Comprehensive Testing Guide

This guide walks you through testing every feature of PacBoiler, from setup to payments and emails.

1. Prerequisites

Ensure your .env.local is configured with credentials for:

• Supabase (URL and Anon Key)
• Supabase Service Role Key (for admin operations)
• LemonSqueezy (Test Mode)
• Resend

Required Environment Variables

# Supabase
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_anon_key
SUPABASE_SERVICE_ROLE_KEY=your_service_role_key
 
# LemonSqueezy
LEMONSQUEEZY_API_KEY=your_api_key
LEMONSQUEEZY_STORE_ID=your_store_id
LEMONSQUEEZY_WEBHOOK_SECRET=your_webhook_secret
NEXT_PUBLIC_LEMONSQUEEZY_PRO_VARIANT_ID=your_pro_variant_id
NEXT_PUBLIC_LEMONSQUEEZY_ENTERPRISE_VARIANT_ID=your_enterprise_variant_id
 
# Resend
RESEND_API_KEY=your_resend_api_key

2. Database Setup (Supabase)

1. Login to Supabase Dashboard.
2. Select Project → SQL Editor.
3. Run Migrations (In Order):
   • 001_initial_schema.sql: Core tables (profiles, subscriptions, webhooks) and functions.
   • 002_rbac.sql: Admin policies and role management.
   • 003_waitlist.sql: Waitlist and conversion tracking.
   • 004_notifications.sql: In-app notification system.
4. Verify: Go to Table Editor. You should see the following tables:
   • profiles
   • subscriptions
   • webhook_events
   • waitlist
   • waitlist_conversions
   • notifications

3. Authentication Setup

Enable Auth Providers

1. Go to Authentication → Providers in Supabase Dashboard

2. Enable the following:

   • ✅ Email (Magic Link)
   • ✅ GitHub (follow setup in main docs)
   • ✅ Google

3. Configure URL Configuration:

   • Site URL: http://localhost:3000
   • Redirect URLs: Add these:

     http://localhost:3000/auth/callback
     http://localhost:3000/dashboard
     http://localhost:3000/admin

4. Authentication & User Profile

Sign Up (Magic Link)

1. Go to http://localhost:3000/signup.
2. Enter an email (e.g., test@example.com) and click "Send Magic Link".
3. Check Email:
   • Check the inbox of test@example.com.
   • Click the Magic Link.
4. Verify: You should be redirected to /dashboard.
5. DB Verify: Check profiles table in Supabase - user should have role = 'user'.

Sign Up (GitHub OAuth)

1. Go to http://localhost:3000/signup.
2. Click "Continue with GitHub".
3. Authorize the application.
4. Verify: You should be redirected to /dashboard.

Update Profile

1. Go to /dashboard/settings.
2. Enter a Full Name (e.g., "Test User") and Avatar URL (e.g., https://github.com/shadcn.png).
3. Click Save Changes.
4. Verify: Refresh the page. The name and avatar in the sidebar/header should update.
5. DB Verify: Check profiles table in Supabase - full_name and avatar_url should be updated.

Delete Account

1. Go to /dashboard/settings.
2. Click Delete Account → Confirm in the dialog.
3. Verify: You are redirected to / and logged out.
4. DB Verify: User should be gone from auth.users and public.profiles (cascades to subscriptions).

5. Admin Panel & RBAC

Promote to Super Admin

1. Sign up a new user (e.g., admin@example.com).
2. Go to Supabase SQL Editor and run:

    UPDATE public.profiles
    SET role = 'super_admin'
    WHERE email = 'admin@example.com';

3. Important: Sign out and sign back in as admin@example.com for the role to take effect.

Test Admin Redirect

1. Log in as admin@example.com.
2. Verify: You should be automatically redirected to /admin instead of /dashboard.

Admin Dashboard Features

1. View Dashboard: At /admin, you should see admin statistics and overview.
2. User Management: Go to /admin/users. You should see:
   • List of all users with their roles, plans, and join dates
   • Ability to change roles (dropdown for each user)
   • Three-dot menu with delete option

Role Management (Super Admin Only)

1. As super_admin, try to change another user's role to admin.
2. Verify:
   • Confirmation dialog appears
   • Role updates successfully
   • Page refreshes showing new role
3. Test Protection: Try to change your own role (should show error: "You cannot change your own role").

