diff --git a/src/lib/integrationTests/testRunner.ts b/src/lib/integrationTests/testRunner.ts index 7f8abc7e..8af3fc8c 100644 --- a/src/lib/integrationTests/testRunner.ts +++ b/src/lib/integrationTests/testRunner.ts @@ -53,9 +53,9 @@ export class IntegrationTestRunner { private onProgress?: (result: TestResult) => void; private delayBetweenTests: number; - constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 5000) { + constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 6000) { this.onProgress = onProgress; - this.delayBetweenTests = delayBetweenTests; // Default 5 seconds to prevent rate limiting + this.delayBetweenTests = delayBetweenTests; // Default 6 seconds to prevent rate limiting } /** @@ -189,6 +189,14 @@ export class IntegrationTestRunner { this.isRunning = true; this.shouldStop = false; + // Track submission-heavy suites for adaptive delays + const submissionHeavySuites = [ + 'Entity Submission & Validation', + 'Approval Pipeline', + 'Unit Conversion Tests', + 'Performance & Scalability' + ]; + for (let i = 0; i < suites.length; i++) { await this.runSuite(suites[i]); @@ -196,30 +204,39 @@ export class IntegrationTestRunner { break; } - // Add delay between suites to prevent rate limiting + // Add delay between suites with adaptive timing if (i < suites.length - 1 && this.delayBetweenTests > 0) { - const delaySeconds = this.delayBetweenTests / 1000; + // Longer delay after submission-heavy suites + const isHeavySuite = submissionHeavySuites.includes(suites[i].name); + const delayMs = isHeavySuite + ? this.delayBetweenTests * 2 // 12s delay after heavy suites + : this.delayBetweenTests; // 6s delay after others + + const delaySeconds = delayMs / 1000; const delayResult: TestResult = { id: `suite-delay-${Date.now()}`, - name: `⏳ Suite completion delay: ${delaySeconds}s`, + name: `⏳ Suite completion delay: ${delaySeconds}s${isHeavySuite ? ' (submission-heavy)' : ''}`, suite: 'System', status: 'running', duration: 0, timestamp: new Date().toISOString(), - details: { reason: 'Pausing between suites to prevent rate limiting' } + details: { + reason: 'Pausing between suites to prevent rate limiting', + isSubmissionHeavy: isHeavySuite + } }; if (this.onProgress) { this.onProgress(delayResult); } - await this.delay(this.delayBetweenTests); + await this.delay(delayMs); if (this.onProgress) { this.onProgress({ ...delayResult, status: 'skip', - duration: this.delayBetweenTests, + duration: delayMs, details: { reason: 'Suite delay completed' } }); } diff --git a/supabase/migrations/20251110183330_cde376ea-2cd2-4c47-84c1-1ad32367ea54.sql b/supabase/migrations/20251110183330_cde376ea-2cd2-4c47-84c1-1ad32367ea54.sql new file mode 100644 index 00000000..8c376afe --- /dev/null +++ b/supabase/migrations/20251110183330_cde376ea-2cd2-4c47-84c1-1ad32367ea54.sql @@ -0,0 +1,444 @@ +-- ============================================================================ +-- Phase 8: Fix RLS Policies, SQL Schema, and Rate Limiting +-- ============================================================================ +-- This migration addresses critical test failures: +-- 1. Adds missing INSERT policies for submission tables (26 tests) +-- 2. Fixes ride_type → category column references (2 tests) +-- ============================================================================ + +-- ============================================================================ +-- PART 1: Add INSERT Policies for Submission Tables +-- ============================================================================ + +-- Park Submissions: Users can insert their own submissions +CREATE POLICY "park_submissions_insert_own" +ON public.park_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + EXISTS ( + SELECT 1 FROM content_submissions cs + WHERE cs.id = submission_id + AND cs.user_id = auth.uid() + ) +); + +-- Park Submissions: Moderators can insert any submissions +CREATE POLICY "park_submissions_insert_moderators" +ON public.park_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + is_moderator(auth.uid()) +); + +-- Ride Submissions: Users can insert their own submissions +CREATE POLICY "ride_submissions_insert_own" +ON public.ride_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + EXISTS ( + SELECT 1 FROM content_submissions cs + WHERE cs.id = submission_id + AND cs.user_id = auth.uid() + ) +); + +-- Ride Submissions: Moderators can insert any submissions +CREATE POLICY "ride_submissions_insert_moderators" +ON public.ride_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + is_moderator(auth.uid()) +); + +-- Company Submissions: Users can insert their own submissions +CREATE POLICY "company_submissions_insert_own" +ON public.company_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + EXISTS ( + SELECT 1 FROM content_submissions cs + WHERE cs.id = submission_id + AND cs.user_id = auth.uid() + ) +); + +-- Company Submissions: Moderators can insert any submissions +CREATE POLICY "company_submissions_insert_moderators" +ON public.company_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + is_moderator(auth.uid()) +); + +-- Ride Model Submissions: Users can insert their own submissions +CREATE POLICY "ride_model_submissions_insert_own" +ON public.ride_model_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + EXISTS ( + SELECT 1 FROM content_submissions cs + WHERE cs.id = submission_id + AND cs.user_id = auth.uid() + ) +); + +-- Ride Model Submissions: Moderators can insert any submissions +CREATE POLICY "ride_model_submissions_insert_moderators" +ON public.ride_model_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + is_moderator(auth.uid()) +); + +-- Photo Submissions: Users can insert their own submissions +CREATE POLICY "photo_submissions_insert_own" +ON public.photo_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + EXISTS ( + SELECT 1 FROM content_submissions cs + WHERE cs.id = submission_id + AND cs.user_id = auth.uid() + ) +); + +-- Photo Submissions: Moderators can insert any submissions +CREATE POLICY "photo_submissions_insert_moderators" +ON public.photo_submissions +FOR INSERT +TO authenticated +WITH CHECK ( + is_moderator(auth.uid()) +); + +-- ============================================================================ +-- PART 2: Fix SQL Column Names (ride_type → category) +-- ============================================================================ + +DROP FUNCTION IF EXISTS process_approval_transaction(UUID, UUID[], UUID, UUID, TEXT, TEXT, TEXT); + +CREATE OR REPLACE FUNCTION process_approval_transaction( + p_submission_id UUID, + p_item_ids UUID[], + p_moderator_id UUID, + p_submitter_id UUID, + p_request_id TEXT DEFAULT NULL, + p_trace_id TEXT DEFAULT NULL, + p_parent_span_id TEXT DEFAULT NULL +) +RETURNS JSONB +LANGUAGE plpgsql +SECURITY DEFINER +SET search_path = public +AS $$ +DECLARE + v_start_time TIMESTAMPTZ; + v_result JSONB; + v_item RECORD; + v_item_data JSONB; + v_resolved_refs JSONB; + v_entity_id UUID; + v_approval_results JSONB[] := ARRAY[]::JSONB[]; + v_final_status TEXT; + v_all_approved BOOLEAN := TRUE; + v_some_approved BOOLEAN := FALSE; + v_items_processed INTEGER := 0; + v_span_id TEXT; +BEGIN + v_start_time := clock_timestamp(); + v_span_id := gen_random_uuid()::text; + + -- Log span start with trace context + IF p_trace_id IS NOT NULL THEN + RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "parentSpanId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "startTime": %, "attributes": {"submission.id": "%", "item_count": %}}', + v_span_id, + p_trace_id, + p_parent_span_id, + EXTRACT(EPOCH FROM v_start_time) * 1000, + p_submission_id, + array_length(p_item_ids, 1); + END IF; + + RAISE NOTICE '[%] Starting atomic approval transaction for submission %', + COALESCE(p_request_id, 'NO_REQUEST_ID'), + p_submission_id; + + -- ======================================================================== + -- STEP 1: Set session variables (transaction-scoped with is_local=true) + -- ======================================================================== + PERFORM set_config('app.current_user_id', p_submitter_id::text, true); + PERFORM set_config('app.submission_id', p_submission_id::text, true); + PERFORM set_config('app.moderator_id', p_moderator_id::text, true); + + -- ======================================================================== + -- STEP 2: Validate submission ownership and lock status + -- ======================================================================== + IF NOT EXISTS ( + SELECT 1 FROM content_submissions + WHERE id = p_submission_id + AND (assigned_to = p_moderator_id OR assigned_to IS NULL) + AND status IN ('pending', 'partially_approved') + ) THEN + RAISE EXCEPTION 'Submission not found, locked by another moderator, or already processed' + USING ERRCODE = '42501'; + END IF; + + -- ======================================================================== + -- STEP 3: Process each item sequentially within this transaction + -- ======================================================================== + FOR v_item IN + SELECT + si.