Compare commits
6 Commits
2dd16e0e00
...
d4e91b6034
| Author | SHA1 | Date | |
|---|---|---|---|
| d4e91b6034 | |||
| 7d46d3e81b | |||
| 216aaf3117 | |||
| 435047ad0c | |||
| b7ee8bd11d | |||
| 040cd48be8 |
@@ -53,25 +53,25 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
router := ctx.Router
|
||||
|
||||
t.Run("Cache_Hit_On_Repeated_Requests", func(t *testing.T) {
|
||||
req1 := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec1 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec1, req1)
|
||||
firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
firstRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(firstRecorder, firstRequest)
|
||||
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
|
||||
req2 := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec2 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec2, req2)
|
||||
secondRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
secondRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(secondRecorder, secondRequest)
|
||||
|
||||
if rec1.Code != rec2.Code {
|
||||
if firstRecorder.Code != secondRecorder.Code {
|
||||
t.Error("Cached responses should have same status code")
|
||||
}
|
||||
|
||||
if rec1.Body.String() != rec2.Body.String() {
|
||||
if firstRecorder.Body.String() != secondRecorder.Body.String() {
|
||||
t.Error("Cached responses should have same body")
|
||||
}
|
||||
|
||||
if rec2.Header().Get("X-Cache") != "HIT" {
|
||||
if secondRecorder.Header().Get("X-Cache") != "HIT" {
|
||||
t.Log("Cache may not be enabled for this path or response may not be cacheable")
|
||||
}
|
||||
})
|
||||
@@ -80,9 +80,9 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createUserWithCleanup(t, ctx, "cache_post_user", "cache_post@example.com")
|
||||
|
||||
req1 := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec1 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec1, req1)
|
||||
firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
firstRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(firstRecorder, firstRequest)
|
||||
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
|
||||
@@ -92,12 +92,12 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
"content": "Test content",
|
||||
}
|
||||
body, _ := json.Marshal(postBody)
|
||||
req2 := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
req2.Header.Set("Content-Type", "application/json")
|
||||
req2.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req2 = testutils.WithUserContext(req2, middleware.UserIDKey, user.User.ID)
|
||||
rec2 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec2, req2)
|
||||
secondRequest := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
secondRequest.Header.Set("Content-Type", "application/json")
|
||||
secondRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
secondRequest = testutils.WithUserContext(secondRequest, middleware.UserIDKey, user.User.ID)
|
||||
secondRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(secondRecorder, secondRequest)
|
||||
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
|
||||
@@ -105,17 +105,17 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
rec3 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec3, req3)
|
||||
|
||||
if rec1.Body.String() == rec3.Body.String() && rec1.Code == http.StatusOK && rec3.Code == http.StatusOK {
|
||||
if firstRecorder.Body.String() == rec3.Body.String() && firstRecorder.Code == http.StatusOK && rec3.Code == http.StatusOK {
|
||||
t.Log("Cache invalidation may not be working or cache may not be enabled")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Cache_Headers_Present", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if rec.Header().Get("Cache-Control") == "" && rec.Header().Get("X-Cache") == "" {
|
||||
if recorder.Header().Get("Cache-Control") == "" && recorder.Header().Get("X-Cache") == "" {
|
||||
t.Log("Cache headers may not be present for all responses")
|
||||
}
|
||||
})
|
||||
@@ -126,18 +126,18 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Cache Delete Post", "https://example.com/cache-delete")
|
||||
|
||||
req1 := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec1 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec1, req1)
|
||||
firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
firstRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(firstRecorder, firstRequest)
|
||||
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
|
||||
req2 := httptest.NewRequest("DELETE", "/api/posts/"+fmt.Sprintf("%d", post.ID), nil)
|
||||
req2.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req2 = testutils.WithUserContext(req2, middleware.UserIDKey, user.User.ID)
|
||||
req2 = testutils.WithURLParams(req2, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec2 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec2, req2)
|
||||
secondRequest := httptest.NewRequest("DELETE", "/api/posts/"+fmt.Sprintf("%d", post.ID), nil)
|
||||
secondRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
secondRequest = testutils.WithUserContext(secondRequest, middleware.UserIDKey, user.User.ID)
|
||||
secondRequest = testutils.WithURLParams(secondRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
secondRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(secondRecorder, secondRequest)
|
||||
|
||||
time.Sleep(10 * time.Millisecond)
|
||||
|
||||
@@ -145,7 +145,7 @@ func TestIntegration_Caching(t *testing.T) {
|
||||
rec3 := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec3, req3)
|
||||
|
||||
if rec1.Body.String() == rec3.Body.String() && rec1.Code == http.StatusOK && rec3.Code == http.StatusOK {
|
||||
if firstRecorder.Body.String() == rec3.Body.String() && firstRecorder.Code == http.StatusOK && rec3.Code == http.StatusOK {
|
||||
t.Log("Cache invalidation may not be working or cache may not be enabled")
|
||||
}
|
||||
})
