Move desktop and e2e into examples/ directory

- desktop/ → examples/django-react-desktop-app/ - e2e/ → examples/django-react-site/ - example/ → examples/django-react-site/backend/ - Update Dockerfile.test, Makefile, playwright config, and django.config.mjs path references Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 20:41:20 -04:00
parent c866142770
commit eee352d908
51 changed files with 5983 additions and 10 deletions
--- a/examples/django-react-desktop-app/tests/init.py
+++ b/examples/django-react-desktop-app/tests/init.py
--- a/examples/django-react-desktop-app/tests/conftest.py
+++ b/examples/django-react-desktop-app/tests/conftest.py
@@ -0,0 +1,8 @@
+import django
+from django.conf import settings
+
+
+# Ensure migrations run before tests
+def pytest_configure():
+    # Import mizan_clients to trigger function registration
+    import backend.mizan_clients  # noqa: F401
--- a/examples/django-react-desktop-app/tests/test_desktop_rpc.py
+++ b/examples/django-react-desktop-app/tests/test_desktop_rpc.py
@@ -0,0 +1,179 @@
+"""
+REAL integration tests for the mizan RPC framework layer.
+
+Tests the actual HTTP stack: CSRF, middleware, error codes, validation.
+Every test makes a real HTTP request — no mocks, no RequestFactory.
+"""
+
+import json
+from urllib.request import urlopen, Request
+from urllib.error import HTTPError
+
+from django.test import LiveServerTestCase
+
+
+class RealHTTPMixin:
+    def _session_init(self):
+        url = f"{self.live_server_url}/api/mizan/session/"
+        resp = urlopen(Request(url))
+        cookies = resp.headers.get_all("Set-Cookie") or []
+        for cookie in cookies:
+            if "csrftoken=" in cookie:
+                self._csrf_token = cookie.split("csrftoken=")[1].split(";")[0]
+                self._cookies = f"csrftoken={self._csrf_token}"
+                return
+        self._csrf_token = None
+        self._cookies = ""
+
+    def _call(self, fn: str, args: dict | None = None):
+        url = f"{self.live_server_url}/api/mizan/call/"
+        body = json.dumps({"fn": fn, "args": args or {}}).encode()
+        req = Request(url, data=body, method="POST")
+        req.add_header("Content-Type", "application/json")
+        if self._csrf_token:
+            req.add_header("X-CSRFToken", self._csrf_token)
+        if self._cookies:
+            req.add_header("Cookie", self._cookies)
+        resp = urlopen(req)
+        return json.loads(resp.read())
+
+    def _raw_post(
+        self,
+        path: str,
+        body: bytes | str,
+        content_type: str = "application/json",
+        include_csrf: bool = False,
+    ):
+        """Raw POST without the call() envelope — for testing malformed requests."""
+        url = f"{self.live_server_url}{path}"
+        if isinstance(body, str):
+            body = body.encode()
+        req = Request(url, data=body, method="POST")
+        req.add_header("Content-Type", content_type)
+        if include_csrf and self._csrf_token:
+            req.add_header("X-CSRFToken", self._csrf_token)
+            req.add_header("Cookie", self._cookies)
+        return urlopen(req)
+
+
+class CSRFTests(RealHTTPMixin, LiveServerTestCase):
+    """CSRF handling over real HTTP — the thing that was broken."""
+
+    def test_session_endpoint_sets_csrf_cookie(self):
+        """GET /session/ must return a Set-Cookie with csrftoken."""
+        url = f"{self.live_server_url}/api/mizan/session/"
+        resp = urlopen(Request(url))
+        cookies = resp.headers.get_all("Set-Cookie") or []
+
+        csrf_cookies = [c for c in cookies if "csrftoken=" in c]
+        self.assertGreater(len(csrf_cookies), 0, "No csrftoken cookie set by /session/")
+
+    def test_call_without_csrf_is_rejected(self):
+        """POST /call/ without CSRF token must fail."""
+        url = f"{self.live_server_url}/api/mizan/call/"
+        body = json.dumps({"fn": "system_info", "args": {}}).encode()
+        req = Request(url, data=body, method="POST")
+        req.add_header("Content-Type", "application/json")
+
+        try:
+            resp = urlopen(req)
+            data = json.loads(resp.read())
+            # If it doesn't raise, the response should indicate an error
+            self.assertTrue(data.get("error"), "POST without CSRF should be rejected")
+        except HTTPError as e:
+            self.assertEqual(e.code, 403, f"Expected 403, got {e.code}")
+
+    def test_call_with_csrf_succeeds(self):
+        """POST /call/ with valid CSRF token must work."""
+        self._session_init()
+        data = self._call("system_info")
+
+        self.assertFalse(data["error"])
+        self.assertIn("os_name", data["data"])
+
+
+class ValidationTests(RealHTTPMixin, LiveServerTestCase):
+    """Pydantic validation errors over real HTTP."""