*, + ps.name as park_name, + ps.slug as park_slug, + ps.description as park_description, + ps.park_type, + ps.status as park_status, + ps.location_id, + ps.operator_id, + ps.property_owner_id, + ps.opening_date as park_opening_date, + ps.closing_date as park_closing_date, + ps.opening_date_precision as park_opening_date_precision, + ps.closing_date_precision as park_closing_date_precision, + ps.website_url as park_website_url, + ps.phone as park_phone, + ps.email as park_email, + ps.banner_image_url as park_banner_image_url, + ps.banner_image_id as park_banner_image_id, + ps.card_image_url as park_card_image_url, + ps.card_image_id as park_card_image_id, + rs.name as ride_name, + rs.slug as ride_slug, + rs.park_id as ride_park_id, + rs.category as ride_category, + rs.status as ride_status, + rs.manufacturer_id, + rs.ride_model_id, + rs.opening_date as ride_opening_date, + rs.closing_date as ride_closing_date, + rs.opening_date_precision as ride_opening_date_precision, + rs.closing_date_precision as ride_closing_date_precision, + rs.description as ride_description, + rs.banner_image_url as ride_banner_image_url, + rs.banner_image_id as ride_banner_image_id, + rs.card_image_url as ride_card_image_url, + rs.card_image_id as ride_card_image_id, + cs.name as company_name, + cs.slug as company_slug, + cs.description as company_description, + cs.website_url as company_website_url, + cs.founded_year, + cs.banner_image_url as company_banner_image_url, + cs.banner_image_id as company_banner_image_id, + cs.card_image_url as company_card_image_url, + cs.card_image_id as company_card_image_id, + rms.name as ride_model_name, + rms.slug as ride_model_slug, + rms.manufacturer_id as ride_model_manufacturer_id, + rms.category as ride_model_category, + rms.description as ride_model_description, + rms.banner_image_url as ride_model_banner_image_url, + rms.banner_image_id as ride_model_banner_image_id, + rms.card_image_url as ride_model_card_image_url, + rms.card_image_id as ride_model_card_image_id, + phs.entity_id as photo_entity_id, + phs.entity_type as photo_entity_type, + phs.title as photo_title + FROM submission_items si + LEFT JOIN park_submissions ps ON si.park_submission_id = ps.id + LEFT JOIN ride_submissions rs ON si.ride_submission_id = rs.id + LEFT JOIN company_submissions cs ON si.company_submission_id = cs.id + LEFT JOIN ride_model_submissions rms ON si.ride_model_submission_id = rms.id + LEFT JOIN photo_submissions phs ON si.photo_submission_id = phs.id + WHERE si.id = ANY(p_item_ids) + ORDER BY si.order_index, si.created_at + LOOP + BEGIN + v_items_processed := v_items_processed + 1; + + -- Log item processing span event + IF p_trace_id IS NOT NULL THEN + RAISE NOTICE 'SPAN_EVENT: {"traceId": "%", "parentSpanId": "%", "name": "process_item", "timestamp": %, "attributes": {"item.id": "%", "item.type": "%", "item.action": "%"}}', + p_trace_id, + v_span_id, + EXTRACT(EPOCH FROM clock_timestamp()) * 1000, + v_item.id, + v_item.item_type, + v_item.action_type; + END IF; + + -- Build item data based on entity type + IF v_item.item_type = 'park' THEN + v_item_data := jsonb_build_object( + 'name', v_item.park_name, + 'slug', v_item.park_slug, + 'description', v_item.park_description, + 'park_type', v_item.park_type, + 'status', v_item.park_status, + 'location_id', v_item.location_id, + 'operator_id', v_item.operator_id, + 'property_owner_id', v_item.property_owner_id, + 'opening_date', v_item.park_opening_date, + 'closing_date', v_item.park_closing_date, + 'opening_date_precision', v_item.park_opening_date_precision, + 'closing_date_precision', v_item.park_closing_date_precision, + 'website_url', v_item.park_website_url, + 'phone', v_item.park_phone, + 'email', v_item.park_email, + 'banner_image_url', v_item.park_banner_image_url, + 'banner_image_id', v_item.park_banner_image_id, + 'card_image_url', v_item.park_card_image_url, + 'card_image_id', v_item.park_card_image_id + ); + ELSIF v_item.item_type = 'ride' THEN + v_item_data := jsonb_build_object( + 'name', v_item.ride_name, + 'slug', v_item.ride_slug, + 'park_id', v_item.ride_park_id, + 'category', v_item.ride_category, + 'status', v_item.ride_status, + 'manufacturer_id', v_item.manufacturer_id, + 