Testsuit (#93)

* add more tests

* test: Expand backend test coverage from ~270 to 838 test functions

Add comprehensive tests across handlers (contacts, users, templates,
chatbot, custom actions, canned responses, API keys, analytics, SLA,
webhooks management, chatbot processor) and packages (whatsapp API,
websocket, database). Covers CRUD operations, cross-org isolation,
validation errors, business logic, and edge cases.

* fix: Resolve CI test failures and lint error

- Add Redis to chatbot processor test app to fix nil pointer in
  getKeywordRulesCached
- Filter pub/sub messages by campaign ID to fix race condition in
  queue stats subscriber test
- Remove unused withWSHub helper to fix golangci-lint unused error

* fix: Resolve chatbot processor test CI failures

- Add mock WhatsApp client to processor test app to fix nil pointer in
  startFlow/sendAndSaveTextMessage
- Work around GORM default:true on bool fields: use explicit UPDATE to
  set is_enabled=false since GORM skips zero-value bools on INSERT

* fix: Save flows to DB before creating sessions with FK references

TestCompleteFlow_UpdatesSession and TestExitFlow_UpdatesSession created
sessions with CurrentFlowID pointing to flows that weren't saved to the
database, causing silent FK constraint failures.

* refactor: Include Redis in newTestApp, remove newTestAppWithRedis

Consolidate into a single test app builder that always sets up Redis,
since cache functions require it. All handler tests now use newTestApp.

* fix: Remove unused withRedis helper and redis import

* fix: Match AssertErrorResponse to fastglue envelope format, add missing models to migrations

- APIEnvelope now matches fastglue's actual format: message is a
  top-level field, not nested under an error object
- Add Catalog, CatalogProduct, and CannedResponse models to test
  DB migrations and cleanup tables

* fix: Resolve CI test failures across multiple packages

- queue: Remove t.Parallel() from stream tests that share a single
  Redis stream, preventing cross-test interference
- custom_actions: Fix GORM default:true bool issue in createTestCustomAction
  by explicitly updating is_active to false after INSERT
- chatbot: Fix UpdateChatbotSettings to explicitly set default:true bool
  columns to false after INSERT when requested
- contacts: Preserve original limit in GetMessages pagination response
  instead of returning the adjusted query limit
- templates: Add sample values to test template so SubmitTemplate can
  build a valid Meta API payload

* fix: Resolve data race in async message send and queue test parallelism

- messages.go: Use Model(&Message{}).Where("id=?") instead of Model(msg)
  in finalizeMessageSend to avoid mutating the shared msg struct from the
  async goroutine while the caller reads it concurrently
- queue_test.go: Remove t.Parallel() from stream tests that share a
  single Redis stream, preventing cross-test interference