|
||||
|
||||
@@ -1,15 +1,14 @@
|
||||
package integration
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"goyco/internal/middleware"
|
||||
"goyco/internal/services"
|
||||
"goyco/internal/testutils"
|
||||
)
|
||||
|
||||
@@ -20,17 +19,8 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "logout_user", "logout@example.com")
|
||||
|
||||
reqBody := map[string]string{}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/logout", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
request := makePostRequest(t, ctx.Router, "/api/auth/logout", map[string]any{}, user, nil)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("Auth_Revoke_Token_Endpoint", func(t *testing.T) {
|
||||
@@ -42,52 +32,23 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
t.Fatalf("Failed to login: %v", err)
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
"refresh_token": loginResult.RefreshToken,
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/revoke", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
request := makePostRequest(t, ctx.Router, "/api/auth/revoke", map[string]any{"refresh_token": loginResult.RefreshToken}, user, nil)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("Auth_Revoke_All_Tokens_Endpoint", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "revoke_all_user", "revoke_all@example.com")
|
||||
|
||||
reqBody := map[string]string{}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/revoke-all", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
request := makePostRequest(t, ctx.Router, "/api/auth/revoke-all", map[string]any{}, user, nil)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("Auth_Resend_Verification_Endpoint", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
"email": "resend@example.com",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/resend-verification", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound)
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/resend-verification", map[string]any{"email": "resend@example.com"})
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusNotFound)
|
||||
})
|
||||
|
||||
t.Run("Auth_Confirm_Email_Endpoint", func(t *testing.T) {
|
||||
@@ -99,36 +60,20 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
token = "test-token"
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/auth/confirm?token="+url.QueryEscape(token), nil)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatusRange(t, rec, http.StatusOK, http.StatusBadRequest)
|
||||
request := makeGetRequest(t, ctx.Router, "/api/auth/confirm?token="+url.QueryEscape(token))
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Auth_Update_Email_Endpoint", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_email_api_user", "update_email_api@example.com")
|
||||
|
||||
reqBody := map[string]string{
|
||||
"email": "newemail@example.com",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("PUT", "/api/auth/email", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePutRequest(t, ctx.Router, "/api/auth/email", map[string]any{"email": "newemail@example.com"}, user, nil)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if email, ok := data["email"].(string); ok && email != "newemail@example.com" {
|
||||
t.Errorf("Expected email to be updated, got %s", email)
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if email, ok := data["email"].(string); ok && email != "newemail@example.com" {
|
||||
t.Errorf("Expected email to be updated, got %s", email)
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -137,24 +82,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "update_username_api_user", "update_username_api@example.com")
|
||||
|
||||
reqBody := map[string]string{
|
||||
"username": "new_username",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("PUT", "/api/auth/username", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePutRequest(t, ctx.Router, "/api/auth/username", map[string]any{"username": "new_username"}, user, nil)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if username, ok := data["username"].(string); ok && username != "new_username" {
|
||||
t.Errorf("Expected username to be updated, got %s", username)
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if username, ok := data["username"].(string); ok && username != "new_username" {
|
||||
t.Errorf("Expected username to be updated, got %s", username)
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -163,19 +96,12 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_list_user", "users_list@example.com")
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/users", nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/users", user, nil)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["users"]; !exists {
|
||||
t.Error("Expected users in response")
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if _, exists := data["users"]; !exists {
|
||||
t.Error("Expected users in response")
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -184,21 +110,13 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_get_user", "users_get@example.com")
|
||||
|
||||
req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d", user.User.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if userData, ok := data["user"].(map[string]any); ok {
|
||||
if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID {
|
||||
t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id)
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if userData, ok := data["user"].(map[string]any); ok {
|
||||
if id, ok := userData["id"].(float64); ok && uint(id) != user.User.ID {
|
||||
t.Errorf("Expected user ID %d, got %.0f", user.User.ID, id)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -210,24 +128,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
|
||||
testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "User Posts Test", "https://example.com/user-posts")
|
||||
|
||||
req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d/posts", user.User.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d/posts", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) == 0 {
|
||||
t.Error("Expected at least one post in response")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected posts array in response")
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) == 0 {
|
||||
t.Error("Expected at least one post in response")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected posts array in response")
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -236,26 +146,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "users_create_admin", "users_create_admin@example.com")
|
||||
|
||||
reqBody := map[string]string{
|
||||
request := makePostRequest(t, ctx.Router, "/api/users", map[string]any{
|
||||
"username": "created_user",
|
||||
"email": "created@example.com",
|
||||
"password": "SecurePass123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/users", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
}, user, nil)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusCreated)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["user"]; !exists {
|
||||
t.Error("Expected user in response")
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusCreated)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if _, exists := data["user"]; !exists {
|
||||
t.Error("Expected user in response")
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -266,27 +166,16 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Update Test Post", "https://example.com/update-test")
|
||||
|
||||
reqBody := map[string]string{
|
||||
request := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), map[string]any{
|
||||
"title": "Updated Title",
|
||||
"content": "Updated content",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if postData, ok := data["post"].(map[string]any); ok {
|
||||
if title, ok := postData["title"].(string); ok && title != "Updated Title" {
|
||||
t.Errorf("Expected title 'Updated Title', got '%s'", title)
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if postData, ok := data["post"].(map[string]any); ok {
|
||||
if title, ok := postData["title"].(string); ok && title != "Updated Title" {
|
||||
t.Errorf("Expected title 'Updated Title', got '%s'", title)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -298,20 +187,11 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Delete Test Post", "https://example.com/delete-test")
|
||||
|
||||
req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
|
||||
getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
getRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getRec, getReq)
|
||||
assertStatus(t, getRec, http.StatusNotFound)
|
||||
getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID))
|
||||
assertStatus(t, getRequest, http.StatusNotFound)
|
||||
})
|
||||
|
||||
t.Run("Votes_Get_All_Endpoint", func(t *testing.T) {
|
||||
@@ -319,35 +199,17 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "votes_get_all_user", "votes_get_all@example.com")
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Votes Test Post", "https://example.com/votes-test")
|
||||
makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/votes", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
voteBody := map[string]string{"type": "up"}
|
||||
voteBodyBytes, _ := json.Marshal(voteBody)
|
||||
voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes))
|
||||
voteReq.Header.Set("Content-Type", "application/json")
|
||||
voteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
|
||||
voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
voteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(voteRec, voteReq)
|
||||
|
||||
req := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if votes, ok := data["votes"].([]any); ok {
|
||||
if len(votes) == 0 {
|
||||
t.Error("Expected at least one vote in response")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected votes array in response")
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if votes, ok := data["votes"].([]any); ok {
|
||||
if len(votes) == 0 {
|
||||
t.Error("Expected at least one vote in response")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected votes array in response")
|
||||
}
|
||||
}
|
||||
})
|
||||
@@ -358,49 +220,461 @@ func TestIntegration_CompleteAPIEndpoints(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Remove Test", "https://example.com/vote-remove")
|
||||
|
||||
voteBody := map[string]string{"type": "up"}
|
||||
voteBodyBytes, _ := json.Marshal(voteBody)
|
||||
voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(voteBodyBytes))
|
||||
voteReq.Header.Set("Content-Type", "application/json")
|
||||
voteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
|
||||
voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
voteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(voteRec, voteReq)
|
||||
makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
request := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("API_Info_Endpoint", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/api", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, ctx.Router, "/api")
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["endpoints"]; !exists {
|
||||
t.Error("Expected endpoints in API info")
|
||||
}
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if _, exists := data["endpoints"]; !exists {
|
||||
t.Error("Expected endpoints in API info")
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Swagger_Documentation_Endpoint", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/swagger/index.html", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, ctx.Router, "/swagger/index.html")
