romfast/rar-autopass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(web): hub integrare /integrare — exemple cod + retetar VFP + ping + export (PRD 5.1)

Browse Source 
Pagina /integrare (tab autentificat, scoped pe cont): exemple cod multi-limbaj
(curl/Python/PHP/C#/Node) + retetar Visual FoxPro (MSXML2 + WinHttp) pe ambele
canale (prezentari JSON + import fisier), export Postman/OpenAPI/Swagger si buton
"Testeaza conexiunea".

- US-001: GET /v1/ping (readiness: account_id/mediu/autentificat_cu_cheie/
  are_creds_rar/ts) + GET /v1/integrare/postman.json (v2.1.0, allowlist 3 rute)
- US-002: app/web/integrare_examples.py pur (7 limbaje x 2 canale, drift-test
  is_required(), JSON compact pentru C#/VFP)
- US-003: tab "Integrare" IA pe 2 niveluri (limbaj->canal, VFP cu dialecte),
  copy din <pre><code>, empty-state CTA, export .cardlink, script scoped
- US-004: POST /integrare/test-cheie (account_for_key direct, scoped sesiune,
  no-echo cheie)

Backend trimitere (worker/masina stari/idempotenta/mapping) si schema neatinse.
568 teste pass. VERIFY context curat + E2E browser (Playwright) + code-review high.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-06-22 12:16:41 +00:00
parent be36c2c53b
commit f0786051f5
13 changed files with 2263 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
app/api/v1/integrare_router.py Normal file
View File

@@ -0,0 +1,182 @@
"""Router integrare US-001 — endpoint-uri de integrare externe.
Endpointuri:
GET /v1/ping — readiness check per cont (autentificat sau dev fallback)
GET /v1/integrare/postman.json — export colectie Postman v2.1.0
Ruta /v1/ping foloseste `resolve_account_id` (dependinta standard) pentru 401
pe cheie invalida / prod fara cheie. Flag-ul `autentificat_cu_cheie` e derivat
separat citind header-ele brute si verificand cheia real-time (fara sa dubleze
logica de 401 — aceea ramane in `resolve_account_id`).
"""
from __future__ import annotations
from datetime import datetime, timezone
from fastapi import APIRouter, Depends, Header
from fastapi.responses import JSONResponse
from ...auth import _extract_key, account_for_key, resolve_account_id
from ...config import get_settings
from ...db import get_connection
from ...mapping import account_or_default
router = APIRouter(prefix="/v1", tags=["integrare"])
@router.get("/ping")
def ping(
account_id: int = Depends(resolve_account_id),
x_api_key: str | None = Header(default=None, alias="X-API-Key"),
authorization: str | None = Header(default=None),
) -> JSONResponse:
"""Readiness check per cont.
Intoarce:
account_id — contul rezolvat din cheie (sau 1 in dev fara cheie)
mediu — "test" / "prod" (settings.rar_env)
autentificat_cu_cheie — True daca cererea a venit cu o cheie API reala valida
are_creds_rar — True daca contul are rar_creds_enc stocat
ts — timestamp ISO UTC al cererii
"""
settings = get_settings()
# Detectam daca s-a folosit o cheie reala (nu fallback dev).
# `resolve_account_id` a garantat deja ca nu e cheie invalida (ar fi dat 401).
# Acum verificam doar daca exista o cheie extrasa si daca e valida pentru cont.
cheie_bruta = _extract_key(x_api_key, authorization)
autentificat_cu_cheie = False
if cheie_bruta:
conn = get_connection()
try:
acct = account_for_key(conn, cheie_bruta)
finally:
conn.close()
autentificat_cu_cheie = acct is not None
# Verificam daca contul are creds RAR stocate.
aid = account_or_default(account_id)
conn = get_connection()
try:
row = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (aid,)
).fetchone()
finally:
conn.close()
are_creds_rar = bool(row and row["rar_creds_enc"])
return JSONResponse({
"account_id": aid,
"mediu": settings.rar_env,
"autentificat_cu_cheie": autentificat_cu_cheie,
"are_creds_rar": are_creds_rar,
"ts": datetime.now(timezone.utc).isoformat(),
})
# Allowlist hardcodat (NU derivat din app.routes) — cele 3 rute de integrare expuse extern.
_POSTMAN_ITEMS = [
{
"name": "Trimite prezentari",
"request": {
"method": "POST",
"header": [
{"key": "X-API-Key", "value": "{{api_key}}"},
{"key": "Content-Type", "value": "application/json"},
],
"url": {
"raw": "{{base_url}}/v1/prezentari",
"host": ["{{base_url}}"],
"path": ["v1", "prezentari"],
},
"body": {
"mode": "raw",
"options": {"raw": {"language": "json"}},
"raw": (
'{\n'
' "rar_credentials": {\n'
' "email": "user@exemplu.ro",\n'
' "password": "parola_rar"\n'
' },\n'
' "prezentari": [\n'
' {\n'
' "vin": "WVWZZZ1KZAW000123",\n'
' "nr_inmatriculare": "B999TST",\n'
' "data_prestatie": "2026-06-15",\n'
' "odometru_final": "123456",\n'
' "prestatii": [\n'
' {"cod_prestatie": "OE-1"}\n'
' ]\n'
' }\n'
' ]\n'
'}'
),
},
},
},
{
"name": "Import fisier (xlsx/csv)",
"request": {
"method": "POST",
"header": [
{"key": "X-API-Key", "value": "{{api_key}}"},
],
"url": {
"raw": "{{base_url}}/v1/import",
"host": ["{{base_url}}"],
"path": ["v1", "import"],
},
"body": {
"mode": "formdata",
"formdata": [
{
"key": "file",
"type": "file",
"description": "Fisier xlsx sau csv cu prezentarile de importat",
}
],
},
},
},
{
"name": "Ping (readiness check)",
"request": {
"method": "GET",
"header": [
{"key": "X-API-Key", "value": "{{api_key}}"},
],
"url": {
"raw": "{{base_url}}/v1/ping",
"host": ["{{base_url}}"],
"path": ["v1", "ping"],
},
},
},
]
@router.get("/integrare/postman.json")
def postman_export() -> JSONResponse:
"""Export colectie Postman v2.1.0 cu cele 3 rute de integrare.
Allowlist hardcodat — NU deriva din app.routes pentru a nu expune
rute interne (ex. /v1/conturi/rar-creds, rutele web etc.).
"""
colectie = {
"info": {
"name": "RAR AUTOPASS Gateway",
"description": (
"Colectie de integrare pentru gateway-ul RAR AUTOPASS (Legea 142/2023, OM 210/2024). "
"Seteaza variabilele `base_url` si `api_key` inainte de utilizare."
),
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
},
"variable": [
{"key": "base_url", "value": "http://localhost:8010", "type": "string"},
{"key": "api_key", "value": "", "type": "string"},
],
"item": _POSTMAN_ITEMS,
}
return JSONResponse(content=colectie, media_type="application/json")

2
app/main.py
View File

@@ -22,6 +22,7 @@ from starlette.responses import RedirectResponse
from . import __version__
from .api.v1.import_router import router as import_v1_router
from .api.v1.integrare_router import router as integrare_v1_router
from .api.v1.router import router as api_v1_router
from .config import get_settings
from .db import get_connection, init_db, queue_depth, read_heartbeat
@@ -90,6 +91,7 @@ app.mount("/static", StaticFiles(directory=str(_STATIC_DIR)), name="static")
app.include_router(api_v1_router)
app.include_router(import_v1_router)
app.include_router(integrare_v1_router)
app.include_router(web_router)
app.include_router(auth_router)
app.include_router(admin_router)