Author: shridarpatil

internal/database/database_test.go

@@ -0,0 +1,251 @@
+package database_test
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/shridarpatil/whatomate/internal/config"
+	"github.com/shridarpatil/whatomate/internal/database"
+	"github.com/shridarpatil/whatomate/internal/models"
+	"github.com/shridarpatil/whatomate/test/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"gorm.io/gorm"
+)
+
+// cleanAll truncates every table so each test starts with a blank slate.
+func cleanAll(t *testing.T, db *gorm.DB) {
+	t.Helper()
+	testutil.TruncateTables(db)
+}
+
+// --- SeedPermissionsAndRoles ---
+
+func TestSeedPermissionsAndRoles_CreatesAllDefaultPermissions(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	err := database.SeedPermissionsAndRoles(db)
+	require.NoError(t, err)
+
+	var count int64
+	db.Model(&models.Permission{}).Count(&count)
+
+	expected := len(models.DefaultPermissions())
+	assert.Equal(t, int64(expected), count, "all default permissions should be created")
+}
+
+func TestSeedPermissionsAndRoles_Idempotent(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	// Seed twice
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	var count int64
+	db.Model(&models.Permission{}).Count(&count)
+
+	expected := len(models.DefaultPermissions())
+	assert.Equal(t, int64(expected), count, "idempotent: count should remain the same after two seeds")
+}
+
+func TestSeedPermissionsAndRoles_PermissionsHaveResourceAndAction(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	var perms []models.Permission
+	db.Find(&perms)
+
+	for _, p := range perms {
+		assert.NotEmpty(t, p.Resource, "permission resource must not be empty")
+		assert.NotEmpty(t, p.Action, "permission action must not be empty")
+		assert.NotEqual(t, uuid.Nil, p.ID, "permission ID must be set")
+	}
+}
+
+// --- SeedSystemRolesForOrg ---
+
+func TestSeedSystemRolesForOrg_CreatesThreeSystemRoles(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	// Need permissions first
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	org := models.Organization{
+		BaseModel: models.BaseModel{ID: uuid.New()},
+		Name:      "Test Org",
+		Settings:  models.JSONB{},
+	}
+	require.NoError(t, db.Create(&org).Error)
+
+	err := database.SeedSystemRolesForOrg(db, org.ID)
+	require.NoError(t, err)
+
+	var roles []models.CustomRole
+	db.Where("organization_id = ? AND is_system = ?", org.ID, true).Find(&roles)
+	assert.Len(t, roles, 3, "should create admin, manager, agent roles")
+
+	names := make(map[string]bool)
+	for _, r := range roles {
+		names[r.Name] = true
+	}
+	assert.True(t, names["admin"], "admin role should exist")
+	assert.True(t, names["manager"], "manager role should exist")
+	assert.True(t, names["agent"], "agent role should exist")
+}
+
+func TestSeedSystemRolesForOrg_Idempotent(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	org := models.Organization{
+		BaseModel: models.BaseModel{ID: uuid.New()},
+		Name:      "Idempotent Org",
+		Settings:  models.JSONB{},
+	}
+	require.NoError(t, db.Create(&org).Error)
+
+	require.NoError(t, database.SeedSystemRolesForOrg(db, org.ID))
+	require.NoError(t, database.SeedSystemRolesForOrg(db, org.ID))
+
+	var count int64
+	db.Model(&models.CustomRole{}).Where("organization_id = ? AND is_system = ?", org.ID, true).Count(&count)
+	assert.Equal(t, int64(3), count, "idempotent: still exactly 3 system roles")
+}
+
+func TestSeedSystemRolesForOrg_AgentIsDefault(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	org := models.Organization{
+		BaseModel: models.BaseModel{ID: uuid.New()},
+		Name:      "Default Role Org",
+		Settings:  models.JSONB{},
+	}
+	require.NoError(t, db.Create(&org).Error)
+	require.NoError(t, database.SeedSystemRolesForOrg(db, org.ID))
+
+	var agentRole models.CustomRole
+	err := db.Where("organization_id = ? AND name = ? AND is_system = ?", org.ID, "agent", true).First(&agentRole).Error
+	require.NoError(t, err)
+	assert.True(t, agentRole.IsDefault, "agent role should be the default role")
+}
+
+func TestSeedSystemRolesForOrg_AdminRoleHasAllPermissions(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	require.NoError(t, database.SeedPermissionsAndRoles(db))
+
+	org := models.Organization{
+		BaseModel: models.BaseModel{ID: uuid.New()},
+		Name:      "Admin Perms Org",
+		Settings:  models.JSONB{},
+	}
+	require.NoError(t, db.Create(&org).Error)
+	require.NoError(t, database.SeedSystemRolesForOrg(db, org.ID))
+
+	var adminRole models.CustomRole
+	err := db.Where("organization_id = ? AND name = ? AND is_system = ?", org.ID, "admin", true).First(&adminRole).Error
+	require.NoError(t, err)
+
+	// Load permissions through the association
+	var perms []models.Permission
+	err = db.Model(&adminRole).Association("Permissions").Find(&perms)
+	require.NoError(t, err)
+
+	totalPerms := len(models.DefaultPermissions())
+	assert.Equal(t, totalPerms, len(perms), "admin role should have all permissions")
+}
+
+// --- CreateDefaultAdmin ---
+
+func TestCreateDefaultAdmin_CreatesOrgAndUser(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	cfg := &config.DefaultAdminConfig{
+		Email:    "test-admin@example.com",
+		Password: "testpassword123",
+		FullName: "Test Admin",
+	}
+
+	err := database.CreateDefaultAdmin(db, cfg)
+	require.NoError(t, err)
+
+	// Verify user was created
+	var user models.User
+	err = db.Where("email = ?", cfg.Email).First(&user).Error
+	require.NoError(t, err)
+	assert.Equal(t, cfg.FullName, user.FullName)
+	assert.True(t, user.IsActive)
+	assert.True(t, user.IsSuperAdmin)
+	assert.NotEmpty(t, user.PasswordHash)
+
+	// Verify an organization was created
+	var org models.Organization
+	err = db.First(&org).Error
+	require.NoError(t, err)
+	assert.Equal(t, "Default Organization", org.Name)
+
+	// Verify the user belongs to the organization
+	assert.Equal(t, org.ID, user.OrganizationID)
+}
+
+func TestCreateDefaultAdmin_Idempotent(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	cfg := &config.DefaultAdminConfig{
+		Email:    "idempotent-admin@example.com",
+		Password: "pass123",
+		FullName: "Idempotent Admin",
+	}
+
+	require.NoError(t, database.CreateDefaultAdmin(db, cfg))
+	require.NoError(t, database.CreateDefaultAdmin(db, cfg))
+
+	var count int64
+	db.Model(&models.User{}).Where("email = ?", cfg.Email).Count(&count)
+	assert.Equal(t, int64(1), count, "should not create duplicate admin")
+}
+
+func TestCreateDefaultAdmin_UsesExistingOrg(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	cleanAll(t, db)
+
+	// Pre-create an organization
+	existingOrg := models.Organization{
+		BaseModel: models.BaseModel{ID: uuid.New()},
+		Name:      "Pre-existing Org",
+		Settings:  models.JSONB{},
+	}
+	require.NoError(t, db.Create(&existingOrg).Error)
+
+	cfg := &config.DefaultAdminConfig{
+		Email:    "admin-existing-org@example.com",
+		Password: "password",
+		FullName: "Admin",
+	}
+
+	err := database.CreateDefaultAdmin(db, cfg)
+	require.NoError(t, err)
+
+	var user models.User
+	err = db.Where("email = ?", cfg.Email).First(&user).Error
+	require.NoError(t, err)
+	assert.Equal(t, existingOrg.ID, user.OrganizationID, "admin should belong to existing org")
+
+	// Should not have created a new org
+	var orgCount int64
+	db.Model(&models.Organization{}).Count(&orgCount)
+	assert.Equal(t, int64(1), orgCount, "should reuse existing organization")
+}