diff --git a/internal/integration/complete_api_endpoints_integration_test.go b/internal/integration/complete_api_endpoints_integration_test.go index b2a53b8..55713ee 100644 --- a/internal/integration/complete_api_endpoints_integration_test.go +++ b/internal/integration/complete_api_endpoints_integration_test.go @@ -1,15 +1,14 @@ package integration import ( - "bytes" - "encoding/json" "fmt" "net/http" - "net/http/httptest" "net/url" + "strings" "testing" + "time" - "goyco/internal/middleware" + "goyco/internal/services" "goyco/internal/testutils" ) @@ -20,17 +19,8 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "logout_user", "logout@example.com") - reqBody := map[string]string{} - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/api/auth/logout", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatus(t, rec, http.StatusOK) + request := makePostRequest(t, ctx.Router, "/api/auth/logout", map[string]any{}, user, nil) + assertStatus(t, request, http.StatusOK) }) t.Run("Auth_Revoke_Token_Endpoint", func(t *testing.T) { @@ -42,52 +32,23 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { t.Fatalf("Failed to login: %v", err) } - reqBody := map[string]string{ - "refresh_token": loginResult.RefreshToken, - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/api/auth/revoke", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatus(t, rec, http.StatusOK) + request := makePostRequest(t, ctx.Router, "/api/auth/revoke", map[string]any{"refresh_token": loginResult.RefreshToken}, user, nil) + assertStatus(t, request, http.StatusOK) }) t.Run("Auth_Revoke_All_Tokens_Endpoint", func(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "revoke_all_user", "revoke_all@example.com") - reqBody := map[string]string{} - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/api/auth/revoke-all", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatus(t, rec, http.StatusOK) + request := makePostRequest(t, ctx.Router, "/api/auth/revoke-all", map[string]any{}, user, nil) + assertStatus(t, request, http.StatusOK) }) t.Run("Auth_Resend_Verification_Endpoint", func(t *testing.T) { ctx.Suite.EmailSender.Reset() - reqBody := map[string]string{ - "email": "resend@example.com", - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/api/auth/resend-verification", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound) + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/resend-verification", map[string]any{"email": "resend@example.com"}) + assertStatusRange(t, request, http.StatusOK, http.StatusNotFound) }) t.Run("Auth_Confirm_Email_Endpoint", func(t *testing.T) { @@ -99,36 +60,20 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { token = "test-token" } - req := httptest.NewRequest("GET", "/api/auth/confirm?token="+url.QueryEscape(token), nil) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatusRange(t, rec, http.StatusOK, http.StatusBadRequest) + request := makeGetRequest(t, ctx.Router, "/api/auth/confirm?token="+url.QueryEscape(token)) + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) }) t.Run("Auth_Update_Email_Endpoint", func(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_email_api_user", "update_email_api@example.com") - reqBody := map[string]string{ - "email": "newemail@example.com", - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("PUT", "/api/auth/email", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() + request := makePutRequest(t, ctx.Router, "/api/auth/email", map[string]any{"email": "newemail@example.com"}, user, nil) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if email, ok := data["email"].(string); ok && email != "newemail@example.com" { - t.Errorf("Expected email to be updated, got %s", email) - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if email, ok := data["email"].(string); ok && email != "newemail@example.com" { + t.Errorf("Expected email to be updated, got %s", email) } } }) @@ -137,24 +82,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_username_api_user", "update_username_api@example.com") - reqBody := map[string]string{ - "username": "new_username", - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("PUT", "/api/auth/username", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() + request := makePutRequest(t, ctx.Router, "/api/auth/username", map[string]any{"username": "new_username"}, user, nil) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if username, ok := data["username"].(string); ok && username != "new_username" { - t.Errorf("Expected username to be updated, got %s", username) - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if username, ok := data["username"].(string); ok && username != "new_username" { + t.Errorf("Expected username to be updated, got %s", username) } } }) @@ -163,19 +96,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_list_user", "users_list@example.com") - req := httptest.NewRequest("GET", "/api/users", nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() + request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/users", user, nil) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if _, exists := data["users"]; !exists { - t.Error("Expected users in response") - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if _, exists := data["users"]; !exists { + t.Error("Expected users in response") } } }) @@ -184,21 +110,13 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_get_user", "users_get@example.com") - req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d", user.User.ID), nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)}) - rec := httptest.NewRecorder() + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)}) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if userData, ok := data["user"].