+
+    def setUp(self):
+        self._session_init()
+
+    def test_missing_required_field(self):
+        """Calling create_note without title should return VALIDATION_ERROR."""
+        data = self._call("create_note", {})
+
+        self.assertTrue(data["error"])
+        self.assertEqual(data["code"], "VALIDATION_ERROR")
+
+    def test_wrong_type(self):
+        """Calling delete_note with string id should return VALIDATION_ERROR."""
+        data = self._call("delete_note", {"id": "not-an-int"})
+
+        self.assertTrue(data["error"])
+        self.assertEqual(data["code"], "VALIDATION_ERROR")
+
+    def test_missing_multiple_fields(self):
+        """write_file with no args should list all missing fields."""
+        data = self._call("write_file", {})
+
+        self.assertTrue(data["error"])
+        self.assertEqual(data["code"], "VALIDATION_ERROR")
+
+
+class ErrorCodeTests(RealHTTPMixin, LiveServerTestCase):
+    """Error codes over real HTTP."""
+
+    def setUp(self):
+        self._session_init()
+
+    def test_not_found_function(self):
+        data = self._call("this_does_not_exist")
+
+        self.assertTrue(data["error"])
+        self.assertEqual(data["code"], "NOT_FOUND")
+
+    def test_forbidden_write_outside_home(self):
+        data = self._call("write_file", {"path": "/etc/nope.txt", "content": "x"})
+
+        self.assertTrue(data["error"])
+        self.assertEqual(data["code"], "FORBIDDEN")
+
+    def test_get_method_rejected(self):
+        """GET to /call/ should be rejected."""
+        url = f"{self.live_server_url}/api/mizan/call/"
+        try:
+            resp = urlopen(Request(url))
+            data = json.loads(resp.read())
+            self.assertTrue(data.get("error"))
+        except HTTPError as e:
+            self.assertIn(e.code, [403, 405])
+
+    def test_invalid_json_body(self):
+        """Malformed JSON should return BAD_REQUEST."""
+        self._session_init()
+        try:
+            resp = self._raw_post(
+                "/api/mizan/call/",
+                body="not valid json{{{",
+                include_csrf=True,
+            )
+            data = json.loads(resp.read())
+            self.assertTrue(data["error"])
+            self.assertEqual(data["code"], "BAD_REQUEST")
+        except HTTPError as e:
+            self.assertIn(e.code, [400, 403])
+
+    def test_missing_fn_field(self):
+        """POST with valid JSON but no 'fn' field should return BAD_REQUEST."""
+        self._session_init()
+        try:
+            resp = self._raw_post(
+                "/api/mizan/call/",
+                body=json.dumps({"not_fn": "hello"}),
+                include_csrf=True,
+            )
+            data = json.loads(resp.read())
+            self.assertTrue(data["error"])
+            self.assertEqual(data["code"], "BAD_REQUEST")
+        except HTTPError as e:
+            self.assertIn(e.code, [400, 403])
--- a/examples/django-react-desktop-app/tests/test_notes.py
+++ b/examples/django-react-desktop-app/tests/test_notes.py
@@ -0,0 +1,143 @@
+"""
+REAL integration tests for notes CRUD over HTTP.
+
+Every test makes actual HTTP requests to a live Django server.
+"""
+
+import json
+
+from django.test import LiveServerTestCase
+from urllib.request import urlopen, Request
+
+
+class RealHTTPMixin:
+    def _session_init(self):
+        url = f"{self.live_server_url}/api/mizan/session/"
+        resp = urlopen(Request(url))
+        cookies = resp.headers.get_all("Set-Cookie") or []
+        for cookie in cookies:
+            if "csrftoken=" in cookie:
+                self._csrf_token = cookie.split("csrftoken=")[1].split(";")[0]
+                self._cookies = f"csrftoken={self._csrf_token}"
+                return
+        self._csrf_token = None
+        self._cookies = ""
+
+    def _call(self, fn: str, args: dict | None = None):
+        url = f"{self.live_server_url}/api/mizan/call/"
+        body = json.dumps({"fn": fn, "args": args or {}}).encode()
+        req = Request(url, data=body, method="POST")
+        req.add_header("Content-Type", "application/json")
+        if self._csrf_token:
+            req.add_header("X-CSRFToken", self._csrf_token)
+        if self._cookies:
+            req.add_header("Cookie", self._cookies)
+        resp = urlopen(req)
+        return json.loads(resp.read())
+
+
+class NotesCRUDTests(RealHTTPMixin, LiveServerTestCase):
+    """Full CRUD lifecycle over real HTTP."""
