member_center/docs/TEST_SITE.md

# Member Center Test Site

`src/MemberCenter.TestSite` 是手動 happy-path 測試用網站，用來先驗證外部網站整合會員中心的最小流程。

## 啟動

```bash
dotnet run --project src/MemberCenter.TestSite
```

預設 HTTP URL：

```text
http://localhost:5243
```

## 必要設定

在 `src/MemberCenter.TestSite/appsettings.Development.json` 或環境變數設定：

```json
{
  "MemberCenter": {
    "ApiBaseUrl": "http://localhost:7850",
    "WebBaseUrl": "http://localhost:5080",
    "WebLoginClientId": "<web_login client id>",
    "ServiceClientId": "<service client id>",
    "ServiceClientSecret": "<service client secret>"
  }
}
```

`web_login` OAuth client：
- `usage=web_login`
- `client_type=public`
- redirect URI: `http://localhost:5243/auth/callback`
- scopes: `openid email profile profile:basic.read profile:basic.write profile:addresses.read profile:addresses.write profile:subscriptions.read profile:subscriptions.write`

service OAuth client：
- 建議使用 `tenant_api` 或 `platform_service`
- `client_type=confidential`
- scopes 至少包含 `profile:basic.read profile:addresses.read`

若 Member Center API 與 Web login 不同 origin，Member Center 需設定：

```text
Auth__WebLoginUrl=<Member Center Web login URL>
Auth__AllowedLoginReturnUrlPrefixes=<Member Center API issuer/base URL>
Auth__AllowedLogoutReturnUrlPrefixes=http://localhost:5243/
Auth__CookieDomain=<shared cookie domain, production subdomain SSO only>
```

## 第一批 Happy Path

測試站目前包含：

1. Redirect login 拿 token
2. Redirect logout 清除 Member Center Web session 並回到 TestSite
3. API login 拿 token
4. `GET /user/profile`
5. `POST /user/profile`
6. `GET /user/addresses`
7. `POST /user/addresses`
8. `GET /user/subscriptions`
9. `POST /user/subscriptions/{id}/unsubscribe`
10. service token 呼叫 `GET /user/profile/by-email`
11. service token 呼叫 `GET /user/addresses/by-email`

測試站只做 happy path，不取代完整自動化測試。