * 100) / 100;
}
/**
* Estimate a road travel leg from the great-circle distance between two points.
* Applies a circuity factor for distance and a fixed average speed for time.
*/
export function estimateLeg(
a: { latitude: number; longitude: number },
b: { latitude: number; longitude: number }
): { distanceKm: number; mins: number } {
const straight = haversineKm(a, b);
const distanceKm = straight * ROAD_CIRCUITY_FACTOR;
const mins = (distanceKm / AVG_SPEED_KMH) * 60;
return { distanceKm: round2(distanceKm), mins: Math.round(mins) };
}
// ─── Nearest-neighbor heuristic ─────────────────────────────────────────────
/**
* Orders points greedily: start at `startIndex`, then repeatedly visit the
* nearest unvisited point (great-circle distance). Returns indices into the
* input array in visiting order. Deterministic ties broken by lowest index.
*/
export function nearestNeighborOrder(
points: Array<{ latitude: number; longitude: number }>,
startIndex = 0
): number[] {
const n = points.length;
if (n <= 1) return points.map((_, i) => i);
const visited = new Array<boolean>(n).fill(false);
const order: number[] = [startIndex];
visited[startIndex] = true;
let current = startIndex;
for (let step = 1; step < n; step++) {
let best = -1;
let bestDist = Infinity;
for (let j = 0; j < n; j++) {
if (visited[j]) continue;
const d = haversineKm(points[current]!, points[j]!);
if (d < bestDist) {
bestDist = d;
best = j;
}
}
visited[best] = true;
order.push(best);
current = best;
}
return order;
}
/** Orders one chunk (<= MAX_STOPS_PER_ROUTE) via nearest-neighbor. */
function optimizeChunkNearestNeighbor(
stops: RouteStopInput[]
): RouteStopInput[] {
const order = nearestNeighborOrder(stops, 0);
return order.map((i) => stops[i]!);
}
// ─── Google Directions ──────────────────────────────────────────────────────
const GOOGLE_DIRECTIONS_URL =
"https://maps.googleapis.com/maps/api/directions/json";
interface GoogleDirectionsResponse {
status: string;
error_message?: string;
routes?: Array<{
waypoint_order?: number[];
legs?: Array<{
duration?: { value?: number };
distance?: { value?: number };
}>;
}>;
}
/**
* Orders one chunk via the Google Directions API with `optimizeWaypoints=true`.
*
* The first stop is fixed as both origin and destination (a closed tour); the
* remaining stops are passed as optimizable waypoints. We keep the optimized
* forward order and drop the final return-to-origin leg, yielding an open route
* whose per-leg durations/distances come from real road data.
*/
async function optimizeChunkGoogle(
stops: RouteStopInput[],
apiKey: string,
fetchImpl: FetchLike
): Promise<{ stops: RouteStopInput[]; legsMeters: number[]; legsSeconds: number[] }> {
if (stops.length <= 1) {
return { stops: [...stops], legsMeters: [], legsSeconds: [] };
}
const origin = stops[0]!;
const waypoints = stops.slice(1);
const url = new URL(GOOGLE_DIRECTIONS_URL);
url.searchParams.set("origin", `${origin.latitude},${origin.longitude}`);
url.searchParams.set("destination", `${origin.latitude},${origin.longitude}`);
url.searchParams.set(
"waypoints",
"optimize:true|" +
waypoints.map((w) => `${w.latitude},${w.longitude}`).join("|")
);
url.searchParams.set("key", apiKey);
const res = await fetchImpl(url.toString());
if (!res.ok) {
throw new Error(
`Google Directions request failed: ${res.status} ${res.statusText}`
);
}
const body = (await res.json()) as GoogleDirectionsResponse;
if (body.status !== "OK" || !body.routes || body.routes.length === 0) {
throw new Error(
`Google Directions returned status ${body.status}${
body.error_message ? `: ${body.error_message}` : ""
}`
);
}
const route = body.routes[0]!;
const waypointOrder = route.waypoint_order ?? waypoints.map((_, i) => i);
const legs = route.legs ?? [];
// Ordered stops: origin first, then waypoints in the optimized order.
const orderedStops: RouteStopInput[] = [
origin,
...waypointOrder.map((i) => waypoints[i]!),
];
// legs[k] is the travel into orderedStops[k+1]. Drop the trailing return leg
// (orderedStops.length-1 legs describe the open route).
const legsMeters: number[] = [];
const legsSeconds: number[] = [];
for (let k = 0; k < orderedStops.length - 1; k++) {
const leg = legs[k];
legsMeters.push(leg?.distance?.value ?? 0);
legsSeconds.push(leg?.duration?.value ?? 0);
}
return { stops: orderedStops, legsMeters, legsSeconds };
}
// ─── Orchestration ──────────────────────────────────────────────────────────
function chunk<T>(items: T[], size: number): T[][] {
const out: T[][] = [];
for (let i = 0; i < items.length; i += size) {
out.push(items.slice(i, i + size));
}
return out;
}
/**
* Optimizes a full day's stops into a single visiting order with travel
* metrics. Uses Google Directions when `googleApiKey` is provided, otherwise the
* offline nearest-neighbor heuristic. Routes longer than
* {@link MAX_STOPS_PER_ROUTE} stops are split into sub-routes and a warning is
* emitted; sub-routes are stitched end-to-end, with the boundary leg estimated
* from great-circle distance.
