From fc82ea1949c8e72084d634b2d90da7c46cb6a43b Mon Sep 17 00:00:00 2001
From: Arthur Belleville <arthur.belleville@datadoghq.com>
Date: Thu, 16 Apr 2026 11:31:59 +0200
Subject: [PATCH] test: stabilize api suite

---
 .../__tests__/routes/clientInvites.test.ts    | 12 ++++-----
 apps/api/src/__tests__/routes/tablo.test.ts   | 26 +++++++++++++++++--
 apps/api/vitest.config.ts                     |  1 +
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/apps/api/src/__tests__/routes/clientInvites.test.ts b/apps/api/src/__tests__/routes/clientInvites.test.ts
index 6b7cb25..17bfc08 100644
--- a/apps/api/src/__tests__/routes/clientInvites.test.ts
+++ b/apps/api/src/__tests__/routes/clientInvites.test.ts
@@ -143,10 +143,10 @@ describe("Client Invites Endpoints", () => {
       expect(invite?.is_pending).toBe(true);
     });
 
-    it("should reject non-admin users with 403", async () => {
+    it("should reject temporary users before admin check", async () => {
       // tempUser is NOT admin of adminTabloId (owner user owns it)
       const res = await postInvite(tempUser, adminTabloId, testEmail);
-      expect(res.status).toBe(403);
+      expect(res.status).toBe(401);
     });
 
     it("should return 400 for an invalid email", async () => {
@@ -292,9 +292,9 @@ describe("Client Invites Endpoints", () => {
       expect(found.is_pending).toBe(true);
     });
 
-    it("should return 403 for a non-admin user", async () => {
+    it("should return 401 for a temporary user before admin check", async () => {
       const res = await getPending(tempUser, adminTabloId);
-      expect(res.status).toBe(403);
+      expect(res.status).toBe(401);
     });
 
     it("should return 401 for unauthenticated requests", async () => {
@@ -342,7 +342,7 @@ describe("Client Invites Endpoints", () => {
       expect(invite?.is_pending).toBe(false);
     });
 
-    it("should return 403 for a non-admin user", async () => {
+    it("should return 401 for a temporary user before admin check", async () => {
       const token = `test_cancel_nonadmin_${Date.now()}`;
       const inviteId = await insertClientInvite({
         tabloId: adminTabloId,
@@ -352,7 +352,7 @@ describe("Client Invites Endpoints", () => {
       });
 
       const res = await deleteInvite(tempUser, adminTabloId, inviteId);
-      expect(res.status).toBe(403);
+      expect(res.status).toBe(401);
     });
 
     it("should return 404 for a non-existent invite", async () => {
diff --git a/apps/api/src/__tests__/routes/tablo.test.ts b/apps/api/src/__tests__/routes/tablo.test.ts
index b445c90..923fa38 100644
--- a/apps/api/src/__tests__/routes/tablo.test.ts
+++ b/apps/api/src/__tests__/routes/tablo.test.ts
@@ -1,7 +1,7 @@
 import { createClient } from "@supabase/supabase-js";
 import { randomUUID } from "node:crypto";
 import { testClient } from "hono/testing";
-import { beforeEach, describe, expect, it, vi } from "vitest";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { createConfig } from "../../config.js";
 import { MiddlewareManager } from "../../middlewares/middleware.js";
 import { getMainRouter } from "../../routers/index.js";
@@ -34,6 +34,7 @@ describe("Tablo Endpoint", () => {
   const supabaseAdmin = createClient(config.SUPABASE_URL, config.SUPABASE_SERVICE_ROLE_KEY, {
     auth: { persistSession: false },
   });
+  const createdTabloIds: string[] = [];
 
   beforeEach(() => {
     // Reset all mocks before each test
@@ -41,6 +42,16 @@ describe("Tablo Endpoint", () => {
     mockSendMail.mockResolvedValue({ messageId: "test-message-id" });
   });
 
+  afterEach(async () => {
+    if (createdTabloIds.length === 0) {
+      return;
+    }
+
+    const idsToDelete = createdTabloIds.splice(0, createdTabloIds.length);
+    await supabaseAdmin.from("tablo_access").delete().in("tablo_id", idsToDelete);
+    await supabaseAdmin.from("tablos").delete().in("id", idsToDelete);
+  });
+
   // Helper function to create tablo
   const createTabloRequest = async (
     user: TestUserData,
@@ -171,6 +182,8 @@ describe("Tablo Endpoint", () => {
       expect(res.status).toBe(200);
       const data = await res.json();
       expect(data.message).toBe("Tablo created successfully");
+      expect(data.tablo?.id).toBeDefined();
+      createdTabloIds.push(data.tablo.id);
     });
 
     it("should deny temp user from creating a tablo (regularUserCheck blocks temporary users)", async () => {
@@ -271,7 +284,16 @@ describe("Tablo Endpoint", () => {
       }
 
       if (fillerTablos.length > 0) {
-        await supabaseAdmin.from("tablos").insert(fillerTablos);
+        const { data: insertedTablos, error: insertError } = await supabaseAdmin
+          .from("tablos")
+          .insert(fillerTablos)
+          .select("id");
+
+        if (insertError) {
+          throw new Error(`Failed to insert filler tablos: ${insertError.message}`);
+        }
+
+        createdTabloIds.push(...(insertedTablos ?? []).map((tablo) => tablo.id));
       }
 
       try {
diff --git a/apps/api/vitest.config.ts b/apps/api/vitest.config.ts
index e2c7fcf..8586540 100644
--- a/apps/api/vitest.config.ts
+++ b/apps/api/vitest.config.ts
@@ -12,6 +12,7 @@ export default defineConfig({
     exclude: ["node_modules", "dist"],
     reporters: ["verbose"],
     pool: "forks",
+    fileParallelism: false,
   },
   resolve: {
     alias: {