AgileWebs/furniture-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(web): merge protected session mvp updates

Browse Source
This commit is contained in:
José René White Enciso 2026-03-08 17:18:33 -06:00
commit 70b9ef1f3f
9 changed files with 404 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/architecture/frontend-boundary.md
View File

@ -4,6 +4,17 @@
- Frontend data access flows through `src/api/*` adapter modules. - Frontend data access flows through `src/api/*` adapter modules.
- The UI does not access DAL or internal services directly. - The UI does not access DAL or internal services directly.
- Route shell and protected sections are session-aware via Thalos session endpoints. - Route shell and protected sections are session-aware via Thalos session endpoints.
- Runtime base URLs:
- `API_BASE_URL` for business BFF calls. ## Runtime Base URLs
- `THALOS_AUTH_BASE_URL` for session login/refresh/logout/me.
- `API_BASE_URL` for business BFF calls.
- `THALOS_AUTH_BASE_URL` for session login/refresh/logout/me.
## Protected Workflow Endpoints
- `GET /api/furniture/{furnitureId}/availability`
## UI Workflow Coverage
- Furniture availability lookup
- Protected quick-reload actions for recent furniture ids

6
docs/runbooks/testing.md
View File

@ -14,9 +14,9 @@ npm run test:ci
## Coverage Scope ## Coverage Scope
- `src/api/client.test.ts`: runtime-config precedence and fallback behavior - `src/api/client.test.ts`: runtime-config precedence and fallback behavior.
- `src/api/dashboardApi.test.ts`: endpoint path/query contract generation - `src/api/dashboardApi.test.ts`: endpoint path/query composition and payload mapping.
- `src/App.test.tsx`: render baseline and mocked load flow - `src/App.test.tsx`: protected-route render and workflow trigger behavior.
## Notes ## Notes

55
src/App.test.tsx
View File

@ -1,31 +1,60 @@
import { fireEvent, render, screen, waitFor } from '@testing-library/react'; import { fireEvent, render, screen, waitFor } from '@testing-library/react';
import { describe, expect, it, vi } from 'vitest'; import { beforeEach, describe, expect, it, vi } from 'vitest';
vi.mock('./api/sessionApi', () => ({
getSessionMe: vi.fn(),
loginSession: vi.fn(),
refreshSession: vi.fn(),
logoutSession: vi.fn()
}));
vi.mock('./api/dashboardApi', () => ({ vi.mock('./api/dashboardApi', () => ({
loadDashboard: vi.fn() loadDashboard: vi.fn()
})); }));
import { loadDashboard } from './api/dashboardApi'; import { loadDashboard } from './api/dashboardApi';
import { getSessionMe, loginSession } from './api/sessionApi';
import App from './App'; import App from './App';
describe('App', () => { describe('Furniture App', () => {
it('renders baseline page', () => { beforeEach(() => {
render(<App />); vi.mocked(loadDashboard).mockReset();
vi.mocked(getSessionMe).mockReset();
expect(screen.getByRole('heading', { name: 'Furniture Web' })).toBeInTheDocument(); vi.mocked(loginSession).mockReset();
expect(screen.getByRole('button', { name: 'Load' })).toBeInTheDocument();
}); });
it('loads dashboard data when user clicks load', async () => { it('requires login when session is missing', async () => {
vi.mocked(loadDashboard).mockResolvedValue({ summary: 'ok' }); vi.mocked(getSessionMe).mockResolvedValue({ isAuthenticated: false, subjectId: '', tenantId: '', provider: 0 });
render(<App />); render(<App />);
fireEvent.change(screen.getByRole('textbox'), { target: { value: 'ctx stage28' } }); await waitFor(() => expect(screen.getByRole('button', { name: 'Sign In' })).toBeInTheDocument());
fireEvent.click(screen.getByRole('button', { name: 'Load' })); fireEvent.click(screen.getByRole('button', { name: 'Sign In' }));
await waitFor(() => expect(loginSession).toHaveBeenCalledTimes(1));
});
it('loads protected availability data', async () => {
vi.mocked(getSessionMe).mockResolvedValue({
isAuthenticated: true,
subjectId: 'demo-user',
tenantId: 'demo-tenant',
provider: 0
});
vi.mocked(loadDashboard).mockResolvedValue({
furnitureId: 'FURN-001',
displayName: 'Chair',
quantityAvailable: 4
});
render(<App />);
await waitFor(() => expect(screen.getByRole('button', { name: 'Load Availability' })).toBeInTheDocument());
fireEvent.click(screen.getByRole('button', { name: 'Load Availability' }));
await waitFor(() => { await waitFor(() => {
expect(loadDashboard).toHaveBeenCalledWith('ctx stage28'); expect(loadDashboard).toHaveBeenCalledWith('FURN-001');
expect(screen.getByText(/summary/)).toBeInTheDocument(); expect(screen.getByText(/Chair/)).toBeInTheDocument();
}); });
}); });
}); });

