mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#338): Route all state-changing fetch() calls through API client

Browse Source 
- Replace raw fetch() with apiPost/apiPatch/apiDelete in:
  - ImportExportActions.tsx: POST for file imports
  - KanbanBoard.tsx: PATCH for task status updates
  - ActiveProjectsWidget.tsx: POST for widget data fetches
  - useLayouts.ts: POST/PATCH/DELETE for layout management
- Add apiPostFormData() method to API client for FormData uploads
- Ensures CSRF token is included in all state-changing requests
- Update tests to mock CSRF token fetch for API client usage

Refs #338

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-05 17:06:23 -06:00
parent 5ae07f7a84
commit 344e5df3bb
7 changed files with 198 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
apps/web/src/components/widgets/__tests__/ActiveProjectsWidget.test.tsx
View File

@@ -3,26 +3,48 @@
* Following TDD principles
*/
import { describe, it, expect, vi, beforeEach } from "vitest";
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
import { render, screen, waitFor } from "@testing-library/react";
import { ActiveProjectsWidget } from "../ActiveProjectsWidget";
import userEvent from "@testing-library/user-event";
import { clearCsrfToken } from "@/lib/api/client";
// Mock fetch for API calls
global.fetch = vi.fn() as typeof global.fetch;
// Helper to create mock CSRF token response
const mockCsrfResponse = (): Response =>
({
ok: true,
json: () => Promise.resolve({ token: "test-csrf-token" }),
}) as Response;
describe("ActiveProjectsWidget", (): void => {
beforeEach((): void => {
vi.clearAllMocks();
clearCsrfToken(); // Clear cached CSRF token between tests
});
afterEach((): void => {
vi.resetAllMocks();
});
it("should render loading state initially", (): void => {
vi.mocked(global.fetch).mockImplementation(
() =>
new Promise(() => {
// Intentionally empty - creates a never-resolving promise for loading state
})
);
// First call returns CSRF token, subsequent calls never resolve (loading state)
let csrfReturned = false;
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token on first request
if (urlString.includes("csrf") && !csrfReturned) {
csrfReturned = true;
return Promise.resolve(mockCsrfResponse());
}
// All other requests never resolve
return new Promise(() => {
// Intentionally empty - creates a never-resolving promise for loading state
});
});
render(<ActiveProjectsWidget id="active-projects-1" />);
@@ -57,6 +79,10 @@ describe("ActiveProjectsWidget", (): void => {
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
if (urlString.includes("active-projects")) {
return Promise.resolve({
ok: true,
@@ -103,6 +129,10 @@ describe("ActiveProjectsWidget", (): void => {
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
if (urlString.includes("active-projects")) {
return Promise.resolve({
ok: true,
@@ -127,12 +157,18 @@ describe("ActiveProjectsWidget", (): void => {
});
it("should handle empty states", async (): Promise<void> => {
vi.mocked(global.fetch).mockImplementation(() =>
Promise.resolve({
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
return Promise.resolve({
ok: true,
json: () => Promise.resolve([]),
} as Response)
);
} as Response);
});
render(<ActiveProjectsWidget id="active-projects-1" />);
@@ -161,6 +197,10 @@ describe("ActiveProjectsWidget", (): void => {
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
if (urlString.includes("agent-chains")) {
return Promise.resolve({
ok: true,
@@ -207,6 +247,10 @@ describe("ActiveProjectsWidget", (): void => {
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
if (urlString.includes("agent-chains")) {
return Promise.resolve({
ok: true,
@@ -251,6 +295,10 @@ describe("ActiveProjectsWidget", (): void => {
vi.mocked(global.fetch).mockImplementation((url: RequestInfo | URL) => {
const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : "";
// Return CSRF token
if (urlString.includes("csrf")) {
return Promise.resolve(mockCsrfResponse());
}
if (urlString.includes("active-projects")) {
return Promise.resolve({
ok: true,