Closes the integration gap that let two prior regressions ship:
1. oatpp-authkit query-string 401 (v0.3.3 / commit 46971ac)
2. VITE_BASE blank page (v0.3.6 / commit b1a13b8)
A1 scope: skips the host-provisioning side of new-project.sh (root,
systemd, Apache, Forgejo). Instead clones webapp-template into a tmp
dir, builds with VITE_BASE pinned to /projects/tmp-foo/, boots the
binary on an ephemeral port, fronts it with an in-process
PrefixStrippingProxy that mirrors the production Apache vhost. Tests
then drive the same flow a real user would.
Files:
- tests/e2e/proxy.py — stdlib-only reverse proxy (~100 LOC,
ThreadingHTTPServer + urllib). Strips the /projects/<name>/ prefix
and sets X-Forwarded-Prefix exactly like Apache's ProxyPass.
- tests/e2e/conftest.py — webapp_template_src / built_webapp /
boot_app / proxy / admin_token fixtures. Honours
WEBAPP_TEMPLATE_DIR + WEBAPP_TEMPLATE_BUILD_DIR env vars so CI can
point at a pre-built tree to skip the build step.
- tests/e2e/test_password_setup.py — three assertions per #7:
- /set-password?token=… returns HTML, not JSON 401
- every <script src>/<link href> resolves through the prefix
- /api/* still returns JSON 401 (sanity-check negotiation)
No Selenium dependency — the assertions are HTTP-level and reliable
in CI without a Chrome/Geckodriver setup. Selenium can be added later
for actual form-submission coverage if needed.
Test runs are skipped automatically when webapp-template source is
absent, so the suite is safe to drop into any pytest invocation.
Closes#7
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Uwe Schuster
5ee6894916