Compare commits
3 Commits
02a764c736
...
33da6503e3
| Author | SHA1 | Date | |
|---|---|---|---|
| 33da6503e3 | |||
| cafc44ed77 | |||
| 1480135e75 |
@@ -3,6 +3,7 @@ package server
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"goyco/internal/config"
|
||||
@@ -157,7 +158,16 @@ func TestProtectedRoutesRequireAuth(t *testing.T) {
|
||||
path string
|
||||
}{
|
||||
{http.MethodGet, "/api/auth/me"},
|
||||
{http.MethodPost, "/api/auth/logout"},
|
||||
{http.MethodPost, "/api/auth/revoke"},
|
||||
{http.MethodPost, "/api/auth/revoke-all"},
|
||||
{http.MethodPut, "/api/auth/email"},
|
||||
{http.MethodPut, "/api/auth/username"},
|
||||
{http.MethodPut, "/api/auth/password"},
|
||||
{http.MethodDelete, "/api/auth/account"},
|
||||
{http.MethodPost, "/api/posts"},
|
||||
{http.MethodPut, "/api/posts/1"},
|
||||
{http.MethodDelete, "/api/posts/1"},
|
||||
{http.MethodPost, "/api/posts/1/vote"},
|
||||
{http.MethodDelete, "/api/posts/1/vote"},
|
||||
{http.MethodGet, "/api/posts/1/vote"},
|
||||
@@ -513,3 +523,233 @@ func TestRouterMiddlewareIntegration(t *testing.T) {
|
||||
t.Error("Router should return a status code")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAllRoutesExist(t *testing.T) {
|
||||
authHandler, postHandler, voteHandler, userHandler, apiHandler, authService := setupTestHandlers()
|
||||
|
||||
router := NewRouter(RouterConfig{
|
||||
APIHandler: apiHandler,
|
||||
AuthHandler: authHandler,
|
||||
PostHandler: postHandler,
|
||||
VoteHandler: voteHandler,
|
||||
UserHandler: userHandler,
|
||||
AuthService: authService,
|
||||
RateLimitConfig: defaultRateLimitConfig(),
|
||||
})
|
||||
|
||||
publicRoutes := []struct {
|
||||
method string
|
||||
path string
|
||||
description string
|
||||
}{
|
||||
{http.MethodGet, "/api", "API info"},
|
||||
{http.MethodGet, "/health", "Health check"},
|
||||
{http.MethodGet, "/metrics", "Metrics"},
|
||||
{http.MethodGet, "/robots.txt", "Robots.txt"},
|
||||
{http.MethodGet, "/api/posts", "Get posts"},
|
||||
{http.MethodGet, "/api/posts/search", "Search posts"},
|
||||
{http.MethodGet, "/api/posts/title", "Fetch title from URL"},
|
||||
{http.MethodGet, "/api/posts/1", "Get post by ID"},
|
||||
{http.MethodPost, "/api/auth/register", "Register"},
|
||||
{http.MethodPost, "/api/auth/login", "Login"},
|
||||
{http.MethodPost, "/api/auth/refresh", "Refresh token"},
|
||||
{http.MethodGet, "/api/auth/confirm", "Confirm email"},
|
||||
{http.MethodPost, "/api/auth/resend-verification", "Resend verification"},
|
||||
{http.MethodPost, "/api/auth/forgot-password", "Forgot password"},
|
||||
{http.MethodPost, "/api/auth/reset-password", "Reset password"},
|
||||
{http.MethodPost, "/api/auth/account/confirm", "Confirm account deletion"},
|
||||
}
|
||||
|
||||
protectedRoutes := []struct {
|
||||
method string
|
||||
path string
|
||||
description string
|
||||
}{
|
||||
{http.MethodGet, "/api/auth/me", "Get current user"},
|
||||
{http.MethodPost, "/api/auth/logout", "Logout"},
|
||||
{http.MethodPost, "/api/auth/revoke", "Revoke token"},
|
||||
{http.MethodPost, "/api/auth/revoke-all", "Revoke all tokens"},
|
||||
{http.MethodPut, "/api/auth/email", "Update email"},
|
||||
{http.MethodPut, "/api/auth/username", "Update username"},
|
||||
{http.MethodPut, "/api/auth/password", "Update password"},
|
||||
{http.MethodDelete, "/api/auth/account", "Delete account"},
|
||||
{http.MethodPost, "/api/posts", "Create post"},
|
||||
{http.MethodPut, "/api/posts/1", "Update post"},
|
||||
{http.MethodDelete, "/api/posts/1", "Delete post"},
|
||||
{http.MethodPost, "/api/posts/1/vote", "Cast vote"},
|
||||
{http.MethodDelete, "/api/posts/1/vote", "Remove vote"},
|
||||
{http.MethodGet, "/api/posts/1/vote", "Get user vote"},
|
||||
{http.MethodGet, "/api/posts/1/votes", "Get post votes"},
|
||||
{http.MethodGet, "/api/users", "Get users"},
|
||||
{http.MethodPost, "/api/users", "Create user"},
|
||||
{http.MethodGet, "/api/users/1", "Get user by ID"},
|
||||
{http.MethodGet, "/api/users/1/posts", "Get user posts"},
|
||||
}
|
||||
|
||||
for _, route := range publicRoutes {
|
||||
t.Run(route.description+" "+route.method+" "+route.path, func(t *testing.T) {
|
||||
invalidMethod := http.MethodPatch
|
||||
if route.method == http.MethodGet {
|
||||
invalidMethod = http.MethodDelete
|
||||
} else if route.method == http.MethodPost {
|
||||
invalidMethod = http.MethodGet
|
||||
}
|
||||
request := httptest.NewRequest(invalidMethod, route.path, nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
routeExists := recorder.Code == http.StatusMethodNotAllowed || recorder.Code != http.StatusNotFound
