postgres/tests/integration/ConstraintManager.spec.ts

import { expect, test } from '@playwright/test';

test.describe('Constraint Manager', () => {
  test.describe('List Constraints API', () => {
    test('should reject list constraints without authentication', async ({ page }) => {
      const response = await page.request.get('/api/admin/constraints?tableName=test_table');
      
      expect(response.status()).toBe(401);
    });

    test('should reject list constraints without table name', async ({ page }) => {
      const response = await page.request.get('/api/admin/constraints');
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject list constraints with invalid table name', async ({ page }) => {
      const response = await page.request.get('/api/admin/constraints?tableName=invalid-table!@#');
      
      expect([400, 401]).toContain(response.status());
    });
  });

  test.describe('Add Constraint API', () => {
    test('should reject add constraint without authentication', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'unique_email',
          constraintType: 'UNIQUE',
          columnName: 'email',
        },
      });
      
      expect(response.status()).toBe(401);
    });

    test('should reject add constraint without required fields', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject add constraint with invalid table name', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'invalid-table!@#',
          constraintName: 'test_constraint',
          constraintType: 'UNIQUE',
          columnName: 'email',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject PRIMARY KEY constraint without column name', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'test_pk',
          constraintType: 'PRIMARY KEY',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject UNIQUE constraint without column name', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'test_unique',
          constraintType: 'UNIQUE',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject CHECK constraint without expression', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'test_check',
          constraintType: 'CHECK',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject CHECK constraint with dangerous expression', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'test_check',
          constraintType: 'CHECK',
          checkExpression: 'age > 0; DROP TABLE test',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject unsupported constraint type', async ({ page }) => {
      const response = await page.request.post('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'test_fk',
          constraintType: 'FOREIGN_KEY',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });
  });

  test.describe('Drop Constraint API', () => {
    test('should reject drop constraint without authentication', async ({ page }) => {
      const response = await page.request.delete('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
          constraintName: 'unique_email',
        },
      });
      
      expect(response.status()).toBe(401);
    });

    test('should reject drop constraint without required fields', async ({ page }) => {
      const response = await page.request.delete('/api/admin/constraints', {
        data: {
          tableName: 'test_table',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });

    test('should reject drop constraint with invalid identifiers', async ({ page }) => {
      const response = await page.request.delete('/api/admin/constraints', {
        data: {
          tableName: 'invalid!@#',
          constraintName: 'invalid!@#',
        },
      });
      
      expect([400, 401]).toContain(response.status());
    });
  });
});