+
+    def setUp(self):
+        self._session_init()
+
+    def test_list_notes_empty(self):
+        data = self._call("list_notes")
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["notes"], [])
+        self.assertEqual(data["data"]["count"], 0)
+
+    def test_create_note(self):
+        data = self._call("create_note", {"title": "First Note", "content": "Hello!"})
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["title"], "First Note")
+        self.assertEqual(data["data"]["content"], "Hello!")
+        self.assertFalse(data["data"]["pinned"])
+        self.assertIn("id", data["data"])
+        self.assertIn("created_at", data["data"])
+
+    def test_create_and_list(self):
+        self._call("create_note", {"title": "Note A"})
+        self._call("create_note", {"title": "Note B"})
+
+        data = self._call("list_notes")
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["count"], 2)
+        titles = [n["title"] for n in data["data"]["notes"]]
+        self.assertIn("Note A", titles)
+        self.assertIn("Note B", titles)
+
+    def test_get_note_by_id(self):
+        create = self._call("create_note", {"title": "Get Me", "content": "Specific"})
+        note_id = create["data"]["id"]
+
+        data = self._call("get_note", {"id": note_id})
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["id"], note_id)
+        self.assertEqual(data["data"]["title"], "Get Me")
+
+    def test_update_note(self):
+        create = self._call("create_note", {"title": "Original"})
+        note_id = create["data"]["id"]
+
+        data = self._call("update_note", {"id": note_id, "title": "Updated"})
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["title"], "Updated")
+
+    def test_update_note_pin(self):
+        create = self._call("create_note", {"title": "Pin Me"})
+        note_id = create["data"]["id"]
+
+        data = self._call("update_note", {"id": note_id, "pinned": True})
+        self.assertFalse(data["error"])
+        self.assertTrue(data["data"]["pinned"])
+
+    def test_delete_note(self):
+        create = self._call("create_note", {"title": "Delete Me"})
+        note_id = create["data"]["id"]
+
+        data = self._call("delete_note", {"id": note_id})
+        self.assertFalse(data["error"])
+        self.assertTrue(data["data"]["deleted"])
+
+        # Verify it's gone
+        from urllib.error import HTTPError
+
+        try:
+            get_data = self._call("get_note", {"id": note_id})
+            self.assertTrue(get_data["error"])
+        except HTTPError:
+            pass  # 500 is also a valid failure signal
+
+    def test_pinned_notes_sort_first(self):
+        self._call("create_note", {"title": "Unpinned"})
+        self._call("create_note", {"title": "Pinned", "pinned": True})
+
+        data = self._call("list_notes")
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["notes"][0]["title"], "Pinned")
+
+    def test_full_lifecycle(self):
+        """Create -> update -> pin -> verify -> delete over real HTTP."""
+        # Create
+        create = self._call("create_note", {"title": "Lifecycle", "content": "v1"})
+        note_id = create["data"]["id"]
+
+        # Update
+        self._call("update_note", {"id": note_id, "content": "v2"})
+
+        # Pin
+        self._call("update_note", {"id": note_id, "pinned": True})
+
+        # Verify
+        get = self._call("get_note", {"id": note_id})
+        self.assertEqual(get["data"]["title"], "Lifecycle")
+        self.assertEqual(get["data"]["content"], "v2")
+        self.assertTrue(get["data"]["pinned"])
+
+        # Delete
+        delete = self._call("delete_note", {"id": note_id})
+        self.assertTrue(delete["data"]["deleted"])
--- a/examples/django-react-desktop-app/tests/test_system.py
+++ b/examples/django-react-desktop-app/tests/test_system.py
@@ -0,0 +1,167 @@
+"""
+REAL integration tests for desktop system RPC functions.
+
+These make actual HTTP requests to a running Django server.
+No RequestFactory, no mocks, no shortcuts.
+"""
+
+import json
+import os
+import platform
+from pathlib import Path
+
+from django.test import LiveServerTestCase
+from urllib.request import urlopen, Request
+
+
+class RealHTTPMixin:
+    """Makes real HTTP requests to the live server."""
+
+    def _session_init(self):
+        """Hit /session/ to get CSRF cookie, like mizanProvider does."""
+        url = f"{self.live_server_url}/api/mizan/session/"
+        req = Request(url)
+        resp = urlopen(req)
+        # Extract csrftoken from Set-Cookie header
+        cookies = resp.headers.get_all("Set-Cookie") or []
+        for cookie in cookies:
+            if "csrftoken=" in cookie:
+                self._csrf_token = cookie.split("csrftoken=")[1].split(";")[0]
+                self._cookies = f"csrftoken={self._csrf_token}"
+                return
+        self._csrf_token = None
+        self._cookies = ""
+
+    def _call(self, fn: str, args: dict | None = None):
+        """Make a real POST to /api/mizan/call/ with CSRF token."""
