APP als Hybrid Version - Anbindung an API

backend/tests/Feature/Api/AuthTest.php

@@ -0,0 +1,92 @@
+<?php
+
+use App\Models\User;
+use Database\Seeders\DatabaseSeeder;
+use Illuminate\Support\Facades\Hash;
+use Laravel\Passport\Client;
+use Laravel\Passport\Passport;
+
+test('api user endpoint requires a token', function () {
+    $this->getJson('/api/user')
+        ->assertUnauthorized();
+});
+
+test('events endpoint requires a token', function () {
+    $this->getJson('/api/events')
+        ->assertUnauthorized();
+});
+
+test('api user endpoint returns the authenticated user', function () {
+    $user = User::factory()->create([
+        'name' => 'API User',
+        'email' => 'api-user@example.com',
+    ]);
+
+    Passport::actingAs($user);
+
+    $this->getJson('/api/user')
+        ->assertOk()
+        ->assertJsonPath('id', $user->id)
+        ->assertJsonPath('name', 'API User')
+        ->assertJsonPath('email', 'api-user@example.com');
+});
+
+test('can login with presentation user credentials', function () {
+    $this->seed(DatabaseSeeder::class);
+
+    $this->postJson('/api/login', [
+        'email' => 'user1@thats-me.app',
+        'password' => 'pass',
+    ])
+        ->assertOk()
+        ->assertJsonPath('tokenType', 'Bearer')
+        ->assertJsonPath('user.email', 'user1@thats-me.app')
+        ->assertJsonPath('user.name', 'User 1')
+        ->assertJsonPath('user.mode', 'remote')
+        ->assertJsonStructure([
+            'token',
+            'tokenType',
+            'user' => ['id', 'name', 'email', 'avatar', 'mode'],
+        ]);
+});
+
+test('login rejects invalid credentials', function () {
+    $this->seed(DatabaseSeeder::class);
+
+    $this->postJson('/api/login', [
+        'email' => 'user1@thats-me.app',
+        'password' => 'wrong-password',
+    ])
+        ->assertUnprocessable()
+        ->assertJsonValidationErrors(['email']);
+});
+
+test('authenticated user can logout', function () {
+    $user = User::factory()->create();
+    Passport::actingAs($user);
+
+    $this->postJson('/api/logout')
+        ->assertNoContent();
+});
+
+test('database seeder creates the presentation api users', function () {
+    $this->seed(DatabaseSeeder::class);
+
+    foreach (range(1, 6) as $number) {
+        $user = User::query()
+            ->where('email', "user{$number}@thats-me.app")
+            ->first();
+
+        expect($user)->not->toBeNull()
+            ->and($user->name)->toBe("User {$number}")
+            ->and(Hash::check('pass', $user->password))->toBeTrue();
+    }
+
+    $hasPersonalAccessClient = Client::query()
+        ->where('provider', 'users')
+        ->where('revoked', false)
+        ->get()
+        ->contains(fn (Client $client): bool => $client->hasGrantType('personal_access'));
+
+    expect($hasPersonalAccessClient)->toBeTrue();
+});

