boss/tests/admin-notification-dispatch-route.test.ts

import test from "node:test";
import assert from "node:assert/strict";
import os from "node:os";
import path from "node:path";
import { mkdtemp, rm } from "node:fs/promises";
import { NextRequest } from "next/server";

let runtimeRoot = "";
let data: typeof import("../src/lib/boss-data");
let authCookie = "";
let postDispatch: (typeof import("../src/app/api/v1/admin/notifications/dispatch/route"))["POST"];
let getOverview: (typeof import("../src/app/api/v1/admin/overview/route"))["GET"];

async function setup() {
  if (runtimeRoot) return;
  runtimeRoot = await mkdtemp(path.join(os.tmpdir(), "boss-admin-notification-dispatch-"));
  process.env.BOSS_RUNTIME_ROOT = runtimeRoot;
  process.env.BOSS_STATE_FILE = path.join(runtimeRoot, "boss-state.json");
  process.env.BOSS_ADMIN_NOTIFICATION_MODE = "disabled";
  const [dataModule, authModule, dispatchRoute, overviewRoute] = await Promise.all([
    import("../src/lib/boss-data.ts"),
    import("../src/lib/boss-auth.ts"),
    import("../src/app/api/v1/admin/notifications/dispatch/route.ts"),
    import("../src/app/api/v1/admin/overview/route.ts"),
  ]);
  data = dataModule;
  authCookie = authModule.AUTH_SESSION_COOKIE;
  postDispatch = dispatchRoute.POST;
  getOverview = overviewRoute.GET;
}

test.after(async () => {
  if (runtimeRoot) await rm(runtimeRoot, { recursive: true, force: true });
});

test.beforeEach(async () => {
  await setup();
  const now = "2026-04-27T18:20:00+08:00";
  const state = await data.readState();
  await data.writeState({
    ...state,
    adminCompanies: [
      {
        companyId: "tenant-a",
        name: "Tenant A",
        ownerAccount: "owner@tenant-a.com",
        successOwnerAccount: "cs@platform.com",
        status: "active",
        createdAt: now,
        updatedAt: now,
      },
    ],
    authAccounts: [
      {
        id: "account-platform",
        account: "platform@example.com",
        passwordHash: "hash",
        displayName: "平台管理员",
        role: "highest_admin",
        createdAt: now,
        updatedAt: now,
      },
      {
        id: "account-owner",
        account: "owner@tenant-a.com",
        passwordHash: "hash",
        displayName: "客户负责人",
        role: "admin",
        companyId: "tenant-a",
        createdAt: now,
        updatedAt: now,
      },
    ],
    adminNotifications: [
      {
        notificationId: "risk-sla-overdue:ops-fault:fault-a",
        kind: "risk_sla_overdue",
        severity: "critical",
        companyId: "tenant-a",
        riskId: "ops-fault:fault-a",
        title: "风险 SLA 已超时：local-agent",
        body: "local-agent 离线超过 SLA",
        status: "open",
        createdAt: now,
      },
    ],
    adminRiskTimeline: [],
  });
});

async function adminRequest(url: string, init: RequestInit = {}) {
  const session = await data.createAuthSession({
    account: "platform@example.com",
    role: "highest_admin",
    displayName: "平台管理员",
    loginMethod: "password",
  });
  return new NextRequest(url, {
    ...init,
    headers: {
      "content-type": "application/json",
      ...(init.headers ?? {}),
      cookie: `${authCookie}=${session.sessionToken}`,
    },
  });
}

test("highest admin can dispatch open risk notifications and persist delivery status", async () => {
  const response = await postDispatch(await adminRequest("http://127.0.0.1:3000/api/v1/admin/notifications/dispatch", {
    method: "POST",
  }));

  assert.equal(response.status, 200);
  const payload = await response.json();
  assert.equal(payload.results.length, 1);
  assert.equal(payload.results[0].notificationId, "risk-sla-overdue:ops-fault:fault-a");
  assert.equal(payload.results[0].status, "disabled");

  const state = await data.readState();
  assert.equal(state.adminNotifications[0]?.deliveryStatus, "disabled");
  assert.equal(state.adminNotifications[0]?.deliveryTarget?.includes("owner@tenant-a.com"), true);
  assert.equal(state.adminRiskTimeline.some((event) => event.action === "notification_dispatch_disabled"), true);
});

test("admin overview exposes recent risk timeline events", async () => {
  await postDispatch(await adminRequest("http://127.0.0.1:3000/api/v1/admin/notifications/dispatch", { method: "POST" }));

  const response = await getOverview(await adminRequest("http://127.0.0.1:3000/api/v1/admin/overview"));
  assert.equal(response.status, 200);
  const payload = await response.json();
  assert.equal(payload.riskTimeline.length > 0, true);
  assert.equal(payload.riskTimeline[0].riskId, "ops-fault:fault-a");
});