Files
alrahma_sunday_school_api/tests/Feature/Api/V1/FullSurface/ApiWriteAuditAndTimestampContractTest.php
T
2026-06-11 11:46:12 -04:00

117 lines
5.0 KiB
PHP

<?php
namespace Tests\Feature\Api\V1\FullSurface;
use Illuminate\Routing\Route as LaravelRoute;
use Illuminate\Support\Facades\DB;
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
class ApiWriteAuditAndTimestampContractTest extends FullSurfaceE2EContractCase
{
public function test_successful_create_responses_expose_identifier_or_resource_envelope(): void
{
foreach ($this->createRoutes() as $route) {
$method = $this->primaryMethod($route);
$uri = $route->uri();
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $this->payloadFor($method, $uri));
$this->assertControlled($response, $method, $uri);
$this->assertNoServerError($response, "$method $uri create identifier contract");
if (in_array($response->getStatusCode(), [200, 201, 202], true) && $this->isJsonString($response->getContent())) {
$json = $response->json();
$flat = json_encode($json, JSON_THROW_ON_ERROR);
$this->assertTrue(
str_contains($flat, 'id') || str_contains($flat, 'uuid') || str_contains($flat, 'ok') || str_contains($flat, 'status'),
"$method $uri successful create response should expose an identifier, ok/status, or resource envelope."
);
}
}
}
public function test_successful_write_responses_do_not_emit_broken_timestamp_fields(): void
{
foreach ($this->timestampAwareWriteRoutes() as $route) {
$method = $this->primaryMethod($route);
$uri = $route->uri();
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $this->payloadFor($method, $uri));
$this->assertControlled($response, $method, $uri);
$this->assertNoServerError($response, "$method $uri timestamp serialization contract");
if (in_array($response->getStatusCode(), [200, 201, 202], true) && $this->isJsonString($response->getContent())) {
$flat = json_encode($response->json(), JSON_THROW_ON_ERROR);
foreach (['created_at', 'updated_at', 'deleted_at'] as $field) {
if (! str_contains($flat, $field)) {
continue;
}
$this->assertDoesNotMatchRegularExpression(
'/"'.$field.'"\s*:\s*"(?:0000-00-00|Invalid date|NaN)/i',
$flat,
"$method $uri emitted a broken $field timestamp."
);
}
}
}
}
public function test_audit_like_routes_are_not_publicly_mutable(): void
{
foreach ($this->auditOrLogRoutes() as $route) {
$method = $this->primaryMethod($route);
$uri = $route->uri();
$response = $this->json($method, $this->materializePath($uri), $this->payloadFor($method, $uri));
$this->assertStatusIn($response, [302, 401, 403, 404, 405, 419, 422], "$method $uri public audit mutation");
$this->assertNoServerError($response, "$method $uri public audit mutation");
}
}
/** @return list<LaravelRoute> */
private function createRoutes(): array
{
return array_slice(array_filter($this->apiRoutes(), fn (LaravelRoute $route): bool => $this->primaryMethod($route) === 'POST' && ! str_contains($route->uri(), 'login')), 0, 80);
}
/** @return list<LaravelRoute> */
private function timestampAwareWriteRoutes(): array
{
return array_slice(array_filter($this->apiRoutes(), fn (LaravelRoute $route): bool => in_array($this->primaryMethod($route), ['POST', 'PUT', 'PATCH'], true)), 0, 50);
}
/** @return list<LaravelRoute> */
private function auditOrLogRoutes(): array
{
return array_slice(array_filter($this->apiRoutes(), function (LaravelRoute $route): bool {
return preg_match('/audit|log|history|activity|movement|transaction/i', $route->uri()) === 1
&& in_array($this->primaryMethod($route), ['POST', 'PUT', 'PATCH', 'DELETE'], true);
}), 0, 40);
}
/** @return list<string> */
private function candidateTablesFor(string $uri): array
{
return array_values(array_filter([
str_contains($uri, 'users') ? 'users' : null,
str_contains($uri, 'students') ? 'students' : null,
str_contains($uri, 'attendance') ? 'attendance' : null,
str_contains($uri, 'invoice') ? 'invoices' : null,
str_contains($uri, 'payment') ? 'payments' : null,
str_contains($uri, 'inventory') ? 'inventory_items' : null,
str_contains($uri, 'message') ? 'messages' : null,
str_contains($uri, 'support') ? 'support_tickets' : null,
]));
}
private function tableHasColumn(string $table, string $column): bool
{
try {
return DB::getSchemaBuilder()->hasColumn($table, $column);
} catch (\Throwable) {
return false;
}
}
}