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusNotFound)
|
||||
})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
t.Run("Search_Endpoint_Edge_Cases", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "search_edge"), uniqueTestEmail(t, "search_edge"))
|
||||
|
||||
assertStatusRange(t, rec, http.StatusOK, http.StatusNotFound)
|
||||
testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post One", "https://example.com/one")
|
||||
testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Searchable Post Two", "https://example.com/two")
|
||||
testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Different Content", "https://example.com/three")
|
||||
|
||||
t.Run("Empty_Search_Results", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=nonexistentterm12345")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) != 0 {
|
||||
t.Errorf("Expected empty search results, got %d posts", len(posts))
|
||||
}
|
||||
}
|
||||
if count, ok := data["count"].(float64); ok && count != 0 {
|
||||
t.Errorf("Expected count 0, got %.0f", count)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Search_With_Pagination", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=0")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
var firstPostID any
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) > 1 {
|
||||
t.Errorf("Expected at most 1 post with limit=1, got %d", len(posts))
|
||||
}
|
||||
if len(posts) > 0 {
|
||||
if post, ok := posts[0].(map[string]any); ok {
|
||||
firstPostID = post["id"]
|
||||
}
|
||||
}
|
||||
}
|
||||
if limit, ok := data["limit"].(float64); ok && limit != 1 {
|
||||
t.Errorf("Expected limit 1 in response, got %.0f", limit)
|
||||
}
|
||||
if offset, ok := data["offset"].(float64); ok && offset != 0 {
|
||||
t.Errorf("Expected offset 0 in response, got %.0f", offset)
|
||||
}
|
||||
}
|
||||
|
||||
secondRequest := makeGetRequest(t, ctx.Router, "/api/posts/search?q=Searchable&limit=1&offset=1")
|
||||
|
||||
secondResponse := assertJSONResponse(t, secondRequest, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(secondResponse); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) > 1 {
|
||||
t.Errorf("Expected at most 1 post with limit=1 and offset=1, got %d", len(posts))
|
||||
}
|
||||
if len(posts) > 0 && firstPostID != nil {
|
||||
if post, ok := posts[0].(map[string]any); ok {
|
||||
if post["id"] == firstPostID {
|
||||
t.Error("Expected different post with offset=1, got same post as offset=0")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Search_With_Special_Characters", func(t *testing.T) {
|
||||
specialQueries := []string{
|
||||
"Searchable%20Post",
|
||||
"Searchable'Post",
|
||||
"Searchable\"Post",
|
||||
"Searchable;Post",
|
||||
"Searchable--Post",
|
||||
}
|
||||
|
||||
for _, query := range specialQueries {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(query))
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Search_Empty_Query", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) != 0 {
|
||||
t.Errorf("Expected empty results for empty query, got %d posts", len(posts))
|
||||
}
|
||||
}
|
||||
if count, ok := data["count"].(float64); ok && count != 0 {
|
||||
t.Errorf("Expected count 0 for empty query, got %.0f", count)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Search_With_Very_Long_Query", func(t *testing.T) {
|
||||
longQuery := strings.Repeat("a", 1000)
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q="+url.QueryEscape(longQuery))
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Search_Case_Insensitive", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/search?q=SEARCHABLE")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) == 0 {
|
||||
t.Error("Expected case-insensitive search to find posts")
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Title_Fetch_Endpoint_Edge_Cases", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
t.Run("Missing_URL_Parameter", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title")
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Empty_URL_Parameter", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=")
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Invalid_URL_Format", func(t *testing.T) {
|
||||
invalidURLs := []string{
|
||||
"not-a-url",
|
||||
"://invalid",
|
||||
"http://",
|
||||
"https://",
|
||||
}
|
||||
|
||||
for _, invalidURL := range invalidURLs {
|
||||
ctx.Suite.TitleFetcher.SetError(services.ErrUnsupportedScheme)
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(invalidURL))
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Unsupported_URL_Schemes", func(t *testing.T) {
|
||||
unsupportedSchemes := []string{
|
||||
"ftp://example.com",
|
||||
"file:///etc/passwd",
|
||||
"javascript:alert(1)",
|
||||
"data:text/html,<script>alert(1)</script>",
|
||||
}
|
||||
|
||||
for _, schemeURL := range unsupportedSchemes {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(schemeURL))
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("SSRF_Protection_Localhost", func(t *testing.T) {
|
||||
ssrfURLs := []string{
|
||||
"http://localhost",
|
||||
"http://127.0.0.1",
|
||||
"http://127.0.0.1:8080",
|
||||
"http://[::1]",
|
||||
"http://0.0.0.0",
|
||||
}
|
||||
|
||||
for _, ssrfURL := range ssrfURLs {
|
||||
ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked)
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(ssrfURL))
|
||||
assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("SSRF_Protection_Private_IPs", func(t *testing.T) {
|
||||
privateIPs := []string{
|
||||
"http://192.168.1.1",
|
||||
"http://10.0.0.1",
|
||||
"http://172.16.0.1",
|
||||
}
|
||||
|
||||
for _, privateIP := range privateIPs {
|
||||
ctx.Suite.TitleFetcher.SetError(services.ErrSSRFBlocked)
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url="+url.QueryEscape(privateIP))
