feat: add feature flags (#1205)

## Ticket(s) lié(s)

<!-- If you have a Jira Ticket / Sentry Ticket / GitHub Issue -->

## Description

Mise en place du mécanisme de feature flags (FF) en base de données.

- Récupération des Feature flags lors du login (dans le profile
utilisateur)
- Déplacement des tests unitaires de login vers les tests d'intégrations

## Screenshot / liens loom 

## Check-list

 - [ ] Ma branche est rebase sur main
- [ ] Des tests ont été écrits pour tous les endpoints créés ou modifiés
 - [ ] Refacto "à la volée" des parties sur lesquelles j'ai codée
 - [ ] Plus de `console.log`
- [ ] J'ai ajouté une validation de schéma sur la route que j'ai ajouté
ou modifié
 - [ ] J'ai converti les fichiers vue en `<script lang="ts">`
 - [ ] Mon code est en Typescript (autant que possible)

**Testing instructions**

<!--
Explain how another dev can test this PR. Create a workflow using
checkboxes to explain how to run your code and the expected outputs:

    ${{ Test the following }}
    - [x] ${{ QA Scenario 1 }}
    - [x] ${{ QA Scenario 2 }}
    - [x] ${{ QA Scenario 3 }}
-->

Author: achorein

.npmrc

@@ -1,6 +1,6 @@
 # pnpm (workspace-wide)
 # Supply-chain hardening: avoid installing packages that are too fresh
-minimum-release-age=103680
+minimum-release-age=40000
 # Ensure monorepo workspace packages are linked instead of fetched from the registry
 link-workspace-packages=true
 prefer-workspace-packages=true

.talismanrc

@@ -15,3 +15,7 @@ process.env.PG_VAO_CIPHER_DATA =
 process.env.S3_BUCKET_NAME = "vao";
 
 process.env.DEBUG = "*warn*";
+process.env.TOKEN_SECRET_FO = "test";
+process.env.TOKEN_SECRET_BO = "test";
+process.env.TOKEN_SECRET = "test";
+process.env.TOKEN_SECRET_LINK = "test";

packages/backend/jest.setup.js

@@ -13,7 +13,8 @@
     "test:debug": "corepack pnpm rebuild @sentry/profiling-node && jest --config=jest.config.js --debug --detectOpenHandles",
     "test:watch": "corepack pnpm rebuild @sentry/profiling-node && jest --config=jest.config.js --watch",
     "test:coverage": "corepack pnpm rebuild @sentry/profiling-node && jest --config=jest.config.js --coverage",
-    "build": "tsc -b ./tsconfig.json"
+    "build": "tsc -b ./tsconfig.json",
+    "typecheck": "tsc --noEmit"
   },
   "lint-staged": {
     "src/**/*.{js,ts}": "corepack pnpm exec eslint"
@@ -22,6 +23,7 @@
     "@aws-sdk/client-s3": "^3.649.0",
     "@sentry/node": "^8.49.0",
     "@sentry/profiling-node": "^8.49.0",
+    "@types/supertest": "^6.0.2",
     "@vao/shared-bridge": "workspace:^",
     "axios": "^1.7.4",
     "body-parser": "~1.20.3",

packages/backend/package.json

@@ -3,7 +3,7 @@ import request from "supertest";
 
 import app from "../../app";
 import config from "../../config";
-// @ts-expect-error js file
+// @ts-expect-error: js file
 import jwtMiddleware from "../../middlewares/bo-check-JWT-without-CGU";
 import { createAdminUserValide } from "../helper/fixtures/userHelper";
 import {

