clean routes
This commit is contained in:
@@ -58,6 +58,27 @@ function sendNull(res) {
|
||||
res.end('null');
|
||||
}
|
||||
|
||||
function readRequestBody(req) {
|
||||
return new Promise((resolve, reject) => {
|
||||
let body = '';
|
||||
req.on('data', (chunk) => {
|
||||
body += chunk;
|
||||
});
|
||||
req.on('end', () => resolve(body));
|
||||
req.on('error', reject);
|
||||
});
|
||||
}
|
||||
|
||||
async function readJsonBody(req) {
|
||||
const text = await readRequestBody(req);
|
||||
if (!text) return null;
|
||||
try {
|
||||
return JSON.parse(text);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
function normalizeArrayFields(obj, fields) {
|
||||
if (!obj || typeof obj !== 'object') return obj;
|
||||
const out = { ...obj };
|
||||
@@ -110,6 +131,7 @@ function getSessionForMode(mode, req) {
|
||||
email: 'admin@gridpilot.test',
|
||||
displayName: 'Demo Admin',
|
||||
primaryDriverId: 'driver-admin',
|
||||
role: 'league-admin', // MATCH WEBSITE EXPECTATIONS
|
||||
},
|
||||
};
|
||||
}
|
||||
@@ -123,6 +145,7 @@ function getSessionForMode(mode, req) {
|
||||
displayName: 'Demo Sponsor User',
|
||||
primaryDriverId: 'driver-sponsor',
|
||||
sponsorId,
|
||||
role: 'sponsor', // MATCH WEBSITE EXPECTATIONS
|
||||
},
|
||||
};
|
||||
}
|
||||
@@ -134,6 +157,7 @@ function getSessionForMode(mode, req) {
|
||||
email: 'driver@gridpilot.test',
|
||||
displayName: 'Demo Driver',
|
||||
primaryDriverId: 'driver-1',
|
||||
role: 'driver', // MATCH WEBSITE EXPECTATIONS
|
||||
},
|
||||
};
|
||||
}
|
||||
@@ -513,6 +537,50 @@ const server = http.createServer((req, res) => {
|
||||
|
||||
if (pathname === '/health') return send(200, { status: 'ok' });
|
||||
|
||||
if (pathname === '/auth/demo-login' && req.method === 'POST') {
|
||||
return readJsonBody(req)
|
||||
.then((body) => {
|
||||
const role = body && typeof body.role === 'string' ? body.role : 'driver';
|
||||
|
||||
// Map role to mode for session lookup
|
||||
// The role parameter from tests should match what website expects
|
||||
let mode;
|
||||
if (role === 'sponsor') {
|
||||
mode = 'sponsor';
|
||||
} else if (role === 'league-admin' || role === 'league-owner' || role === 'league-steward' || role === 'super-admin' || role === 'system-owner') {
|
||||
mode = 'admin'; // All admin-like roles use admin mode
|
||||
} else {
|
||||
mode = 'driver'; // Default to driver
|
||||
}
|
||||
|
||||
const session = getSessionForMode(mode, req);
|
||||
|
||||
// For the docker smoke environment, the website middleware checks gp_session to
|
||||
// allow protected routes, while the mock session endpoint uses gridpilot_demo_mode.
|
||||
const gpSessionValue = `demo-${mode}-session`;
|
||||
|
||||
// Set cookies with proper domain for Docker environment
|
||||
// In Docker tests, both website (3100) and API (3101) are on localhost
|
||||
// so we need to set cookies for localhost domain
|
||||
const domain = 'localhost';
|
||||
const cookies = [
|
||||
`gp_session=${encodeURIComponent(gpSessionValue)}; Path=/; HttpOnly; Domain=${domain}`,
|
||||
`gridpilot_demo_mode=${encodeURIComponent(mode)}; Path=/; Domain=${domain}`,
|
||||
];
|
||||
|
||||
if (mode === 'sponsor') {
|
||||
cookies.push(`gridpilot_sponsor_id=${encodeURIComponent(DEMO.sponsorId)}; Path=/; Domain=${domain}`);
|
||||
cookies.push(`gridpilot_sponsor_name=${encodeURIComponent('Demo Sponsor')}; Path=/; Domain=${domain}`);
|
||||
}
|
||||
|
||||
res.setHeader('Set-Cookie', cookies);
|
||||
return send(200, session);
|
||||
})
|
||||
.catch((err) => {
|
||||
return send(500, { message: String(err?.message || err || 'demo-login failed') });
|
||||
});
|
||||
}
|
||||
|
||||
if (pathname === '/policy/snapshot') {
|
||||
return send(200, {
|
||||
policyVersion: 1,
|
||||
@@ -623,6 +691,20 @@ const server = http.createServer((req, res) => {
|
||||
return send(200, payload);
|
||||
}
|
||||
|
||||
// Admin dashboard stats endpoint
|