|
||||
assertStatusRange(t, request, http.StatusBadRequest, http.StatusBadGateway)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Title_Fetch_Error_Handling", func(t *testing.T) {
|
||||
ctx.Suite.TitleFetcher.SetError(services.ErrTitleNotFound)
|
||||
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/notitle")
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Valid_URL_Success", func(t *testing.T) {
|
||||
ctx.Suite.TitleFetcher.SetTitle("Valid Title")
|
||||
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts/title?url=https://example.com/valid")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if title, ok := data["title"].(string); ok {
|
||||
if title != "Valid Title" {
|
||||
t.Errorf("Expected title 'Valid Title', got '%s'", title)
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected title in response data")
|
||||
}
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Get_User_Vote_Edge_Cases", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge"), uniqueTestEmail(t, "vote_edge"))
|
||||
secondUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "vote_edge2"), uniqueTestEmail(t, "vote_edge2"))
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Edge Test Post", "https://example.com/vote-edge")
|
||||
|
||||
t.Run("Get_Vote_When_User_Has_Voted", func(t *testing.T) {
|
||||
voteRequest := makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
assertStatus(t, voteRequest, http.StatusOK)
|
||||
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if hasVote, ok := data["has_vote"].(bool); !ok || !hasVote {
|
||||
t.Error("Expected has_vote to be true when user has voted")
|
||||
}
|
||||
if vote, ok := data["vote"]; !ok || vote == nil {
|
||||
t.Error("Expected vote object when user has voted")
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Get_Vote_When_User_Has_Not_Voted", func(t *testing.T) {
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), secondUser, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if hasVote, ok := data["has_vote"].(bool); ok {
|
||||
if hasVote {
|
||||
t.Error("Expected has_vote to be false when user has not voted")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected has_vote field in response")
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Get_Vote_Invalid_Post_ID", func(t *testing.T) {
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/posts/999999/vote", user, map[string]string{"id": "999999"})
|
||||
|
||||
if request.Code != http.StatusOK && request.Code != http.StatusNotFound {
|
||||
t.Errorf("Expected status 200 or 404 for invalid post ID, got %d", request.Code)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Get_Vote_Unauthenticated", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID))
|
||||
assertErrorResponse(t, request, http.StatusUnauthorized)
|
||||
})
|
||||
|
||||
t.Run("Get_Vote_Response_Structure", func(t *testing.T) {
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if success, ok := response["success"].(bool); !ok || !success {
|
||||
t.Error("Expected success field to be true")
|
||||
}
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if _, exists := data["has_vote"]; !exists {
|
||||
t.Error("Expected has_vote field in response data")
|
||||
}
|
||||
if _, exists := data["is_anonymous"]; !exists {
|
||||
t.Error("Expected is_anonymous field in response data")
|
||||
}
|
||||
} else {
|
||||
t.Error("Expected data field in response")
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Refresh_Token_Edge_Cases", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
refreshUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_edge"), uniqueTestEmail(t, "refresh_edge"))
|
||||
|
||||
t.Run("Refresh_With_Expired_Token", func(t *testing.T) {
|
||||
loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to login: %v", err)
|
||||
}
|
||||
|
||||
refreshToken, err := ctx.Suite.RefreshTokenRepo.GetByTokenHash(testutils.HashVerificationToken(loginResult.RefreshToken))
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to get refresh token: %v", err)
|
||||
}
|
||||
|
||||
refreshToken.ExpiresAt = time.Now().Add(-1 * time.Hour)
|
||||
if err := ctx.Suite.DB.Model(refreshToken).Update("expires_at", refreshToken.ExpiresAt).Error; err != nil {
|
||||
t.Fatalf("Failed to expire refresh token: %v", err)
|
||||
}
|
||||
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
|
||||
assertErrorResponse(t, request, http.StatusUnauthorized)
|
||||
})
|
||||
|
||||
t.Run("Refresh_With_Revoked_Token", func(t *testing.T) {
|
||||
loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to login: %v", err)
|
||||
}
|
||||
|
||||
if err := ctx.AuthService.RevokeRefreshToken(loginResult.RefreshToken); err != nil {
|
||||
t.Fatalf("Failed to revoke refresh token: %v", err)
|
||||
}
|
||||
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
|
||||
assertErrorResponse(t, request, http.StatusUnauthorized)
|
||||
})
|
||||
|
||||
t.Run("Refresh_With_Empty_Token", func(t *testing.T) {
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": ""})
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Refresh_With_Missing_Token_Field", func(t *testing.T) {
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{})
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Refresh_Token_Rotation", func(t *testing.T) {
|
||||
loginResult, err := ctx.AuthService.Login(refreshUser.User.Username, "SecurePass123!")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to login: %v", err)
|
||||
}
|
||||
|
||||
originalRefreshToken := loginResult.RefreshToken
|
||||
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": originalRefreshToken})
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if newAccessToken, ok := data["access_token"].(string); ok {
|
||||
if newAccessToken == "" {
|
||||
t.Error("Expected new access token in refresh response")
