feat(e2e): add Playwright E2E testing infrastructure and critical path tests

Set up Playwright with dual-project config (API + Web), auth test fixtures, 16 E2E tests covering registration, login, profile, token refresh, and homepage rendering. Added GitHub Actions CI workflow for automated E2E runs. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 01:41:07 +07:00
parent 391c040100
commit 9301f44119
12 changed files with 1660 additions and 2 deletions
--- a/e2e/api/auth-login.spec.ts
+++ b/e2e/api/auth-login.spec.ts
@@ -0,0 +1,39 @@
+import { test, expect } from '@playwright/test';
+import { createTestUser, registerUser } from '../fixtures';
+
+test.describe('POST /auth/login', () => {
+  test('logs in with valid credentials and returns token pair', async ({ request }) => {
+    const user = createTestUser();
+    await registerUser(request, user);
+
+    const res = await request.post('/auth/login', {
+      data: { phone: user.phone, password: user.password },
+    });
+
+    expect(res.status()).toBe(201);
+    const body = await res.json();
+    expect(body).toHaveProperty('accessToken');
+    expect(body).toHaveProperty('refreshToken');
+  });
+
+  test('rejects login with wrong password', async ({ request }) => {
+    const user = createTestUser();
+    await registerUser(request, user);
+
+    const res = await request.post('/auth/login', {
+      data: { phone: user.phone, password: 'WrongPassword!1' },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('rejects login with non-existent phone', async ({ request }) => {
+    const res = await request.post('/auth/login', {
+      data: { phone: '0900000001', password: 'Test@1234!' },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+});
--- a/e2e/api/auth-profile.spec.ts
+++ b/e2e/api/auth-profile.spec.ts
@@ -0,0 +1,29 @@
+import { test, expect } from '../fixtures';
+
+test.describe('GET /auth/profile', () => {
+  test('returns user profile for authenticated user', async ({ authedRequest, testUser }) => {
+    const res = await authedRequest.get('/auth/profile');
+
+    expect(res.status()).toBe(200);
+    const body = await res.json();
+    expect(body).toHaveProperty('id');
+    expect(body.phone).toBe(testUser.phone);
+    expect(body.fullName).toBe(testUser.fullName);
+  });
+
+  test('rejects unauthenticated requests', async ({ request }) => {
+    const res = await request.get('/auth/profile');
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('rejects requests with invalid token', async ({ request }) => {
+    const res = await request.get('/auth/profile', {
+      headers: { Authorization: 'Bearer invalid.jwt.token' },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+});
--- a/e2e/api/auth-refresh.spec.ts
+++ b/e2e/api/auth-refresh.spec.ts
@@ -0,0 +1,24 @@
+import { test, expect } from '../fixtures';
+
+test.describe('POST /auth/refresh', () => {
+  test('refreshes tokens with valid refresh token', async ({ request, testTokens }) => {
+    const res = await request.post('/auth/refresh', {
+      data: { refreshToken: testTokens.refreshToken },
+    });
+
+    expect(res.status()).toBe(201);
+    const body = await res.json();
+    expect(body).toHaveProperty('accessToken');
+    expect(body).toHaveProperty('refreshToken');
+    // New tokens should differ from original
+    expect(body.accessToken).not.toBe(testTokens.accessToken);
+  });
+
+  test('rejects invalid refresh token', async ({ request }) => {
+    const res = await request.post('/auth/refresh', {
+      data: { refreshToken: 'invalid-refresh-token' },
+    });
+
+    expect(res.ok()).toBeFalsy();
+  });
+});
--- a/e2e/api/auth-register.spec.ts
+++ b/e2e/api/auth-register.spec.ts
@@ -0,0 +1,52 @@
+import { test, expect } from '@playwright/test';
+import { createTestUser } from '../fixtures';
+
+test.describe('POST /auth/register', () => {
+  test('registers a new user and returns token pair', async ({ request }) => {
+    const user = createTestUser();
+
+    const res = await request.post('/auth/register', { data: user });
+
+    expect(res.status()).toBe(201);
+    const body = await res.json();
+    expect(body).toHaveProperty('accessToken');
+    expect(body).toHaveProperty('refreshToken');
+    expect(typeof body.accessToken).toBe('string');
+    expect(typeof body.refreshToken).toBe('string');
+  });
+
+  test('rejects duplicate phone registration', async ({ request }) => {
+    const user = createTestUser();
+
+    // First registration should succeed
+    const first = await request.post('/auth/register', { data: user });
+    expect(first.ok()).toBeTruthy();
+
+    // Second registration with same phone should fail
+    const second = await request.post('/auth/register', { data: user });
+    expect(second.ok()).toBeFalsy();
+    expect(second.status()).toBeGreaterThanOrEqual(400);
+  });
+
+  test('rejects registration with missing required fields', async ({ request }) => {
+    const res = await request.post('/auth/register', {
+      data: { phone: '0912345678' },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(400);
+  });
+
+  test('rejects registration with short password', async ({ request }) => {
+    const res = await request.post('/auth/register', {
+      data: {
+        phone: '0912345678',
+        password: 'short',
+        fullName: 'Test',
+      },
+    });
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(400);
+  });
+});