b89e8b511e
V2 lives entirely under v2/ and is built around three asks the team raised about V1: per-video assets sometimes drifted onto the wrong trend, hashtag scrapes returned junk that wasn't filterable per-client, and there was no multi-user model behind Microsoft SSO. Highlights: - Stable TikTok numeric-id key for every per-video asset; URL form drift is logged loudly to drift_log.jsonl and never silently nulls assets. Stage 5 manifest hard-gates Stage 6 if any selected video is missing any required asset; --drop-failing auto-backfills from the next-best recipe candidates. - Per-brief engagement floor (min_likes / min_plays / min_stl_pct), applied at Apify scrape time and re-validated locally; spend_log.json records raw_returned vs kept_after_floor per scrape. - Users + teams + memberships with owner/admin/editor/viewer roles; SSO upserts a user keyed on Azure oid, auto-creates a personal team, and a super-admin is bootstrapped via BOOTSTRAP_SUPER_ADMIN_EMAIL on first sign-in. Phase A integration test: 16/16 pass. - 10-stage TS pipeline (brief → seed → scrape1 → select → scrape2 → validate → analyse → insights → trends → qa → build) wired through one CLI; each stage idempotent + resumable from disk via .state sentinels. §4.5 rubrics shipped under prompts/ and loaded into Claude calls. - React 18 + Vite + TS + Tailwind operator SPA: brief intake form, team management, super-admin user list, help/FAQ ported from V1. - Separate Docker Compose project (name: social-reporting-v2, port 3457, Postgres 5437) with deploy/setup-v2.sh, deploy-v2.sh, rollback-to-v1.sh scripts that take over V1's /social-reports URL and let us roll back. Verification: 62 unit tests pass (auth/session, ids extractor with full URL fixture, engagement floor, recipes, manifest, linking-fix, MoM compare). Live smoke run on a Dove brief: 1400 raw → 253 kept (82% culled) → 21 fully-bundled videos → 25 editorial trends across 8 brief-driven categories, with drift=0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
44 lines
1.8 KiB
TypeScript
44 lines
1.8 KiB
TypeScript
import { describe, it, expect, beforeAll } from 'vitest';
|
|
|
|
beforeAll(() => {
|
|
process.env.SESSION_SECRET = 'test-secret-deterministic-for-tests-only';
|
|
});
|
|
|
|
describe('session sign/verify roundtrip', () => {
|
|
it('issues a token that getSession can recover', async () => {
|
|
const { issueSession, COOKIE_NAME } = await import('../auth/session.js');
|
|
const token = issueSession({
|
|
user_id: '11111111-1111-1111-1111-111111111111',
|
|
email: 'alice@example.com',
|
|
active_team_id: '22222222-2222-2222-2222-222222222222',
|
|
auth_method: 'azure-sso',
|
|
});
|
|
|
|
const fakeReq = { headers: { cookie: `${COOKIE_NAME}=${token}` } } as unknown as Parameters<typeof import('../auth/session.js').getSession>[0];
|
|
const { getSession } = await import('../auth/session.js');
|
|
const session = getSession(fakeReq);
|
|
|
|
expect(session).not.toBeNull();
|
|
expect(session?.email).toBe('alice@example.com');
|
|
expect(session?.active_team_id).toBe('22222222-2222-2222-2222-222222222222');
|
|
});
|
|
|
|
it('rejects a tampered token', async () => {
|
|
const { issueSession, COOKIE_NAME, getSession } = await import('../auth/session.js');
|
|
const token = issueSession({
|
|
user_id: '11111111-1111-1111-1111-111111111111',
|
|
email: 'alice@example.com',
|
|
active_team_id: '22222222-2222-2222-2222-222222222222',
|
|
auth_method: 'azure-sso',
|
|
});
|
|
const tampered = token.replace(/^./, (c) => (c === 'a' ? 'b' : 'a'));
|
|
const fakeReq = { headers: { cookie: `${COOKIE_NAME}=${tampered}` } } as unknown as Parameters<typeof getSession>[0];
|
|
expect(getSession(fakeReq)).toBeNull();
|
|
});
|
|
|
|
it('returns null when no cookie is present', async () => {
|
|
const { getSession } = await import('../auth/session.js');
|
|
const fakeReq = { headers: {} } as unknown as Parameters<typeof getSession>[0];
|
|
expect(getSession(fakeReq)).toBeNull();
|
|
});
|
|
});
|