*/
export async function optimizeRoute(
inputStops: RouteStopInput[],
options: OptimizeRouteOptions = {}
): Promise<OptimizedRoute> {
const fetchImpl = options.fetchImpl ?? defaultFetch;
const useGoogle = Boolean(options.googleApiKey);
const provider: RouteOptimizationProvider = useGoogle
? "google"
: "nearest_neighbor";
const warnings: string[] = [];
if (inputStops.length === 0) {
return {
provider,
stops: [],
totalTravelMins: 0,
totalDistanceKm: 0,
chunked: false,
subRouteCount: 0,
warnings,
};
}
const chunks = chunk(inputStops, MAX_STOPS_PER_ROUTE);
const chunked = chunks.length > 1;
if (chunked) {
warnings.push(
`Route has ${inputStops.length} stops, exceeding the ${MAX_STOPS_PER_ROUTE}-stop optimization limit. Split into ${chunks.length} sub-routes; review the order at sub-route boundaries.`
);
}
const ordered: OptimizedStop[] = [];
let prev: RouteStopInput | null = null;
for (const group of chunks) {
let groupStops: RouteStopInput[];
let legDistanceKm: (i: number) => number;
let legMins: (i: number) => number;
if (useGoogle) {
try {
const result = await optimizeChunkGoogle(
group,
options.googleApiKey!,
fetchImpl
);
groupStops = result.stops;
legDistanceKm = (i) => round2(result.legsMeters[i]! / 1000);
legMins = (i) => Math.round(result.legsSeconds[i]! / 60);
} catch (err) {
// Google failed mid-optimization — degrade to the offline heuristic for
// this run rather than failing the whole request.
warnings.push(
`Google Directions unavailable; used offline heuristic: ${
err instanceof Error ? err.message : String(err)
}`
);
groupStops = optimizeChunkNearestNeighbor(group);
legDistanceKm = (i) => estimateLeg(groupStops[i]!, groupStops[i + 1]!).distanceKm;
legMins = (i) => estimateLeg(groupStops[i]!, groupStops[i + 1]!).mins;
}
} else {
groupStops = optimizeChunkNearestNeighbor(group);
legDistanceKm = (i) => estimateLeg(groupStops[i]!, groupStops[i + 1]!).distanceKm;
legMins = (i) => estimateLeg(groupStops[i]!, groupStops[i + 1]!).mins;
}
for (let i = 0; i < groupStops.length; i++) {
const stop = groupStops[i]!;
if (prev === null) {
// Very first stop of the whole route.
ordered.push({
appointmentId: stop.appointmentId,
latitude: stop.latitude,
longitude: stop.longitude,
travelMinsFromPrev: null,
travelDistanceKmFromPrev: null,
});
} else if (i === 0) {
// First stop of a non-initial chunk: estimate the boundary leg.
const est = estimateLeg(prev, stop);
ordered.push({
appointmentId: stop.appointmentId,
latitude: stop.latitude,
longitude: stop.longitude,
travelMinsFromPrev: est.mins,
travelDistanceKmFromPrev: est.distanceKm,
});
} else {
ordered.push({
appointmentId: stop.appointmentId,
latitude: stop.latitude,
longitude: stop.longitude,
travelMinsFromPrev: legMins(i - 1),
travelDistanceKmFromPrev: legDistanceKm(i - 1),
});
}
prev = stop;
}
}
const totalTravelMins = ordered.reduce(
(sum, s) => sum + (s.travelMinsFromPrev ?? 0),
0
);
const totalDistanceKm = round2(
ordered.reduce((sum, s) => sum + (s.travelDistanceKmFromPrev ?? 0), 0)
);
return {
provider,
stops: ordered,
totalTravelMins,
totalDistanceKm,
chunked,
subRouteCount: chunks.length,
warnings,
};
}
// ─── Google API key resolution ──────────────────────────────────────────────
/**
* Resolves the Google Maps API key for route optimization from
* `businessSettings.googleMapsApiKey` (decrypted at rest) or, as a development
* convenience, the `GOOGLE_MAPS_API_KEY` env var. Returns `null` when no usable
* key exists, in which case callers fall back to the offline heuristic.
*/
export async function resolveRouteGoogleApiKey(
db: Db,
decrypt: (ciphertext: string) => string = decryptSecret
): Promise<string | null> {
const [settings] = await db.select().from(businessSettings).limit(1);
const stored = settings?.googleMapsApiKey?.trim();
if (stored) {
try {
const decrypted = decrypt(stored).trim();
if (decrypted) return decrypted;
} catch (err) {
console.warn(
`Failed to decrypt googleMapsApiKey for route optimization; using offline heuristic: ${
err instanceof Error ? err.message : String(err)
}`
);
}
}
const fromEnv = process.env.GOOGLE_MAPS_API_KEY?.trim();
return fromEnv ? fromEnv : null;
}
trigger-uat-1779751324.txt
View File