packages/backend/src/__tests__/admin/accept-cgu.test.ts

@@ -0,0 +1,91 @@
+import { ERRORS_LOGIN } from "@vao/shared-bridge";
+import crypto from "crypto";
+import request from "supertest";
+
+import app from "../../app";
+import config from "../../config";
+import { UsersRepository as AdminUsersRepository } from "../../repositories/admin/Users";
+import {
+  createTestContainer,
+  removeTestContainer,
+} from "../helper/testContainer";
+
+beforeAll(async () => {
+  await createTestContainer();
+
+  config.tokenSecret_BO = crypto.randomBytes(32).toString("hex");
+  config.algorithm = "HS256";
+  config.accessToken.expiresIn = 60000;
+  config.refreshToken.expiresIn = 120000;
+});
+
+afterAll(async () => {
+  await removeTestContainer();
+});
+
+describe("POST /bo-authentication/email/login", () => {
+  it("should login a validated admin user and set BO cookies", async () => {
+    const password = "HelloHello1!!";
+    const timestamp = Date.now();
+    const email = `bologin${timestamp}@example.com`;
+
+    const { user: createdUsers } = await AdminUsersRepository.create({
+      user: {
+        cgu_accepted: true,
+        cgu_accepted_at: new Date(),
+        deleted: false,
+        email,
+        nom: "BoNom",
+        password,
+        prenom: "BoPrenom",
+        ter_code: "FRA",
+        validated: true,
+      },
+    });
+
+    expect(createdUsers[0]).toBeDefined();
+
+    const response = await request(app)
+      .post("/bo-authentication/email/login")
+      .send({ email, password });
+
+    expect(response.status).toBe(200);
+    expect(response.body.user).toBeDefined();
+    expect(response.body.user.email).toBe(email);
+    expect(response.body.user.featureFlags).toBeDefined();
+
+    const setCookieHeader = response.headers["set-cookie"] || [];
+    expect(setCookieHeader).toEqual(
+      expect.arrayContaining([
+        expect.stringContaining("VAO_BO_access_token="),
+        expect.stringContaining("VAO_BO_refresh_token="),
+      ]),
+    );
+  });
+
+  it("should return 404 when admin user does not exist", async () => {
+    const password = "SomePassword1!!";
+    const timestamp = Date.now();
+    const email = `bo-login-not-found-${timestamp}@example.com`;
+
+    const response = await request(app)
+      .post("/bo-authentication/email/login")
+      .send({ email, password });
+
+    expect(response.status).toBe(404);
+    expect(response.body.name).toBe(ERRORS_LOGIN.WrongCredentials);
+  });
+
+  it("should return 400 when payload is invalid", async () => {
+    const timestamp = Date.now();
+    const email = `bo-login-bad-payload-${timestamp}@example.com`;
+
+    const response = await request(app)
+      .post("/bo-authentication/email/login")
+      // missing password
+      .send({ email });
+
+    expect(response.status).toBe(400);
+    expect(response.body.name).toBe("AppError");
+  });
+});

packages/backend/src/__tests__/admin/authentication.test.ts

@@ -1,4 +1,5 @@
-import { NextFunction } from "express";
+import { UserDto } from "@vao/shared-bridge";
+import { NextFunction, Response } from "express";
 import request from "supertest";
 
 import app from "../../app";
@@ -14,8 +15,8 @@ import {
 let authUser = { id: 1, role: "admin" };
 
 jest.mock("../../middlewares/common/checkJWT", () => {
-  return async (req: UserRequest, _res: Response, next: NextFunction) => {
-    req.decoded = authUser as any;
+  return async (req: UserRequest, res: Response, next: NextFunction) => {
+    req.decoded = authUser as unknown as UserDto;
     next();
   };
 });

packages/backend/src/__tests__/admin/herbergement.test.ts

@@ -26,7 +26,7 @@ export const createUsagersUser = async (user = {}) => {
     terCode: "FRA",
     ...user,
   };
-  const result = await createFrontUserService(fixture);
+  const result = await createFrontUserService(fixture as any);
   return result.user;
 };
 

packages/backend/src/__tests__/helper/fixtures/userHelper.ts

@@ -1,10 +1,7 @@
-// import { statusUserFront } from "@vao/shared-bridge";
-import crypto from "crypto";
 import request from "supertest";
 
 import app from "../../app";
-import config from "../../config";
-// @ts-expect-error js file
+// @ts-expect-error: js file
 import jwtMiddleware from "../../middlewares/checkJWTWithoutCGU";
 import { createUsagersUserValide } from "../helper/fixtures/userHelper";
 import {
@@ -16,16 +13,10 @@ const mockJwtMiddleware = jwtMiddleware as jest.Mock;
 jest.mock("../../middlewares/checkJWTWithoutCGU", () => jest.fn());
 
 let user: any;
-// const userFixtureComplement = {
-//   cgu_accepted: false,
-//   status_code: statusUserFront.VALIDATED,
-// };
 
 beforeAll(async () => {
   await createTestContainer();
   user = await createUsagersUserValide();
-  // Surcharger la clé secrète pour les tests car elle est défini par environnement
-  config.tokenSecret_FO = crypto.randomBytes(32).toString("hex");
 });
 
 beforeEach(() => {