|
||||
}
|
||||
|
||||
if newRefreshToken, ok := data["refresh_token"].(string); ok {
|
||||
if newRefreshToken != "" && newRefreshToken == originalRefreshToken {
|
||||
t.Log("Refresh token rotation may not be implemented (same token returned)")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Refresh_After_Account_Lock", func(t *testing.T) {
|
||||
lockedUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "refresh_lock"), uniqueTestEmail(t, "refresh_lock"))
|
||||
|
||||
loginResult, err := ctx.AuthService.Login(lockedUser.User.Username, "SecurePass123!")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to login: %v", err)
|
||||
}
|
||||
|
||||
lockedUser.User.Locked = true
|
||||
if err := ctx.Suite.UserRepo.Update(lockedUser.User); err != nil {
|
||||
t.Fatalf("Failed to lock user: %v", err)
|
||||
}
|
||||
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": loginResult.RefreshToken})
|
||||
|
||||
assertStatusRange(t, request, http.StatusUnauthorized, http.StatusForbidden)
|
||||
})
|
||||
|
||||
t.Run("Refresh_With_Invalid_Token_Format", func(t *testing.T) {
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/refresh", map[string]any{"refresh_token": "invalid-token-format-12345"})
|
||||
assertErrorResponse(t, request, http.StatusUnauthorized)
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Pagination_Edge_Cases", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
paginationUser := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, uniqueTestUsername(t, "pagination_edge"), uniqueTestEmail(t, "pagination_edge"))
|
||||
|
||||
for i := 0; i < 5; i++ {
|
||||
testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, paginationUser.User.ID, fmt.Sprintf("Pagination Post %d", i), fmt.Sprintf("https://example.com/pag%d", i))
|
||||
}
|
||||
|
||||
t.Run("Negative_Limit", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts?limit=-1")
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Negative_Offset", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts?offset=-1")
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Very_Large_Limit", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts?limit=10000")
|
||||
assertStatusRange(t, request, http.StatusOK, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Very_Large_Offset", func(t *testing.T) {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts?offset=10000")
|
||||
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if data, ok := getDataFromResponse(response); ok {
|
||||
if posts, ok := data["posts"].([]any); ok {
|
||||
if len(posts) > 0 {
|
||||
t.Logf("Large offset returned %d posts (may be expected)", len(posts))
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Invalid_Pagination_Parameters", func(t *testing.T) {
|
||||
invalidParams := []string{
|
||||
"limit=abc",
|
||||
"offset=xyz",
|
||||
"limit=",
|
||||
"offset=",
|
||||
}
|
||||
|
||||
for _, param := range invalidParams {
|
||||
request := makeGetRequest(t, ctx.Router, "/api/posts?"+param)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
@@ -1,17 +1,12 @@
|
||||
package integration
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"compress/gzip"
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"goyco/internal/middleware"
|
||||
"goyco/internal/testutils"
|
||||
)
|
||||
|
||||
func TestIntegration_Compression(t *testing.T) {
|
||||
@@ -19,16 +14,16 @@ func TestIntegration_Compression(t *testing.T) {
|
||||
router := ctx.Router
|
||||
|
||||
t.Run("Response_Compression_Gzip", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
req.Header.Set("Accept-Encoding", "gzip")
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
request.Header.Set("Accept-Encoding", "gzip")
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
contentEncoding := rec.Header().Get("Content-Encoding")
|
||||
contentEncoding := recorder.Header().Get("Content-Encoding")
|
||||
if contentEncoding != "" && strings.Contains(contentEncoding, "gzip") {
|
||||
assertHeaderContains(t, rec, "Content-Encoding", "gzip")
|
||||
reader, err := gzip.NewReader(rec.Body)
|
||||
assertHeaderContains(t, recorder, "Content-Encoding", "gzip")
|
||||
reader, err := gzip.NewReader(recorder.Body)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create gzip reader: %v", err)
|
||||
}
|
||||
@@ -48,14 +43,14 @@ func TestIntegration_Compression(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Compression_Headers_Present", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
req.Header.Set("Accept-Encoding", "gzip, deflate")
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
request.Header.Set("Accept-Encoding", "gzip, deflate")
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if rec.Header().Get("Vary") != "" {
|
||||
assertHeaderContains(t, rec, "Vary", "Accept-Encoding")
|
||||
if recorder.Header().Get("Vary") != "" {
|
||||
assertHeaderContains(t, recorder, "Vary", "Accept-Encoding")
|
||||
} else {
|
||||
t.Log("Vary header may not always be present")
|
||||
}
|
||||
@@ -67,25 +62,19 @@ func TestIntegration_StaticFiles(t *testing.T) {
|
||||
router := ctx.Router
|
||||
|
||||
t.Run("Robots_Txt_Served", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/robots.txt", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/robots.txt")
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
|
||||
if !strings.Contains(rec.Body.String(), "User-agent") {
|
||||
if !strings.Contains(request.Body.String(), "User-agent") {
|
||||
t.Error("Expected robots.txt content")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("Static_Files_Security_Headers", func(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/robots.txt", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/robots.txt")
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Header().Get("X-Content-Type-Options") == "" {
|
||||