backend/tests/Feature/Api/EventMediaTest.php

@@ -0,0 +1,170 @@
+<?php
+
+use App\Models\Event;
+use App\Models\EventMedia;
+use App\Models\User;
+use Illuminate\Http\UploadedFile;
+use Illuminate\Support\Facades\Storage;
+use Laravel\Passport\Passport;
+
+test('media endpoints require a token', function () {
+    $this->getJson('/api/events/event-id/media')
+        ->assertUnauthorized();
+});
+
+test('can upload key image and receive protected urls', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    Passport::actingAs($user);
+
+    $response = $this->postJson("/api/events/{$event->client_id}/media", [
+        'collection' => 'key_image',
+        'file' => UploadedFile::fake()->image('avatar.png', 1200, 800),
+    ]);
+
+    $response->assertCreated()
+        ->assertJsonPath('data.collection', 'key_image')
+        ->assertJsonPath('data.type', 'image')
+        ->assertJsonPath('data.thumbnailWidth', 320)
+        ->assertJsonPath('data.thumbnailHeight', 320)
+        ->assertJsonPath('data.previewWidth', 900);
+
+    $media = EventMedia::query()->firstOrFail();
+    Storage::disk('local')->assertExists($media->path);
+    Storage::disk('local')->assertExists($media->preview_path);
+    Storage::disk('local')->assertExists($media->thumbnail_path);
+
+    expect($event->fresh()->image)->toBe("/event-media/{$media->id}/thumb");
+});
+
+test('uploaded originals keep a4 quality maximum side', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    Passport::actingAs($user);
+
+    $this->postJson("/api/events/{$event->client_id}/media", [
+        'collection' => 'gallery',
+        'file' => UploadedFile::fake()->image('large.jpg', 5000, 2500),
+    ])->assertCreated();
+
+    $media = EventMedia::query()->firstOrFail();
+
+    expect($media->width)->toBe(3508)
+        ->and($media->height)->toBe(1754)
+        ->and($media->preview_width)->toBe(900)
+        ->and($media->preview_height)->toBe(450)
+        ->and(max($media->width, $media->height))->toBe(3508);
+});
+
+test('can list media for own event', function () {
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    EventMedia::factory()->create([
+        'user_id' => $user->id,
+        'event_id' => $event->id,
+        'collection' => 'gallery',
+    ]);
+    Passport::actingAs($user);
+
+    $this->getJson("/api/events/{$event->client_id}/media")
+        ->assertOk()
+        ->assertJsonCount(1, 'data')
+        ->assertJsonPath('data.0.collection', 'gallery');
+});
+
+test('can stream thumbnail for own media', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    $media = EventMedia::factory()->create([
+        'user_id' => $user->id,
+        'event_id' => $event->id,
+        'thumbnail_path' => 'event-media/test/thumb.jpg',
+    ]);
+    Storage::disk('local')->put($media->thumbnail_path, 'fake-jpeg');
+    Passport::actingAs($user);
+
+    $this->get("/api/event-media/{$media->id}/thumb")
+        ->assertOk()
+        ->assertHeader('Content-Type', 'image/jpeg');
+});
+
+test('can stream preview for own media', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    $media = EventMedia::factory()->create([
+        'user_id' => $user->id,
+        'event_id' => $event->id,
+        'preview_path' => 'event-media/test/preview.jpg',
+    ]);
+    Storage::disk('local')->put($media->preview_path, 'fake-jpeg');
+    Passport::actingAs($user);
+
+    $this->get("/api/event-media/{$media->id}/preview")
+        ->assertOk()
+        ->assertHeader('Content-Type', 'image/jpeg');
+});
+
+test('preview falls back to thumbnail for legacy media', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    $media = EventMedia::factory()->create([
+        'user_id' => $user->id,
+        'event_id' => $event->id,
+        'preview_path' => null,
+        'thumbnail_path' => 'event-media/test/thumb.jpg',
+    ]);
+    Storage::disk('local')->put($media->thumbnail_path, 'legacy-thumb');
+    Passport::actingAs($user);
+
+    $this->get("/api/event-media/{$media->id}/preview")
+        ->assertOk()
+        ->assertHeader('Content-Type', 'image/jpeg');
+});
+
+test('cannot access another users media', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $otherUser = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $otherUser->id]);
+    $media = EventMedia::factory()->create([
+        'user_id' => $otherUser->id,
+        'event_id' => $event->id,
+        'thumbnail_path' => 'event-media/test/thumb.jpg',
+    ]);
+    Storage::disk('local')->put($media->thumbnail_path, 'fake-jpeg');
+    Passport::actingAs($user);
+
+    $this->getJson("/api/events/{$event->client_id}/media")
+        ->assertNotFound();
+
+    $this->get("/api/event-media/{$media->id}/thumb")
+        ->assertNotFound();
+});
+
+test('can delete own media and files', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $event = Event::factory()->create(['user_id' => $user->id]);
+    $media = EventMedia::factory()->create([
+        'user_id' => $user->id,
+        'event_id' => $event->id,
+        'path' => 'event-media/test/original.jpg',
+        'preview_path' => null,
+        'thumbnail_path' => 'event-media/test/thumb.jpg',
+    ]);
+    Storage::disk('local')->put($media->path, 'original');
+    Storage::disk('local')->put($media->thumbnail_path, 'thumb');
+    Passport::actingAs($user);
+
+    $this->deleteJson("/api/events/{$event->client_id}/media/{$media->id}")
+        ->assertNoContent();
+
+    $this->assertDatabaseMissing('event_media', ['id' => $media->id]);
+    Storage::disk('local')->assertMissing($media->path);
+    Storage::disk('local')->assertMissing($media->thumbnail_path);
+});

