Add SMTP credentials for tests and enhance user role handling in CMS and Galerie endpoints

tests/galerie-endpoints.spec.ts

@@ -18,7 +18,9 @@ vi.mock('../server/utils/auth.js', () => ({
 vi.mock('sharp', () => ({
   default: vi.fn(() => ({
     resize: vi.fn().mockReturnThis(),
-    toFile: vi.fn().mockResolvedValue({})
+    rotate: vi.fn().mockReturnThis(),
+    toFile: vi.fn().mockResolvedValue({}),
+    toBuffer: vi.fn().mockResolvedValue(Buffer.from('image data'))
   }))
 }))
 
@@ -56,6 +58,9 @@ describe('Galerie API Endpoints', () => {
     vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined)
     vi.spyOn(fs, 'mkdir').mockResolvedValue(undefined)
     vi.spyOn(fs, 'access').mockResolvedValue(undefined)
+    vi.spyOn(fs, 'rename').mockResolvedValue(undefined)
+    vi.spyOn(fs, 'stat').mockResolvedValue({ size: 1024 } as any)
+    vi.spyOn(fs, 'unlink').mockResolvedValue(undefined)
   })
 
   describe('POST /api/galerie/upload', () => {
@@ -72,17 +77,30 @@ describe('Galerie API Endpoints', () => {
       event.node.req.__mockFile = { filename: 'test.jpg', path: 'tmp/test.jpg', originalname: 'test.jpg', mimetype: 'image/jpeg' }
       event.node.req.body = { title: 'Test', isPublic: 'true' }
       authUtils.verifyToken.mockReturnValue({ id: '1' })
-      authUtils.getUserFromToken.mockResolvedValue({ id: '1', role: 'mitglied', active: true })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '1', roles: ['mitglied'], active: true })
+      authUtils.hasAnyRole.mockReturnValue(false)
 
       await expect(uploadHandler(event)).rejects.toMatchObject({ statusCode: 403 })
     })
 
     it('lädt Bild hoch und erstellt Thumbnail', async () => {
       const event = createEvent({ method: 'POST', cookies: { auth_token: 'token' } })
-      event.node.req.__mockFile = { filename: 'test.jpg', path: 'tmp/test.jpg', originalname: 'test.jpg', mimetype: 'image/jpeg' }
+      const mockPath = 'tmp/test.jpg'
+      event.node.req.__mockFile = { filename: 'test.jpg', path: mockPath, originalname: 'test.jpg', mimetype: 'image/jpeg' }
       event.node.req.body = { title: 'Test Bild', description: 'Beschreibung', isPublic: 'true' }
       authUtils.verifyToken.mockReturnValue({ id: '1' })
-      authUtils.getUserFromToken.mockResolvedValue({ id: '1', role: 'admin', active: true })
+      authUtils.getUserFromToken.mockResolvedValue({ id: '1', roles: ['admin'], active: true })
+      // hasAnyRole muss für diesen Test true zurückgeben
+      authUtils.hasAnyRole.mockImplementation((user, ...roles) => {
+        if (!user) return false
+        const userRoles = Array.isArray(user.roles) ? user.roles : (user.role ? [user.role] : [])
+        return roles.some(r => userRoles.includes(r))
+      })
+      
+      // Mock fs.rename für die Datei-Verschiebung
+      vi.spyOn(fs, 'rename').mockResolvedValue(undefined)
+      // Mock fs.readFile für Metadaten
+      vi.spyOn(fs, 'readFile').mockResolvedValue('[]')
 
       const response = await uploadHandler(event)
 
@@ -142,6 +160,7 @@ describe('Galerie API Endpoints', () => {
           { id: '1', filename: 'test.jpg', previewFilename: 'preview_test.jpg', isPublic: false }
         ]))
         .mockResolvedValueOnce(Buffer.from('image data'))
+      vi.spyOn(fs, 'access').mockResolvedValue(undefined)
       authUtils.verifyToken.mockReturnValue({ id: '1' })
       authUtils.getUserFromToken.mockResolvedValue({ id: '1', active: true })
 
@@ -158,6 +177,7 @@ describe('Galerie API Endpoints', () => {
           { id: '1', filename: 'test.jpg', previewFilename: 'preview_test.jpg', isPublic: true }
         ]))
         .mockResolvedValueOnce(Buffer.from('preview data'))
+      vi.spyOn(fs, 'access').mockResolvedValue(undefined)
 
       const response = await imageHandler(event)