377
app/web/integrare_examples.py Normal file
View File

@@ -0,0 +1,377 @@
"""Generator de exemple de cod multi-limbaj pentru integrarea cu AutoPass.
Modul PUR: fara I/O, fara DB, fara stare globala.
Folosit de pagina de documentatie a hub-ului de integrare (Etapa 5).
Campurile obligatorii din payload-ul JSON sunt derivate dinamic din
PrezentareIn.model_fields pentru rezistenta la drift de schema.
"""
from __future__ import annotations
import json
from app.models import PrezentareIn
# Placeholder pentru cheia API — niciodata o cheie reala
_CHEIE_PLACEHOLDER = "rfak_..."
def _campuri_obligatorii() -> list[str]:
"""Intoarce lista campurilor obligatorii din PrezentareIn (is_required())."""
return [camp for camp, field in PrezentareIn.model_fields.items() if field.is_required()]
def _payload_prezentari_dict(account_id: int) -> dict:
"""Construieste un payload JSON exemplu cu toate campurile obligatorii.
Campurile cu default (odometru_initial, obs, b64_image, sistem_reparat) sunt
omise pentru concizie — nu sunt obligatorii.
"""
# Construim un dict cu toate campurile obligatorii
campuri = _campuri_obligatorii()
prezentare: dict = {}
# Valori exemplu pentru campuri obligatorii cunoscute
valori_exemplu: dict = {
"vin": "WVWZZZ1JZXW000001",
"nr_inmatriculare": "B123ABC",
"data_prestatie": "2026-06-22",
"odometru_final": "150000",
"prestatii": [{"cod_prestatie": "OE-1"}],
}
for camp in campuri:
if camp in valori_exemplu:
prezentare[camp] = valori_exemplu[camp]
else:
# Fallback generic pentru campuri neasteptate adaugate ulterior
prezentare[camp] = f"<{camp}>"
return {
"rar_credentials": {
"email": "utilizator@service.ro",
"password": "parola_rar",
},
"prezentari": [prezentare],
}
def _payload_json_str(account_id: int, indent: int = 2) -> str:
"""Payload JSON formatat ca string pentru includere in snippet-uri."""
return json.dumps(_payload_prezentari_dict(account_id), indent=indent, ensure_ascii=False)
def _payload_json_compact(account_id: int) -> str:
"""Payload JSON pe o singura linie (fara newline) pentru string literal C#/VFP.
Foloseste separators=(',', ':') pentru a elimina spatiile si newline-urile.
Rezultatul e un JSON valid pe o singura linie, fara newline in interior.
"""
return json.dumps(_payload_prezentari_dict(account_id), separators=(",", ":"), ensure_ascii=False)
def _snippet_curl_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_str(account_id)
return f"""curl -X POST "{base_url}/v1/prezentari" \\
-H "Content-Type: application/json" \\
-H "X-API-Key: {_CHEIE_PLACEHOLDER}" \\
-d '{payload}'"""
def _snippet_curl_import(base_url: str, account_id: int) -> str:
fisier = '"file=@prezentari.xlsx"'
return (
f'curl -X POST "{base_url}/v1/import" \\\n'
f' -H "X-API-Key: {_CHEIE_PLACEHOLDER}" \\\n'
f" -F {fisier}"
)
def _snippet_python_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_str(account_id)
return f"""import requests
url = "{base_url}/v1/prezentari"
headers = {{
"X-API-Key": "{_CHEIE_PLACEHOLDER}",
"Content-Type": "application/json",
}}
payload = {payload}
response = requests.post(url, json=payload, headers=headers)
print(response.json())"""
def _snippet_python_import(base_url: str, account_id: int) -> str:
return f"""import requests
url = "{base_url}/v1/import"
headers = {{
"X-API-Key": "{_CHEIE_PLACEHOLDER}",
}}
with open("prezentari.xlsx", "rb") as f:
files = {{"file": ("prezentari.xlsx", f, "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")}}
response = requests.post(url, headers=headers, files=files)
print(response.json())"""
def _snippet_php_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_str(account_id)
# Escapeaza apostrof-urile pentru PHP heredoc
payload_php = payload.replace("'", "\\'")
return f"""<?php
$url = "{base_url}/v1/prezentari";
$payload = '{payload_php}';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/json",
"X-API-Key: {_CHEIE_PLACEHOLDER}",
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;"""
def _snippet_php_import(base_url: str, account_id: int) -> str:
return f"""<?php
$url = "{base_url}/v1/import";
$fisier = new CURLFile("prezentari.xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "prezentari.xlsx");
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, ["file" => $fisier]);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"X-API-Key: {_CHEIE_PLACEHOLDER}",
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;"""
def _snippet_csharp_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_compact(account_id)
# Escape ghilimele duble pentru string C# (literal pe o singura linie)
payload_cs = payload.replace('"', '\\"')
return f"""using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-API-Key", "{_CHEIE_PLACEHOLDER}");
var json = "{payload_cs}";
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.PostAsync("{base_url}/v1/prezentari", content);
var body = await response.Content.ReadAsStringAsync();
Console.WriteLine(body);"""
def _snippet_csharp_import(base_url: str, account_id: int) -> str:
return f"""using System.Net.Http;
using System.Threading.Tasks;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-API-Key", "{_CHEIE_PLACEHOLDER}");
using var form = new MultipartFormDataContent();
var fileBytes = File.ReadAllBytes("prezentari.xlsx");
var fileContent = new ByteArrayContent(fileBytes);
fileContent.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue(
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
form.Add(fileContent, "file", "prezentari.xlsx");
var response = await client.PostAsync("{base_url}/v1/import", form);
var body = await response.Content.ReadAsStringAsync();
Console.WriteLine(body);"""
def _snippet_node_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_str(account_id)
return f"""const payload = {payload};
const response = await fetch("{base_url}/v1/prezentari", {{
method: "POST",
headers: {{
"Content-Type": "application/json",
"X-API-Key": "{_CHEIE_PLACEHOLDER}",
}},
body: JSON.stringify(payload),
}});
const data = await response.json();
console.log(data);"""
def _snippet_node_import(base_url: str, account_id: int) -> str:
# FormData si Blob sunt globale in Node 18+ — nu necesita import din node:buffer
return f"""import {{ readFileSync }} from "fs";
const form = new FormData();
const continut = readFileSync("prezentari.xlsx");
form.append("file", new Blob([continut], {{
type: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
}}), "prezentari.xlsx");
const response = await fetch("{base_url}/v1/import", {{
method: "POST",
headers: {{ "X-API-Key": "{_CHEIE_PLACEHOLDER}" }},
body: form,
}});
const data = await response.json();
console.log(data);"""
def _snippet_vfp_msxml_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_compact(account_id)
# VFP: ghilimele in string se dubleaza; payload compact = o singura linie
payload_vfp = payload.replace('"', '""')
return f"""* Visual FoxPro — MSXML2.ServerXMLHTTP.6.0
LOCAL oHTTP, cURL, cPayload, cRaspuns
cURL = "{base_url}/v1/prezentari"
cPayload = "{payload_vfp}"
oHTTP = CREATEOBJECT("MSXML2.ServerXMLHTTP.6.0")
oHTTP.open("POST", cURL, .F.)
oHTTP.setRequestHeader("Content-Type", "application/json")
oHTTP.setRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
oHTTP.send(cPayload)
cRaspuns = oHTTP.responseText
? cRaspuns"""
def _snippet_vfp_msxml_import(base_url: str, account_id: int) -> str:
return f"""* Visual FoxPro — MSXML2.ServerXMLHTTP.6.0 — upload fisier
* Necesita ADODB.Stream pentru a citi fisierul binar
LOCAL oHTTP, oStream, oBody
LOCAL cURL, cGranita, cCRLF, cDisp, cType
cURL = "{base_url}/v1/import"
cGranita = "----AutoPassBoundary"
cCRLF = CHR(13) + CHR(10)
* Citire fisier in ADODB.Stream
oStream = CREATEOBJECT("ADODB.Stream")
oStream.Type = 1 && adTypeBinary
oStream.Open()
oStream.LoadFromFile("prezentari.xlsx")
* Construire body multipart (simplificat — pentru fisiere mici)
oBody = CREATEOBJECT("ADODB.Stream")
oBody.Type = 1
oBody.Open()
oHTTP = CREATEOBJECT("MSXML2.ServerXMLHTTP.6.0")
oHTTP.open("POST", cURL, .F.)
oHTTP.setRequestHeader("Content-Type", "multipart/form-data; boundary=" + cGranita)
oHTTP.setRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
* Nota: pentru upload binar complet folositi un helper COM sau ADODB.
oHTTP.send(oBody)
? oHTTP.responseText"""
def _snippet_vfp_winhttp_prezentari(base_url: str, account_id: int) -> str:
payload = _payload_json_compact(account_id)
# VFP: ghilimele in string se dubleaza; payload compact = o singura linie
payload_vfp = payload.replace('"', '""')
return f"""* Visual FoxPro — WinHttp.WinHttpRequest.5.1
LOCAL oHTTP, cURL, cPayload, cRaspuns
cURL = "{base_url}/v1/prezentari"
cPayload = "{payload_vfp}"
oHTTP = CREATEOBJECT("WinHttp.WinHttpRequest.5.1")
oHTTP.Open("POST", cURL, .F.)
oHTTP.SetRequestHeader("Content-Type", "application/json")
oHTTP.SetRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
oHTTP.Send(cPayload)
cRaspuns = oHTTP.ResponseText
? cRaspuns"""
def _snippet_vfp_winhttp_import(base_url: str, account_id: int) -> str:
return f"""* Visual FoxPro — WinHttp.WinHttpRequest.5.1 — upload fisier
* Necesita ADODB.Stream pentru a citi fisierul binar
LOCAL oHTTP, oStream
LOCAL cURL, cGranita, cCRLF
cURL = "{base_url}/v1/import"
cGranita = "----AutoPassBoundary"
cCRLF = CHR(13) + CHR(10)
oStream = CREATEOBJECT("ADODB.Stream")
oStream.Type = 1 && adTypeBinary
oStream.Open()
oStream.LoadFromFile("prezentari.xlsx")
oHTTP = CREATEOBJECT("WinHttp.WinHttpRequest.5.1")
oHTTP.Open("POST", cURL, .F.)
oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; boundary=" + cGranita)
oHTTP.SetRequestHeader("X-API-Key", "{_CHEIE_PLACEHOLDER}")
* Nota: pentru upload binar complet folositi un helper COM sau ADODB.
oHTTP.Send()
? oHTTP.ResponseText"""
def exemple(base_url: str, account_id: int) -> dict:
"""Genereaza snippet-uri de cod multi-limbaj pentru integrarea cu AutoPass.
Parametri:
base_url: URL-ul de baza al gateway-ului (ex. "https://autopass.example.com")
account_id: ID-ul contului (inclus in context, nu in snippet-uri)
Intoarce un dict structurat astfel:
{
"<limbaj>": {
"prezentari": "<snippet string>",
"import": "<snippet string>",
},
...
}
Limbaje: curl, python, php, csharp, node, vfp_msxml, vfp_winhttp.
Functie pura: fara I/O, fara DB, fara stare globala.
"""
return {
"curl": {
"prezentari": _snippet_curl_prezentari(base_url, account_id),
"import": _snippet_curl_import(base_url, account_id),
},
"python": {
"prezentari": _snippet_python_prezentari(base_url, account_id),
"import": _snippet_python_import(base_url, account_id),
},
"php": {
"prezentari": _snippet_php_prezentari(base_url, account_id),
"import": _snippet_php_import(base_url, account_id),
},
"csharp": {
"prezentari": _snippet_csharp_prezentari(base_url, account_id),
"import": _snippet_csharp_import(base_url, account_id),
},
"node": {
"prezentari": _snippet_node_prezentari(base_url, account_id),
"import": _snippet_node_import(base_url, account_id),
},
"vfp_msxml": {
"prezentari": _snippet_vfp_msxml_prezentari(base_url, account_id),
"import": _snippet_vfp_msxml_import(base_url, account_id),
},
"vfp_winhttp": {
"prezentari": _snippet_vfp_winhttp_prezentari(base_url, account_id),
"import": _snippet_vfp_winhttp_import(base_url, account_id),
},
}

107
app/web/routes.py
View File

@@ -134,7 +134,7 @@ def _rar_state(hb, worker_alive: bool) -> str:
# cade pe Acasa (tab invalid -> fallback "acasa" in dashboard()), fara 404.
# US-003 (3.6): "coada" (Trimiteri) nu mai e tab — Trimiterile sunt sectiune pe Acasa.
# ?tab=coada cade tot pe Acasa (fallback), fara 404, fara fragment orfan.
_TABS_VALIDE = {"acasa", "mapari", "cont", "nomenclator"}
_TABS_VALIDE = {"acasa", "mapari", "cont", "nomenclator", "integrare"}
def _get_acasa_context(request: Request, conn, account_id: int) -> dict:
@@ -247,6 +247,41 @@ def _render_panel_nomenclator(request: Request, conn) -> str:
})
def _render_integrare(request: Request, conn, account_id: int) -> str:
"""Randeaza panoul Integrare ca string HTML (hub documentatie + exemple cod).
Calculeaza are_cheie (chei API active pe cont) si are_creds (credentiale RAR
configurate pe cont), preia base_url real si genereaza snippet-uri multi-limbaj.
"""
from ..mapping import account_or_default
from .integrare_examples import exemple as _exemple
acct = account_or_default(account_id)
row_creds = conn.execute(
"SELECT rar_creds_enc FROM accounts WHERE id=?", (acct,)
).fetchone()
are_creds = bool(row_creds and row_creds["rar_creds_enc"])
row_key = conn.execute(
"SELECT 1 FROM api_keys WHERE account_id=? AND active=1 LIMIT 1", (acct,)
).fetchone()
are_cheie = row_key is not None
base_url = str(request.base_url).rstrip("/")
ex = _exemple(base_url, acct)
csrf_token = get_csrf_token(request)
return templates.get_template("_integrare.html").render({
"request": request,
"account_id": acct,
"base_url": base_url,
"exemple": ex,
"are_cheie": are_cheie,
"are_creds": are_creds,
"csrf_token": csrf_token,
})
def _render_panel_for_tab(request: Request, conn, account_id: int, tab: str) -> str:
"""Randeaza panoul corespunzator unui tab ca string HTML."""
if tab == "acasa":
@@ -261,6 +296,8 @@ def _render_panel_for_tab(request: Request, conn, account_id: int, tab: str) ->
return _render_panel_cont(request, conn, account_id)
if tab == "nomenclator":
return _render_panel_nomenclator(request, conn)
if tab == "integrare":
return _render_integrare(request, conn, account_id)
return _render_panel_acasa(request)
@@ -346,6 +383,18 @@ def fragment_nomenclator(request: Request) -> HTMLResponse:
conn.close()
@router.get("/_fragments/integrare", response_class=HTMLResponse)
def fragment_integrare(request: Request) -> HTMLResponse:
"""Fragment HTMX pentru tab-ul Integrare (hub documentatie + exemple cod)."""
account_id = require_login(request)
conn = get_connection()
try:
html = _render_integrare(request, conn, account_id)
return HTMLResponse(content=html)
finally:
conn.close()
@router.get("/_fragments/banner", response_class=HTMLResponse)
def fragment_banner(request: Request) -> HTMLResponse:
account_id = require_login(request)
@@ -1938,6 +1987,62 @@ def cont_roteste_cheie(
conn.close()
@router.post("/integrare/test-cheie", response_class=HTMLResponse)
def integrare_test_cheie(
request: Request,
api_key: str = Form(""),
csrf_token: str | None = Form(None),
) -> HTMLResponse:
"""Verifica cheia API lipita de utilizator — scoped pe contul sesiunii.
US-004 (PRD Etapa 5): permite utilizatorului sa confirme ca o cheie copiata
din generatorul de exemple corespunde contului sau, fara efecte secundare
(fara creare/rotire). Cheie goala, invalida sau a altui cont -> mesaj de
eroare neutru (fara eco al cheii in raspuns).
"""
account_id = require_login(request)
verify_csrf(request, csrf_token)
acct = account_or_default(account_id)
# Validare cheie goala / doar spatii -> eroare inainte de DB
cheie = (api_key or "").strip()
if not cheie:
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False, "mesaj": "Cheia este goala sau lipseste."},
)
conn = get_connection()
try:
from ..auth import account_for_key
cont_cheie = account_for_key(conn, cheie)
finally:
conn.close()
if cont_cheie is None:
# Cheie invalida, inexistenta sau revocata
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False,
"mesaj": "Cheie invalida sau revocata — nu a fost gasita in sistem."},
)
if cont_cheie != acct:
# Cheie valida dar apartine altui cont — mesaj neutru, fara dezvaluire cont terta
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": False,
"mesaj": "Cheia nu apartine contului tau."},
)
# Succes — cheia e activa si corespunde contului sesiunii
return templates.TemplateResponse(
"_integrare_test_rezultat.html",
{"request": request, "succes": True,
"mesaj": f"Cheie valida — cont {acct}."},
)
@router.post("/cont/rar-creds", response_class=HTMLResponse)
def cont_rar_creds(
request: Request,

