Merge pull request #44 from objectstack-ai/copilot/add-submodule-for-integration-tests

Author: hotlong

.eslintrc.js

@@ -36,5 +36,5 @@ module.exports = {
       },
     },
   ],
-  ignorePatterns: ["node_modules/", ".expo/", "dist/", "*.config.js", "babel.config.js"],
+  ignorePatterns: ["node_modules/", ".expo/", "dist/", "*.config.js", "babel.config.js", "server/hotcrm/"],
 };

.github/workflows/integration.yml

@@ -0,0 +1,64 @@
+name: Integration Tests
+
+on:
+  pull_request:
+    branches: [main, develop]
+  push:
+    branches: [main, develop]
+  # Allow manual trigger
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  integration:
+    name: Server Integration Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: pnpm
+
+      # Install mobile app dependencies
+      - name: Install dependencies
+        run: pnpm install
+
+      # Install HotCRM submodule dependencies and build
+      - name: Setup HotCRM server
+        run: |
+          cd server/hotcrm
+          pnpm install
+          pnpm build
+
+      # Start the server in background
+      - name: Start HotCRM server
+        run: ./scripts/start-integration-server.sh --bg
+        env:
+          PORT: 4000
+
+      # Wait for server readiness
+      - name: Wait for server
+        run: ./scripts/wait-for-server.sh http://localhost:4000/api/v1/auth/get-session 60
+
+      # Run integration tests
+      - name: Run integration tests
+        run: pnpm test:integration:server
+        env:
+          INTEGRATION_SERVER_URL: http://localhost:4000
+
+      # Stop server
+      - name: Stop HotCRM server
+        if: always()
+        run: ./scripts/stop-integration-server.sh

.gitignore

@@ -53,3 +53,15 @@ coverage/
 apps/docs/.next/
 apps/docs/.source/
 apps/docs/node_modules/
+
+# hotcrm submodule build artifacts
+server/hotcrm/node_modules/
+server/hotcrm/.pnpm-store/
+server/hotcrm/packages/*/dist/
+server/hotcrm/packages/*/node_modules/
+server/hotcrm/apps/*/node_modules/
+server/hotcrm/apps/*/.next/
+
+# integration server runtime files
+.hotcrm-server.pid
+.hotcrm-server.log

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "server/hotcrm"]
+	path = server/hotcrm
+	url = https://github.com/objectstack-ai/hotcrm.git

__tests__/integration/server/auth.integration.test.ts

@@ -0,0 +1,131 @@
+/**
+ * Server Integration Tests — Authentication Flow
+ *
+ * These tests run against a real HotCRM server and validate the complete
+ * authentication lifecycle: registration → login → session → logout.
+ *
+ * Prerequisites:
+ *   1. HotCRM server running: `./scripts/start-integration-server.sh --bg`
+ *   2. Server is ready:       `./scripts/wait-for-server.sh`
+ *
+ * Run:
+ *   pnpm test:integration:server
+ */
+
+import { api, uniqueEmail, BASE_URL } from "./helpers";
+
+const TEST_PASSWORD = "IntTest_Passw0rd!";
+
+describe("Authentication Flow", () => {
+  const email = uniqueEmail();
+  let sessionCookie = "";
+
+  it("should register a new user via /api/v1/auth/sign-up/email", async () => {
+    const res = await api("/api/v1/auth/sign-up/email", {
+      method: "POST",
+      body: JSON.stringify({
+        email,
+        password: TEST_PASSWORD,
+        name: "Integration Tester",
+      }),
+    });
+
+    expect(res.status).toBeLessThan(400);
+
+    const body = await res.json();
+    // The response should contain user data (email or user object)
+    expect(body).toBeDefined();
+
+    // Capture session cookie for later requests
+    sessionCookie = res.headers.get("set-cookie") ?? "";
+  });
+
+  it("should login with the registered credentials via /api/v1/auth/sign-in/email", async () => {
+    const res = await api("/api/v1/auth/sign-in/email", {
+      method: "POST",
+      body: JSON.stringify({
+        email,
+        password: TEST_PASSWORD,
+      }),
+    });
+
+    expect(res.status).toBeLessThan(400);
+
+    const body = await res.json();
+    expect(body).toBeDefined();
+
+    // Update session cookie
+    const newCookie = res.headers.get("set-cookie");
+    if (newCookie) {
+      sessionCookie = newCookie;
+    }
+  });
+
+  it("should retrieve the current session via /api/v1/auth/get-session", async () => {
+    const res = await api("/api/v1/auth/get-session", {
+      headers: sessionCookie ? { Cookie: sessionCookie } : {},
+    });
+
+    expect(res.status).toBeLessThan(400);
+
+    const body = await res.json();
+    expect(body).toBeDefined();
+  });
+
+  it("should sign out via /api/v1/auth/sign-out", async () => {
+    const res = await api("/api/v1/auth/sign-out", {
+      method: "POST",
+      headers: sessionCookie ? { Cookie: sessionCookie } : {},
+    });
+
+    expect(res.status).toBeLessThan(400);
+  });
+
+  it("should reject login with wrong password", async () => {
+    const res = await api("/api/v1/auth/sign-in/email", {
+      method: "POST",
+      body: JSON.stringify({
+        email,
+        password: "WrongPassword123!",
+      }),
+    });
+
+    // Should fail authentication
+    expect(res.status).toBeGreaterThanOrEqual(400);
+  });
+});
+
+describe("Registration Validation", () => {
+  it("should reject registration without email", async () => {
+    const res = await api("/api/v1/auth/sign-up/email", {
+      method: "POST",
+      body: JSON.stringify({
+        password: TEST_PASSWORD,
+        name: "No Email User",
+      }),
+    });
+
+    expect(res.status).toBeGreaterThanOrEqual(400);
+  });
+
+  it("should reject registration without password", async () => {
+    const res = await api("/api/v1/auth/sign-up/email", {
+      method: "POST",
+      body: JSON.stringify({
+        email: uniqueEmail(),
+        name: "No Password User",
+      }),
+    });
+
+    expect(res.status).toBeGreaterThanOrEqual(400);
+  });
+});
+
+describe("Server Health", () => {
+  it("should respond to requests on the base URL", async () => {
+    // A basic connectivity check — the server should respond
+    const res = await fetch(BASE_URL);
+    // Even a 404 is fine — the server is alive
+    expect(res.status).toBeDefined();
+  });
+});