|
||||
|
||||
if !routeExists {
|
||||
request = httptest.NewRequest(route.method, route.path, nil)
|
||||
recorder = httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if recorder.Code == http.StatusNotFound {
|
||||
t.Errorf("Route %s %s should exist, got 404", route.method, route.path)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
for _, route := range protectedRoutes {
|
||||
t.Run(route.description+" "+route.method+" "+route.path, func(t *testing.T) {
|
||||
request := httptest.NewRequest(route.method, route.path, nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if recorder.Code == http.StatusNotFound {
|
||||
t.Errorf("Route %s %s should exist, got 404", route.method, route.path)
|
||||
}
|
||||
if recorder.Code != http.StatusUnauthorized {
|
||||
t.Errorf("Protected route %s %s should return 401 without auth, got %d", route.method, route.path, recorder.Code)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRouteParameters(t *testing.T) {
|
||||
authHandler, postHandler, voteHandler, userHandler, apiHandler, authService := setupTestHandlers()
|
||||
|
||||
router := NewRouter(RouterConfig{
|
||||
APIHandler: apiHandler,
|
||||
AuthHandler: authHandler,
|
||||
PostHandler: postHandler,
|
||||
VoteHandler: voteHandler,
|
||||
UserHandler: userHandler,
|
||||
AuthService: authService,
|
||||
RateLimitConfig: defaultRateLimitConfig(),
|
||||
})
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
method string
|
||||
pathPattern string
|
||||
testIDs []string
|
||||
isProtected bool
|
||||
}{
|
||||
{
|
||||
name: "Get post by ID",
|
||||
method: http.MethodGet,
|
||||
pathPattern: "/api/posts/{id}",
|
||||
testIDs: []string{"1", "42", "999", "12345"},
|
||||
isProtected: false,
|
||||
},
|
||||
{
|
||||
name: "Update post by ID",
|
||||
method: http.MethodPut,
|
||||
pathPattern: "/api/posts/{id}",
|
||||
testIDs: []string{"1", "42", "999"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Delete post by ID",
|
||||
method: http.MethodDelete,
|
||||
pathPattern: "/api/posts/{id}",
|
||||
testIDs: []string{"1", "42", "999"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Get user by ID",
|
||||
method: http.MethodGet,
|
||||
pathPattern: "/api/users/{id}",
|
||||
testIDs: []string{"1", "42", "999", "12345"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Get user posts by user ID",
|
||||
method: http.MethodGet,
|
||||
pathPattern: "/api/users/{id}/posts",
|
||||
testIDs: []string{"1", "42", "999", "12345"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Cast vote for post ID",
|
||||
method: http.MethodPost,
|
||||
pathPattern: "/api/posts/{id}/vote",
|
||||
testIDs: []string{"1", "42", "999"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Remove vote for post ID",
|
||||
method: http.MethodDelete,
|
||||
pathPattern: "/api/posts/{id}/vote",
|
||||
testIDs: []string{"1", "42", "999"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Get user vote for post ID",
|
||||
method: http.MethodGet,
|
||||
pathPattern: "/api/posts/{id}/vote",
|
||||
testIDs: []string{"1", "42", "999", "12345"},
|
||||
isProtected: true,
|
||||
},
|
||||
{
|
||||
name: "Get post votes by post ID",
|
||||
method: http.MethodGet,
|
||||
pathPattern: "/api/posts/{id}/votes",
|
||||
testIDs: []string{"1", "42", "999", "12345"},
|
||||
isProtected: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
for _, id := range tc.testIDs {
|
||||
path := replaceID(tc.pathPattern, id)
|
||||
t.Run("ID_"+id, func(t *testing.T) {
|
||||
request := httptest.NewRequest(http.MethodPatch, path, nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
routeExists := recorder.Code == http.StatusMethodNotAllowed
|
||||
|
||||
request = httptest.NewRequest(tc.method, path, nil)
|
||||
recorder = httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if !routeExists && recorder.Code == http.StatusNotFound {
|
||||
t.Errorf("Route %s %s should exist with ID %s, got 404", tc.method, path, id)
|
||||
return
|
||||
}
|
||||
|
||||
if tc.isProtected {
|
||||
if recorder.Code != http.StatusUnauthorized {
|
||||
t.Errorf("Protected route %s %s should return 401 without auth, got %d", tc.method, path, recorder.Code)
|
||||
}
|
||||
} else {
|
||||
if !routeExists && recorder.Code == http.StatusNotFound {
|
||||
t.Errorf("Public route %s %s should exist, got 404", tc.method, path)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func replaceID(pattern, id string) string {
|
||||
return strings.Replace(pattern, "{id}", id, 1)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user