344
app/web/templates/_integrare.html Normal file
View File

@@ -0,0 +1,344 @@
{# Panoul Integrare: exemple de cod multi-limbaj + export & referinta. #}
{# Variabile context: account_id, base_url, exemple, are_cheie, are_creds, csrf_token #}
<div id="integrare-section">
{# Empty-state: lipsesc cheie API sau credentiale RAR #}
{% if not are_cheie or not are_creds %}
<div class="banner warn" style="margin-bottom:16px;" role="alert" aria-live="polite">
<strong>Configurare incompleta.</strong>
{% if not are_creds and not are_cheie %}
Lipsesc atat credentialele RAR cat si o cheie API activa.
{% elif not are_creds %}
Lipsesc credentialele RAR pentru trimitere.
{% else %}
Lipseste o cheie API activa.
{% endif %}
Mergi la <a href="/?tab=cont">tab-ul Cont</a> pentru a le configura.
</div>
{% endif %}
{# Card: ID cont si endpoint de baza #}
<div class="card" style="margin-bottom:16px;">
<div style="display:flex; align-items:center; justify-content:space-between; flex-wrap:wrap; gap:8px;">
<span class="muted" style="font-size:13px;">Cont ID:</span>
<strong style="font-size:13px;">{{ account_id }}</strong>
<span class="muted" style="font-size:13px; margin-left:16px;">Endpoint:</span>
<code style="font-size:12px; color:var(--accent);">{{ base_url }}</code>
</div>
</div>
{# Tab-list PRIMAR: limbaje #}
<div class="card" style="margin-bottom:16px;">
<div role="tablist" class="tab-bar" aria-label="Limbaje de programare" id="tl-limbaje" style="margin-bottom:0; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-curl" aria-selected="true" aria-controls="panel-curl" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer;">curl</button>
<button role="tab" id="tab-python" aria-selected="false" aria-controls="panel-python" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">Python</button>
<button role="tab" id="tab-php" aria-selected="false" aria-controls="panel-php" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">PHP</button>
<button role="tab" id="tab-csharp" aria-selected="false" aria-controls="panel-csharp" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">C#</button>
<button role="tab" id="tab-node" aria-selected="false" aria-controls="panel-node" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">Node</button>
<button role="tab" id="tab-vfp" aria-selected="false" aria-controls="panel-vfp" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer;">VFP</button>
</div>
{# Panel curl #}
<div role="tabpanel" id="panel-curl" aria-labelledby="tab-curl" style="padding:16px 0 0;">
{% set ex = exemple["curl"] %}
<div role="tablist" class="tab-bar" aria-label="Canal curl" id="tl-curl-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-curl-prez" aria-selected="true" aria-controls="panel-curl-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
<button role="tab" id="tab-curl-import" aria-selected="false" aria-controls="panel-curl-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-curl-prez" aria-labelledby="tab-curl-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet curl prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-curl-import" aria-labelledby="tab-curl-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet curl import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# Panel python #}
<div role="tabpanel" id="panel-python" aria-labelledby="tab-python" hidden style="padding:16px 0 0;">
{% set ex = exemple["python"] %}
<div role="tablist" class="tab-bar" aria-label="Canal python" id="tl-python-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-python-prez" aria-selected="true" aria-controls="panel-python-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
<button role="tab" id="tab-python-import" aria-selected="false" aria-controls="panel-python-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-python-prez" aria-labelledby="tab-python-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet python prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-python-import" aria-labelledby="tab-python-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet python import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# Panel PHP #}
<div role="tabpanel" id="panel-php" aria-labelledby="tab-php" hidden style="padding:16px 0 0;">
{% set ex = exemple["php"] %}
<div role="tablist" class="tab-bar" aria-label="Canal php" id="tl-php-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-php-prez" aria-selected="true" aria-controls="panel-php-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
<button role="tab" id="tab-php-import" aria-selected="false" aria-controls="panel-php-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-php-prez" aria-labelledby="tab-php-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet php prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-php-import" aria-labelledby="tab-php-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet php import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# Panel C# #}
<div role="tabpanel" id="panel-csharp" aria-labelledby="tab-csharp" hidden style="padding:16px 0 0;">
{% set ex = exemple["csharp"] %}
<div role="tablist" class="tab-bar" aria-label="Canal csharp" id="tl-csharp-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-csharp-prez" aria-selected="true" aria-controls="panel-csharp-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
<button role="tab" id="tab-csharp-import" aria-selected="false" aria-controls="panel-csharp-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-csharp-prez" aria-labelledby="tab-csharp-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet csharp prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-csharp-import" aria-labelledby="tab-csharp-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet csharp import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# Panel Node #}
<div role="tabpanel" id="panel-node" aria-labelledby="tab-node" hidden style="padding:16px 0 0;">
{% set ex = exemple["node"] %}
<div role="tablist" class="tab-bar" aria-label="Canal node" id="tl-node-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-node-prez" aria-selected="true" aria-controls="panel-node-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">Prezentari JSON</button>
<button role="tab" id="tab-node-import" aria-selected="false" aria-controls="panel-node-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-node-prez" aria-labelledby="tab-node-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet node prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-node-import" aria-labelledby="tab-node-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet node import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# Panel VFP: tab-list SECUNDAR pentru dialecte #}
<div role="tabpanel" id="panel-vfp" aria-labelledby="tab-vfp" hidden style="padding:16px 0 0;">
<p class="muted" style="font-size:13px; margin:0 0 8px;">Visual FoxPro — alege dialectul COM:</p>
{# Dialecte VFP #}
<div role="tablist" class="tab-bar" aria-label="Dialecte VFP" id="tl-vfp-dialect" style="margin-bottom:12px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-vfp-msxml" aria-selected="true" aria-controls="panel-vfp-msxml" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:13px;">MSXML2</button>
<button role="tab" id="tab-vfp-winhttp" aria-selected="false" aria-controls="panel-vfp-winhttp" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:13px;">WinHttp</button>
</div>
{# MSXML2 #}
<div role="tabpanel" id="panel-vfp-msxml" aria-labelledby="tab-vfp-msxml">
{% set ex = exemple["vfp_msxml"] %}
<div role="tablist" class="tab-bar" aria-label="Canal vfp msxml" id="tl-vfp-msxml-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-vfp-msxml-prez" aria-selected="true" aria-controls="panel-vfp-msxml-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:12px;">Prezentari JSON</button>
<button role="tab" id="tab-vfp-msxml-import" aria-selected="false" aria-controls="panel-vfp-msxml-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:12px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-vfp-msxml-prez" aria-labelledby="tab-vfp-msxml-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet VFP MSXML2 prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-vfp-msxml-import" aria-labelledby="tab-vfp-msxml-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet VFP MSXML2 import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
{# WinHttp #}
<div role="tabpanel" id="panel-vfp-winhttp" aria-labelledby="tab-vfp-winhttp" hidden>
{% set ex = exemple["vfp_winhttp"] %}
<div role="tablist" class="tab-bar" aria-label="Canal vfp winhttp" id="tl-vfp-winhttp-canal" style="margin-bottom:8px; border-bottom:1px solid var(--line);">
<button role="tab" id="tab-vfp-winhttp-prez" aria-selected="true" aria-controls="panel-vfp-winhttp-prez" tabindex="0" class="tab-link tab-activ" style="border:none; background:none; cursor:pointer; font-size:12px;">Prezentari JSON</button>
<button role="tab" id="tab-vfp-winhttp-import" aria-selected="false" aria-controls="panel-vfp-winhttp-import" tabindex="-1" class="tab-link" style="border:none; background:none; cursor:pointer; font-size:12px;">Import fisier</button>
</div>
<div role="tabpanel" id="panel-vfp-winhttp-prez" aria-labelledby="tab-vfp-winhttp-prez">
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet VFP WinHttp prezentari" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["prezentari"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
<div role="tabpanel" id="panel-vfp-winhttp-import" aria-labelledby="tab-vfp-winhttp-import" hidden>
<div style="position:relative;">
<button class="btn-copiaza" aria-label="Copiaza snippet VFP WinHttp import" style="position:absolute; top:8px; right:8px; font-size:12px; padding:4px 10px; background:var(--line); color:var(--ink); border:1px solid var(--line); border-radius:4px; cursor:pointer;">Copiaza</button>
<pre style="background:var(--bg); border:1px solid var(--line); border-radius:6px; padding:16px; overflow-x:auto; margin:0;"><code style="font-size:12px; font-family:ui-monospace,monospace; color:var(--ink);">{{ ex["import"] | e }}</code></pre>
</div>
<div aria-live="polite" class="copiaza-feedback muted" style="font-size:12px; min-height:20px; margin-top:4px;"></div>
</div>
</div>
</div>
</div>
{# Card: Export & referinta #}
<div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 12px; font-size:15px;">Export &amp; referinta</h3>
<div style="display:flex; flex-wrap:wrap; gap:8px;">
<a class="cardlink" href="/docs" target="_blank" rel="noopener">Swagger UI — /docs</a>
<a class="cardlink" href="/openapi.json" target="_blank" rel="noopener">Schema OpenAPI — /openapi.json</a>
<a class="cardlink" href="/v1/integrare/postman.json" download>Colectie Postman — /v1/integrare/postman.json</a>
</div>
</div>
{# Formular test conexiune #}
<div class="card" style="margin-bottom:16px;">
<h3 style="margin:0 0 12px; font-size:15px;">Testeaza conexiunea</h3>
<form hx-post="/integrare/test-cheie"
hx-target="#integrare-test-rezultat"
hx-swap="innerHTML"
style="display:flex; gap:8px; flex-wrap:wrap; align-items:flex-end;">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<div>
<label for="test-api-key" style="display:block; font-size:13px; color:var(--muted); margin-bottom:4px;">Cheie API (rfak_...)</label>
<input type="password" id="test-api-key" name="api_key" placeholder="rfak_..."
style="width:280px;" autocomplete="off">
<p class="muted" style="font-size:12px; margin:4px 0 0;">Verificam doar daca cheia e valida. Nu o salvam si nu o memoram — cheia se gestioneaza in Cont.</p>
</div>
<button type="submit">Testeaza</button>
</form>
<div id="integrare-test-rezultat" style="margin-top:8px;"></div>
</div>
</div>
<script>
(function() {
/* Navigare ARIA pentru tab-uri multiple (scoped pe containerul propriu). */
var root = document.getElementById('integrare-section');
if (!root) return;
root.querySelectorAll('[role="tablist"]').forEach(function(tablist) {
var tabs = Array.from(tablist.querySelectorAll('[role="tab"]'));
if (!tabs.length) return;
/* Navigare cu sageti, Home, End */
tablist.addEventListener('keydown', function(e) {
var idx = tabs.indexOf(document.activeElement);
if (idx === -1) return;
var next = -1;
if (e.key === 'ArrowRight' || e.key === 'ArrowDown') {
next = (idx + 1) % tabs.length;
} else if (e.key === 'ArrowLeft' || e.key === 'ArrowUp') {
next = (idx - 1 + tabs.length) % tabs.length;
} else if (e.key === 'Home') {
next = 0;
} else if (e.key === 'End') {
next = tabs.length - 1;
}
if (next !== -1) {
e.preventDefault();
tabs[next].focus();
}
});
/* Click pe tab: activeaza panelul corespunzator */
tabs.forEach(function(tab) {
tab.addEventListener('click', function() {
var panelId = tab.getAttribute('aria-controls');
if (!panelId) return;
/* Dezactiveaza toate tab-urile din acest tablist */
tabs.forEach(function(t) {
t.setAttribute('aria-selected', 'false');
t.setAttribute('tabindex', '-1');
t.classList.remove('tab-activ');
var pid = t.getAttribute('aria-controls');
if (pid) {
var p = document.getElementById(pid);
if (p) p.hidden = true;
}
});
/* Activeaza tab-ul curent */
tab.setAttribute('aria-selected', 'true');
tab.setAttribute('tabindex', '0');
tab.classList.add('tab-activ');
var panel = document.getElementById(panelId);
if (panel) panel.hidden = false;
});
});
});
/* Buton Copiaza: citeste textul din <pre><code> sibling, nu din data-* */
root.querySelectorAll('.btn-copiaza').forEach(function(btn) {
btn.addEventListener('click', function() {
var wrapper = btn.closest('div[style*="position:relative"]') || btn.parentElement;
var code = wrapper ? wrapper.querySelector('pre code') : null;
if (!code) return;
var text = code.innerText || code.textContent;
var feedback = wrapper.parentElement && wrapper.parentElement.querySelector('.copiaza-feedback');
if (navigator.clipboard && navigator.clipboard.writeText) {
navigator.clipboard.writeText(text).then(function() {
btn.textContent = 'Copiat';
setTimeout(function() { btn.textContent = 'Copiaza'; }, 2000);
if (feedback) {
feedback.textContent = 'Copiat!';
setTimeout(function() { feedback.textContent = ''; }, 2000);
}
}).catch(function() {
if (feedback) feedback.textContent = 'Eroare la copiere.';
});
} else {
/* Fallback pentru browsere fara Clipboard API */
var ta = document.createElement('textarea');
ta.value = text;
ta.style.position = 'fixed';
ta.style.opacity = '0';
document.body.appendChild(ta);
ta.select();
try {
document.execCommand('copy');
btn.textContent = 'Copiat';
setTimeout(function() { btn.textContent = 'Copiaza'; }, 2000);
if (feedback) {
feedback.textContent = 'Copiat!';
setTimeout(function() { feedback.textContent = ''; }, 2000);
}
} catch(err) {
if (feedback) feedback.textContent = 'Eroare la copiere.';
}
document.body.removeChild(ta);
}
});
});
})();
</script>