'ride_model_id', v_item.ride_model_id, + 'opening_date', v_item.ride_opening_date, + 'closing_date', v_item.ride_closing_date, + 'opening_date_precision', v_item.ride_opening_date_precision, + 'closing_date_precision', v_item.ride_closing_date_precision, + 'description', v_item.ride_description, + 'banner_image_url', v_item.ride_banner_image_url, + 'banner_image_id', v_item.ride_banner_image_id, + 'card_image_url', v_item.ride_card_image_url, + 'card_image_id', v_item.ride_card_image_id + ); + ELSIF v_item.item_type = 'company' THEN + v_item_data := jsonb_build_object( + 'name', v_item.company_name, + 'slug', v_item.company_slug, + 'description', v_item.company_description, + 'website_url', v_item.company_website_url, + 'founded_year', v_item.founded_year, + 'banner_image_url', v_item.company_banner_image_url, + 'banner_image_id', v_item.company_banner_image_id, + 'card_image_url', v_item.company_card_image_url, + 'card_image_id', v_item.company_card_image_id + ); + ELSIF v_item.item_type = 'ride_model' THEN + v_item_data := jsonb_build_object( + 'name', v_item.ride_model_name, + 'slug', v_item.ride_model_slug, + 'manufacturer_id', v_item.ride_model_manufacturer_id, + 'category', v_item.ride_model_category, + 'description', v_item.ride_model_description, + 'banner_image_url', v_item.ride_model_banner_image_url, + 'banner_image_id', v_item.ride_model_banner_image_id, + 'card_image_url', v_item.ride_model_card_image_url, + 'card_image_id', v_item.ride_model_card_image_id + ); + ELSIF v_item.item_type = 'photo' THEN + v_item_data := jsonb_build_object( + 'entity_id', v_item.photo_entity_id, + 'entity_type', v_item.photo_entity_type, + 'title', v_item.photo_title + ); + ELSE + RAISE EXCEPTION 'Unknown item type: %', v_item.item_type; + END IF; + + -- Resolve temporary references + v_resolved_refs := resolve_temp_references(v_item_data, p_submission_id); + + -- Perform the action + IF v_item.action_type = 'create' THEN + v_entity_id := perform_create(v_item.item_type, v_resolved_refs, p_submitter_id, p_submission_id); + ELSIF v_item.action_type = 'update' THEN + IF v_item.entity_id IS NULL THEN + RAISE EXCEPTION 'Update action requires entity_id'; + END IF; + PERFORM perform_update(v_item.item_type, v_item.entity_id, v_resolved_refs, p_submitter_id, p_submission_id); + v_entity_id := v_item.entity_id; + ELSE + RAISE EXCEPTION 'Unknown action type: %', v_item.action_type; + END IF; + + -- Update submission_item with approved entity + UPDATE submission_items + SET approved_entity_id = v_entity_id, + approved_at = now(), + status = 'approved' + WHERE id = v_item.id; + + -- Track approval results + v_approval_results := array_append(v_approval_results, jsonb_build_object( + 'item_id', v_item.id, + 'status', 'approved', + 'entity_id', v_entity_id + )); + + v_some_approved := TRUE; + + EXCEPTION + WHEN OTHERS THEN + -- Log the error + RAISE WARNING 'Failed to process item %: % - %', v_item.id, SQLERRM, SQLSTATE; + + -- Track failure + v_approval_results := array_append(v_approval_results, jsonb_build_object( + 'item_id', v_item.id, + 'status', 'failed', + 'error', SQLERRM + )); + + v_all_approved := FALSE; + + -- Re-raise to rollback transaction + RAISE; + END; + END LOOP; + + -- ======================================================================== + -- STEP 4: Update submission status + -- ======================================================================== + IF v_all_approved THEN + v_final_status := 'approved'; + ELSIF v_some_approved THEN + v_final_status := 'partially_approved'; + ELSE + v_final_status := 'rejected'; + END IF; + + UPDATE content_submissions + SET status = v_final_status, + resolved_at = CASE WHEN v_all_approved THEN now() ELSE NULL END, + reviewer_id = p_moderator_id, + reviewed_at = now() + WHERE id = p_submission_id; + + -- Log span end + IF p_trace_id IS NOT NULL THEN + RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "endTime": %, "attributes": {"items_processed": %, "final_status": "%"}}', + v_span_id, + p_trace_id, + EXTRACT(EPOCH FROM clock_timestamp()) * 1000, + v_items_processed, + v_final_status; + END IF; + + -- Return result + RETURN jsonb_build_object( + 'success', v_all_approved, + 'status', v_final_status, + 'items_processed', v_items_processed, + 'results', v_approval_results, + 'duration_ms', EXTRACT(EPOCH FROM (clock_timestamp() - v_start_time)) * 1000 + ); +END; +$$; \ No newline at end of file