200
src/App.tsx
View File

@ -1,41 +1,207 @@
import { useState } from 'react'; import { useState } from 'react';
import { loadDashboard } from './api/dashboardApi'; import { loadDashboard, type FurnitureAvailabilityResponse } from './api/dashboardApi';
import { SessionProvider, useSessionContext } from './auth/sessionContext';
import type { IdentityProvider } from './api/sessionApi';
type RouteKey = 'overview' | 'actions';
function App() { function App() {
const [contextId, setContextId] = useState('FURN-001'); return (
const [payload, setPayload] = useState<unknown>(null); <SessionProvider>
<FurnitureShell />
</SessionProvider>
);
}
function FurnitureShell() {
const session = useSessionContext();
const [route, setRoute] = useState<RouteKey>('overview');
const [furnitureId, setFurnitureId] = useState('FURN-001');
const [availability, setAvailability] = useState<FurnitureAvailabilityResponse | null>(null);
const [history, setHistory] = useState<FurnitureAvailabilityResponse[]>([]);
const [error, setError] = useState<string | null>(null); const [error, setError] = useState<string | null>(null);
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const onLoad = async (): Promise<void> => { const loadAvailability = async (targetFurnitureId = furnitureId) => {
setLoading(true); setLoading(true);
setError(null); setError(null);
try { try {
const response = await loadDashboard(contextId); const response = await loadDashboard(targetFurnitureId);
setPayload(response); setAvailability(response);
setHistory((previous) => [response, ...previous.filter((item) => item.furnitureId !== response.furnitureId)].slice(0, 5));
} catch (err) { } catch (err) {
const message = err instanceof Error ? err.message : 'Unknown request error'; setError(err instanceof Error ? err.message : 'Unable to load furniture availability.');
setError(message);
setPayload(null);
} finally { } finally {
setLoading(false); setLoading(false);
} }
}; };
if (session.status === 'loading') {
return (
<main className="app">
<h1>Furniture Web</h1>
<p className="muted">Restoring session...</p>
</main>
);
}
if (session.status !== 'authenticated' || !session.profile) {
return (
<main className="app">
<h1>Furniture Web</h1>
<p className="muted">Sign in with Thalos to access furniture operations.</p>
{session.error && <div className="alert">{session.error}</div>}
<LoginCard />
</main>
);
}
return ( return (
<main className="app"> <main className="app">
<h1>Furniture Web</h1> <h1>Furniture Web</h1>
<p>React baseline wired to its corresponding BFF via an API adapter module.</p> <p className="muted">Availability MVP with protected routes and resilient request handling.</p>
<div className="row">
<input value={contextId} onChange={(event) => setContextId(event.target.value)} /> <section className="card row">
<button type="button" onClick={onLoad} disabled={loading}> <span className="badge">subject: {session.profile.subjectId}</span>
{loading ? 'Loading...' : 'Load'} <span className="badge">tenant: {session.profile.tenantId}</span>
<span className="badge">provider: {providerLabel(session.profile.provider)}</span>
<span className="spacer" />
<button type="button" className="secondary" onClick={() => void session.refresh()}>
Refresh Session
</button> </button>
</div> <button type="button" className="warn" onClick={() => void session.logout()}>
{error && <p>{error}</p>} Logout
<pre>{JSON.stringify(payload, null, 2)}</pre> </button>
</section>
<section className="card tabs" aria-label="route-shell">
<button
type="button"
className={route === 'overview' ? 'active' : undefined}
onClick={() => setRoute('overview')}
>
Availability
</button>
<button
type="button"
className={route === 'actions' ? 'active' : undefined}
onClick={() => setRoute('actions')}
>
Quick Actions
</button>
</section>
{session.error && <div className="alert">{session.error}</div>}
{error && <div className="alert">{error}</div>}
{route === 'overview' && (
<section className="card col">
<div className="row">
<label className="col">
Furniture Id
<input value={furnitureId} onChange={(event) => setFurnitureId(event.target.value)} />
</label>
<button type="button" onClick={() => void loadAvailability()} disabled={loading}>
{loading ? 'Loading...' : 'Load Availability'}
</button>
</div>
<pre>{JSON.stringify(availability, null, 2)}</pre>
</section>
)}
{route === 'actions' && (
<section className="card col">
<strong>Recent lookups</strong>
<div className="row">
{history.length === 0 && <span className="muted">No lookups yet.</span>}
{history.map((item) => (
<button
key={item.furnitureId}
type="button"
className="ghost"
onClick={() => {
setFurnitureId(item.furnitureId);
void loadAvailability(item.furnitureId);
}}
>
{item.furnitureId} ({item.quantityAvailable})
</button>
))}
</div>
<p className="muted">Use quick actions to repeat common availability checks.</p>
</section>
)}
</main> </main>
); );
} }
function LoginCard() {
const session = useSessionContext();
const [subjectId, setSubjectId] = useState('demo-user');
const [tenantId, setTenantId] = useState('demo-tenant');
const [provider, setProvider] = useState<IdentityProvider>(0);
const [externalToken, setExternalToken] = useState('');
const [error, setError] = useState<string | null>(null);
const [submitting, setSubmitting] = useState(false);
const onSubmit = async () => {
setSubmitting(true);
setError(null);
try {
await session.login({ subjectId, tenantId, provider, externalToken });
} catch (err) {
setError(err instanceof Error ? err.message : 'Login failed.');
} finally {
setSubmitting(false);
}
};
return (
<section className="card col">
<div className="grid">
<label className="col">
Subject Id
<input value={subjectId} onChange={(event) => setSubjectId(event.target.value)} />
</label>
<label className="col">
Tenant Id
<input value={tenantId} onChange={(event) => setTenantId(event.target.value)} />
</label>
<label className="col">
Provider
<select value={String(provider)} onChange={(event) => setProvider(Number(event.target.value) as IdentityProvider)}>
<option value="0">Internal JWT</option>
<option value="1">Azure AD (simulated)</option>
<option value="2">Google (simulated)</option>
</select>
</label>
</div>
<label className="col">
External Token (optional)
<input value={externalToken} onChange={(event) => setExternalToken(event.target.value)} />
</label>
<button type="button" onClick={() => void onSubmit()} disabled={submitting}>
{submitting ? 'Signing In...' : 'Sign In'}
</button>
{error && <div className="alert">{error}</div>}
</section>
);
}
function providerLabel(provider: IdentityProvider): string {
if (provider === 0 || provider === '0' || provider === 'InternalJwt') {
return 'Internal JWT';
}
if (provider === 1 || provider === '1' || provider === 'AzureAd') {
return 'Azure AD';
}
if (provider === 2 || provider === '2' || provider === 'Google') {
return 'Google';
}
return String(provider);
}
export default App; export default App;