9
app/web/templates/_integrare_test_rezultat.html Normal file
View File

@@ -0,0 +1,9 @@
{% if succes %}
<div class="flash" aria-live="polite" role="status">
{{ mesaj }}
</div>
{% else %}
<div class="banner" aria-live="polite" role="alert">
{{ mesaj }}
</div>
{% endif %}

17
app/web/templates/dashboard.html
View File

@@ -21,12 +21,13 @@
<!-- Tab-bar: navigare intre sectiuni -->
<div role="tablist" class="tab-bar" aria-label="Sectiuni dashboard">
{# US-003 (3.6): tab-ul "Trimiteri" (coada) a fost eliminat — Trimiterile traiesc
ca sectiune permanenta pe Acasa. Raman: Acasa·Mapari·Cont·Nomenclator. #}
ca sectiune permanenta pe Acasa. Raman: Acasa·Mapari·Cont·Nomenclator·Integrare. #}
{% set tabs = [
("acasa", "Acasa", "tab-acasa"),
("mapari", "Mapari", "tab-mapari"),
("cont", "Cont", "tab-cont"),
("nomenclator", "Nomenclator", "tab-nomenclator")
("nomenclator", "Nomenclator", "tab-nomenclator"),
("integrare", "Integrare", "tab-integrare")
] %}
{% for tab_id, tab_label, tab_elem_id in tabs %}
{% set badge = (badges.get(tab_id, 0) if badges else 0) %}
@@ -52,10 +53,13 @@
<script>
(function() {
/* Navigare cu sageti intre tab-uri (ARIA pattern) */
var tablist = document.querySelector('[role="tablist"]');
if (!tablist) return;
/* Navigare cu sageti intre tab-uri (ARIA pattern) — scoped pe fiecare tablist.
Folosim querySelectorAll pentru a suporta multiple tablist-uri pe pagina
(tab-bar principal + tab-urile interne din panoul Integrare). */
document.querySelectorAll('[role="tablist"]').forEach(function(tablist) {
var tabs = Array.from(tablist.querySelectorAll('[role="tab"]'));
if (!tabs.length) return;
tablist.addEventListener('keydown', function(e) {
var idx = tabs.indexOf(document.activeElement);
if (idx === -1) return;
@@ -75,7 +79,7 @@
}
});
/* La click pe tab: actualizeaza aria-selected + tabindex */
/* La click pe tab: actualizeaza aria-selected + tabindex (scoped pe tablist-ul curent) */
tabs.forEach(function(tab) {
tab.addEventListener('click', function() {
tabs.forEach(function(t) {
@@ -88,6 +92,7 @@
tab.classList.add('tab-activ');
});
});
});
})();
</script>

4
docs/ROADMAP.md
View File

File diff suppressed because one or more lines are too long

76
docs/prd/prd-5.1-hub-integrare.md
View File

@@ -1,6 +1,6 @@
# PRD 5.1 — Hub de integrare (pagina /integrare cu exemple de cod + retetar VFP + ping + export)
**Stare**: aprobat (2026-06-22 — intrebari deschise rezolvate; 3 review-uri de plan rulate si incorporate (CEO/eng/design, toate APROB CU MODIFICARI); aprobat la poarta umana. Urmeaza EXECUTE)
**Stare**: inchis (2026-06-22 — VERIFY PASS + E2E browser PASS + `/code-review` high incorporat; 568 teste pass; writeback ROADMAP facut; asteapta poarta umana de commit)
> Proces complet: `docs/ROADMAP.md` §5. Contract RAR (sursa de adevar): `docs/api-rar-contract.md`.
> Starea trece: `draft → aprobat → in-executie → verify-pass → inchis` (actualizata de lead).
@@ -66,16 +66,16 @@ de importat **pentru ca** sa-mi validez conexiunea inainte sa trimit prezentari
`test_postman_contine_exact_trei_requesturi` (prezentari, import, ping; header `X-API-Key: {{api_key}}`; `{{base_url}}`),
`test_postman_nu_deriva_din_app_routes` (allowlist hardcodat — NU expune `/v1/conturi/rar-creds` etc.).
- **Acceptance criteria**:
- [ ] `GET /v1/ping` (dependinta `resolve_account_id`) = **readiness check**, nu doar auth-echo: cheie valida → 200
- [x] `GET /v1/ping` (dependinta `resolve_account_id`) = **readiness check**, nu doar auth-echo: cheie valida → 200
`{account_id, mediu, autentificat_cu_cheie, are_creds_rar, ts}`; cheie invalida → 401; fara cheie cu
`require_api_key=true` → 401; fara cheie in dev → cont 1 cu `autentificat_cu_cheie=false`. (`are_creds_rar` = contul are
`accounts.rar_creds_enc` setate; citire-only, raspunde la "esti gata sa trimiti?", nu doar "cheia merge". CEO-review P1/P2.)
- [ ] Suporta si `Authorization: Bearer rfak_...` (al doilea header documentat in pagina).
- [ ] `GET /v1/integrare/postman.json`: colectie Postman v2.1.0 cu variabile `base_url` + `api_key`, **exact 3 requesturi**
- [x] Suporta si `Authorization: Bearer rfak_...` (al doilea header documentat in pagina).
- [x] `GET /v1/integrare/postman.json`: colectie Postman v2.1.0 cu variabile `base_url` + `api_key`, **exact 3 requesturi**
(allowlist hardcodat, NU derivat din `app.routes`): `POST /v1/prezentari`, `POST /v1/import`, `GET /v1/ping`, fiecare cu
header `X-API-Key: {{api_key}}` si body exemplu (pt prezentari: payload din schema reala `PrezentareRequest`, inclusiv `prestatii`).
- [ ] `/openapi.json` ramane accesibil (FastAPI implicit) — niciun regres.
- [ ] NU atinge `submissions`, worker, schema. `are_creds_rar` = SELECT read-only pe `accounts`.
- [x] `/openapi.json` ramane accesibil (FastAPI implicit) — niciun regres.
- [x] NU atinge `submissions`, worker, schema. `are_creds_rar` = SELECT read-only pe `accounts`.
- **Verificare E2E**: `curl -H "X-API-Key: rfak_..." http://localhost:8010/v1/ping` pe instanta locala → 200 cu contul corect +
`are_creds_rar`; import `postman.json` in Postman/Swagger.
@@ -98,13 +98,13 @@ de importat **pentru ca** sa-mi validez conexiunea inainte sa trimit prezentari
`test_prestatii_in_snippet_are_cod` (item-ul `prestatii` are `cod_prestatie` SAU `cod_op_service` — vezi `PrestatieItem._require_one`),
`test_placeholder_cheie_nu_e_valoare_reala` (mereu `rfak_...`, niciodata o cheie injectata).
- **Acceptance criteria**:
- [ ] Functie pura `exemple(base_url: str, account_id: int) -> dict` care intoarce, per limbaj, snippet pt ambele canale.
- [ ] Placeholder cheie = `rfak_...` (constant), endpoint-ul derivat din `base_url`.
- [ ] Payload-ul JSON reflecta schema reala (`PrezentareRequest`): `rar_credentials{email,password}` + `prezentari[]` cu
- [x] Functie pura `exemple(base_url: str, account_id: int) -> dict` care intoarce, per limbaj, snippet pt ambele canale.
- [x] Placeholder cheie = `rfak_...` (constant), endpoint-ul derivat din `base_url`.
- [x] Payload-ul JSON reflecta schema reala (`PrezentareRequest`): `rar_credentials{email,password}` + `prezentari[]` cu
**toate** campurile obligatorii prin `is_required()`, **inclusiv `prestatii` cu cel putin un item valid** (eng-review P1:
`prestatii` e fara default → obligatoriu; un payload fara el ar fi nevalid, exact ce pagina trebuie sa previna).
- [ ] Drift-test foloseste `field.is_required()` (nu doar prezenta cheii), ca sa nu raporteze fals campurile cu default.
- [ ] Fara I/O, fara DB, fara stare globala — pur (usor de testat).
- [x] Drift-test foloseste `field.is_required()` (nu doar prezenta cheii), ca sa nu raporteze fals campurile cu default.
- [x] Fara I/O, fara DB, fara stare globala — pur (usor de testat).
- **Verificare E2E**: acoperita de UI (US-003) + unit teste.
### US-003: UI — tab "Integrare" cu exemple, retetar VFP si export
@@ -128,24 +128,24 @@ sa integrez gateway-ul fara sa caut prin README/Swagger.
`test_empty_state_cta_cont_cand_fara_cheie_sau_creds`,
`test_fara_culori_hardcodate_doar_tokens` (snippet-ul template-ului nu contine `#`-hex; doar `var(--...)`).
- **Acceptance criteria**:
- [ ] Tab nou "Integrare" in nav (`dashboard.html`), `integrare` in `_TABS_VALIDE`, **branch nou in `_render_panel_for_tab`**,
- [x] Tab nou "Integrare" in nav (`dashboard.html`), `integrare` in `_TABS_VALIDE`, **branch nou in `_render_panel_for_tab`**,
deep-link `/?tab=integrare` randat server-side, fragment lazy pe click (pattern identic cu Mapari/Cont). NU atinge `_render_panel_import`/`coada`.
- [ ] **IA pe doua niveluri (design-review P1):** tab primar = LIMBAJ (curl/Python/PHP/C#/Node/VFP) — VFP e UN tab, nu sectiune
- [x] **IA pe doua niveluri (design-review P1):** tab primar = LIMBAJ (curl/Python/PHP/C#/Node/VFP) — VFP e UN tab, nu sectiune
separata; in panelul VFP, al doilea tablist = dialect (MSXML2 / WinHttp). Tab secundar (in fiecare panel de limbaj) = CANAL
(Prezentari JSON / Import fisier). Se vede UN singur snippet o data (fara produs cartezian 14-snippet pe ecran).
- [ ] **Refolosire ARIA (design-review P1):** generalizeaza scriptul de keyboard-nav din `dashboard.html` (sageti/Home/End,
- [x] **Refolosire ARIA (design-review P1):** generalizeaza scriptul de keyboard-nav din `dashboard.html` (sageti/Home/End,
roving `tabindex`, sync `aria-selected`+`aria-controls`) ca sa prinda ORICE `[role=tablist]`, scoped pe containerul propriu
