Hanzo_dev
798bd14312
Backend (FastAPI + Python 3.12): - Multi-tenant auth with JWT: login, register, refresh, Meta OAuth - Business & BusinessConfig management - WhatsApp webhook with HMAC signature verification - Bot engine powered by Claude AI - Calendar availability with Redis caching - Reservations CRUD with status management - Dashboard analytics (stats, agenda, peak hours) - Billing & plan management - Admin panel with platform-wide stats - Async bcrypt via asyncio.to_thread - IntegrityError handling for concurrent registration race conditions Frontend (React 18 + Vite + Tailwind CSS): - Multi-step guided registration form with helper text on every field - Login page with show/hide password toggle - Protected routes with AuthContext - Dashboard with stats cards, bar chart, and daily agenda - Reservations list with search, filters, and inline status actions - Calendar with weekly view, slot availability, and date blocking - Config page: business info, schedules, bot personality - Billing page with plan comparison and usage bar Design system: - Bricolage Grotesque + DM Sans typography - Emerald primary palette with semantic color tokens - scale(0.97) button press feedback, ease-out animations - Skeleton loaders, stagger animations, prefers-reduced-motion support - Accessible: aria-labels, visible focus rings, 4.5:1 contrast Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
72 lines
2.3 KiB
Python
72 lines
2.3 KiB
Python
import hashlib
|
|
import hmac
|
|
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
from app.modules.whatsapp.service import verify_signature
|
|
|
|
|
|
def _make_signature(secret: str, body: bytes) -> str:
|
|
digest = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
|
|
return f"sha256={digest}"
|
|
|
|
|
|
def test_valid_signature_passes(monkeypatch):
|
|
monkeypatch.setattr("app.modules.whatsapp.service.settings.META_APP_SECRET", "mysecret")
|
|
body = b'{"object":"whatsapp_business_account"}'
|
|
sig = _make_signature("mysecret", body)
|
|
verify_signature(body, sig) # no debe lanzar
|
|
|
|
|
|
def test_invalid_signature_raises(monkeypatch):
|
|
monkeypatch.setattr("app.modules.whatsapp.service.settings.META_APP_SECRET", "mysecret")
|
|
body = b'{"object":"whatsapp_business_account"}'
|
|
with pytest.raises(HTTPException) as exc:
|
|
verify_signature(body, "sha256=invalidsignature")
|
|
assert exc.value.status_code == 403
|
|
|
|
|
|
def test_missing_signature_raises(monkeypatch):
|
|
monkeypatch.setattr("app.modules.whatsapp.service.settings.META_APP_SECRET", "mysecret")
|
|
with pytest.raises(HTTPException) as exc:
|
|
verify_signature(b"body", "")
|
|
assert exc.value.status_code == 403
|
|
|
|
|
|
def test_missing_prefix_raises(monkeypatch):
|
|
monkeypatch.setattr("app.modules.whatsapp.service.settings.META_APP_SECRET", "mysecret")
|
|
with pytest.raises(HTTPException):
|
|
verify_signature(b"body", "notsha256=abc")
|
|
|
|
|
|
async def test_webhook_verification_endpoint(client_no_db):
|
|
import app.core.config as cfg
|
|
cfg.settings.META_WEBHOOK_VERIFY_TOKEN = "test-verify-token"
|
|
|
|
response = await client_no_db.get(
|
|
"/whatsapp/webhook",
|
|
params={
|
|
"hub.mode": "subscribe",
|
|
"hub.verify_token": "test-verify-token",
|
|
"hub.challenge": "challenge123",
|
|
},
|
|
)
|
|
assert response.status_code == 200
|
|
assert response.text == "challenge123"
|
|
|
|
|
|
async def test_webhook_verification_wrong_token(client_no_db):
|
|
import app.core.config as cfg
|
|
cfg.settings.META_WEBHOOK_VERIFY_TOKEN = "test-verify-token"
|
|
|
|
response = await client_no_db.get(
|
|
"/whatsapp/webhook",
|
|
params={
|
|
"hub.mode": "subscribe",
|
|
"hub.verify_token": "wrong-token",
|
|
"hub.challenge": "abc",
|
|
},
|
|
)
|
|
assert response.status_code == 403
|