375a6af86e
Some checks are pending
CI / validate (push) Waiting to run
L-2 von mana/docs/playbooks/LOCAL_FIRST_LOGIN_OPTIONAL.md:
apps/api:
- routes/decks.ts: CRUD-Routes gelöscht. Verbleibend nur Read-Only:
GET /:id/marketplace-source + GET /:deckId/distractors
- routes/cards.ts: alle CRUD-Routes → 410 Gone mit Deprecation/Sunset
Header (Sunset 2026-06-20). Sub-Pfade weren von Hono auf das *-Handler
geleitet, die alle 410 zurückgeben
- routes/reviews.ts: alle Routes → 410 Gone, FSRS-Compute ist jetzt
client-side via @wordeck/domain.gradeReview
- routes/decks-generate.ts: returnt nur noch LLM-Vorschlag
({ suggestion: { deck, cards } }), Server schreibt NICHTS mehr in
decks/cards/reviews. Client emittet Events lokal in event-sync
- routes/dsgvo.ts: Doku-Block: nach Big-Bang sind neue User-Daten in
sync2 mana_sync_v2.wordeck.*, nicht mehr hier. mana-admin-Fanout
muss beide Quellen abfragen
- scripts/migrate-db-to-events.ts: Stub für DB→Event-Sync-Migration.
Idempotent via idempotencyKey='migration:<row-id>:<event-type>'.
Plaintext-Migration (kein User-Master-Key zur Migration-Zeit),
--dry-run/--commit, --user-id-Filter. mintToken() noch als Stub
(braucht Service-Key-basierten JWT-Mint in mana-auth)
apps/web:
- lib/api/decks.ts: generateDeck wrapped jetzt den Server-Vorschlag
via lokales createDeck + createCard-Burst. UI sieht weiterhin
{ deck, cards_created } als Return-Shape
apps/api/tests:
- decks.test.ts: post-cutover-Smokes (Auth-Check + 404 für entfernte
Routes)
- cards.test.ts: 410-Gone-Verification mit Deprecation-Header
- reviews.test.ts: 410-Gone-Verification
Type-check 0 Errors. Test-Suite: pre-existing fails (dsgvo, share,
tools — alle pre-cutover schon rot, Rebrand-Drift cards→wordeck);
meine drei Big-Bang-Tests-Files 7/7 grün.
Offene Punkte (bewusst geflaggt, nicht Big-Bang-Block):
- DSGVO-Pfad cross-source-Aggregation (sync2 + DB) ist mana-admin's
Architektur-Job, nicht wordeck-app
- Migration-Script mintToken() braucht mana-auth-Service-Key-Pfad
oder sync2-Service-Key-Auth-Mode (Plattform-Arbeit)
- Live-User-Migration: Skript-Stub ist ungetestet, muss vor echtem
Run code-reviewed + 1-2 User-Dry-Runs
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
44 lines
1.4 KiB
TypeScript
44 lines
1.4 KiB
TypeScript
/**
|
|
* Decks-Routes — Post-Cutover-Smokes (L-2, 2026-05-20).
|
|
*
|
|
* Nach dem event-sync-Cutover existieren nur noch zwei Read-Only-
|
|
* Endpoints: marketplace-source-Lookup + Distractors-Sample. Beide
|
|
* brauchen Auth.
|
|
*/
|
|
|
|
import { describe, expect, it } from 'vitest';
|
|
import { Hono } from 'hono';
|
|
|
|
import { decksRouter } from '../src/routes/decks.ts';
|
|
|
|
function withRouter() {
|
|
const app = new Hono();
|
|
app.route('/api/v1/decks', decksRouter({ db: undefined }));
|
|
return app;
|
|
}
|
|
|
|
describe('decksRouter — post-cutover', () => {
|
|
it('marketplace-source ohne Auth → 401', async () => {
|
|
const app = withRouter();
|
|
const res = await app.request('/api/v1/decks/abc/marketplace-source');
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('distractors ohne Auth → 401', async () => {
|
|
const app = withRouter();
|
|
const res = await app.request('/api/v1/decks/abc/distractors');
|
|
expect(res.status).toBe(401);
|
|
});
|
|
|
|
it('CRUD-Routes existieren nicht mehr — POST mit Auth-Stub → 404 (no route matches)', async () => {
|
|
const app = withRouter();
|
|
const res = await app.request('/api/v1/decks', {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json', 'X-User-Id': 'u1' },
|
|
body: JSON.stringify({ name: 'foo' }),
|
|
});
|
|
// Mit Auth-Stub matched die Auth-Middleware, aber keine Route.
|
|
// Hono Default ohne Route: 404.
|
|
expect([404, 405]).toContain(res.status);
|
|
});
|
|
});
|