(nu primul `querySelector` global) — altfel tab-urile imbricate (limbaj/canal/VFP-dialect) intra in conflict pe `ArrowRight`.
- [ ] **Copy-to-clipboard (design-review P2):** buton per snippet care citeste textul din `<pre><code>` asociat (NU din `data-*`);
- [x] **Copy-to-clipboard (design-review P2):** buton per snippet care citeste textul din `<pre><code>` asociat (NU din `data-*`);
feedback in `aria-live="polite"` + label "Copiat" cu revenire la "Copiaza" dupa ~2s; `navigator.clipboard` cu `.catch()` +
fallback pt context ne-securizat (selecteaza textul + "Ctrl+C") — butonul nu ramane blocat fals pe "Copiat".
- [ ] **Empty-state onboarding (design-review P2 + CEO P1):** cand sesiunea NU are cheie rotita sau NU are creds RAR, afiseaza
- [x] **Empty-state onboarding (design-review P2 + CEO P1):** cand sesiunea NU are cheie rotita sau NU are creds RAR, afiseaza
deasupra snippet-urilor un empty-state cu CTA direct `href="/?tab=cont"` ("Genereaza cheia din Cont; o vezi o singura data").
Snippet-urile raman vizibile (placeholder-based). Flux de onboarding continuu, nu doar o nota text.
- [ ] Card separat "Export & referinta" (componenta `.cardlink`): Swagger `/docs`, `GET /openapi.json`, `GET /v1/integrare/postman.json`
- [x] Card separat "Export & referinta" (componenta `.cardlink`): Swagger `/docs`, `GET /openapi.json`, `GET /v1/integrare/postman.json`
(Postman = `download`; restul `target="_blank" rel="noopener"`).
- [ ] Integreaza formularul "Testeaza conexiunea" din US-004 (primul card al panoului; markup-ul tinteste ruta US-004).
- [ ] **Tokens de tema (design-review P3, pregatire 5.3):** template-ul foloseste DOAR variabilele din `:root`
- [x] Integreaza formularul "Testeaza conexiunea" din US-004 (primul card al panoului; markup-ul tinteste ruta US-004).
- [x] **Tokens de tema (design-review P3, pregatire 5.3):** template-ul foloseste DOAR variabilele din `:root`
(`--bg`/`--card`/`--ink`/`--muted`/`--line`/`--accent`), zero culori hex hardcodate; fara highlight de sintaxa colorat
(ar introduce paleta noua). Cod copiabil pe `--ink`, nu `--muted`.
- **Verificare E2E**: browser pe `/integrare` — comuta limbaj (inclusiv VFP cu dialect), comuta canal, copiaza un snippet (vezi
@@ -169,16 +169,16 @@ integrarea va autentifica corect inainte sa scriu cod.
`test_csrf_lipsa_respinsa`,
`test_cheia_nu_apare_in_raspuns_sau_log` (no echo).
- **Acceptance criteria**:
- [ ] `POST /integrare/test-cheie` (`require_login`, CSRF): valideaza cheia lipita prin **`account_for_key` direct** (NU
- [x] `POST /integrare/test-cheie` (`require_login`, CSRF): valideaza cheia lipita prin **`account_for_key` direct** (NU
`resolve_account_id` — altfel in dev o cheie goala/gunoi ar cadea pe cont 1 si ar raporta fals "valida"); confirma DOAR
daca mapeaza pe **contul sesiunii**; altfel mesaj neutru ("nu apartine contului tau", fara sa dezvaluie care cont).
- [ ] Cheie revocata (dupa rotire) → tratata ca invalida (`account_for_key` filtreaza `active=1`).
- [ ] Niciun echo al cheii in raspuns/log (regula 422-no-echo din `main.py`).
- [ ] Raspuns HTML fragment dedicat (`_integrare_test_rezultat.html`), htmx swap intr-un container `aria-live="polite"`:
- [x] Cheie revocata (dupa rotire) → tratata ca invalida (`account_for_key` filtreaza `active=1`).
- [x] Niciun echo al cheii in raspuns/log (regula 422-no-echo din `main.py`).
- [x] Raspuns HTML fragment dedicat (`_integrare_test_rezultat.html`), htmx swap intr-un container `aria-live="polite"`:
succes pe `.flash` (border `--ok`, "Cheie valida — cont X"), eroare pe `.banner` (border `--err`). Label uman, fara emoji.
- [ ] Input `type=password` + `autocomplete="off"`; microcopy anti-confuzie langa camp: "Verificam doar daca cheia e valida.
- [x] Input `type=password` + `autocomplete="off"`; microcopy anti-confuzie langa camp: "Verificam doar daca cheia e valida.
Nu o salvam si nu o memoram — cheia se gestioneaza in Cont." Buton "Testeaza conexiunea" (NU "Salveaza").
- [ ] NU creeaza/roteste chei (doar verifica) — fara efecte secundare.
- [x] NU creeaza/roteste chei (doar verifica) — fara efecte secundare.
- **Verificare E2E**: browser — lipeste cheia reala (din rotire `/cont`) → "valida, cont X"; lipeste gunoi → eroare clara;
lipeste cheia veche dupa rotire → respinsa.
@@ -253,3 +253,29 @@ trimite), fara suport uman si fara sa atinga README/Swagger separat.
tema (pregatire 5.3); microcopy anti-confuzie + `type=password` la test-cheie.
Toate cele trei: **APROB CU MODIFICARI**, modificarile incorporate mai sus. Asteapta poarta umana de aprobare (§5.8) → `aprobat`.
---
## Raport VERIFY (2026-06-22 — subagent context curat + E2E browser lead)
**Rezultat: PASS** (dupa o runda de fix pe 4 discrepante minore).
- **Suita**: `python3 -m pytest -q`**564 passed**, 0 failed (523 baseline + 41 noi: 11 API ping/postman, 8 examples, 10 web integrare initial + 4 lock-uri fix, 8 test-cheie).
- **US-001..US-004 (criterii de acceptare)**: toate PASS (verificator independent, dovezi in cod + teste + `curl` live pe :8010 — ping cont 1 `autentificat_cu_cheie=false`, cheie valida `=true`, Bearer ok, cheie invalida 401, postman.json 3 items allowlist fara `/v1/conturi/rar-creds`, openapi 200).
- **Fix dupa VERIFY r1** (4 discrepante PRD-vs-implementare, toate in `_integrare.html`, lock-uite cu teste noi): cardul Export foloseste `.cardlink`; linkul Postman are `download` (fara `target=_blank`); microcopy anti-confuzie la test-cheie ("Nu o salvam si nu o memoram…"); butonul Copiaza isi schimba label-ul in "Copiat" + revine la 2s.
- **E2E browser (Playwright, lead, dev `web_auth_required=false`→cont 1)**: PASS pe `/?tab=integrare` — randare server-side, IA pe 2 niveluri (limbaj→canal), VFP cu al 3-lea nivel (dialect MSXML2↔WinHttp comuta corect, snippet WinHttp.WinHttpRequest.5.1), endpoint+account_id reale, empty-state CTA `/?tab=cont`, card Export, microcopy prezent, **htmx test-cheie**: cheie invalida → fragment eroare in container `aria-live` ("Cheie invalida sau revocata"). **0 erori in consola** (clasa de bug-uri htmx care a muscat 3.6 — absenta aici).
- **Regresia de aur (enqueue)**: `POST /v1/prezentari``status: queued` (live :8010). **Backend trimitere NEATINS** (doar rute noi de citire + UI; zero modificari worker/masina-stari/idempotenta/schema) — confirmat la diff. **Live RAR test (`postPrezentare`→FINALIZATA) NEPROBAT** in sesiune: `AUTOPASS_CREDS_KEY`/creds RAR test indisponibile in mediu. Risc minim (cod de trimitere neatins).
Toate PASS → CLOSE.
### `/code-review` high (2026-06-22 — CLOSE)
8 unghiuri (3 correctness + cleanup/altitude/conventii), verificare 1-vot. **4 bug-uri reale reparate** (toate in suprafata noua, backend trimitere neatins), lock-uite cu teste:
1. **C# snippet** — payload JSON multi-linie (`json.dumps indent=2`) intr-un string literal C# obisnuit → CS1010 (nu compileaza). Fix: `_payload_json_compact` (separators `(",",":")`, fara newline) pentru C#.
2. **VFP snippet**`json.dumps(indent=0)` PRODUCE TOTUSI newline-uri → `cPayload = "..."` rupt (VFP nu suporta string literal multi-linie) in ambele dialecte. Fix: acelasi helper compact.
3. **Node import snippet**`await import("node:buffer")` nu exporta `FormData``new FormData()` arunca TypeError pe orice Node; plus import mort `readFileSync`/`import("fs")` duplicat. Fix: `FormData`/`Blob` globale (Node 18+) + `readFileSync` static folosit direct.
4. **Script `_integrare.html` ne-scoped**`document.querySelectorAll('[role=tablist]')` ataseaza handlere si pe tab-bar-ul PRINCIPAL din `dashboard.html`, acumuland listeneri la fiecare swap htmx. Fix: scoping pe `#integrare-section` (`root.querySelectorAll(...)`), nu mai atinge tab-bar-ul principal.
**Notat ca cleanup viitor (NEREPARAT, disciplina backend/altitudine — low value, fara risc):** `_render_integrare` dubleaza SQL-ul `are_creds`/`are_cheie` din `_get_acasa_context`/`_render_panel_cont` (candidat de helper partajat); `ping` deschide 2 conexiuni DB + apeleaza `account_for_key` de 2 ori (derivabil din `account_id != DEFAULT_ACCOUNT_ID`); `_campuri_obligatorii()` necache-uit (apelat ~6×/render); cele 6 panouri de limbaj din `_integrare.html` copy-paste (candidat macro Jinja2); `{{ mesaj }}` fara `| e` explicit (salvat acum de autoescape, no-echo confirmat). **Pre-existente (in afara 5.1):** `GET /v1/nomenclator` + `/_fragments/nomenclator` neprotejate (deja notate in ROADMAP "de remediat").
568 teste pass.