backend/tests/Feature/Api/SettingsTest.php

@@ -0,0 +1,148 @@
+<?php
+
+use App\Models\User;
+use App\Models\UserSetting;
+use Illuminate\Http\UploadedFile;
+use Illuminate\Support\Facades\Storage;
+use Laravel\Passport\Passport;
+
+test('settings endpoint requires a token', function () {
+    $this->getJson('/api/settings')
+        ->assertUnauthorized();
+});
+
+test('can get empty settings for authenticated user', function () {
+    Passport::actingAs(User::factory()->create());
+
+    $this->getJson('/api/settings')
+        ->assertOk()
+        ->assertJsonPath('data', null);
+});
+
+test('can store and update settings', function () {
+    $user = User::factory()->create();
+    Passport::actingAs($user);
+
+    $settings = [
+        'appearance' => 'dark',
+        'accentColor' => 'green',
+        'language' => 'de',
+        'timelineZoom' => 1.5,
+        'timelineScrollLeft' => 420,
+        'floatingLines' => [
+            'speed' => 1.2,
+            'lineCount' => 12,
+        ],
+        'presets' => [[
+            'id' => 'preset-1',
+            'name' => 'Praesentation',
+            'settings' => ['accentColor' => 'green'],
+            'updatedAt' => 1710000000000,
+        ]],
+        'activePresetId' => 'preset-1',
+        'showFps' => false,
+    ];
+
+    $this->putJson('/api/settings', ['settings' => $settings])
+        ->assertOk()
+        ->assertJsonPath('data.appearance', 'dark')
+        ->assertJsonPath('data.floatingLines.speed', 1.2)
+        ->assertJsonPath('data.presets.0.name', 'Praesentation');
+
+    expect($user->settings()->count())->toBe(1);
+
+    $this->putJson('/api/settings', [
+        'settings' => [
+            ...$settings,
+            'accentColor' => 'blue',
+        ],
+    ])
+        ->assertOk()
+        ->assertJsonPath('data.accentColor', 'blue');
+
+    expect($user->settings()->count())->toBe(1);
+});
+
+test('settings are isolated per user', function () {
+    $user = User::factory()->create();
+    $otherUser = User::factory()->create();
+
+    UserSetting::factory()->create([
+        'user_id' => $otherUser->id,
+        'settings' => [
+            'accentColor' => 'rose',
+            'language' => 'en',
+        ],
+    ]);
+
+    Passport::actingAs($user);
+
+    $this->getJson('/api/settings')
+        ->assertOk()
+        ->assertJsonPath('data', null);
+
+    $this->putJson('/api/settings', [
+        'settings' => [
+            'accentColor' => 'green',
+            'language' => 'de',
+        ],
+    ])->assertOk();
+
+    expect($user->settings()->first()->settings['accentColor'])->toBe('green')
+        ->and($otherUser->settings()->first()->settings['accentColor'])->toBe('rose');
+});
+
+test('settings payload is required', function () {
+    Passport::actingAs(User::factory()->create());
+
+    $this->putJson('/api/settings', [])
+        ->assertUnprocessable()
+        ->assertJsonValidationErrors(['settings']);
+});
+
+test('can upload and stream own settings background image', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    Passport::actingAs($user);
+
+    $response = $this->postJson('/api/settings/media/background', [
+        'file' => UploadedFile::fake()->image('background.png', 2400, 1200),
+    ]);
+
+    $response
+        ->assertCreated()
+        ->assertJsonPath('data.width', 1600)
+        ->assertJsonPath('data.height', 800)
+        ->assertJsonPath('data.mimeType', 'image/jpeg');
+
+    expect($response->json('data.url'))->toStartWith('/settings/media/background?v=');
+    Storage::disk('local')->assertExists("settings-media/{$user->id}/background.jpg");
+
+    $this->get('/api/settings/media/background')
+        ->assertOk()
+        ->assertHeader('Content-Type', 'image/jpeg');
+});
+
+test('settings background images are isolated per user', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    $otherUser = User::factory()->create();
+    Storage::disk('local')->put("settings-media/{$otherUser->id}/background.jpg", 'other-background');
+
+    Passport::actingAs($user);
+
+    $this->get('/api/settings/media/background')
+        ->assertNotFound();
+});
+
+test('can delete own settings background image', function () {
+    Storage::fake('local');
+    $user = User::factory()->create();
+    Storage::disk('local')->put("settings-media/{$user->id}/background.jpg", 'background');
+    Passport::actingAs($user);
+
+    $this->deleteJson('/api/settings/media/background')
+        ->assertNoContent();
+
+    Storage::disk('local')->assertMissing("settings-media/{$user->id}/background.jpg");
+});