fix(avatar): sincroniza avatar apos atualizar

- Propaga Set-Cookie do Better Auth no endpoint de avatar\n- Forca refresh da sessao apos upload/remocao\n- Adiciona teste de propagacao e defaults de env para testes
2025-12-17 10:38:07 -03:00 · 2025-12-17 10:38:07 -03:00 · 8546a1feb1
commit 8546a1feb1
parent 74c06ffa33
6 changed files with 84 additions and 4 deletions
--- a/src/app/api/profile/avatar/route.ts
+++ b/src/app/api/profile/avatar/route.ts
@ -4,7 +4,7 @@
 * DELETE - Remove a foto de perfil (volta ao padrão)
 */

-import { NextRequest, NextResponse } from "next/server"
+import { NextResponse } from "next/server"

 import { getServerSession } from "@/lib/auth-server"
 import { auth } from "@/lib/auth"
@ -34,7 +34,7 @@ function extractSetCookies(headers: Headers) {
  return setCookieHeaders
 }

-export async function POST(request: NextRequest) {
+export async function POST(request: Request) {
  try {
    const session = await getServerSession()

@ -142,7 +142,7 @@ export async function POST(request: NextRequest) {
  }
 }

-export async function DELETE(request: NextRequest) {
+export async function DELETE(request: Request) {
  try {
    const session = await getServerSession()

--- a/src/components/settings/settings-content.tsx
+++ b/src/components/settings/settings-content.tsx
@ -32,7 +32,7 @@ import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle }
 import { Input } from "@/components/ui/input"
 import { Label } from "@/components/ui/label"
 import { Separator } from "@/components/ui/separator"
-import { useAuth, signOut } from "@/lib/auth-client"
+import { refreshSession, signOut, useAuth } from "@/lib/auth-client"

 const ShaderBackground = dynamic(
  () => import("@/components/background-paper-shaders-wrapper"),
@ -442,6 +442,7 @@ function ProfileEditCard({

        const avatarData = await avatarRes.json()
        setLocalAvatarUrl(avatarData.avatarUrl)
+        await refreshSession()

        // Limpa preview
        if (pendingAvatarPreview) {
@ -461,6 +462,7 @@ function ProfileEditCard({

        setLocalAvatarUrl(null)
        setPendingRemoveAvatar(false)
+        await refreshSession()
      }

      // Processa outros dados do perfil se houver
--- a/tests/profile-avatar-cookie-propagation.test.ts
+++ b/tests/profile-avatar-cookie-propagation.test.ts
@ -0,0 +1,72 @@
+import { beforeEach, describe, expect, it, vi } from "vitest"
+
+import { DELETE } from "@/app/api/profile/avatar/route"
+import { getServerSession } from "@/lib/auth-server"
+import { auth } from "@/lib/auth"
+import { prisma } from "@/lib/prisma"
+
+vi.mock("@/lib/auth-server", () => ({
+  getServerSession: vi.fn(),
+}))
+
+vi.mock("@/server/convex-client", () => ({
+  createConvexClient: vi.fn(() => ({ mutation: vi.fn() })),
+}))
+
+vi.mock("@/lib/prisma", () => ({
+  prisma: {
+    authUser: { update: vi.fn() },
+  },
+}))
+
+vi.mock("@/lib/auth", () => ({
+  auth: {
+    api: {
+      updateUser: vi.fn(),
+    },
+  },
+}))
+
+describe("DELETE /api/profile/avatar", () => {
+  beforeEach(() => {
+    vi.resetAllMocks()
+    vi.mocked(getServerSession).mockResolvedValue({
+      session: { id: "sess-1", expiresAt: Date.now() + 60_000 },
+      user: {
+        id: "user-1",
+        name: "Agente",
+        email: "agent@example.com",
+        role: "agent",
+        tenantId: null,
+        avatarUrl: "https://cdn.example.com/avatar.png",
+        machinePersona: null,
+      },
+    })
+  })
+
+  it("propaga Set-Cookie retornado pelo Better Auth (cookieCache)", async () => {
+    const upstreamHeaders = new Headers()
+    upstreamHeaders.append("set-cookie", "better-auth.session_data=abc; Path=/; HttpOnly")
+    upstreamHeaders.append("set-cookie", "better-auth.session_token=def; Path=/; HttpOnly")
+
+    vi.mocked(auth.api.updateUser).mockResolvedValue(
+      new Response(JSON.stringify({ status: true }), { status: 200, headers: upstreamHeaders })
+    )
+
+    const req = new Request("http://localhost/api/profile/avatar", { method: "DELETE" })
+    const res = await DELETE(req)
+
+    expect(res.status).toBe(200)
+
+    const headersAny = res.headers as Headers & { getSetCookie?: () => string[] | undefined }
+    const setCookies =
+      typeof headersAny.getSetCookie === "function"
+        ? headersAny.getSetCookie() ?? []
+        : [res.headers.get("set-cookie")].filter(Boolean)
+
+    expect(setCookies.join("\n")).toContain("better-auth.session_data=abc")
+    expect(setCookies.join("\n")).toContain("better-auth.session_token=def")
+
+    expect(vi.mocked(prisma.authUser.update)).not.toHaveBeenCalled()
+  })
+})
--- a/tests/setup/bun-test-env.ts
+++ b/tests/setup/bun-test-env.ts
@ -6,6 +6,7 @@ import { JSDOM } from "jsdom"
 process.env.BETTER_AUTH_SECRET ??= "test-secret"
 process.env.NEXT_PUBLIC_APP_URL ??= "http://localhost:3000"
 process.env.BETTER_AUTH_URL ??= process.env.NEXT_PUBLIC_APP_URL
+process.env.DATABASE_URL ??= "postgresql://postgres:postgres@localhost:5432/sistema_test?schema=public"
 process.env.NODE_ENV ??= "test"

 const OriginalDate = Date
--- a/vitest.config.mts
+++ b/vitest.config.mts
@ -10,6 +10,9 @@ const convexDir = path.resolve(__dirname, "./convex")
 const isCI = process.env.CI === "true"
 const isBrowserRun = process.env.VITEST_BROWSER === "true"

+process.env.DATABASE_URL =
+  process.env.DATABASE_URL ?? "postgresql://postgres:postgres@localhost:5432/sistema_test?schema=public"
+
 export default defineConfig({
  root: __dirname,
  plugins: [tsconfigPaths()],
--- a/vitest.setup.node.ts
+++ b/vitest.setup.node.ts
@ -5,6 +5,8 @@ if (typeof process !== "undefined" && process.versions?.node) {
  process.env.BETTER_AUTH_SECRET = process.env.BETTER_AUTH_SECRET ?? "test-secret"
  process.env.NEXT_PUBLIC_APP_URL = process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000"
  process.env.BETTER_AUTH_URL = process.env.BETTER_AUTH_URL ?? process.env.NEXT_PUBLIC_APP_URL
+  process.env.DATABASE_URL =
+    process.env.DATABASE_URL ?? "postgresql://postgres:postgres@localhost:5432/sistema_test?schema=public"
 }

 export {}