+        url = f"{self.live_server_url}/api/mizan/call/"
+        body = json.dumps({"fn": fn, "args": args or {}}).encode()
+        req = Request(url, data=body, method="POST")
+        req.add_header("Content-Type", "application/json")
+        if self._csrf_token:
+            req.add_header("X-CSRFToken", self._csrf_token)
+        if self._cookies:
+            req.add_header("Cookie", self._cookies)
+        resp = urlopen(req)
+        return json.loads(resp.read())
+
+
+class SystemInfoTests(RealHTTPMixin, LiveServerTestCase):
+    """system_info over real HTTP."""
+
+    def setUp(self):
+        self._session_init()
+
+    def test_system_info_returns_os_data(self):
+        data = self._call("system_info")
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["os_name"], platform.system())
+        self.assertEqual(data["data"]["hostname"], platform.node())
+        self.assertGreater(data["data"]["cpu_count"], 0)
+
+    def test_system_info_returns_paths(self):
+        data = self._call("system_info")
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["home_dir"], str(Path.home()))
+        self.assertEqual(data["data"]["cwd"], os.getcwd())
+
+    def test_disk_usage(self):
+        data = self._call("disk_usage", {"path": "/"})
+
+        self.assertFalse(data["error"])
+        self.assertGreater(data["data"]["total_gb"], 0)
+        self.assertGreater(data["data"]["free_gb"], 0)
+        self.assertGreaterEqual(data["data"]["percent_used"], 0)
+        self.assertLessEqual(data["data"]["percent_used"], 100)
+
+    def test_app_info(self):
+        data = self._call("app_info")
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["app_name"], "mizan Desktop")
+        self.assertGreater(data["data"]["uptime_seconds"], 0)
+
+
+class FileSystemTests(RealHTTPMixin, LiveServerTestCase):
+    """File system RPC over real HTTP."""
+
+    def setUp(self):
+        self._session_init()
+        self.test_dir = Path.home() / ".mizan-test"
+        self.test_dir.mkdir(exist_ok=True)
+
+    def tearDown(self):
+        import shutil
+
+        if self.test_dir.exists():
+            shutil.rmtree(self.test_dir)
+
+    def test_list_files_home(self):
+        data = self._call("list_files", {"directory": "~"})
+
+        self.assertFalse(data["error"])
+        self.assertEqual(data["data"]["directory"], str(Path.home()))
+        self.assertIsInstance(data["data"]["entries"], list)
+
+    def test_list_files_root_has_no_parent(self):
+        data = self._call("list_files", {"directory": "/"})
+
+        self.assertFalse(data["error"])
+        self.assertIsNone(data["data"]["parent"])
+
+    def test_write_and_read_file(self):
+        """Full round-trip over real HTTP: write, read back, verify."""
+        test_path = str(self.test_dir / "test-note.txt")
+        test_content = "Hello from a REAL HTTP integration test!"
+
+        # Write
+        write_data = self._call(
+            "write_file", {"path": test_path, "content": test_content}
+        )
+        self.assertFalse(write_data["error"])
+        self.assertEqual(write_data["data"]["path"], test_path)
+
+        # Read back
+        read_data = self._call("read_file", {"path": test_path})
+        self.assertFalse(read_data["error"])
+        self.assertEqual(read_data["data"]["content"], test_content)
+
+    def test_write_outside_home_rejected(self):
+        """Server should reject writes outside home directory."""
+        from urllib.error import HTTPError
+
+        try:
+            data = self._call(
+                "write_file", {"path": "/tmp/escape.txt", "content": "nope"}
+            )
+            # If we get here, check the response has an error
+            self.assertTrue(data["error"])
+            self.assertEqual(data["code"], "FORBIDDEN")
+        except HTTPError as e:
+            # 403 is also acceptable
+            self.assertEqual(e.code, 403)
+
+    def test_delete_file(self):
+        test_path = str(self.test_dir / "to-delete.txt")
+        (self.test_dir / "to-delete.txt").write_text("delete me")
+
+        data = self._call("delete_file", {"path": test_path})
+        self.assertFalse(data["error"])
+        self.assertTrue(data["data"]["deleted"])
+        self.assertFalse(Path(test_path).exists())
+
+    def test_file_entries_have_metadata(self):
+        (self.test_dir / "metadata-test.txt").write_text("hello")
+
+        data = self._call("list_files", {"directory": str(self.test_dir)})
+        self.assertFalse(data["error"])
+        self.assertGreater(len(data["data"]["entries"]), 0)
+
+        entry = data["data"]["entries"][0]
+        self.assertIn("name", entry)
+        self.assertIn("path", entry)
+        self.assertIn("is_dir", entry)
+        self.assertIn("size", entry)
+        self.assertIn("modified", entry)