pagopa · tpetrucciani · Apr 29, 2025
@@ -5,7 +5,8 @@
   "main": "dist",
   "type": "module",
   "scripts": {
-    "test": "vitest --config vitest.integration.config.ts",
+    "test:api": "vitest --config vitest.api.config.ts",
+    "test:integration": "vitest --config vitest.integration.config.ts",
     "lint": "eslint . --ext .ts,.tsx",
     "lint:autofix": "eslint . --ext .ts,.tsx --fix",
     "format:check": "prettier --check src",
@@ -23,13 +24,15 @@
     "@pagopa/eslint-config": "3.0.0",
     "@types/express": "4.17.21",
     "@types/node": "20.14.6",
+    "@types/supertest": "6.0.2",
     "cpx2": "7.0.1",
     "date-fns": "3.6.0",
     "openapi-zod-client": "1.18.1",
     "pagopa-interop-commons-test": "workspace:*",
     "pg-promise": "11.8.0",
     "prettier": "2.8.8",
     "puppeteer": "22.11.2",
+    "supertest": "7.0.0",
     "testcontainers": "10.9.0",
     "tsx": "4.19.1",
     "typescript": "5.4.5",

@@ -1,6 +1,10 @@
 import {
+  ReadModelRepository,
   authenticationMiddleware,
   contextMiddleware,
+  initDB,
+  initFileManager,
+  initPDFGenerator,
   loggerMiddleware,
   zodiosCtx,
 } from "pagopa-interop-commons";
@@ -12,21 +16,57 @@ import { serviceName as modelsServiceName } from "pagopa-interop-models";
 import healthRouter from "./routers/HealthRouter.js";
 import agreementRouter from "./routers/AgreementRouter.js";
 import { config } from "./config/config.js";
+import {
+  AgreementService,
+  agreementServiceBuilder,
+} from "./services/agreementService.js";
+import { readModelServiceBuilder } from "./services/readModelService.js";
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+const createDefaultAgreementService = async () => {
+  const readModelService = readModelServiceBuilder(
+    ReadModelRepository.init(config)
+  );
+  const pdfGenerator = await initPDFGenerator();
+
+  return agreementServiceBuilder(
+    initDB({
+      username: config.eventStoreDbUsername,
+      password: config.eventStoreDbPassword,
+      host: config.eventStoreDbHost,
+      port: config.eventStoreDbPort,
+      database: config.eventStoreDbName,
+      schema: config.eventStoreDbSchema,
+      useSSL: config.eventStoreDbUseSSL,
+    }),
+    readModelService,
+    initFileManager(config),
+    pdfGenerator
+  );
+};
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+export async function createApp(service?: AgreementService) {
+  const serviceName = modelsServiceName.AGREEMENT_PROCESS;
 
-const serviceName = modelsServiceName.AGREEMENT_PROCESS;
+  const router =
+    service != null
+      ? agreementRouter(zodiosCtx, service)
+      : agreementRouter(zodiosCtx, await createDefaultAgreementService());
 
-const app = zodiosCtx.app();
+  const app = zodiosCtx.app();
 
-// Disable the "X-Powered-By: Express" HTTP header for security reasons.
-// See https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_16
-app.disable("x-powered-by");
+  // Disable the "X-Powered-By: Express" HTTP header for security reasons.
+  // See https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_16
+  app.disable("x-powered-by");
 
-app.use(healthRouter);
-app.use(contextMiddleware(serviceName));
-app.use(await applicationAuditBeginMiddleware(serviceName, config));
-app.use(await applicationAuditEndMiddleware(serviceName, config));
-app.use(authenticationMiddleware(config));
-app.use(loggerMiddleware(serviceName));
-app.use(agreementRouter(zodiosCtx));
+  app.use(healthRouter);
+  app.use(contextMiddleware(serviceName));
+  app.use(await applicationAuditBeginMiddleware(serviceName, config));
+  app.use(await applicationAuditEndMiddleware(serviceName, config));
+  app.use(authenticationMiddleware(config));
+  app.use(loggerMiddleware(serviceName));
+  app.use(router);
 
-export default app;
+  return app;
+}
@@ -1,5 +1,5 @@
 import { startServer } from "pagopa-interop-commons";
 import { config } from "./config/config.js";
-import app from "./app.js";
+import { createApp } from "./app.js";
 
-startServer(app, config);
+startServer(await createApp(), config);
@@ -2,11 +2,7 @@ import { ZodiosEndpointDefinitions } from "@zodios/core";
 import { ZodiosRouter } from "@zodios/express";
 import {
   ExpressContext,
-  ReadModelRepository,
   ZodiosContext,
-  initDB,
-  initFileManager,
-  initPDFGenerator,
   zodiosValidationErrorToApiProblem,
   fromAppContext,
   authRole,
@@ -27,9 +23,7 @@ import {
   apiAgreementStateToAgreementState,
   fromApiCompactTenant,
 } from "../model/domain/apiConverter.js";
-import { agreementServiceBuilder } from "../services/agreementService.js";
-import { readModelServiceBuilder } from "../services/readModelService.js";
-import { config } from "../config/config.js";
+import { AgreementService } from "../services/agreementService.js";
 import {
   activateAgreementErrorMapper,
   addConsumerDocumentErrorMapper,
@@ -50,26 +44,6 @@ import {
 } from "../utilities/errorMappers.js";
 import { makeApiProblem } from "../model/domain/errors.js";
 
