webapp-scaffold

Author SHA1 Message Date

Author	SHA1	Message	Date
Uwe Schuster	5ee6894916	#7 : Add tests/e2e/ for the initial password-setup flow (Option A1) Closes the integration gap that let two prior regressions ship: 1. oatpp-authkit query-string 401 (v0.3.3 / commit 46971ac) 2. VITE_BASE blank page (v0.3.6 / commit `b1a13b8`) A1 scope: skips the host-provisioning side of new-project.sh (root, systemd, Apache, Forgejo). Instead clones webapp-template into a tmp dir, builds with VITE_BASE pinned to /projects/tmp-foo/, boots the binary on an ephemeral port, fronts it with an in-process PrefixStrippingProxy that mirrors the production Apache vhost. Tests then drive the same flow a real user would. Files: - tests/e2e/proxy.py — stdlib-only reverse proxy (~100 LOC, ThreadingHTTPServer + urllib). Strips the /projects/<name>/ prefix and sets X-Forwarded-Prefix exactly like Apache's ProxyPass. - tests/e2e/conftest.py — webapp_template_src / built_webapp / boot_app / proxy / admin_token fixtures. Honours WEBAPP_TEMPLATE_DIR + WEBAPP_TEMPLATE_BUILD_DIR env vars so CI can point at a pre-built tree to skip the build step. - tests/e2e/test_password_setup.py — three assertions per #7: - /set-password?token=… returns HTML, not JSON 401 - every <script src>/<link href> resolves through the prefix - /api/* still returns JSON 401 (sanity-check negotiation) No Selenium dependency — the assertions are HTTP-level and reliable in CI without a Chrome/Geckodriver setup. Selenium can be added later for actual form-submission coverage if needed. Test runs are skipped automatically when webapp-template source is absent, so the suite is safe to drop into any pytest invocation. Closes #7 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 22:23:30 +02:00
Uwe Schuster	f4f9289bdc	gitignore: drop accidentally-committed __pycache__/.pytest_cache Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 21:38:32 +02:00
Uwe Schuster	b3b2903c75	#3 : inject-hashed-filenames.py — tag-aware HTML rewrite Replace substring `html.replace(old_src, new_src)` with a regex anchored to <script src="…"> / <link href="…"> attribute values. Inert occurrences in comments, JSON literals, or unrelated attributes are left alone. Loud warning (stderr) when zero matches occur — previously the script silently skipped a typo'd old_src. Also rewrites <link href> in the same pass so adjacent CSS hashing doesn't need a follow-up edit. Tests: tests/test_inject_hashed_filenames.py covers happy path (both quote styles, extra attributes), inert-substring cases (comment, JSON literal, data-attr, anchor href), and link-href rewriting. Closes #3 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 21:38:19 +02:00

5ee6894916

#7 : Add tests/e2e/ for the initial password-setup flow (Option A1)

Closes the integration gap that let two prior regressions ship:
  1. oatpp-authkit query-string 401 (v0.3.3 / commit 46971ac)
  2. VITE_BASE blank page (v0.3.6 / commit b1a13b8)

A1 scope: skips the host-provisioning side of new-project.sh (root,
systemd, Apache, Forgejo). Instead clones webapp-template into a tmp
dir, builds with VITE_BASE pinned to /projects/tmp-foo/, boots the
binary on an ephemeral port, fronts it with an in-process
PrefixStrippingProxy that mirrors the production Apache vhost. Tests
then drive the same flow a real user would.

Files:
- tests/e2e/proxy.py — stdlib-only reverse proxy (~100 LOC,
  ThreadingHTTPServer + urllib). Strips the /projects/<name>/ prefix
  and sets X-Forwarded-Prefix exactly like Apache's ProxyPass.
- tests/e2e/conftest.py — webapp_template_src / built_webapp /
  boot_app / proxy / admin_token fixtures. Honours
  WEBAPP_TEMPLATE_DIR + WEBAPP_TEMPLATE_BUILD_DIR env vars so CI can
  point at a pre-built tree to skip the build step.
- tests/e2e/test_password_setup.py — three assertions per #7:
    - /set-password?token=… returns HTML, not JSON 401
    - every <script src>/<link href> resolves through the prefix
    - /api/* still returns JSON 401 (sanity-check negotiation)

No Selenium dependency — the assertions are HTTP-level and reliable
in CI without a Chrome/Geckodriver setup. Selenium can be added later
for actual form-submission coverage if needed.

Test runs are skipped automatically when webapp-template source is
absent, so the suite is safe to drop into any pytest invocation.

Closes #7

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 22:23:30 +02:00

Uwe Schuster

f4f9289bdc

gitignore: drop accidentally-committed __pycache__/.pytest_cache

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 21:38:32 +02:00

Uwe Schuster

b3b2903c75

#3 : inject-hashed-filenames.py — tag-aware HTML rewrite

Replace substring `html.replace(old_src, new_src)` with a regex anchored
to <script src="…"> / <link href="…"> attribute values. Inert occurrences
in comments, JSON literals, or unrelated attributes are left alone.

Loud warning (stderr) when zero matches occur — previously the script
silently skipped a typo'd old_src.

Also rewrites <link href> in the same pass so adjacent CSS hashing doesn't
need a follow-up edit.

Tests: tests/test_inject_hashed_filenames.py covers happy path (both quote
styles, extra attributes), inert-substring cases (comment, JSON literal,
data-attr, anchor href), and link-href rewriting.

Closes #3

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 21:38:19 +02:00

3 commits