Gandalf/sofarr

Public Access

Fork 0

Files

T

History

gronod e8037afbb8

Build and Push Docker Image / build (push) Successful in 1m7s

Details

Licence Check / Licence compatibility and copyright header verification (push) Successful in 2m20s

Details

CI / Security audit (push) Successful in 2m45s

Details

CI / Tests & coverage (push) Successful in 3m18s

Details

CI / Swagger Validation & Coverage (push) Successful in 3m29s

Details

fix: add arrType field to history items for admin icon display

Add arrType field to Sonarr and Radarr history items for admin users to enable proper icon display in the recently downloaded section. This mirrors the existing behavior in active downloads where arrType is set by DownloadMatcher.

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

2026-05-21 19:31:42 +01:00

frontend

Add frontend unit tests with Vitest + jsdom

2026-05-21 00:07:41 +01:00

integration

fix: add arrType field to history items for admin icon display

2026-05-21 19:31:42 +01:00

unit

fix: make buildUserDownloads async to resolve test failures

2026-05-21 18:58:11 +01:00

README.md

test: add integration and unit tests for dashboard, emby, sonarr, radarr, sabnzbd routes

2026-05-20 21:37:57 +01:00

setup.js

Add MIT copyright headers to all source files

2026-05-19 09:07:42 +01:00

README.md

Testing

Stack

Layer	Tool
Test runner	Vitest v4
HTTP integration	supertest
HTTP interception	nock (intercepts at Node http layer — works with CJS `require('axios')`)
Coverage	V8 (built-in, no Babel needed)

Running tests

# Run all tests once
npm test

# Watch mode (re-runs on file change)
npm run test:watch

# With coverage report
npm run test:coverage

# Interactive UI
npm run test:ui

Coverage output lands in coverage/ (gitignored). Open coverage/index.html for the HTML report.

Structure

tests/
├── setup.js               # Global setup: isolated DATA_DIR, SKIP_RATE_LIMIT, console suppression
├── unit/
│   ├── sanitizeError.test.js  # Secret redaction patterns (API keys, tokens, passwords)
│   ├── config.test.js         # JSON array + legacy single-instance config parsing
│   ├── requireAuth.test.js    # Auth middleware: valid/invalid/tampered cookies
│   ├── verifyCsrf.test.js     # CSRF double-submit cookie pattern + timing-safe compare
│   ├── qbittorrent.test.js    # Pure utils: formatBytes, formatEta, mapTorrentToDownload
│   ├── tokenStore.test.js     # JSON file token store: store/get/clear, TTL expiry
│   └── dashboard.test.js      # Pure helper functions: getCoverArt, extractAllTags,
│                              #   extractUserTag, sanitizeTagLabel, tagMatchesUser,
│                              #   getImportIssues, getSonarrLink, getRadarrLink,
│                              #   canBlocklist, extractEpisode, gatherEpisodes, buildTagBadges
└── integration/
    ├── health.test.js         # GET /health and /ready endpoints
    ├── auth.test.js           # Full login/logout/me/csrf flows via supertest + nock
    ├── history.test.js        # GET /api/history/recent: auth, filtering, deduplication
    ├── webhook.test.js        # POST /api/webhook/sonarr+radarr: secret, validation,
    │                          #   replay protection, metrics, security assertions
    ├── dashboard.test.js      # GET /user-downloads (SAB+Sonarr, SAB+Radarr, qBit, showAll,
    │                          #   paused queue, history, importIssues), GET /status,
    │                          #   GET /webhook-metrics, GET /cover-art, POST /blocklist-search
    ├── emby.test.js           # GET /sessions, /users, /users/:id, /session/:id/user
    └── arrRoutes.test.js      # Sonarr + Radarr: queue, history, series/movies, notifications
                               #   CRUD, /test, /schema, /sofarr-webhook (create + update)
                               # SABnzbd: queue, history

Key design decisions

server/app.js — Express factory extracted from server/index.js. Tests import createApp() without triggering the log-file setup, process.exit() calls, or background poller in the entry point.
nock over vi.mock('axios') — Vitest's vi.mock only intercepts ESM import statements. Since auth.js uses CJS require('axios'), nock (which patches Node's http/https modules) is the correct tool for intercepting outbound requests.
SKIP_RATE_LIMIT=1 — All supertest requests originate from 127.0.0.1, which would quickly exhaust per-IP rate-limit windows. Setting this env var raises the limits to Number.MAX_SAFE_INTEGER in both the API limiter and the login limiter.
Isolated DATA_DIR — Each test worker gets a unique temp directory so tokenStore.js file I/O never conflicts with a running dev server.
createApp({ skipRateLimits: true }) — The app factory accepts an option to disable the general API rate limiter in addition to the env var for the login-specific limiter.

Coverage targets

Global thresholds (enforced in CI via vitest.config.js):

Metric	Threshold
Statements	55%
Functions	55%
Branches	40%
Lines	55%

Notable per-file coverage after the current suite:

File	Lines	Branches	Notes
`server/app.js`	~92%	~71%
`server/routes/auth.js`	~88%	~78%
`server/routes/dashboard.js`	~42%	~25%	SSE `/stream` endpoint intentionally untested
`server/routes/emby.js`	100%	100%
`server/routes/radarr.js`	~87%	~77%
`server/routes/sonarr.js`	~89%	~82%
`server/routes/sabnzbd.js`	100%	100%
`server/routes/webhook.js`	~85%	~79%
`server/middleware/requireAuth.js`	~92%	~81%
`server/middleware/verifyCsrf.js`	100%	80%
`server/utils/sanitizeError.js`	100%	75%
`server/utils/config.js`	~70%	~58%

poller.js (background polling engine) and the SSE /stream endpoint in dashboard.js require time-based behaviour and long-lived HTTP connections; they remain tracked as future test coverage work.