Learn_System/backend/tests/lab-sims.test.js

'use strict';
/**
 * Integration tests: /api/lab/sims — catalog from DB + admin overrides.
 * Covers: seeded catalog, auth, role-gating, enabled toggle (+legacy mirror),
 * featured/tags/subject/grade patch, reorder, validation.
 */
const { describe, it, before, after } = require('node:test');
const assert = require('node:assert/strict');
const { db, inject, getToken, cleanup } = require('./setup');

after(() => cleanup());

describe('/api/lab/sims', () => {
  let adminToken, studentToken;

  before(async () => {
    adminToken = (await getToken('admin')).token;
    studentToken = (await getToken('student')).token;
  });

  it('GET /api/lab/sims requires auth (401 without token)', async () => {
    const res = await inject('GET', '/api/lab/sims', null, null);
    assert.equal(res.status, 401, `got ${res.status}`);
  });

  /* Полный каталог проверяем под админом (privileged видит все). Видимость
     по классам для ученика — в lab-access.test.js (allowlist). */
  it('GET /api/lab/sims returns seeded catalog (40 sims) for admin', async () => {
    const res = await inject('GET', '/api/lab/sims', null, adminToken);
    assert.equal(res.status, 200, `got ${res.status}`);
    assert.equal(res.body.module_disabled, false);
    assert.ok(Array.isArray(res.body.sims), 'sims is array');
    assert.equal(res.body.sims.length, 40, `expected 40 sims, got ${res.body.sims.length}`);
    const pend = res.body.sims.find(s => s.id === 'pendulum');
    assert.ok(pend, 'pendulum present');
    assert.equal(pend.cat, 'phys');
    assert.equal(pend.enabled, true);
    assert.deepEqual(pend.tags, []);
  });

  it('catalog is ordered by sort_order (graph first, angrybirds last)', async () => {
    const res = await inject('GET', '/api/lab/sims', null, adminToken);
    assert.equal(res.body.sims[0].id, 'graph');
    assert.equal(res.body.sims[res.body.sims.length - 1].id, 'angrybirds');
  });

  it('PATCH /api/lab/sims/:id is admin-only (student → 403)', async () => {
    const res = await inject('PATCH', '/api/lab/sims/pendulum', { featured: true }, studentToken);
    assert.equal(res.status, 403, `got ${res.status}`);
  });

  it('admin can disable a sim; it reflects in GET and in legacy sim_disabled_ids', async () => {
    const res = await inject('PATCH', '/api/lab/sims/waves', { enabled: false }, adminToken);
    assert.equal(res.status, 200, `got ${res.status}`);
    assert.equal(res.body.sim.enabled, false);

    const get = await inject('GET', '/api/lab/sims', null, adminToken);
    const waves = get.body.sims.find(s => s.id === 'waves');
    assert.equal(waves.enabled, false, 'waves disabled in catalog');

    const legacy = JSON.parse(
      db.prepare("SELECT value FROM app_settings WHERE key='sim_disabled_ids'").get().value
    );
    assert.ok(legacy.includes('waves'), 'waves in legacy sim_disabled_ids');

    await inject('PATCH', '/api/lab/sims/waves', { enabled: true }, adminToken);
    const legacy2 = JSON.parse(
      db.prepare("SELECT value FROM app_settings WHERE key='sim_disabled_ids'").get().value
    );
    assert.ok(!legacy2.includes('waves'), 'waves removed from legacy after enable');
  });

  it('admin can set featured, tags, subject, grade', async () => {
    const res = await inject('PATCH', '/api/lab/sims/pendulum',
      { featured: true, tags: ['колебания', 'механика'], subject: 'physics', grade: 9 }, adminToken);
    assert.equal(res.status, 200);
    assert.equal(res.body.sim.featured, true);
    assert.deepEqual(res.body.sim.tags, ['колебания', 'механика']);
    assert.equal(res.body.sim.subject, 'physics');
    assert.equal(res.body.sim.grade, 9);
  });

  it('PATCH rejects bad grade and bad category and non-array tags', async () => {
    const g = await inject('PATCH', '/api/lab/sims/pendulum', { grade: 99 }, adminToken);
    assert.equal(g.status, 400, 'bad grade rejected');
    const c = await inject('PATCH', '/api/lab/sims/pendulum', { cat: 'nope' }, adminToken);
    assert.equal(c.status, 400, 'bad cat rejected');
    const t = await inject('PATCH', '/api/lab/sims/pendulum', { tags: 'notarray' }, adminToken);
    assert.equal(t.status, 400, 'non-array tags rejected');
  });

  it('PATCH unknown sim → 404', async () => {
    const res = await inject('PATCH', '/api/lab/sims/nonexistent', { featured: true }, adminToken);
    assert.equal(res.status, 404, `got ${res.status}`);
  });

  it('POST /api/lab/sims/reorder updates sort order (admin)', async () => {
    const get = await inject('GET', '/api/lab/sims', null, adminToken);
    const ids = get.body.sims.map(s => s.id);
    const reordered = ['angrybirds', 'graph', ...ids.filter(id => id !== 'angrybirds' && id !== 'graph')];
    const res = await inject('POST', '/api/lab/sims/reorder', { order: reordered }, adminToken);
    assert.equal(res.status, 200, `got ${res.status}`);
    assert.equal(res.body.count, 40);

    const get2 = await inject('GET', '/api/lab/sims', null, adminToken);
    assert.equal(get2.body.sims[0].id, 'angrybirds', 'angrybirds now first');
    assert.equal(get2.body.sims[1].id, 'graph', 'graph now second');
  });

  it('reorder rejects unknown id and empty order', async () => {
    const bad = await inject('POST', '/api/lab/sims/reorder', { order: ['ghost'] }, adminToken);
    assert.equal(bad.status, 400, 'unknown id rejected');
    const empty = await inject('POST', '/api/lab/sims/reorder', { order: [] }, adminToken);
    assert.equal(empty.status, 400, 'empty order rejected');
  });

  it('reorder is admin-only (student → 403)', async () => {
    const res = await inject('POST', '/api/lab/sims/reorder', { order: ['graph'] }, studentToken);
    assert.equal(res.status, 403, `got ${res.status}`);
  });
});