test(e2e): add coverage for agent profile, KYC, payment callbacks, media upload, and listing moderation

Fills coverage gaps for untested API endpoints: - GET /auth/profile/agent (auth + unauth) - PATCH /auth/kyc (admin-only guard tests) - POST /payments/callback/:provider (VNPay, MoMo, ZaloPay webhooks) - POST /listings/:id/media (multipart upload validation) - PATCH /listings/:id/moderate (admin-only moderation) Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 03:28:27 +07:00
parent cb00b12d7b
commit 7a242d7e45
5 changed files with 281 additions and 0 deletions
--- a/e2e/api/listings-media.spec.ts
+++ b/e2e/api/listings-media.spec.ts
@@ -0,0 +1,75 @@
+import { test, expect, registerUser, createListing } from '../fixtures';
+import * as path from 'path';
+import * as fs from 'fs';
+
+test.describe('POST /listings/:id/media — Media upload', () => {
+  let accessToken: string;
+  let listingId: string;
+
+  test.beforeAll(async ({ request }) => {
+    const { accessToken: token } = await registerUser(request);
+    accessToken = token;
+
+    // Create a listing to attach media to
+    const { listing } = await createListing(request, token);
+    listingId = listing.id;
+  });
+
+  test('rejects unauthenticated media upload', async ({ request }) => {
+    const res = await request.post(`/listings/${listingId}/media`, {
+      multipart: {
+        file: {
+          name: 'test.jpg',
+          mimeType: 'image/jpeg',
+          buffer: Buffer.from('fake-jpeg-data'),
+        },
+      },
+    });
+
+    expect(res.status()).toBe(401);
+  });
+
+  test('rejects upload without file', async ({ request }) => {
+    const res = await request.post(`/listings/${listingId}/media`, {
+      headers: { Authorization: `Bearer ${accessToken}` },
+      multipart: {
+        caption: 'Missing file',
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect([400, 422]).toContain(res.status());
+  });
+
+  test('rejects upload with invalid MIME type', async ({ request }) => {
+    const res = await request.post(`/listings/${listingId}/media`, {
+      headers: { Authorization: `Bearer ${accessToken}` },
+      multipart: {
+        file: {
+          name: 'test.pdf',
+          mimeType: 'application/pdf',
+          buffer: Buffer.from('fake-pdf-data'),
+        },
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect([400, 415, 422]).toContain(res.status());
+  });
+
+  test('rejects upload for non-existent listing', async ({ request }) => {
+    const res = await request.post('/listings/non-existent-id/media', {
+      headers: { Authorization: `Bearer ${accessToken}` },
+      multipart: {
+        file: {
+          name: 'test.jpg',
+          mimeType: 'image/jpeg',
+          buffer: Buffer.from('fake-jpeg-data'),
+        },
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect([400, 404]).toContain(res.status());
+  });
+});