Add Playwright TypeScript smoke tests for all major pages#753
Add Playwright TypeScript smoke tests for all major pages#753devin-ai-integration[bot] wants to merge 4 commits into
Conversation
- Set up Playwright with TypeScript in e2e/ directory - Add global auth setup with storage state sharing - Add smoke tests for: login, dashboard, navigation, clients, work entries, reports, logout - 28 tests covering CRUD operations, navigation, and page rendering - Make backend rate limit configurable via RATE_LIMIT_MAX env var for testing - Add API-based cleanup helpers for test isolation
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| const limiter = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100 // limit each IP to 100 requests per windowMs | ||
| max: parseInt(process.env.RATE_LIMIT_MAX || '100', 10) |
There was a problem hiding this comment.
🟡 Non-numeric RATE_LIMIT_MAX silently disables rate limiting
parseInt(process.env.RATE_LIMIT_MAX || '100', 10) returns NaN when RATE_LIMIT_MAX is set to a non-numeric string (e.g., "abc"). Since 'abc' is truthy, the || '100' fallback doesn't activate. In express-rate-limit, when max is NaN, the internal check hits > max is always false (any comparison with NaN yields false), so rate limiting is silently and completely disabled. This is a security-sensitive silent failure — a typo or misconfiguration in the environment variable would remove all rate-limit protection without any error or warning.
| max: parseInt(process.env.RATE_LIMIT_MAX || '100', 10) | |
| max: parseInt(process.env.RATE_LIMIT_MAX, 10) || 100 |
Was this helpful? React with 👍 or 👎 to provide feedback.
- Extract createClientViaUI() and resetAndCreateClient() into fixtures/auth.ts - Use login() helper in login.spec.ts instead of duplicated login steps - Use CLIENT_NAME constant in work-entries.spec.ts
|
Summary
Adds a complete Playwright TypeScript E2E smoke test suite covering all major pages and workflows in the timesheet application.
Test coverage (28 tests):
Architecture:
storageStatemechanism (login once, reuse across all tests)auth.ts) with reusable helpers:login(),navigateViaSidebar(),createClientViaUI(),resetAndCreateClient(),deleteAllClients()RATE_LIMIT_MAXenv var (set to 10000 during tests)Backend change: One line in
backend/src/server.js— makes the rate limit configurable viaRATE_LIMIT_MAXenvironment variable (defaults to 100, unchanged for production).Review & Testing Checklist for Human
cd e2e && npm install && npx playwright install chromium && npx playwright testto verify all 28 tests pass locallyRATE_LIMIT_MAXenv var change inbackend/src/server.jsis acceptable (defaults to 100 if not set)Notes
playwright.config.tsincludeswebServerconfig to auto-start both backend and frontend for CI.MuiSelect-selectCSS selector since MUI doesn't expose properaria-labelledbyon native SelectsLink to Devin session: https://partner-workshops.devinenterprise.com/sessions/57f5105fe5cd4ac4affb71eb77cf3c2c