-const readModelService = readModelServiceBuilder(
-  ReadModelRepository.init(config)
-);
-const pdfGenerator = await initPDFGenerator();
-
-const agreementService = agreementServiceBuilder(
-  initDB({
-    username: config.eventStoreDbUsername,
-    password: config.eventStoreDbPassword,
-    host: config.eventStoreDbHost,
-    port: config.eventStoreDbPort,
-    database: config.eventStoreDbName,
-    schema: config.eventStoreDbSchema,
-    useSSL: config.eventStoreDbUseSSL,
-  }),
-  readModelService,
-  initFileManager(config),
-  pdfGenerator
-);
-
 const {
   ADMIN_ROLE,
   SECURITY_ROLE,
@@ -80,7 +54,8 @@ const {
 } = authRole;
 
 const agreementRouter = (
-  ctx: ZodiosContext
+  ctx: ZodiosContext,
+  agreementService: AgreementService
 ): ZodiosRouter<ZodiosEndpointDefinitions, ExpressContext> => {
   const agreementRouter = ctx.router(agreementApi.agreementApi.api, {
     validationErrorHandler: zodiosValidationErrorToApiProblem,

@@ -0,0 +1,6 @@
+{
+  "extends": ["../../../.eslintrc.cjs"],
+  "rules": {
+    "functional/immutable-data": "off"
+  }
+}
@@ -0,0 +1,158 @@
+/* eslint-disable @typescript-eslint/explicit-function-return-type */
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import {
+  DelegationId,
+  agreementState,
+  generateId,
+} from "pagopa-interop-models";
+import { generateToken, getMockAgreement } from "pagopa-interop-commons-test";
+import { authRole } from "pagopa-interop-commons";
+import request from "supertest";
+import { agreementApi } from "pagopa-interop-api-clients";
+import { api, agreementService } from "../vitest.api.setup.js";
+import { agreementToApiAgreement } from "../../src/model/domain/apiConverter.js";
+import {
+  agreementActivationFailed,
+  agreementAlreadyExists,
+  agreementNotFound,
+  agreementNotInExpectedState,
+  descriptorNotInExpectedState,
+  notLatestEServiceDescriptor,
+  organizationIsNotTheDelegateProducer,
+  organizationIsNotTheProducer,
+  organizationNotAllowed,
+} from "../../src/model/domain/errors.js";
+
+describe("API POST /agreements/{agreementId}/activate test", () => {
+  const mockAgreement = getMockAgreement();
+
+  const apiResponse = agreementApi.Agreement.parse(
+    agreementToApiAgreement(mockAgreement)
+  );
+
+  beforeEach(() => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockResolvedValue(mockAgreement);
+  });
+
+  const makeRequest = async (
+    token: string,
+    agreementId: string = mockAgreement.id
+  ) =>
+    request(api)
+      .post(`/agreements/${agreementId}/activate`)
+      .set("Authorization", `Bearer ${token}`)
+      .set("X-Correlation-Id", generateId());
+
+  it("Should return 200 for user with role Admin", async () => {
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(200);
+    expect(res.body).toEqual(apiResponse);
+  });
+
+  it.each(
+    Object.values(authRole).filter((role) => role !== authRole.ADMIN_ROLE)
+  )("Should return 403 for user with role %s", async (role) => {
+    const token = generateToken(role);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(403);
+  });
+
+  it("Should return 400 for notLatestEServiceDescriptor", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(notLatestEServiceDescriptor(generateId()));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(400);
+  });
+
+  it("Should return 400 for agreementNotInExpectedState", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(
+        agreementNotInExpectedState(mockAgreement.id, agreementState.draft)
+      );
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(400);
+  });
+
+  it("Should return 400 for agreementActivationFailed", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(agreementActivationFailed(mockAgreement.id));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(400);
+  });
+
+  it("Should return 400 for descriptorNotInExpectedState", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(
+        descriptorNotInExpectedState(generateId(), generateId(), [])
+      );
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(400);
+  });
+
+  it("Should return 404 for agreementNotFound", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(agreementNotFound(mockAgreement.id));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(404);
+  });
+
+  it("Should return 403 for organizationIsNotTheDelegateProducer", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(
+        organizationIsNotTheDelegateProducer(
+          generateId(),
+          generateId<DelegationId>()
+        )
+      );
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(403);
+  });
+
+  it("Should return 403 for organizationIsNotTheProducer", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(organizationIsNotTheProducer(generateId()));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(403);
+  });
+
+  it("Should return 403 for organizationNotAllowed", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(organizationNotAllowed(generateId()));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(403);
+  });
+
+  it("Should return 409 for agreementAlreadyExists", async () => {
+    agreementService.activateAgreement = vi
+      .fn()
+      .mockRejectedValue(agreementAlreadyExists(generateId(), generateId()));
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token);
+    expect(res.status).toBe(409);
+  });
+
+  it("Should return 400 if passed an invalid agreement id", async () => {
+    const token = generateToken(authRole.ADMIN_ROLE);
+    const res = await makeRequest(token, "invalid");
+    expect(res.status).toBe(400);
+  });
+});