(map[string]any); ok { - if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID { - t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id) - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if userData, ok := data["user"].(map[string]any); ok { + if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID { + t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id) } } } @@ -210,24 +128,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "User Posts Test", "https://example.com/user-posts") - req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d/posts", user.User.ID), nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)}) - rec := httptest.NewRecorder() + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d/posts", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)}) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if posts, ok := data["posts"].([]any); ok { - if len(posts) == 0 { - t.Error("Expected at least one post in response") - } - } else { - t.Error("Expected posts array in response") + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) == 0 { + t.Error("Expected at least one post in response") } + } else { + t.Error("Expected posts array in response") } } }) @@ -236,26 +146,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { ctx.Suite.EmailSender.Reset() user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_create_admin", "users_create_admin@example.com") - reqBody := map[string]string{ + request := makePostRequest(t, ctx.Router, "/api/users", map[string]any{ "username": "created_user", "email": "created@example.com", "password": "SecurePass123!", - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/api/users", bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - rec := httptest.NewRecorder() + }, user, nil) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusCreated) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if _, exists := data["user"]; !exists { - t.Error("Expected user in response") - } + response := assertJSONResponse(t, request, http.StatusCreated) + if data, ok := getDataFromResponse(response); ok { + if _, exists := data["user"]; !exists { + t.Error("Expected user in response") } } }) @@ -266,27 +166,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Update Test Post", "https://example.com/update-test") - reqBody := map[string]string{ + request := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), map[string]any{ "title": "Updated Title", "content": "Updated content", - } - body, _ := json.Marshal(reqBody) - req := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - rec := httptest.NewRecorder() + }, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if postData, ok := data["post"].(map[string]any); ok { - if title, ok := postData["title"].(string); ok && title != "Updated Title" { - t.Errorf("Expected title 'Updated Title', got '%s'", title) - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if postData, ok := data["post"].(map[string]any); ok { + if title, ok := postData["title"].(string); ok && title != "Updated Title" { + t.Errorf("Expected title 'Updated Title', got '%s'", title) } } } @@ -298,20 +187,11 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Delete Test Post", "https://example.com/delete-test") - req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - rec := httptest.NewRecorder() + request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + assertStatus(t, request, http.StatusOK) - ctx.Router.ServeHTTP(rec, req) - - assertStatus(t, rec, http.StatusOK) - - getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil) - getRec := httptest.NewRecorder() - ctx.Router.ServeHTTP(getRec, getReq) - assertStatus(t, getRec, http.StatusNotFound) + getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID)) + assertStatus(t, getRequest, http.StatusNotFound) }) t.Run("Votes_Get_All_Endpoint", func(t *testing.T) { @@ -319,35 +199,17 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "votes_get_all_user", "votes_get_all@example.com") post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Votes Test Post", "https://example.com/votes-test") + makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/votes", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - voteBody := map[string]string{"type": "up"} - voteBodyBytes, _ := json.Marshal(voteBody) - voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes)) - voteReq.Header.Set("Content-Type", "application/json") - voteReq.Header.Set("Authorization", "Bearer "+user.Token) - voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID) - voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - voteRec := httptest.NewRecorder() - ctx.Router.ServeHTTP(voteRec, voteReq) - - req := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if votes, ok := data["votes"].