feat: add new api endpoint POST /api/testers

Author: aeltorio

client/get-openapi.ts

@@ -2,19 +2,21 @@ import fs from "fs";
 
 import swaggerJsdoc from "swagger-jsdoc";
 
+export const API_VERSION = "1.6.0";
+
 const options = {
   encoding: "utf8",
   failOnErrors: false, // Whether or not to throw when parsing errors. Defaults to false.
   format: "json",
   info: {
     title: "Feedback Flow API",
-    version: "1.5.0",
+    version: API_VERSION,
   },
   definition: {
     openapi: "3.0.0",
     info: {
       title: "Feedback Flow API",
-      version: "1.5.0",
+      version: API_VERSION,
     },
   }, // You can move properties from definition here if needed
   apis: [

client/public/openapi.json

@@ -2,7 +2,7 @@
   "openapi": "3.0.0",
   "info": {
     "title": "Feedback Flow API",
-    "version": "1.5.0"
+    "version": "1.6.0"
   },
   "paths": {
     "/api/testers": {
@@ -89,6 +89,85 @@
             "description": "Unauthorized request"
           }
         }
+      },
+      "post": {
+        "summary": "Get testers filtered by OAuth IDs (supports pagination)",
+        "description": "Returns a list of testers filtered by OAuth IDs provided in the request body. Requires admin permission.",
+        "tags": [
+          "Testers"
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "page": {
+                    "type": "integer"
+                  },
+                  "limit": {
+                    "type": "integer"
+                  },
+                  "ids": {
+                    "oneOf": [
+                      {
+                        "type": "string"
+                      },
+                      {
+                        "type": "array",
+                        "items": {
+                          "type": "string"
+                        }
+                      }
+                    ]
+                  }
+                },
+                "required": [
+                  "ids"
+                ]
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "Successfully retrieved filtered testers",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean"
+                    },
+                    "data": {
+                      "type": "array",
+                      "items": {
+                        "$ref": "#/components/schemas/Tester"
+                      }
+                    },
+                    "total": {
+                      "type": "integer"
+                    },
+                    "page": {
+                      "type": "integer"
+                    },
+                    "limit": {
+                      "type": "integer"
+                    }
+                  }
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Invalid request or missing required fields"
+          },
+          "403": {
+            "description": "Unauthorized request"
+          }
+        }
       }
     },
     "/api/tester": {

cloudflare-worker/src/routes/testers/index.ts

@@ -431,6 +431,101 @@ export const setupTesterRoutes = (router: Router, env: Env) => {
         env.ADMIN_PERMISSION,
     );
 
+    /**
+     * @openapi
+     * /api/testers:
+     *   post:
+     *     summary: Get testers filtered by OAuth IDs (supports pagination)
+     *     description: Returns a list of testers filtered by OAuth IDs provided in the request body. Requires admin permission. If limit is not provided, all matching testers are returned.
+     *     tags:
+     *       - Testers
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             properties:
+     *               page:
+     *                 type: integer
+     *               limit:
+     *                 type: integer
+     *               ids:
+     *                 oneOf:
+     *                   - type: string
+     *                   - type: array
+     *                     items:
+     *                       type: string
+     *             required: [ids]
+     *     responses:
+     *       200:
+     *         description: Successfully retrieved filtered testers
+     *         content:
+     *           application/json:
+     *             schema:
+     *               type: object
+     *               properties:
+     *                 success:
+     *                   type: boolean
+     *                 data:
+     *                   type: array
+     *                   items:
+     *                     $ref: '#/components/schemas/Tester'
+     *                 total:
+     *                   type: integer
+     *                 page:
+     *                   type: integer
+     *                 limit:
+     *                   type: integer
+     *       400:
+     *         description: Invalid request or missing required fields
+     *       403:
+     *         description: Unauthorized request
+     */
+    router.post(
+        "/api/testers",
+        async (request) => {
+            const db = getDatabase(env);
+            try {
+                const body = (await request.json()) as { page?: number; limit?: number; ids: string | string[] };
+                if (!body || !body.ids) {
+                    return new Response(JSON.stringify({ success: false, error: 'ids is required' }), { status: 400, headers: { ...router.corsHeaders, 'Content-Type': 'application/json' } });
+                }
+
+                const idArray: string[] = typeof body.ids === 'string' ? [body.ids] : body.ids;
+
+                // Find all testers which own at least one of the provided ids
+                const testers = await db.testers.filter((t) => t.ids.some((id) => idArray.includes(id)));
+
+                // Default sort by name asc
+                const sortedTesters = [...testers].sort((a, b) => (a.name > b.name ? 1 : -1));
+
+                const total = sortedTesters.length;
+                let page = body.page || 1;
+                let limit = body.limit || total; // if limit not provided, return all
+
+                // When limit is provided, apply pagination
+                let paginatedTesters: typeof sortedTesters = sortedTesters;
+                if (body.limit) {
+                    const start = (page - 1) * limit;
+                    const end = start + limit;
+                    paginatedTesters = sortedTesters.slice(start, end);
+                } else {
+                    page = 1;
+                    limit = total;
+                }
+
+                return new Response(
+                    JSON.stringify({ success: true, data: paginatedTesters, total, page, limit }),
+                    { status: 200, headers: { ...router.corsHeaders, 'Content-Type': 'application/json' } },
+                );
+            } catch (error) {
+                return new Response(JSON.stringify({ success: false, error: `Invalid request: ${(error as Error).message}` }), { status: 400, headers: { ...router.corsHeaders, 'Content-Type': 'application/json' } });
+            }
+        },
+        env.ADMIN_PERMISSION,
+    );
+
     /**
      * @openapi
      * /api/tester:

cloudflare-worker/test/basic.api.test.ts

@@ -219,20 +219,85 @@ describe('Feedback Flow API', () => {
     expect(response.data.error).toBe('ID already exists in the database');
   });
 
