feat: add admin dashboard, audit logs, token expiry check and test suite

Frontend Features: - Add ProtectedRoute component with token expiry validation - Create AdminDashboardPage with system statistics and user management - Create AuditLogsPage with filtering and pagination - Add admin-only navigation (Shield icon) for ymirliu@panjit.com.tw - Add admin API methods to apiV2 service - Add admin type definitions (SystemStats, AuditLog, etc.) Token Management: - Auto-redirect to login on token expiry - Check authentication on route change - Show loading state during auth check - Admin privilege verification Backend Testing: - Add pytest configuration (pytest.ini) - Create test fixtures (conftest.py) - Add unit tests for auth, tasks, and admin endpoints - Add integration tests for complete workflows - Test user isolation and admin access control Documentation: - Add TESTING.md with comprehensive testing guide - Include test running instructions - Document fixtures and best practices Routes: - /admin - Admin dashboard (admin only) - /admin/audit-logs - Audit logs viewer (admin only) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-16 18:01:50 +08:00
parent fd98018ddd
commit 8f94191914
13 changed files with 1554 additions and 45 deletions
--- a/backend/tests/test_admin.py
+++ b/backend/tests/test_admin.py
@@ -0,0 +1,56 @@
+"""
+Unit tests for admin endpoints
+"""
+
+import pytest
+
+
+class TestAdmin:
+    """Test admin endpoints"""
+
+    def test_get_system_stats(self, client, admin_token):
+        """Test get system statistics"""
+        response = client.get(
+            '/api/v2/admin/stats',
+            headers={'Authorization': f'Bearer {admin_token}'}
+        )
+
+        assert response.status_code == 200
+        data = response.json()
+        assert 'total_users' in data
+        assert 'total_tasks' in data
+        assert 'task_stats' in data
+
+    def test_get_system_stats_non_admin(self, client, auth_token):
+        """Test that non-admin cannot access admin endpoints"""
+        response = client.get(
+            '/api/v2/admin/stats',
+            headers={'Authorization': f'Bearer {auth_token}'}
+        )
+
+        assert response.status_code == 403
+
+    def test_list_users(self, client, admin_token):
+        """Test list all users"""
+        response = client.get(
+            '/api/v2/admin/users',
+            headers={'Authorization': f'Bearer {admin_token}'}
+        )
+
+        assert response.status_code == 200
+        data = response.json()
+        assert 'users' in data
+        assert 'total' in data
+
+    def test_get_audit_logs(self, client, admin_token):
+        """Test get audit logs"""
+        response = client.get(
+            '/api/v2/admin/audit-logs',
+            headers={'Authorization': f'Bearer {admin_token}'}
+        )
+
+        assert response.status_code == 200
+        data = response.json()
+        assert 'logs' in data
+        assert 'total' in data
+        assert 'page' in data