([]any); ok { - if len(votes) == 0 { - t.Error("Expected at least one vote in response") - } - } else { - t.Error("Expected votes array in response") + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if votes, ok := data["votes"].([]any); ok { + if len(votes) == 0 { + t.Error("Expected at least one vote in response") } + } else { + t.Error("Expected votes array in response") } } }) @@ -358,49 +220,461 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) { post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Remove Test", "https://example.com/vote-remove") - voteBody := map[string]string{"type": "up"} - voteBodyBytes, _ := json.Marshal(voteBody) - voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes)) - voteReq.Header.Set("Content-Type", "application/json") - voteReq.Header.Set("Authorization", "Bearer "+user.Token) - voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID) - voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - voteRec := httptest.NewRecorder() - ctx.Router.ServeHTTP(voteRec, voteReq) + makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil) - req.Header.Set("Authorization", "Bearer "+user.Token) - req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID) - req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) - rec := httptest.NewRecorder() - - ctx.Router.ServeHTTP(rec, req) - - assertStatus(t, rec, http.StatusOK) + request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + assertStatus(t, request, http.StatusOK) }) t.Run("API_Info_Endpoint", func(t *testing.T) { - req := httptest.NewRequest("GET", "/api", nil) - rec := httptest.NewRecorder() + request := makeGetRequest(t, ctx.Router, "/api") - ctx.Router.ServeHTTP(rec, req) - - response := assertJSONResponse(t, rec, http.StatusOK) - if response != nil { - if data, ok := response["data"].(map[string]any); ok { - if _, exists := data["endpoints"]; !exists { - t.Error("Expected endpoints in API info") - } + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if _, exists := data["endpoints"]; !exists { + t.Error("Expected endpoints in API info") } } }) t.Run("Swagger_Documentation_Endpoint", func(t *testing.T) { - req := httptest.NewRequest("GET", "/swagger/index.html", nil) - rec := httptest.NewRecorder() + request := makeGetRequest(t, ctx.Router, "/swagger/index.html") + assertStatusRange(t, request, http.StatusOK, http.StatusNotFound) + }) - ctx.Router.ServeHTTP(rec, req) + t.Run("Search_Endpoint_Edge_Cases", func(t *testing.T) { + ctx.Suite.EmailSender.Reset() + user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "search_edge"), uniqueTestEmail(t, "search_edge")) - assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound) + testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post One", "https://example.com/one") + testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post Two", "https://example.com/two") + testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Different Content", "https://example.com/three") + + t.Run("Empty_Search_Results", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=nonexistentterm12345") + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) != 0 { + t.Errorf("Expected empty search results, got %d posts", len(posts)) + } + } + if count, ok := data["count"].(float64); ok && count != 0 { + t.Errorf("Expected count 0, got %.0f", count) + } + } + }) + + t.Run("Search_With_Pagination", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=0") + + response := assertJSONResponse(t, request, http.StatusOK) + var firstPostID any + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) > 1 { + t.Errorf("Expected at most 1 post with limit=1, got %d", len(posts)) + } + if len(posts) > 0 { + if post, ok := posts[0].(map[string]any); ok { + firstPostID = post["id"] + } + } + } + if limit, ok := data["limit"].(float64); ok && limit != 1 { + t.Errorf("Expected limit 1 in response, got %.0f", limit) + } + if offset, ok := data["offset"].(float64); ok && offset != 0 { + t.Errorf("Expected offset 0 in response, got %.0f", offset) + } + } + + rec2 := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=1") + + response2 := assertJSONResponse(t, rec2, http.StatusOK) + if data, ok := getDataFromResponse(response2); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) > 1 { + t.Errorf("Expected at most 1 post with limit=1 and offset=1, got %d", len(posts)) + } + if len(posts) > 0 && firstPostID != nil { + if post, ok := posts[0].(map[string]any); ok { + if post["id"] == firstPostID { + t.Error("Expected different post with offset=1, got same post as offset=0") + } + } + } + } + } + }) + + t.Run("Search_With_Special_Characters", func(t *testing.T) { + specialQueries := []string{ + "Searchable%20Post", + "Searchable'Post", + "Searchable\"Post", + "Searchable;Post", + "Searchable--Post", + } + + for _, query := range specialQueries { + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(query)) + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) + } + }) + + t.Run("Search_Empty_Query", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=") + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) != 0 { + t.Errorf("Expected empty results for empty query, got %d posts", len(posts)) + } + } + if count, ok := data["count"].