215
tests/test_integrare_api.py Normal file
View File

@@ -0,0 +1,215 @@
"""Teste US-001: endpoint-uri de integrare (GET /v1/ping + export Postman).
TDD — toate testele RED inainte de implementare.
"""
from __future__ import annotations
import json
import os
import tempfile
import pytest
from fastapi.testclient import TestClient
# --------------------------------------------------------------------------- #
# Fixture client izolat #
# --------------------------------------------------------------------------- #
@pytest.fixture()
def client(monkeypatch):
"""Client FastAPI cu DB temporara izolata, require_api_key=False (dev)."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "false")
monkeypatch.setenv("AUTOPASS_RAR_ENV", "test")
from app.config import get_settings
get_settings.cache_clear()
from app.main import app
with TestClient(app) as c:
yield c
get_settings.cache_clear()
@pytest.fixture()
def client_prod(monkeypatch):
"""Client cu require_api_key=True (mod prod)."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_REQUIRE_API_KEY", "true")
monkeypatch.setenv("AUTOPASS_RAR_ENV", "prod")
from app.config import get_settings
get_settings.cache_clear()
from app.main import app
with TestClient(app) as c:
yield c
get_settings.cache_clear()
def _creeaza_cheie(monkeypatch) -> str:
"""Seed cont id=1 + creeaza cheie API; intoarce cheia in clar."""
from app.db import get_connection
from app.auth import create_api_key
conn = get_connection()
try:
cheie = create_api_key(conn, 1)
conn.commit()
finally:
conn.close()
return cheie
def _seteaza_rar_creds(monkeypatch=None) -> None:
"""Seteaza rar_creds_enc pe contul id=1."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
enc = encrypt_creds({"email": "test@rar.ro", "password": "secret"})
conn.execute("UPDATE accounts SET rar_creds_enc=? WHERE id=1", (enc,))
conn.commit()
finally:
conn.close()
# --------------------------------------------------------------------------- #
# Teste ping #
# --------------------------------------------------------------------------- #
def test_ping_cu_cheie_valida_200(client, monkeypatch):
"""GET /v1/ping cu X-API-Key valida -> 200 cu campurile cerute."""
cheie = _creeaza_cheie(monkeypatch)
r = client.get("/v1/ping", headers={"X-API-Key": cheie})
assert r.status_code == 200, r.text
body = r.json()
assert "account_id" in body
assert "mediu" in body
assert "autentificat_cu_cheie" in body
assert "are_creds_rar" in body
assert "ts" in body
assert body["autentificat_cu_cheie"] is True
assert body["mediu"] == "test"
def test_ping_cu_bearer_valid_200(client, monkeypatch):
"""GET /v1/ping cu Authorization: Bearer valida -> 200, autentificat_cu_cheie=True."""
cheie = _creeaza_cheie(monkeypatch)
r = client.get("/v1/ping", headers={"Authorization": f"Bearer {cheie}"})
assert r.status_code == 200, r.text
body = r.json()
assert body["autentificat_cu_cheie"] is True
assert body["account_id"] == 1
def test_ping_fara_cheie_dev_cont_implicit(client, monkeypatch):
"""Fara cheie, require_api_key=False -> cont 1, autentificat_cu_cheie=False."""
r = client.get("/v1/ping")
assert r.status_code == 200, r.text
body = r.json()
assert body["account_id"] == 1
assert body["autentificat_cu_cheie"] is False
def test_ping_x_api_key_gol_in_dev_cont_implicit(client, monkeypatch):
"""X-API-Key cu doar spatii = lipsa cheie -> cont 1, autentificat_cu_cheie=False in dev."""
r = client.get("/v1/ping", headers={"X-API-Key": " "})
assert r.status_code == 200, r.text
body = r.json()
assert body["account_id"] == 1
assert body["autentificat_cu_cheie"] is False
def test_ping_are_creds_rar_reflecta_contul(client, monkeypatch):
"""Cont fara creds -> are_creds_rar=False; dupa setare -> True."""
# Fara creds
r1 = client.get("/v1/ping")
assert r1.status_code == 200
assert r1.json()["are_creds_rar"] is False
# Seteaza creds pe cont 1
_seteaza_rar_creds()
r2 = client.get("/v1/ping")
assert r2.status_code == 200
assert r2.json()["are_creds_rar"] is True
def test_ping_cheie_invalida_401(client, monkeypatch):
"""Cheie invalida -> 401, indiferent de require_api_key."""
r = client.get("/v1/ping", headers={"X-API-Key": "rfak_cheie_falsa_xxxxxxxx"})
assert r.status_code == 401
def test_ping_prod_fara_cheie_401(client_prod, monkeypatch):
"""require_api_key=True, fara cheie -> 401."""
r = client_prod.get("/v1/ping")
assert r.status_code == 401
def test_ruta_ping_inregistrata_o_singura_data(client, monkeypatch):
"""Ruta /v1/ping trebuie sa apara exact o data in app.routes."""
from app.main import app
rute_ping = [r for r in app.routes if hasattr(r, "path") and r.path == "/v1/ping"]
assert len(rute_ping) == 1, f"Asteptat 1 ruta /v1/ping, gasit: {len(rute_ping)}"
# --------------------------------------------------------------------------- #
# Teste export Postman #
# --------------------------------------------------------------------------- #
def test_postman_export_json_valid(client, monkeypatch):
"""GET /v1/integrare/postman.json -> 200, Content-Type JSON, structura Postman v2.1.0."""
r = client.get("/v1/integrare/postman.json")
assert r.status_code == 200, r.text
assert "application/json" in r.headers.get("content-type", "")
body = r.json()
assert "info" in body
assert "v2.1.0" in body["info"].get("schema", ""), f"Schema gresita: {body['info'].get('schema')}"
def test_postman_contine_exact_trei_requesturi(client, monkeypatch):
"""Colectia Postman trebuie sa contina exact 3 requesturi cu headers si url corecte."""
r = client.get("/v1/integrare/postman.json")
assert r.status_code == 200
body = r.json()
items = body.get("item", [])
assert len(items) == 3, f"Asteptat 3 requesturi, gasit: {len(items)}"
for item in items:
req = item.get("request", {})
# Fiecare trebuie sa aiba header X-API-Key cu valoarea {{api_key}}
headers = req.get("header", [])
cheie_header = [h for h in headers if h.get("key") == "X-API-Key"]
assert len(cheie_header) == 1, f"Header X-API-Key lipsa in request '{item.get('name')}'"
assert cheie_header[0].get("value") == "{{api_key}}", \
f"Valoare header gresita: {cheie_header[0].get('value')}"
# URL-ul trebuie sa contina {{base_url}}
url = req.get("url", {})
url_raw = url.get("raw", "") if isinstance(url, dict) else str(url)
assert "{{base_url}}" in url_raw, \
f"{{{{base_url}}}} lipsa in url pentru '{item.get('name')}': {url_raw}"
def test_postman_nu_deriva_din_app_routes(client, monkeypatch):
"""Colectia Postman contine EXACT cele 3 rute allowlist, nu mai mult."""
r = client.get("/v1/integrare/postman.json")
assert r.status_code == 200
body = r.json()
items = body.get("item", [])
# Extrage URL-urile / path-urile din colectie
cai_expuse = set()
for item in items:
req = item.get("request", {})
url = req.get("url", {})
url_raw = url.get("raw", "") if isinstance(url, dict) else str(url)
# Normalizeaza: scoate {{base_url}} si parametrii query
cale = url_raw.replace("{{base_url}}", "").split("?")[0]
cai_expuse.add(cale)
# Allowlist: exact acestea 3
allowlist = {"/v1/prezentari", "/v1/import", "/v1/ping"}
assert cai_expuse == allowlist, \
f"Colectia expune cai neasteptate: {cai_expuse - allowlist} sau lipsesc: {allowlist - cai_expuse}"

233
tests/test_integrare_examples.py Normal file
View File

@@ -0,0 +1,233 @@
"""Teste pentru app.web.integrare_examples — modul PUR, fara I/O.
Ordinea: RED (fara implementare) -> GREEN (dupa implementare).
"""
import json
import pytest
from app.models import PrezentareIn
from app.web.integrare_examples import exemple
BASE_URL = "https://autopass.example.com"
ACCOUNT_ID = 7
RESULT = exemple(BASE_URL, ACCOUNT_ID)
LIMBAJE_OBLIGATORII = ["curl", "python", "php", "csharp", "node", "vfp_msxml", "vfp_winhttp"]
# ---------------------------------------------------------------------------
# Structura de baza
# ---------------------------------------------------------------------------
def test_toate_limbajele_prezente():
"""Toate limbajele obligatorii trebuie sa fie chei in dictionar."""
for limbaj in LIMBAJE_OBLIGATORII:
assert limbaj in RESULT, f"lipseste limbajul: {limbaj}"
def test_ambele_canale_per_limbaj():
"""Fiecare limbaj are atat 'prezentari' cat si 'import'."""
for limbaj in LIMBAJE_OBLIGATORII:
assert "prezentari" in RESULT[limbaj], f"{limbaj} lipseste canalul 'prezentari'"
assert "import" in RESULT[limbaj], f"{limbaj} lipseste canalul 'import'"
assert isinstance(RESULT[limbaj]["prezentari"], str), f"{limbaj}.prezentari nu e string"
assert isinstance(RESULT[limbaj]["import"], str), f"{limbaj}.import nu e string"
# ---------------------------------------------------------------------------
# curl — prezentari
# ---------------------------------------------------------------------------
def test_snippet_curl_prezentari_contine_endpoint_si_header():
"""Snippetul curl prezentari contine URL-ul corect si header-ul X-API-Key."""
snippet = RESULT["curl"]["prezentari"]
assert f"{BASE_URL}/v1/prezentari" in snippet, "lipseste endpoint-ul /v1/prezentari"
assert "X-API-Key" in snippet, "lipseste header-ul X-API-Key"
assert "rfak_..." in snippet, "placeholder-ul cheii trebuie sa fie rfak_..."
# ---------------------------------------------------------------------------
# python — import (multipart)
# ---------------------------------------------------------------------------
def test_snippet_python_import_upload_multipart():
"""Snippetul python import foloseste multipart (files=) pe /v1/import."""
snippet = RESULT["python"]["import"]
assert f"{BASE_URL}/v1/import" in snippet, "lipseste endpoint-ul /v1/import"
assert "files=" in snippet or 'files =' in snippet, "lipseste multipart files="
assert "rfak_..." in snippet, "placeholder-ul cheii trebuie sa fie rfak_..."
# ---------------------------------------------------------------------------
# VFP — doua dialecte distincte
# ---------------------------------------------------------------------------
def test_vfp_msxml_si_winhttp_distincte():
"""vfp_msxml foloseste MSXML2.ServerXMLHTTP.6.0; vfp_winhttp foloseste WinHttp.WinHttpRequest.5.1."""
msxml_snippet = RESULT["vfp_msxml"]["prezentari"]
winhttp_snippet = RESULT["vfp_winhttp"]["prezentari"]
assert "MSXML2.ServerXMLHTTP.6.0" in msxml_snippet, (
"vfp_msxml trebuie sa foloseasca MSXML2.ServerXMLHTTP.6.0"
)
assert "WinHttp.WinHttpRequest.5.1" in winhttp_snippet, (
"vfp_winhttp trebuie sa foloseasca WinHttp.WinHttpRequest.5.1"
)
# Distincte — nu acelasi obiect COM in ambele
assert "MSXML2.ServerXMLHTTP.6.0" not in winhttp_snippet, (
"vfp_winhttp nu trebuie sa contina MSXML2 (dialect gresit)"
)
assert "WinHttp.WinHttpRequest.5.1" not in msxml_snippet, (
"vfp_msxml nu trebuie sa contina WinHttp (dialect gresit)"
)
# ---------------------------------------------------------------------------
# Drift-test schema — campuri obligatorii din model
# ---------------------------------------------------------------------------
def test_payload_acopera_campurile_obligatorii_din_model():
"""Snippetul curl prezentari contine toate campurile obligatorii din PrezentareIn.
Deriva lista din model_fields pentru a fi rezistenta la schimbari de schema.
Campurile cu default (odometru_initial, obs, b64_image, sistem_reparat) nu sunt
obligatorii si nu trebuie sa cauzeze drift fals.
"""
obligatorii = {
camp
for camp, field in PrezentareIn.model_fields.items()
if field.is_required()
}
# Obligatorii asteptate conform spec: vin, nr_inmatriculare, data_prestatie,
# odometru_final, prestatii
snippet = RESULT["curl"]["prezentari"]
for camp in obligatorii:
assert camp in snippet, f"camp obligatoriu absent din snippet: {camp}"
# Credentiale RAR (email + password)
assert "email" in snippet, "camp 'email' absent din snippet (RarCredentials)"
assert "password" in snippet, "camp 'password' absent din snippet (RarCredentials)"
def test_prestatii_in_snippet_are_cod():
"""Snippetul prezentari contine cod_prestatie sau cod_op_service in payload."""
for limbaj in LIMBAJE_OBLIGATORII:
snippet = RESULT[limbaj]["prezentari"]
are_cod = "cod_prestatie" in snippet or "cod_op_service" in snippet
assert are_cod, f"{limbaj}.prezentari lipseste cod_prestatie / cod_op_service"
# ---------------------------------------------------------------------------
# Placeholder cheie
# ---------------------------------------------------------------------------
def test_placeholder_cheie_nu_e_valoare_reala():
"""Toate snippet-urile cu autentificare contin literal 'rfak_', nu o cheie reala."""
for limbaj in LIMBAJE_OBLIGATORII:
for canal in ["prezentari", "import"]:
snippet = RESULT[limbaj][canal]
assert "rfak_" in snippet, (
f"{limbaj}.{canal} lipseste placeholder-ul rfak_ (cheie API)"
)
# ---------------------------------------------------------------------------
# FIX-1 — C# si VFP: JSON compact (fara newline in string literal)
# ---------------------------------------------------------------------------
def test_csharp_payload_pe_o_singura_linie():
"""Snippetul C# prezentari: JSON-ul din var json = "..." e pe o singura linie.
Un JSON multi-linie intr-un string literal C# NU compileaza.
Verificam ca helper-ul compact produce un JSON fara newline
si ca acel JSON compact apare in snippetul C#.
"""
from app.web.integrare_examples import _payload_json_compact, _snippet_csharp_prezentari
compact = _payload_json_compact(ACCOUNT_ID)
assert "\n" not in compact, (
"_payload_json_compact produce newline — nu e compact"
)
snippet = _snippet_csharp_prezentari(BASE_URL, ACCOUNT_ID)
# JSON-ul compact (cu ghilimele escape-uite) trebuie sa fie substring in snippet
escaped = compact.replace('"', '\\"')
assert escaped in snippet, (
"JSON-ul compact (escaped) nu apare in snippetul C#; "
"probabil _snippet_csharp_prezentari inca foloseste _payload_json_str"
)
# Verificare directa: linia var json = "..." nu contine newline in interiorul ei
# In C# linia se termina cu "; (ghilimea de inchidere + punct-virgula)
for line in snippet.splitlines():
if 'var json = "' in line:
stripped = line.rstrip()
# Linia trebuie sa se inchida pe acelasi rand (cu "; sau ")
assert stripped.endswith('";') or stripped.endswith('"'), (
f"Linia 'var json = \"...' nu se termina pe acelasi rand: {line!r}"
)
break
else:
assert False, "Linia 'var json = \"...' nu a fost gasita in snippetul C#"
def test_vfp_payload_pe_o_singura_linie():
"""Snippetul VFP prezentari (ambele dialecte): cPayload = "..." e pe o linie.
Un string literal VFP multi-linie NU e valid.
Verificam ambele dialecte: vfp_msxml si vfp_winhttp.
"""
from app.web.integrare_examples import _payload_json_compact
compact = _payload_json_compact(ACCOUNT_ID)
# In VFP ghilimele se dubleaza
compact_vfp = compact.replace('"', '""')
for dialect in ("vfp_msxml", "vfp_winhttp"):
snippet = RESULT[dialect]["prezentari"]
# Payload-ul VFP (cu doubling) trebuie sa fie substring in snippet
assert compact_vfp in snippet, (
f"{dialect}: JSON-ul compact (cu \"\" doubling) nu apare in snippet; "
"probabil inca se foloseste _payload_json_str cu indent"
)
# Linia cPayload = "..." nu trebuie sa contina newline in interiorul valorii
for line in snippet.splitlines():
if 'cPayload = "' in line:
assert line.rstrip().endswith('"'), (
f"{dialect}: linia 'cPayload = \"...' nu se termina pe acelasi rand: {line!r}"
)
break
else:
assert False, f"{dialect}: linia 'cPayload = \"...' nu a fost gasita in snippet"
# ---------------------------------------------------------------------------
# FIX-2 — Node import: FormData/Blob globale, fara import din node:buffer
# ---------------------------------------------------------------------------
def test_node_import_nu_foloseste_node_buffer():
"""Snippetul Node import nu importa din 'node:buffer' si foloseste FormData globala.
'node:buffer' nu exporta FormData — `new FormData()` ar arunca TypeError.
In Node 18+ FormData si Blob sunt globale.
"""
snippet = RESULT["node"]["import"]
assert "node:buffer" not in snippet, (
"Snippetul Node import contine 'node:buffer' — invalid, FormData nu e acolo"
)
assert "new FormData()" in snippet, (
"Snippetul Node import nu contine 'new FormData()' — FormData trebuie folosita global"
)

