Initial commit: full-stack Bun + Elysia + React template

Elysia.js API with session-based auth (email/password + Google OAuth), role system (USER/ADMIN/SUPER_ADMIN), Prisma + PostgreSQL, React 19 with Mantine UI, TanStack Router, dark theme, and comprehensive test suite (unit, integration, E2E with Lightpanda). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-01 10:12:19 +08:00
commit 08a1054e3c
57 changed files with 3732 additions and 0 deletions
--- a/tests/integration/auth-flow.test.ts
+++ b/tests/integration/auth-flow.test.ts
@@ -0,0 +1,57 @@
+import { test, expect, describe, beforeAll, afterAll } from 'bun:test'
+import { createTestApp, seedTestUser, cleanupTestData, prisma } from '../helpers'
+
+const app = createTestApp()
+
+beforeAll(async () => {
+  await cleanupTestData()
+  await seedTestUser('flow@example.com', 'flow123', 'Flow User')
+})
+
+afterAll(async () => {
+  await cleanupTestData()
+  await prisma.$disconnect()
+})
+
+describe('Full auth flow: login → session → logout → session', () => {
+  test('complete auth lifecycle', async () => {
+    // 1. Login
+    const loginRes = await app.handle(new Request('http://localhost/api/auth/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ email: 'flow@example.com', password: 'flow123' }),
+    }))
+    expect(loginRes.status).toBe(200)
+
+    const loginBody = await loginRes.json()
+    expect(loginBody.user.email).toBe('flow@example.com')
+    expect(loginBody.user.role).toBe('USER')
+
+    const setCookie = loginRes.headers.get('set-cookie')!
+    const token = setCookie.match(/session=([^;]+)/)?.[1]!
+    expect(token).toBeDefined()
+
+    // 2. Check session — should be valid
+    const sessionRes = await app.handle(new Request('http://localhost/api/auth/session', {
+      headers: { cookie: `session=${token}` },
+    }))
+    expect(sessionRes.status).toBe(200)
+    const sessionBody = await sessionRes.json()
+    expect(sessionBody.user.email).toBe('flow@example.com')
+
+    // 3. Logout
+    const logoutRes = await app.handle(new Request('http://localhost/api/auth/logout', {
+      method: 'POST',
+      headers: { cookie: `session=${token}` },
+    }))
+    expect(logoutRes.status).toBe(200)
+
+    // 4. Check session again — should be invalid
+    const afterLogoutRes = await app.handle(new Request('http://localhost/api/auth/session', {
+      headers: { cookie: `session=${token}` },
+    }))
+    expect(afterLogoutRes.status).toBe(401)
+    const afterLogoutBody = await afterLogoutRes.json()
+    expect(afterLogoutBody.user).toBeNull()
+  })
+})