(float64); ok && count != 0 { + t.Errorf("Expected count 0 for empty query, got %.0f", count) + } + } + }) + + t.Run("Search_With_Very_Long_Query", func(t *testing.T) { + longQuery := strings.Repeat("a", 1000) + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(longQuery)) + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) + }) + + t.Run("Search_Case_Insensitive", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=SEARCHABLE") + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) == 0 { + t.Error("Expected case-insensitive search to find posts") + } + } + } + }) + }) + + t.Run("Title_Fetch_Endpoint_Edge_Cases", func(t *testing.T) { + ctx.Suite.EmailSender.Reset() + + t.Run("Missing_URL_Parameter", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/title") + assertErrorResponse(t, request, http.StatusBadRequest) + }) + + t.Run("Empty_URL_Parameter", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=") + assertErrorResponse(t, request, http.StatusBadRequest) + }) + + t.Run("Invalid_URL_Format", func(t *testing.T) { + invalidURLs := []string{ + "not-a-url", + "://invalid", + "http://", + "https://", + } + + for _, invalidURL := range invalidURLs { + ctx.Suite.TitleFetcher.SetError(services.ErrUnsupportedScheme) + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(invalidURL)) + assertErrorResponse(t, request, http.StatusBadRequest) + } + }) + + t.Run("Unsupported_URL_Schemes", func(t *testing.T) { + unsupportedSchemes := []string{ + "ftp://example.com", + "file:///etc/passwd", + "javascript:alert(1)", + "data:text/html,", + } + + for _, schemeURL := range unsupportedSchemes { + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(schemeURL)) + assertErrorResponse(t, request, http.StatusBadRequest) + } + }) + + t.Run("SSRF_Protection_Localhost", func(t *testing.T) { + ssrfURLs := []string{ + "http://localhost", + "http://127.0.0.1", + "http://127.0.0.1:8080", + "http://[::1]", + "http://0.0.0.0", + } + + for _, ssrfURL := range ssrfURLs { + ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked) + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(ssrfURL)) + assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway) + } + }) + + t.Run("SSRF_Protection_Private_IPs", func(t *testing.T) { + privateIPs := []string{ + "http://192.168.1.1", + "http://10.0.0.1", + "http://172.16.0.1", + } + + for _, privateIP := range privateIPs { + ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked) + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(privateIP)) + assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway) + } + }) + + t.Run("Title_Fetch_Error_Handling", func(t *testing.T) { + ctx.Suite.TitleFetcher.SetError(services.ErrTitleNotFound) + + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/notitle") + assertErrorResponse(t, request, http.StatusBadRequest) + }) + + t.Run("Valid_URL_Success", func(t *testing.T) { + ctx.Suite.TitleFetcher.SetTitle("Valid Title") + + request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/valid") + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if title, ok := data["title"].(string); ok { + if title != "Valid Title" { + t.Errorf("Expected title 'Valid Title', got '%s'", title) + } + } else { + t.Error("Expected title in response data") + } + } + }) + }) + + t.Run("Get_User_Vote_Edge_Cases", func(t *testing.T) { + ctx.Suite.EmailSender.Reset() + user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge"), uniqueTestEmail(t, "vote_edge")) + secondUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge2"), uniqueTestEmail(t, "vote_edge2")) + + post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Edge Test Post", "https://example.com/vote-edge") + + t.Run("Get_Vote_When_User_Has_Voted", func(t *testing.T) { + voteRequest := makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + assertStatus(t, voteRequest, http.StatusOK) + + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if hasVote, ok := data["has_vote"].(bool); !ok || !hasVote { + t.Error("Expected has_vote to be true when user has voted") + } + if vote, ok := data["vote"]; !ok || vote == nil { + t.Error("Expected vote object when user has voted") + } + } + }) + + t.Run("Get_Vote_When_User_Has_Not_Voted", func(t *testing.T) { + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), secondUser, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if hasVote, ok := data["has_vote"].(bool); ok { + if hasVote { + t.Error("Expected has_vote to be false when user has not voted") + } + } else { + t.Error("Expected has_vote field in response") + } + } + }) + + t.Run("Get_Vote_Invalid_Post_ID", func(t *testing.T) { + request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/posts/999999/vote", user, map[string]string{"id": "999999"}) + + if request.Code != http.StatusOK && request.Code != http.StatusNotFound { + t.Errorf("Expected status 200 or 404 for invalid post ID, got %d", request.Code) + } + }) + + t.Run("Get_Vote_Unauthenticated", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID)) + assertErrorResponse(t, request, http.StatusUnauthorized) + }) + + t.Run("Get_Vote_Response_Structure", func(t *testing.T) { + request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)}) + + response := assertJSONResponse(t, request, http.StatusOK) + if success, ok := response["success"].