265
tests/test_integrare_test_cheie.py Normal file
View File

@@ -0,0 +1,265 @@
"""Teste US-004: POST /integrare/test-cheie — verifica cheia API lipita de utilizator.
TDD: testele se scriu INAINTE de implementare; la inceput pica (RED),
dupa implementare trec (GREEN).
Ruta testata:
- POST /integrare/test-cheie -> fragment HTML cu rezultat validare
"""
from __future__ import annotations
import os
import re
import tempfile
import pytest
from starlette.testclient import TestClient
# ---------------------------------------------------------------------------
# Fixture-uri
# ---------------------------------------------------------------------------
@pytest.fixture()
def client(monkeypatch):
"""Client fara web_auth_required (dev mode) — sesiunea se seteaza manual."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
from app.config import get_settings
get_settings.cache_clear()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
yield c
get_settings.cache_clear()
@pytest.fixture()
def client_prod(monkeypatch):
"""Client cu web_auth_required=True (mod prod) — CSRF enforce."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t.db"))
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
from app.config import get_settings
get_settings.cache_clear()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
yield c
get_settings.cache_clear()
# ---------------------------------------------------------------------------
# Helper-e
# ---------------------------------------------------------------------------
def _create_account_user(email: str = "user@test.com", password: str = "parolasecreta10"):
"""Creeaza cont + user + cheie API initiala. Intoarce (acct_id, user_id, api_key)."""
from app.accounts import create_account
from app.users import create_user
from app.auth import create_api_key
from app.db import get_connection
conn = get_connection()
try:
acct_id = create_account(conn, "Service Test", active=True)
user_id = create_user(conn, acct_id, email, password)
api_key = create_api_key(conn, acct_id)
return acct_id, user_id, api_key
finally:
conn.close()
def _login(client, email: str, password: str) -> None:
"""Face login real prin HTTP si seteaza cookie-ul de sesiune pe client."""
resp = client.get("/login")
assert resp.status_code == 200
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, "csrf_token negasit pe /login"
csrf = m.group(1)
resp = client.post("/login", data={
"email": email,
"parola": password,
"csrf_token": csrf,
})
assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
def _get_csrf_from_fragment(client) -> str:
"""Obtine CSRF token din fragmentul /_fragments/cont."""
resp = client.get("/_fragments/cont")
assert resp.status_code == 200
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
if not m:
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, f"csrf_token negasit in /_fragments/cont: {resp.text[:500]}"
return m.group(1)
# ---------------------------------------------------------------------------
# Teste
# ---------------------------------------------------------------------------
def test_cheie_valida_a_contului_curent_ok(client):
"""Cheie activa a contului sesiunii -> raspuns de succes cu mention cont."""
acct_id, user_id, api_key = _create_account_user("cheie_ok@test.com")
_login(client, "cheie_ok@test.com", "parolasecreta10")
csrf = _get_csrf_from_fragment(client)
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": api_key,
})
assert resp.status_code == 200
body = resp.text.lower()
# Trebuie sa contina un mesaj de succes (clasa flash sau text "valida")
assert "valida" in body or "succes" in body, f"Mesaj de succes lipsa: {resp.text[:500]}"
# Trebuie sa mentioneze contul (account_id)
assert str(acct_id) in resp.text, f"account_id {acct_id} absent din raspuns: {resp.text[:500]}"
def test_cheie_a_altui_cont_respinsa(client):
"""Cheia unui alt cont -> mesaj neutru 'nu apartine contului tau', fara sa spuna care cont."""
acct_a, user_a, key_a = _create_account_user("altcont_a@test.com")
acct_b, user_b, key_b = _create_account_user("altcont_b@test.com")
# Logam user A; testam cu cheia lui B
_login(client, "altcont_a@test.com", "parolasecreta10")
csrf = _get_csrf_from_fragment(client)
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": key_b,
})
assert resp.status_code == 200
body = resp.text.lower()
# Trebuie sa respinga - mesaj ca nu apartine contului
assert "nu apartine" in body or "alt cont" in body or "nu este" in body, \
f"Mesaj de respingere lipsa: {resp.text[:500]}"
# NU trebuie sa dezvaluie ca e cheia contului B (nu mentionam alt account_id)
assert str(acct_b) not in resp.text, \
f"account_id-ul contului {acct_b} (terta) nu trebuia dezvaluit: {resp.text[:500]}"
def test_cheie_invalida_mesaj_clar(client):
"""Cheie inexistenta -> mesaj clar de eroare (nu valida)."""
acct_id, user_id, _ = _create_account_user("invalida@test.com")
_login(client, "invalida@test.com", "parolasecreta10")
csrf = _get_csrf_from_fragment(client)
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": "rfak_cheie_inexistenta_total_falsa",
})
assert resp.status_code == 200
body = resp.text.lower()
# Trebuie sa contina un mesaj de eroare (nu succes)
assert "invalida" in body or "inexistenta" in body or "negasita" in body or "eroare" in body, \
f"Mesaj de eroare lipsa: {resp.text[:500]}"
assert "valida" not in body or "invalida" in body, \
f"Raspuns da fals pozitiv 'valida': {resp.text[:500]}"
def test_cheie_revocata_dupa_rotire_respinsa(client):
"""Cheia veche (revocata dupa rotire) -> tratata ca invalida."""
acct_id, user_id, cheie_veche = _create_account_user("rotire@test.com")
_login(client, "rotire@test.com", "parolasecreta10")
# Rotim cheia (cheia_veche devine revocata)
from app.auth import rotate_api_key
from app.db import get_connection
conn = get_connection()
try:
cheie_noua = rotate_api_key(conn, acct_id)
finally:
conn.close()
csrf = _get_csrf_from_fragment(client)
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": cheie_veche,
})
assert resp.status_code == 200
body = resp.text.lower()
# Cheia veche revocata trebuie respinsa (invalida sau revocata)
assert "invalida" in body or "revocata" in body or "negasita" in body or "eroare" in body, \
f"Cheia revocata nu a fost respinsa: {resp.text[:500]}"
assert "valida — cont" not in body.lower(), \
f"Cheia revocata a primit fals pozitiv: {resp.text[:500]}"
def test_cheie_goala_nu_da_fals_pozitiv_in_dev(client):
"""Cheie goala sau whitespace -> eroare clara, NU 'valida cont 1' (fals pozitiv dev)."""
acct_id, user_id, _ = _create_account_user("goala@test.com")
_login(client, "goala@test.com", "parolasecreta10")
csrf = _get_csrf_from_fragment(client)
for cheie_goala in ["", " ", "\t"]:
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": cheie_goala,
})
assert resp.status_code == 200
body = resp.text.lower()
assert "valida — cont" not in body, \
f"Cheie goala '{repr(cheie_goala)}' da fals pozitiv: {resp.text[:500]}"
assert "goala" in body or "lipsa" in body or "invalida" in body or "eroare" in body, \
f"Cheie goala '{repr(cheie_goala)}' nu da mesaj de eroare: {resp.text[:500]}"
def test_fara_login_redirect_sau_401(monkeypatch):
"""Fara sesiune + web_auth_required=True -> 303 redirect /login."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "t_nl.db"))
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
from app.config import get_settings
get_settings.cache_clear()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
resp = c.post("/integrare/test-cheie", data={
"api_key": "rfak_orice",
})
assert resp.status_code in (303, 401), \
f"Trebuia redirect sau 401 fara login, got: {resp.status_code}"
if resp.status_code == 303:
assert "/login" in resp.headers.get("location", "")
get_settings.cache_clear()
def test_csrf_lipsa_respinsa(client):
"""Post cu CSRF invalid/lipsa si sesiune activa -> 403."""
acct_id, user_id, api_key = _create_account_user("csrf_test@test.com")
_login(client, "csrf_test@test.com", "parolasecreta10")
resp = client.post("/integrare/test-cheie", data={
"csrf_token": "token_gresit_total",
"api_key": api_key,
})
assert resp.status_code == 403, f"Trebuia 403 la CSRF invalid, got: {resp.status_code}"
def test_cheia_nu_apare_in_raspuns_sau_log(client):
"""Cheia lipita nu trebuie sa apara in body-ul raspunsului (no-echo)."""
acct_id, user_id, api_key = _create_account_user("noecho@test.com")
_login(client, "noecho@test.com", "parolasecreta10")
csrf = _get_csrf_from_fragment(client)
resp = client.post("/integrare/test-cheie", data={
"csrf_token": csrf,
"api_key": api_key,
})
assert resp.status_code == 200
# Cheia completa nu trebuie sa apara in raspuns (nici macar partial daca e unica)
assert api_key not in resp.text, \
f"Cheia API a aparut in body raspuns (no-echo violation): {resp.text[:500]}"