8
src/api/dashboardApi.test.ts
View File

@ -7,12 +7,12 @@ vi.mock('./client', () => ({
import { getJson } from './client'; import { getJson } from './client';
import { loadDashboard } from './dashboardApi'; import { loadDashboard } from './dashboardApi';
describe('loadDashboard', () => { describe('furniture dashboard api', () => {
it('builds encoded endpoint path and delegates to getJson', async () => { it('builds encoded availability endpoint path', async () => {
vi.mocked(getJson).mockResolvedValue({ ok: true }); vi.mocked(getJson).mockResolvedValue({ ok: true });
await loadDashboard('demo context/1'); await loadDashboard('FURN/001 Demo');
expect(getJson).toHaveBeenCalledWith('/api/furniture/demo%20context%2F1/availability'); expect(getJson).toHaveBeenCalledWith('/api/furniture/FURN%2F001%20Demo/availability');
}); });
}); });

10
src/api/dashboardApi.ts
View File

@ -1,5 +1,11 @@
import { getJson } from './client'; import { getJson } from './client';
export async function loadDashboard(contextId: string): Promise<unknown> { export type FurnitureAvailabilityResponse = {
return getJson(`/api/furniture/${encodeURIComponent(contextId)}/availability`); furnitureId: string;
displayName: string;
quantityAvailable: number;
};
export async function loadDashboard(furnitureId: string): Promise<FurnitureAvailabilityResponse> {
return getJson<FurnitureAvailabilityResponse>(`/api/furniture/${encodeURIComponent(furnitureId)}/availability`);
} }