(bool); !ok || !success { + t.Error("Expected success field to be true") + } + if data, ok := getDataFromResponse(response); ok { + if _, exists := data["has_vote"]; !exists { + t.Error("Expected has_vote field in response data") + } + if _, exists := data["is_anonymous"]; !exists { + t.Error("Expected is_anonymous field in response data") + } + } else { + t.Error("Expected data field in response") + } + }) + }) + + t.Run("Refresh_Token_Edge_Cases", func(t *testing.T) { + ctx.Suite.EmailSender.Reset() + refreshUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_edge"), uniqueTestEmail(t, "refresh_edge")) + + t.Run("Refresh_With_Expired_Token", func(t *testing.T) { + loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!") + if err != nil { + t.Fatalf("Failed to login: %v", err) + } + + refreshToken, err := ctx.Suite.RefreshTokenRepo.GetByTokenHash(testutils.HashVerificationToken(loginResult.RefreshToken)) + if err != nil { + t.Fatalf("Failed to get refresh token: %v", err) + } + + refreshToken.ExpiresAt = time.Now().Add(-1 * time.Hour) + if err := ctx.Suite.DB.Model(refreshToken).Update("expires_at", refreshToken.ExpiresAt).Error; err != nil { + t.Fatalf("Failed to expire refresh token: %v", err) + } + + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken}) + assertErrorResponse(t, request, http.StatusUnauthorized) + }) + + t.Run("Refresh_With_Revoked_Token", func(t *testing.T) { + loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!") + if err != nil { + t.Fatalf("Failed to login: %v", err) + } + + if err := ctx.AuthService.RevokeRefreshToken(loginResult.RefreshToken); err != nil { + t.Fatalf("Failed to revoke refresh token: %v", err) + } + + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken}) + assertErrorResponse(t, request, http.StatusUnauthorized) + }) + + t.Run("Refresh_With_Empty_Token", func(t *testing.T) { + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": ""}) + assertErrorResponse(t, request, http.StatusBadRequest) + }) + + t.Run("Refresh_With_Missing_Token_Field", func(t *testing.T) { + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{}) + assertErrorResponse(t, request, http.StatusBadRequest) + }) + + t.Run("Refresh_Token_Rotation", func(t *testing.T) { + loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!") + if err != nil { + t.Fatalf("Failed to login: %v", err) + } + + originalRefreshToken := loginResult.RefreshToken + + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": originalRefreshToken}) + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if newAccessToken, ok := data["access_token"].(string); ok { + if newAccessToken == "" { + t.Error("Expected new access token in refresh response") + } + + if newRefreshToken, ok := data["refresh_token"].(string); ok { + if newRefreshToken != "" && newRefreshToken == originalRefreshToken { + t.Log("Refresh token rotation may not be implemented (same token returned)") + } + } + } + } + }) + + t.Run("Refresh_After_Account_Lock", func(t *testing.T) { + lockedUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_lock"), uniqueTestEmail(t, "refresh_lock")) + + loginResult, err := ctx.AuthService.Login(lockedUser.User.Username, "SecurePass123!") + if err != nil { + t.Fatalf("Failed to login: %v", err) + } + + lockedUser.User.Locked = true + if err := ctx.Suite.UserRepo.Update(lockedUser.User); err != nil { + t.Fatalf("Failed to lock user: %v", err) + } + + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken}) + + assertStatusRange(t, request, http.StatusUnauthorized, http.StatusForbidden) + }) + + t.Run("Refresh_With_Invalid_Token_Format", func(t *testing.T) { + request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": "invalid-token-format-12345"}) + assertErrorResponse(t, request, http.StatusUnauthorized) + }) + }) + + t.Run("Pagination_Edge_Cases", func(t *testing.T) { + ctx.Suite.EmailSender.Reset() + paginationUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "pagination_edge"), uniqueTestEmail(t, "pagination_edge")) + + for i := 0; i < 5; i++ { + testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, paginationUser.User.ID, fmt.Sprintf("Pagination Post %d", i), fmt.Sprintf("https://example.com/pag%d", i)) + } + + t.Run("Negative_Limit", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts?limit=-1") + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) + }) + + t.Run("Negative_Offset", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts?offset=-1") + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) + }) + + t.Run("Very_Large_Limit", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts?limit=10000") + assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest) + }) + + t.Run("Very_Large_Offset", func(t *testing.T) { + request := makeGetRequest(t, ctx.Router, "/api/posts?offset=10000") + + response := assertJSONResponse(t, request, http.StatusOK) + if data, ok := getDataFromResponse(response); ok { + if posts, ok := data["posts"].([]any); ok { + if len(posts) > 0 { + t.Logf("Large offset returned %d posts (may be expected)", len(posts)) + } + } + } + }) + + t.Run("Invalid_Pagination_Parameters", func(t *testing.T) { + invalidParams := []string{ + "limit=abc", + "offset=xyz", + "limit=", + "offset=", + } + + for _, param := range invalidParams { + request := makeGetRequest(t, ctx.Router, "/api/posts?"+param) + assertStatus(t, request, http.StatusOK) + } + }) }) }