438
tests/test_web_integrare.py Normal file
View File

@@ -0,0 +1,438 @@
"""Teste US-003 — tab "Integrare" (hub documentatie + exemple cod).
TDD: testele se scriu INAINTE de implementare; la inceput pica (RED),
dupa implementare trec (GREEN).
Rute testate:
- GET / -> tab-bar contine tab "Integrare"
- GET /?tab=integrare -> panou randat server-side
- GET /_fragments/integrare -> fragment HTMX cu require_login
"""
from __future__ import annotations
import os
import re
import tempfile
import pytest
from starlette.testclient import TestClient
# =========================================================================== #
# Helpers comune #
# =========================================================================== #
def _create_account_user(email: str, password: str = "parolasecreta10"):
"""Creeaza cont + user. Intoarce (acct_id, user_id)."""
from app.accounts import create_account
from app.users import create_user
from app.db import get_connection
conn = get_connection()
try:
acct_id = create_account(conn, "Service Test Integrare", active=True)
user_id = create_user(conn, acct_id, email, password)
return acct_id, user_id
finally:
conn.close()
def _login(client, email: str, password: str = "parolasecreta10") -> None:
"""Autentificare HTTP; seteaza cookie de sesiune pe client."""
resp = client.get("/login")
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text) or \
re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
assert m, "csrf_token negasit pe /login"
resp = client.post("/login", data={
"email": email,
"parola": password,
"csrf_token": m.group(1),
})
assert resp.status_code == 303, f"Login esuat: {resp.status_code} {resp.text[:200]}"
def _add_creds(acct_id: int) -> None:
"""Adauga credentiale RAR criptate pe cont (pentru test are_creds=True)."""
from app.db import get_connection
from app.crypto import encrypt_creds
conn = get_connection()
try:
creds_enc = encrypt_creds({"email": "test@rar.ro", "password": "secret"})
conn.execute(
"UPDATE accounts SET rar_creds_enc=? WHERE id=?",
(creds_enc, acct_id),
)
conn.commit()
finally:
conn.close()
def _add_api_key(acct_id: int) -> str:
"""Adauga o cheie API activa pe cont. Intoarce cheia bruta."""
from app.db import get_connection
from app.auth import create_api_key
conn = get_connection()
try:
key = create_api_key(conn, acct_id)
return key
finally:
conn.close()
@pytest.fixture()
def client(monkeypatch):
"""Client cu BD izolata si autentificare web activata."""
tmp = tempfile.mkdtemp()
monkeypatch.setenv("AUTOPASS_DB_PATH", os.path.join(tmp, "integrare_test.db"))
monkeypatch.setenv("AUTOPASS_WEB_AUTH_REQUIRED", "true")
from app.config import get_settings
get_settings.cache_clear()
from app.web import ratelimit
ratelimit._hits.clear()
from app.main import app
with TestClient(app, follow_redirects=False) as c:
yield c
ratelimit._hits.clear()
get_settings.cache_clear()
# =========================================================================== #
# test_tab_integrare_in_nav #
# =========================================================================== #
def test_tab_integrare_in_nav(client):
"""Tab-bar-ul principal contine link-ul catre tab-ul Integrare."""
_create_account_user("nav_integrare@test.com")
_login(client, "nav_integrare@test.com")
resp = client.get("/")
assert resp.status_code == 200
html = resp.text
# Trebuie sa existe un link sau buton cu ?tab=integrare
assert "tab=integrare" in html, "tab-ul 'integrare' lipseste din tab-bar"
# Textul "Integrare" vizibil
assert "Integrare" in html
# =========================================================================== #
# test_deeplink_tab_integrare_randeaza_panou_server_side #
# =========================================================================== #
def test_deeplink_tab_integrare_randeaza_panou_server_side(client):
"""GET /?tab=integrare randeaza panoul server-side (nu redirectioneaza)."""
_create_account_user("deeplink_integrare@test.com")
_login(client, "deeplink_integrare@test.com")
resp = client.get("/?tab=integrare")
assert resp.status_code == 200
html = resp.text
# Panoul trebuie sa contina continut specific integrare
# (nu sa cada pe Acasa din cauza unui tab invalid)
assert "integrare" in html.lower()
# tab-ul activ trebuie sa fie "integrare"
assert 'aria-selected="true"' in html or "tab-activ" in html
# =========================================================================== #
# test_fragment_integrare_necesita_login #
# =========================================================================== #
def test_fragment_integrare_necesita_login(client):
"""GET /_fragments/integrare fara sesiune redirectioneaza la /login (require_login)."""
# Fara login -> trebuie 303 catre /login
resp = client.get("/_fragments/integrare")
assert resp.status_code == 303
assert "/login" in resp.headers.get("location", "")
# =========================================================================== #
# test_pagina_contine_account_id_si_endpoint_real #
# =========================================================================== #
def test_pagina_contine_account_id_si_endpoint_real(client):
"""Panoul Integrare afiseaza account_id-ul contului si URL-ul real al endpoint-ului."""
acct_id, _ = _create_account_user("endpoint_real@test.com")
_login(client, "endpoint_real@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# account_id trebuie sa apara in pagina
assert str(acct_id) in html
# endpoint-ul /v1/prezentari trebuie sa apara
assert "/v1/prezentari" in html
# =========================================================================== #
# test_pagina_are_tab_limbaje_si_vfp_cu_dialecte #
# =========================================================================== #
def test_pagina_are_tab_limbaje_si_vfp_cu_dialecte(client):
"""Panoul Integrare are tab-uri pentru limbaje si VFP are sub-tab-uri (dialecte)."""
_create_account_user("limbaje@test.com")
_login(client, "limbaje@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Limbajele principale trebuie sa fie prezente
for limbaj in ("curl", "Python", "PHP"):
assert limbaj in html, f"Limbajul '{limbaj}' lipseste din panoul Integrare"
# VFP (Visual FoxPro) trebuie sa fie prezent
assert "VFP" in html or "FoxPro" in html or "Visual Fox" in html
# Dialectele VFP
assert "MSXML2" in html or "MSXML" in html
assert "WinHttp" in html
# =========================================================================== #
# test_canal_secundar_prezentari_si_import #
# =========================================================================== #
def test_canal_secundar_prezentari_si_import(client):
"""Fiecare limbaj are sectiuni pentru canalele Prezentari JSON si Import fisier."""
_create_account_user("canal_sec@test.com")
_login(client, "canal_sec@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Ambele canale trebuie sa fie vizibile in pagina
assert "prezentari" in html.lower() or "/v1/prezentari" in html
assert "import" in html.lower() or "/v1/import" in html
# =========================================================================== #
# test_export_card_openapi_postman_swagger #
# =========================================================================== #
def test_export_card_openapi_postman_swagger(client):
"""Panoul Integrare are card cu linkuri: /docs, /openapi.json, postman.json."""
_create_account_user("export_card@test.com")
_login(client, "export_card@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Linkuri de referinta
assert "/docs" in html
assert "/openapi.json" in html
assert "postman" in html.lower()
# =========================================================================== #
# test_buton_copiaza_citeste_din_pre_code #
# =========================================================================== #
def test_buton_copiaza_citeste_din_pre_code(client):
"""Snippet-urile au buton 'Copiaza' care citeste din <pre><code> (nu din data-*)."""
_create_account_user("copiaza@test.com")
_login(client, "copiaza@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Trebuie sa existe un buton de copiere
assert "Copiaza" in html or "copiaza" in html.lower()
# Snippet-urile trebuie sa fie in <pre><code> (nu text ascuns in data-*)
assert "<pre>" in html and "<code>" in html
# Butonul NU trebuie sa aiba data-cod sau data-snippet cu continutul
# (copiaza din DOM, nu din attribut)
assert 'data-cod="' not in html
assert 'data-snippet="' not in html
# =========================================================================== #
# test_empty_state_cta_cont_cand_fara_cheie_sau_creds #
# =========================================================================== #
def test_empty_state_cta_cont_cand_fara_cheie_sau_creds(client):
"""Fara cheie API sau credentiale RAR, panoul afiseaza CTA catre tab Cont."""
# Cont nou fara cheie si fara credentiale
_create_account_user("empty_state@test.com")
_login(client, "empty_state@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Trebuie sa existe un mesaj de empty-state cu link catre tab cont
assert "/?tab=cont" in html or "tab=cont" in html
# Mesajul trebuie sa atraga atentia ca lipsesc ceva
# (cheie sau credentiale)
lower = html.lower()
assert "cheie" in lower or "credentiale" in lower or "cont" in lower
# =========================================================================== #
# test_fara_culori_hardcodate_doar_tokens #
# =========================================================================== #
def test_fara_culori_hardcodate_doar_tokens(client):
"""Panoul Integrare nu contine culori hex hardcodate (#RRGGBB) — doar var(--...) tokens."""
_create_account_user("tokens_css@test.com")
_login(client, "tokens_css@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Cauta culori hex in stil inline (style="...#...") sau in tag style
# Pattern: # urmat de 3 sau 6 hex digits, in context CSS
import re as _re
# Cautam doar in atributele style="" inline si in taguri <style>
style_attrs = _re.findall(r'style="([^"]*)"', html)
style_tags = _re.findall(r'<style[^>]*>(.*?)</style>', html, _re.DOTALL)
all_css = " ".join(style_attrs) + " ".join(style_tags)
# Culori hex in CSS: #rgb sau #rrggbb (precedate de spatiu, :, sau ;)
hex_colors = _re.findall(r'(?<=[: ])#[0-9a-fA-F]{3,6}\b', all_css)
assert not hex_colors, (
f"Culori hex hardcodate gasite in _integrare.html: {hex_colors}. "
"Foloseste var(--...) tokens CSS."
)
# =========================================================================== #
# test_export_postman_are_atribut_download [FIX-2] #
# =========================================================================== #
def test_export_postman_are_atribut_download(client):
"""Linkul Postman (.json) contine atributul download (PRD US-003)."""
_create_account_user("postman_download@test.com")
_login(client, "postman_download@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Trebuie sa existe linkul postman.json cu atribut download
assert "postman.json" in html, "Linkul postman.json lipseste din pagina"
import re as _re
# Cautam <a cu href postman.json care contine si atribut download
postman_links = _re.findall(r'<a[^>]*postman\.json[^>]*>', html)
assert postman_links, "Tag-ul <a> cu postman.json nu a fost gasit"
assert any("download" in lnk for lnk in postman_links), (
f"Linkul Postman nu are atribut 'download'. Tag gasit: {postman_links}"
)
# =========================================================================== #
# test_export_card_foloseste_cardlink [FIX-1] #
# =========================================================================== #
def test_export_card_foloseste_cardlink(client):
"""Cardul Export & referinta foloseste componenta .cardlink (PRD US-003)."""
_create_account_user("export_cardlink@test.com")
_login(client, "export_cardlink@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Cardul export trebuie sa contina clasa cardlink
assert "cardlink" in html, (
"Clasa 'cardlink' lipseste din panoul Integrare. "
"Cardul Export & referinta trebuie sa foloseasca componenta .cardlink."
)
# Linkurile de export trebuie sa foloseasca clasa cardlink
import re as _re
cardlink_anchors = _re.findall(r'<a[^>]*cardlink[^>]*>', html)
assert cardlink_anchors, "Nu exista niciun <a class=\"cardlink\"> in pagina"
# =========================================================================== #
# test_microcopy_anticonfuzie_la_test_cheie [FIX-3] #
# =========================================================================== #
def test_microcopy_anticonfuzie_la_test_cheie(client):
"""Formularul 'Testeaza conexiunea' contine microcopy anti-confuzie (PRD US-004)."""
_create_account_user("microcopy@test.com")
_login(client, "microcopy@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Textul specific din PRD US-004
assert "Nu o salvam" in html, (
"Microcopy anti-confuzie lipseste din formularul 'Testeaza conexiunea'. "
"Trebuie sa contina: 'Nu o salvam si nu o memoram'."
)
# =========================================================================== #
# test_buton_copiaza_schimba_label_in_copiat [FIX-4] #
# =========================================================================== #
def test_buton_copiaza_schimba_label_in_copiat(client):
"""Scriptul JS schimba label-ul butonului in 'Copiat' la copiere (PRD US-003)."""
_create_account_user("copiat_label@test.com")
_login(client, "copiat_label@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
# Scriptul trebuie sa contina logica de schimbare a textContent pe buton
assert "textContent" in html, (
"Scriptul JS nu contine 'textContent' — schimbarea label-ului butonului lipseste."
)
assert "Copiat" in html, (
"Textul 'Copiat' lipseste din script — butonul nu isi schimba label-ul."
)
import re as _re
script_blocks = _re.findall(r'<script[^>]*>(.*?)</script>', html, _re.DOTALL)
script_text = " ".join(script_blocks)
# Verificam ca butonul (btn) isi schimba textContent (nu doar feedback div)
assert "btn.textContent" in script_text, (
"Scriptul JS nu contine 'btn.textContent' — label-ul butonului nu se schimba."
)
# Verificam valoarea setata pe buton
assert "'Copiat'" in script_text or '"Copiat"' in script_text, (
"Scriptul JS nu seteaza valoarea 'Copiat' pe buton."
)
# Verificam revenirea la 'Copiaza' dupa setTimeout
assert "setTimeout" in script_text, (
"Scriptul JS nu contine setTimeout — revenirea la 'Copiaza' dupa 2s lipseste."
)
assert "'Copiaza'" in script_text or '"Copiaza"' in script_text, (
"Scriptul JS nu seteaza revenirea la 'Copiaza' dupa timeout."
)
# =========================================================================== #
# test_script_integrare_scoped_pe_container [FIX-3] #
# =========================================================================== #
def test_script_integrare_scoped_pe_container(client):
"""Scriptul JS din _integrare.html este scoped pe #integrare-section.
Un querySelectorAll global ar ataca si tablist-ul principal din dashboard.html,
acumuland handlere si provocand dubla-legare pe fiecare swap HTMX.
Verificam ca scriptul porneste de la getElementById('integrare-section')
si NU face document.querySelectorAll('[role="tablist"]') global.
"""
_create_account_user("scoped_script@test.com")
_login(client, "scoped_script@test.com")
resp = client.get("/_fragments/integrare")
assert resp.status_code == 200
html = resp.text
import re as _re
script_blocks = _re.findall(r'<script[^>]*>(.*?)</script>', html, _re.DOTALL)
script_text = " ".join(script_blocks)
# Trebuie sa existe getElementById('integrare-section') ca root
assert "getElementById('integrare-section')" in script_text or \
'getElementById("integrare-section")' in script_text, (
"Scriptul JS nu contine getElementById('integrare-section') — "
"scoping-ul pe container lipseste"
)
# NU trebuie sa existe document.querySelectorAll cu '[role="tablist"]' global
# (adica fara a folosi root-ul)
has_global_tablist = bool(
_re.search(r'document\.querySelectorAll\([\'"][^"\']*\[role=["\']tablist["\'][^"\']*[\'"]\)', script_text)
)
assert not has_global_tablist, (
"Scriptul JS contine document.querySelectorAll('[role=\"tablist\"]') global — "
"trebuie sa foloseasca root.querySelectorAll dupa getElementById('integrare-section')"
)