8
src/api/sessionApi.ts
View File

@ -1,24 +1,26 @@
import { getJson, getThalosAuthBaseUrl, postJson, postNoContent } from './client'; import { getJson, getThalosAuthBaseUrl, postJson, postNoContent } from './client';
export type IdentityProvider = 0 | 1 | 2 | string | number;
export type SessionProfile = { export type SessionProfile = {
isAuthenticated: boolean; isAuthenticated: boolean;
subjectId: string; subjectId: string;
tenantId: string; tenantId: string;
provider: string; provider: IdentityProvider;
}; };
export type SessionLoginRequest = { export type SessionLoginRequest = {
subjectId: string; subjectId: string;
tenantId: string; tenantId: string;
correlationId: string; correlationId: string;
provider: string; provider: IdentityProvider;
externalToken: string; externalToken: string;
}; };
export type SessionLoginResponse = { export type SessionLoginResponse = {
subjectId: string; subjectId: string;
tenantId: string; tenantId: string;
provider: string; provider: IdentityProvider;
expiresInSeconds: number; expiresInSeconds: number;
}; };

120
src/auth/sessionContext.tsx Normal file
View File

@ -0,0 +1,120 @@
import { createContext, type PropsWithChildren, useCallback, useContext, useEffect, useMemo, useState } from 'react';
import { ApiError } from '../api/client';
import {
getSessionMe,
loginSession,
logoutSession,
refreshSession,
type SessionLoginRequest,
type SessionProfile
} from '../api/sessionApi';
export type SessionStatus = 'loading' | 'authenticated' | 'unauthenticated';
type SessionContextValue = {
status: SessionStatus;
profile: SessionProfile | null;
error: string | null;
login: (request: Omit<SessionLoginRequest, 'correlationId'> & { correlationId?: string }) => Promise<void>;
refresh: () => Promise<void>;
logout: () => Promise<void>;
revalidate: () => Promise<void>;
};
const SessionContext = createContext<SessionContextValue | undefined>(undefined);
export function SessionProvider({ children }: PropsWithChildren) {
const [status, setStatus] = useState<SessionStatus>('loading');
const [profile, setProfile] = useState<SessionProfile | null>(null);
const [error, setError] = useState<string | null>(null);
const revalidate = useCallback(async () => {
try {
const me = await getSessionMe();
if (me.isAuthenticated) {
setProfile(me);
setStatus('authenticated');
} else {
setProfile(null);
setStatus('unauthenticated');
}
setError(null);
} catch (err) {
if (err instanceof ApiError && err.status === 401) {
setProfile(null);
setStatus('unauthenticated');
setError(null);
return;
}
const message = err instanceof Error ? err.message : 'Session validation failed.';
setProfile(null);
setStatus('unauthenticated');
setError(message);
}
}, []);
useEffect(() => {
void revalidate();
}, [revalidate]);
const login = useCallback<SessionContextValue['login']>(
async (request) => {
setError(null);
await loginSession({
...request,
correlationId: request.correlationId && request.correlationId.length > 0 ? request.correlationId : createCorrelationId()
});
await revalidate();
},
[revalidate]
);
const refresh = useCallback(async () => {
setError(null);
await refreshSession();
await revalidate();
}, [revalidate]);
const logout = useCallback(async () => {
setError(null);
try {
await logoutSession();
} finally {
setProfile(null);
setStatus('unauthenticated');
}
}, []);
const value = useMemo<SessionContextValue>(
() => ({
status,
profile,
error,
login,
refresh,
logout,
revalidate
}),
[status, profile, error, login, refresh, logout, revalidate]
);
return <SessionContext.Provider value={value}>{children}</SessionContext.Provider>;
}
export function useSessionContext(): SessionContextValue {
const value = useContext(SessionContext);
if (!value) {
throw new Error('useSessionContext must be used within SessionProvider.');
}
return value;
}
function createCorrelationId(): string {
if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {
return crypto.randomUUID();
}
return `corr-${Date.now()}-${Math.random().toString(16).slice(2)}`;
}

25
src/styles.css
View File

@ -77,6 +77,11 @@ button.warn {
background: #b91c1c; background: #b91c1c;
} }
button.ghost {
background: #e2e8f0;
color: #0f172a;
}
button:disabled { button:disabled {
cursor: not-allowed; cursor: not-allowed;
opacity: 0.6; opacity: 0.6;
@ -110,6 +115,26 @@ button:disabled {
font-weight: 600; font-weight: 600;
} }
.tabs {
display: flex;
gap: 0.5rem;
flex-wrap: wrap;
}
.tabs button {
background: #dbeafe;
color: #1e3a8a;
}
.tabs button.active {
background: #1d4ed8;
color: #ffffff;
}
.spacer {
flex: 1;
}
pre { pre {
margin: 0; margin: 0;
background: #0f172a; background: #0f172a;