Admin vs Super Admin Permissions

1. Create a regular admin:

    UPDATE public.profiles
    SET role = 'admin'
    WHERE email = 'regularadmin@example.com';

2. Log in as the regular admin.
3. Verify Read-Only Access:
   • Can view /admin and /admin/users
   • Cannot change roles (dropdown is disabled)
   • Cannot delete users (delete option is hidden)

Delete User (Super Admin Only)

1. Log in as super_admin.
2. Go to /admin/users.
3. Click the three-dot menu on a user → Delete user.
4. Verify:
   • Confirmation dialog appears with warning
   • User is deleted from database
   • Cannot delete your own account (option disabled)

6. Payments (LemonSqueezy)

Prerequisite: Enable "Test Mode" in LemonSqueezy Store Settings.

Setup Products

1. Create two products in LemonSqueezy (Pro, Enterprise).
2. Create variants for each product.
3. Copy their Variant IDs to .env.local:

    NEXT_PUBLIC_LEMONSQUEEZY_PRO_VARIANT_ID=123456
    NEXT_PUBLIC_LEMONSQUEEZY_ENTERPRISE_VARIANT_ID=789012

Checkout Flow

1. Login as a user (not admin).
2. Go to /dashboard/billing.
3. Verify Current Plan: Should show "Free" plan by default.
4. Click Upgrade on the "Pro" plan.
5. LemonSqueezy Checkout: You should be redirected to a test checkout page.
6. Use a Test Card:
   • Card: 4242 4242 4242 4242
   • Expiry: Any future date
   • CVC: Any 3 digits
7. Complete purchase.
8. Verify: You are redirected back to /dashboard/billing?success=true.

Webhooks (Critical for Updating Database)

To test that the database updates after payment:

1. Install ngrok (if not already):

    npm install -g ngrok

2. Start your Next.js app:

    npm run dev

3. Start ngrok in another terminal:

    ngrok http 3000

4. Copy HTTPS URL: From ngrok output (e.g., https://xxxx.ngrok-free.app).

5. Configure LemonSqueezy Webhook:

   • Go to LemonSqueezy Dashboard → Settings → Webhooks
   • Click "+" to add new webhook
   • URL: https://xxxx.ngrok-free.app/api/webhooks/lemonsqueezy
   • Events: Select all subscription events:
     • subscription_created
     • subscription_updated
     • subscription_cancelled
     • subscription_resumed
     • subscription_expired
     • subscription_paused
     • subscription_unpaused
   • Signing Secret: Copy this and add to .env.local as LEMONSQUEEZY_WEBHOOK_SECRET
   • Save webhook

6. Test Complete Flow:

   • Perform a test checkout again
   • Watch Terminal: You should see "Processing webhook" logs
   • Check Database:
     • Go to Supabase → Table Editor → subscriptions
     • Find your user's subscription
     • Verify: status = 'active', plan_type = 'pro'
   • Check UI:
     • Refresh /dashboard/billing
     • Should show "Current Plan: Pro" with active status

7. Test Cancellation:

   • Go to LemonSqueezy Dashboard → Subscriptions
   • Find the test subscription and cancel it
   • Verify: Webhook fires, database updates, UI reflects cancellation

7. Emails (Resend)

Setup

1. Ensure RESEND_API_KEY is set in .env.local.
2. Verify your domain in Resend Dashboard (or use test domain for development).

Test Welcome Email

1. The sendWelcomeEmail function is ready in src/lib/resend/index.ts.
2. Manual Test - Create a test route:

    // src/app/test-email/route.ts
    import { sendWelcomeEmail } from "@/lib/resend";
    import { NextResponse } from "next/server";
 
    export async function GET() {
      try {
        await sendWelcomeEmail("your@email.com", "Test User");
        return NextResponse.json({ success: true });
      } catch (error) {
        return NextResponse.json({ error: "Failed to send" }, { status: 500 });
      }
    }

3. Visit http://localhost:3000/test-email.
4. Check your inbox for the welcome email.

Transactional Emails (Optional)

• Subscription Emails: Can be triggered inside the Webhook handler (src/app/api/webhooks/lemonsqueezy/route.ts).
• You can add email notifications for:
  • New subscription
  • Subscription cancelled
  • Payment failed
  • Subscription renewed

8. Waitlist Testing

Signup Flow

1. Go to the landing page (/).
2. Locate the Waitlist section.
3. Enter an email (e.g., waitlist@example.com) and click "Join Waitlist".
4. Verify: A success message should appear.
5. DB Verify: Check the waitlist table in Supabase. The email should be present with status = 'active'.

