'use strict'; /** * Integration tests: /api/lab/sims — catalog from DB + admin overrides. * Covers: seeded catalog, auth, role-gating, enabled toggle (+legacy mirror), * featured/tags/subject/grade patch, reorder, validation. */ const { describe, it, before, after } = require('node:test'); const assert = require('node:assert/strict'); const { app, db, inject, getToken, cleanup } = require('./setup'); // Mount /api/lab on the shared test app (setup builds its own app without it). app.use('/api/lab', require('../src/routes/lab')); after(() => cleanup()); describe('/api/lab/sims', () => { let adminToken, studentToken; before(async () => { adminToken = (await getToken('admin')).token; studentToken = (await getToken('student')).token; }); it('GET /api/lab/sims requires auth (401 without token)', async () => { const res = await inject('GET', '/api/lab/sims', null, null); assert.equal(res.status, 401, `got ${res.status}`); }); it('GET /api/lab/sims returns seeded catalog (40 sims) for a student', async () => { const res = await inject('GET', '/api/lab/sims', null, studentToken); assert.equal(res.status, 200, `got ${res.status}`); assert.equal(res.body.module_disabled, false); assert.ok(Array.isArray(res.body.sims), 'sims is array'); assert.equal(res.body.sims.length, 40, `expected 40 sims, got ${res.body.sims.length}`); const pend = res.body.sims.find(s => s.id === 'pendulum'); assert.ok(pend, 'pendulum present'); assert.equal(pend.cat, 'phys'); assert.equal(pend.enabled, true); assert.deepEqual(pend.tags, []); }); it('catalog is ordered by sort_order (graph first, angrybirds last)', async () => { const res = await inject('GET', '/api/lab/sims', null, studentToken); assert.equal(res.body.sims[0].id, 'graph'); assert.equal(res.body.sims[res.body.sims.length - 1].id, 'angrybirds'); }); it('PATCH /api/lab/sims/:id is admin-only (student → 403)', async () => { const res = await inject('PATCH', '/api/lab/sims/pendulum', { featured: true }, studentToken); assert.equal(res.status, 403, `got ${res.status}`); }); it('admin can disable a sim; it reflects in GET and in legacy sim_disabled_ids', async () => { const res = await inject('PATCH', '/api/lab/sims/waves', { enabled: false }, adminToken); assert.equal(res.status, 200, `got ${res.status}`); assert.equal(res.body.sim.enabled, false); const get = await inject('GET', '/api/lab/sims', null, adminToken); const waves = get.body.sims.find(s => s.id === 'waves'); assert.equal(waves.enabled, false, 'waves disabled in catalog'); const legacy = JSON.parse( db.prepare("SELECT value FROM app_settings WHERE key='sim_disabled_ids'").get().value ); assert.ok(legacy.includes('waves'), 'waves in legacy sim_disabled_ids'); await inject('PATCH', '/api/lab/sims/waves', { enabled: true }, adminToken); const legacy2 = JSON.parse( db.prepare("SELECT value FROM app_settings WHERE key='sim_disabled_ids'").get().value ); assert.ok(!legacy2.includes('waves'), 'waves removed from legacy after enable'); }); it('admin can set featured, tags, subject, grade', async () => { const res = await inject('PATCH', '/api/lab/sims/pendulum', { featured: true, tags: ['колебания', 'механика'], subject: 'physics', grade: 9 }, adminToken); assert.equal(res.status, 200); assert.equal(res.body.sim.featured, true); assert.deepEqual(res.body.sim.tags, ['колебания', 'механика']); assert.equal(res.body.sim.subject, 'physics'); assert.equal(res.body.sim.grade, 9); }); it('PATCH rejects bad grade and bad category and non-array tags', async () => { const g = await inject('PATCH', '/api/lab/sims/pendulum', { grade: 99 }, adminToken); assert.equal(g.status, 400, 'bad grade rejected'); const c = await inject('PATCH', '/api/lab/sims/pendulum', { cat: 'nope' }, adminToken); assert.equal(c.status, 400, 'bad cat rejected'); const t = await inject('PATCH', '/api/lab/sims/pendulum', { tags: 'notarray' }, adminToken); assert.equal(t.status, 400, 'non-array tags rejected'); }); it('PATCH unknown sim → 404', async () => { const res = await inject('PATCH', '/api/lab/sims/nonexistent', { featured: true }, adminToken); assert.equal(res.status, 404, `got ${res.status}`); }); it('POST /api/lab/sims/reorder updates sort order (admin)', async () => { const get = await inject('GET', '/api/lab/sims', null, adminToken); const ids = get.body.sims.map(s => s.id); const reordered = ['angrybirds', 'graph', ...ids.filter(id => id !== 'angrybirds' && id !== 'graph')]; const res = await inject('POST', '/api/lab/sims/reorder', { order: reordered }, adminToken); assert.equal(res.status, 200, `got ${res.status}`); assert.equal(res.body.count, 40); const get2 = await inject('GET', '/api/lab/sims', null, adminToken); assert.equal(get2.body.sims[0].id, 'angrybirds', 'angrybirds now first'); assert.equal(get2.body.sims[1].id, 'graph', 'graph now second'); }); it('reorder rejects unknown id and empty order', async () => { const bad = await inject('POST', '/api/lab/sims/reorder', { order: ['ghost'] }, adminToken); assert.equal(bad.status, 400, 'unknown id rejected'); const empty = await inject('POST', '/api/lab/sims/reorder', { order: [] }, adminToken); assert.equal(empty.status, 400, 'empty order rejected'); }); it('reorder is admin-only (student → 403)', async () => { const res = await inject('POST', '/api/lab/sims/reorder', { order: ['graph'] }, studentToken); assert.equal(res.status, 403, `got ${res.status}`); }); });