+  test('70. Should filter testers by a single id using POST /testers', async () => {
+    // Use the authenticated user id added to TESTER in test 40
+    const response = await api.post('/testers', { ids: testerId });
+    expect(response.status).toBe(200);
+    expect(response.data.success).toBe(true);
+    expect(response.data.data).toBeDefined();
+    // At least one tester should match the provided id
+    expect(response.data.total).toBeGreaterThanOrEqual(1);
+    // Ensure that one of the returned testers owns the id provided
+    const matching = response.data.data.find((t: any) => (t.ids || []).includes(testerId));
+    expect(matching).toBeDefined();
+  });
+
+  test('71. Should filter testers by multiple ids using POST /testers', async () => {
+    // Compose multiple ids: the authenticated user and a known other id
+    const otherId = 'auth0|0987654321';
+    const response = await api.post('/testers', { ids: [testerId, otherId] });
+    expect(response.status).toBe(200);
+    expect(response.data.success).toBe(true);
+    expect(response.data.data).toBeDefined();
+    // The total should be greater than or equal to 2 (the two ids match distinct testers)
+    expect(response.data.total).toBeGreaterThanOrEqual(2);
+    // Each returned tester should have at least one of the provided ids
+    for (const t of response.data.data) {
+      const ids = t.ids || [];
+      expect(ids.some((id: string) => id === testerId || id === otherId)).toBeTruthy();
+    }
+  });
+
+  test('72. Should paginate results when limit provided in POST /testers', async () => {
+    // Retrieve all testers to gather test ids
+    const all = await api.get('/testers');
+    expect(all.data.data).toBeDefined();
+    const allTesters = all.data.data;
+    const itemIds: string[] = [];
+    allTesters.forEach((t: any) => {
+      (t.ids || []).forEach((i: string) => itemIds.push(i));
+    });
+    // Request with pagination limit=1 and page=1
+    const response = await api.post('/testers', { ids: itemIds, limit: 1, page: 1 });
+    expect(response.status).toBe(200);
+    expect(response.data.success).toBe(true);
+    expect(response.data.data.length).toBe(1);
+    // total should match the number of unique testers matched by ids
+    expect(response.data.total).toBeGreaterThanOrEqual(1);
+  });
+
+  test('73. Should return all matches when limit not provided in POST /testers', async () => {
+    // Retrieve all testers to gather test ids
+    const all = await api.get('/testers');
+    expect(all.data.data).toBeDefined();
+    const allTesters = all.data.data;
+    const itemIds: string[] = [];
+    allTesters.forEach((t: any) => {
+      (t.ids || []).forEach((i: string) => itemIds.push(i));
+    });
+    // Request without pagination
+    const response = await api.post('/testers', { ids: itemIds });
+    expect(response.status).toBe(200);
+    expect(response.data.success).toBe(true);
+    // Without limit, the entire result should be returned
+    expect(response.data.data.length).toBe(response.data.total);
+    expect(response.data.page).toBe(1);
+  });
+
   test('900. Should return an Auth0 management token from the system endpoint (if configured)', async () => {
     // Only run if Auth0 client credentials are configured in the environment
-    const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID || '';
-    const AUTH0_CLIENT_SECRET = process.env.AUTH0_CLIENT_SECRET || '';
+    const AUTH0_MANAGEMENT_API_CLIENT_ID = process.env.AUTH0_MANAGEMENT_API_CLIENT_ID || '';
+    const AUTH0_MANAGEMENT_API_CLIENT_SECRET = process.env.AUTH0_MANAGEMENT_API_CLIENT_SECRET || '';
     const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || '';
 
-    if (!AUTH0_CLIENT_ID || !AUTH0_CLIENT_SECRET || !AUTH0_DOMAIN) {
+    if (!AUTH0_MANAGEMENT_API_CLIENT_ID || !AUTH0_MANAGEMENT_API_CLIENT_SECRET || !AUTH0_DOMAIN) {
       // Skip this test if credentials are not present (local environment)
       console.warn('Skipping Auth0 management token test because AUTH0_CLIENT_* or AUTH0_DOMAIN is not set');
       return;
     }
 
     // Attempt to call the system endpoint to get a management token
-    const response = await api.post('/api/__auth0/token', {});
+    const response = await api.post('/__auth0/token', {});
 
     // If we are not permitted to call the endpoint, we can get a 403
     if (response.status === 403) {