Conversion Tracking

1. Sign up for a full account using the same email used for the waitlist (waitlist@example.com).
2. Complete the signup flow (Magic Link or OAuth).
3. Verify: Log in and go to /dashboard.
4. DB Verify:
   • Check the waitlist table; the status for waitlist@example.com should now be converted.
   • Check the waitlist_conversions table; a new entry should link the waitlist ID to the new profile ID.

Admin View

1. Log in as a super_admin.
2. Go to /admin/waitlist (if implemented) or check stats.
3. Verify: The new signup should be reflected in the waitlist statistics.

9. Rate Limiting Testing

Prerequisite: Ensure Upstash Redis variables are set in .env.local.

Trigger Rate Limit

1. Go to the Waitlist form or Login page.
2. Rapidly submit the form multiple times (e.g., 10+ times within a few seconds).
3. Verify:
   • The server should return a 429 Too Many Requests status.
   • A toast notification or error message should appear: "Too many requests. Please try again later."

Verification

1. Wait for the duration specified in your rate limit configuration (e.g., 1 minute).
2. Try submitting again.
3. Verify: The request should now succeed.

10. Notifications Testing

Triggering Notifications

1. Welcome Notification: Sign up as a new user.
2. Admin Actions: (If implemented) Have an admin perform an action that triggers a notification for a user.

UI Verification

1. Log in as the user.
2. Look for the notification icon in the header/sidebar.
3. Verify: A red dot or counter should indicate unread notifications.
4. Click the icon to open the notifications panel.
5. Verify: The notification (e.g., "Welcome to PacBoiler! 🎉") should be visible.

Mark as Read

1. Click on a notification or the "Mark all as read" button.
2. Verify: The unread indicator should disappear.
3. DB Verify: Check the notifications table in Supabase; read should be true.

11. End-to-End User Journey

Test the complete flow:

1. Waitlist: User joins waitlist → status is 'active'
2. Signup: User signs up with same email → waitlist status becomes 'converted' → receives welcome notification
3. Profile: User updates their profile with name and avatar
4. Upgrade: User upgrades to Pro plan → completes checkout
5. Webhook: Webhook fires → database updates → UI shows Pro plan
6. Admin: Super admin can view the user and waitlist stats in admin panel
7. Delete: User deletes their account → all data is removed via cascade

12. Common Issues & Troubleshooting

Magic Link Not Working

• Check spam folder
• Verify Site URL in Supabase matches http://localhost:3000
• Check redirect URLs are whitelisted
• Ensure email provider is enabled

Admin Panel Access Denied

• Verify role is set to admin or super_admin in database
• Sign out and sign back in after role change
• Check that admin policies are created in database

Webhook Not Firing

• Ensure ngrok is running and HTTPS URL is correct
• Verify webhook secret matches in both LemonSqueezy and .env.local
• Check terminal for any error logs
• Test webhook manually in LemonSqueezy dashboard

Role Changes Not Working

• Ensure SUPABASE_SERVICE_ROLE_KEY is set in .env.local
• Verify the API route at /api/admin/users/role exists
• Check browser console for errors
• Ensure you're logged in as super_admin

Delete Not Working

• Ensure SUPABASE_SERVICE_ROLE_KEY is set
• Verify you're not trying to delete your own account
• Check that createAdminClient is properly configured
• Look for errors in terminal logs

Rate Limiting Not Working

• Verify Upstash Redis URL and Token are correct
• Check if you are testing from a whitelisted IP (if any)
• Ensure the middleware or API route is correctly applying the rate limiter

13. Next Steps

After testing:

1. Remove test email route if created
2. Clean up test users from database
3. Document any custom modifications
4. Prepare for production deployment