||||
if (pathname === '/admin/dashboard/stats') {
|
||||
// Check authorization - only admin roles can access
|
||||
if (demoMode !== 'admin') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, {
|
||||
totalLeagues: 1,
|
||||
totalMembers: 10,
|
||||
totalRevenue: 5000,
|
||||
activeSponsorships: 2,
|
||||
});
|
||||
}
|
||||
|
||||
if (pathname === '/drivers/leaderboard') return send(200, { drivers: [] });
|
||||
if (pathname === '/drivers/current')
|
||||
return send(200, buildDriver(getSessionForMode(demoMode, req)?.user?.primaryDriverId || 'driver-1'));
|
||||
@@ -823,6 +905,10 @@ const server = http.createServer((req, res) => {
|
||||
|
||||
const leagueIdFromRosterMembers = getPathParam(pathname, /^\/leagues\/([^/]+)\/admin\/roster\/members$/);
|
||||
if (leagueIdFromRosterMembers) {
|
||||
// Check authorization - only admin roles can access
|
||||
if (demoMode !== 'admin') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, [
|
||||
{
|
||||
driverId: 'driver-admin',
|
||||
@@ -841,6 +927,10 @@ const server = http.createServer((req, res) => {
|
||||
|
||||
const leagueIdFromJoinRequests = getPathParam(pathname, /^\/leagues\/([^/]+)\/admin\/roster\/join-requests$/);
|
||||
if (leagueIdFromJoinRequests) {
|
||||
// Check authorization - only admin roles can access
|
||||
if (demoMode !== 'admin') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, [
|
||||
{
|
||||
id: 'join-request-1',
|
||||
@@ -866,7 +956,10 @@ const server = http.createServer((req, res) => {
|
||||
if (driverId) return send(200, buildDriver(driverId));
|
||||
|
||||
const driverIdProfile = getPathParam(pathname, /^\/drivers\/([^/]+)\/profile$/);
|
||||
if (driverIdProfile) return send(200, buildDriverProfile(driverIdProfile));
|
||||
if (driverIdProfile) {
|
||||
// This endpoint is public, no auth required
|
||||
return send(200, buildDriverProfile(driverIdProfile));
|
||||
}
|
||||
|
||||
const teamIdDetails = getPathParam(pathname, /^\/teams\/([^/]+)$/);
|
||||
if (teamIdDetails) return send(200, buildTeamDetails(teamIdDetails));
|
||||
@@ -942,6 +1035,10 @@ const server = http.createServer((req, res) => {
|
||||
|
||||
const sponsorBilling = getPathParam(pathname, /^\/sponsors\/billing\/([^/]+)$/);
|
||||
if (sponsorBilling) {
|
||||
// Check authorization - only sponsor role can access
|
||||
if (demoMode !== 'sponsor') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
const today = new Date();
|
||||
const invoiceDate = new Date(today.getFullYear(), today.getMonth(), 1).toISOString();
|
||||
const dueDate = new Date(today.getFullYear(), today.getMonth(), 15).toISOString();
|
||||
@@ -986,10 +1083,20 @@ const server = http.createServer((req, res) => {
|
||||
}
|
||||
|
||||
const sponsorSettings = getPathParam(pathname, /^\/sponsors\/settings\/([^/]+)$/);
|
||||
if (sponsorSettings) return send(200, buildSponsorSettings(sponsorSettings));
|
||||
if (sponsorSettings) {
|
||||
// Check authorization - only sponsor role can access
|
||||
if (demoMode !== 'sponsor') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, buildSponsorSettings(sponsorSettings));
|
||||
}
|
||||
|
||||
const sponsorLeagueAvailable = pathname === '/sponsors/leagues/available';
|
||||
if (sponsorLeagueAvailable) {
|
||||
// Check authorization - only sponsor role can access
|
||||
if (demoMode !== 'sponsor') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, [
|
||||
{
|
||||
id: DEMO.leagueId,
|
||||
@@ -1010,6 +1117,10 @@ const server = http.createServer((req, res) => {
|
||||
|
||||
const sponsorLeagueDetail = getPathParam(pathname, /^\/sponsors\/leagues\/([^/]+)\/detail$/);
|
||||
if (sponsorLeagueDetail) {
|
||||
// Check authorization - only sponsor role can access
|
||||
if (demoMode !== 'sponsor') {
|
||||
return send(403, { message: 'Forbidden' });
|
||||
}
|
||||
return send(200, {
|
||||
league: {
|
||||
id: sponsorLeagueDetail,
|
||||
|
||||
Reference in New Issue
Block a user