if request.Header().Get("X-Content-Type-Options") == "" {
|
||||
t.Log("Security headers may not be applied to all static files")
|
||||
}
|
||||
})
|
||||
@@ -101,32 +90,22 @@ func TestIntegration_URLMetadata(t *testing.T) {
|
||||
|
||||
ctx.Suite.TitleFetcher.SetTitle("Fetched Title")
|
||||
|
||||
postBody := map[string]string{
|
||||
postBody := map[string]any{
|
||||
"title": "Test Post",
|
||||
"url": "https://example.com/metadata-test",
|
||||
"content": "Test content",
|
||||
}
|
||||
body, _ := json.Marshal(postBody)
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequest(t, router, "/api/posts", postBody, user, nil)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusCreated)
|
||||
assertStatus(t, request, http.StatusCreated)
|
||||
})
|
||||
|
||||
t.Run("URL_Metadata_Endpoint", func(t *testing.T) {
|
||||
ctx.Suite.TitleFetcher.SetTitle("Endpoint Title")
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/posts/title?url=https://example.com/test", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/api/posts/title?url=https://example.com/test")
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["title"]; !exists {
|
||||
|
||||
@@ -19,27 +19,18 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "consistency_user", "consistency@example.com")
|
||||
|
||||
postBody := map[string]string{
|
||||
request := makePostRequest(t, ctx.Router, "/api/posts", map[string]any{
|
||||
"title": "Consistency Test Post",
|
||||
"url": "https://example.com/consistency",
|
||||
"content": "Test content",
|
||||
}
|
||||
body, _ := json.Marshal(postBody)
|
||||
}, user, nil)
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
createResponse := assertJSONResponse(t, rec, http.StatusCreated)
|
||||
createResponse := assertJSONResponse(t, request, http.StatusCreated)
|
||||
if createResponse == nil {
|
||||
return
|
||||
}
|
||||
|
||||
postData, ok := createResponse["data"].(map[string]any)
|
||||
postData, ok := getDataFromResponse(createResponse)
|
||||
if !ok {
|
||||
t.Fatal("Response missing data")
|
||||
}
|
||||
@@ -53,16 +44,14 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
createdURL := postData["url"]
|
||||
createdContent := postData["content"]
|
||||
|
||||
getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%.0f", postID), nil)
|
||||
getRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getRec, getReq)
|
||||
getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%.0f", postID))
|
||||
|
||||
getResponse := assertJSONResponse(t, getRec, http.StatusOK)
|
||||
getResponse := assertJSONResponse(t, getRequest, http.StatusOK)
|
||||
if getResponse == nil {
|
||||
return
|
||||
}
|
||||
|
||||
getPostData, ok := getResponse["data"].(map[string]any)
|
||||
getPostData, ok := getDataFromResponse(getResponse)
|
||||
if !ok {
|
||||
t.Fatal("Get response missing data")
|
||||
}
|
||||
@@ -96,32 +85,17 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Vote Consistency Post", "https://example.com/vote-consistency")
|
||||
|
||||
voteBody := map[string]string{"type": "up"}
|
||||
body, _ := json.Marshal(voteBody)
|
||||
voteRequest := makePostRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), map[string]any{"type": "up"}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
assertStatus(t, voteRequest, http.StatusOK)
|
||||
|
||||
voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
|
||||
voteReq.Header.Set("Content-Type", "application/json")
|
||||
voteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
|
||||
voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
voteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(voteRec, voteReq)
|
||||
getVotesRequest := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/votes", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
assertStatus(t, voteRec, http.StatusOK)
|
||||
|
||||
getVotesReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
|
||||
getVotesReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
getVotesReq = testutils.WithUserContext(getVotesReq, middleware.UserIDKey, user.User.ID)
|
||||
getVotesReq = testutils.WithURLParams(getVotesReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
getVotesRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getVotesRec, getVotesReq)
|
||||
|
||||
votesResponse := assertJSONResponse(t, getVotesRec, http.StatusOK)
|
||||
votesResponse := assertJSONResponse(t, getVotesRequest, http.StatusOK)
|
||||
if votesResponse == nil {
|
||||
return
|
||||
}
|
||||
|
||||
votesData, ok := votesResponse["data"].(map[string]any)
|
||||
votesData, ok := getDataFromResponse(votesResponse)
|
||||
if !ok {
|
||||
t.Fatal("Votes response missing data")
|
||||
}
|
||||
@@ -172,32 +146,21 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Original Title", "https://example.com/original")
|
||||
|
||||
updateBody := map[string]string{
|
||||
updateRequest := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), map[string]any{
|
||||
"title": "Updated Title",
|
||||
"content": "Updated content",
|
||||
}
|
||||
body, _ := json.Marshal(updateBody)
|
||||
}, user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
updateReq := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
|
||||
updateReq.Header.Set("Content-Type", "application/json")
|
||||
updateReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
updateReq = testutils.WithUserContext(updateReq, middleware.UserIDKey, user.User.ID)
|
||||
updateReq = testutils.WithURLParams(updateReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
updateRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(updateRec, updateReq)
|
||||
assertStatus(t, updateRequest, http.StatusOK)
|
||||
|
||||
assertStatus(t, updateRec, http.StatusOK)
|
||||
getRequest := makeGetRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID))
|
||||
|
||||
getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
getRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getRec, getReq)
|
||||
|
||||
getResponse := assertJSONResponse(t, getRec, http.StatusOK)
|
||||
getResponse := assertJSONResponse(t, getRequest, http.StatusOK)
|
||||
if getResponse == nil {
|
||||
return
|
||||
}
|
||||
|
||||
getPostData, ok := getResponse["data"].(map[string]any)
|
||||
getPostData, ok := getDataFromResponse(getResponse)
|
||||
if !ok {
|
||||
t.Fatal("Get response missing data")
|
||||
}
|
||||
@@ -215,18 +178,12 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "user_posts_consistency", "user_posts_consistency@example.com")
|
||||
|
||||
post1 := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 1", "https://example.com/post1")
|
||||
post2 := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 2", "https://example.com/post2")
|
||||
firstPost := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 1", "https://example.com/post1")
|
||||
secondPost := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Post 2", "https://example.com/post2")
|
||||
|
||||
req := httptest.NewRequest("GET", fmt.Sprintf("/api/users/%d/posts", user.User.ID), nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, fmt.Sprintf("/api/users/%d/posts", user.User.ID), user, map[string]string{"id": fmt.Sprintf("%d", user.User.ID)})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if response == nil {
|
||||
return
|
||||
}
|
||||
@@ -245,26 +202,26 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
t.Errorf("Expected at least 2 posts, got %d", len(posts))
|
||||
}
|
||||
|
||||
foundPost1 := false
|
||||
foundPost2 := false
|
||||
foundFirstPost := false
|
||||
foundSecondPost := false
|
||||
for _, post := range posts {
|
||||
if postMap, ok := post.(map[string]any); ok {
|
||||
if postID, ok := postMap["id"].(float64); ok {
|
||||
if uint(postID) == post1.ID {
|
||||
foundPost1 = true
|
||||
if uint(postID) == firstPost.ID {
|
||||
foundFirstPost = true
|
||||
}
|
||||
if uint(postID) == post2.ID {
|
||||
foundPost2 = true
|
||||
if uint(postID) == secondPost.ID {
|
||||
foundSecondPost = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !foundPost1 {
|
||||
if !foundFirstPost {
|
||||
t.Error("Post 1 not found in user posts")
|
||||
}
|
||||
|
||||
if !foundPost2 {
|
||||
if !foundSecondPost {
|
||||
t.Error("Post 2 not found in user posts")
|
||||
}
|
||||
})
|
||||
@@ -275,20 +232,20 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, user.User.ID, "Delete Consistency Post", "https://example.com/delete-consistency")
|
||||
|
||||
deleteReq := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
deleteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
deleteReq = testutils.WithUserContext(deleteReq, middleware.UserIDKey, user.User.ID)
|
||||
deleteReq = testutils.WithURLParams(deleteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
deleteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(deleteRec, deleteReq)
|
||||
deleteRequest := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
deleteRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
deleteRequest = testutils.WithUserContext(deleteRequest, middleware.UserIDKey, user.User.ID)
|
||||
deleteRequest = testutils.WithURLParams(deleteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
deleteRecorder := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(deleteRecorder, deleteRequest)
|
||||
|
||||
assertStatus(t, deleteRec, http.StatusOK)
|
||||
assertStatus(t, deleteRecorder, http.StatusOK)
|
||||
|
||||
getReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
getRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getRec, getReq)
|
||||
getRequest := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d", post.ID), nil)
|
||||
getRecorder := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getRecorder, getRequest)
|
||||
|
||||
assertStatus(t, getRec, http.StatusNotFound)
|
||||
assertStatus(t, getRecorder, http.StatusNotFound)
|
||||
})
|
||||
|
||||
t.Run("Vote_Removal_Consistency", func(t *testing.T) {
|
||||
@@ -300,33 +257,33 @@ func TestIntegration_DataConsistency(t *testing.T) {
|
||||
voteBody := map[string]string{"type": "up"}
|
||||
body, _ := json.Marshal(voteBody)
|
||||
|
||||
voteReq := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
|
||||
voteReq.Header.Set("Content-Type", "application/json")
|
||||
voteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
voteReq = testutils.WithUserContext(voteReq, middleware.UserIDKey, user.User.ID)
|
||||
voteReq = testutils.WithURLParams(voteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
voteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(voteRec, voteReq)
|
||||
voteRequest := httptest.NewRequest("POST", fmt.Sprintf("/api/posts/%d/vote", post.ID), bytes.NewBuffer(body))
|
||||
voteRequest.Header.Set("Content-Type", "application/json")
|
||||
voteRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
voteRequest = testutils.WithUserContext(voteRequest, middleware.UserIDKey, user.User.ID)
|
||||
voteRequest = testutils.WithURLParams(voteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
voteRecorder := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(voteRecorder, voteRequest)
|
||||
|
||||
assertStatus(t, voteRec, http.StatusOK)
|
||||
assertStatus(t, voteRecorder, http.StatusOK)
|
||||
|
||||
removeVoteReq := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
|
||||
removeVoteReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
removeVoteReq = testutils.WithUserContext(removeVoteReq, middleware.UserIDKey, user.User.ID)
|
||||
removeVoteReq = testutils.WithURLParams(removeVoteReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
removeVoteRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(removeVoteRec, removeVoteReq)
|
||||
removeVoteRequest := httptest.NewRequest("DELETE", fmt.Sprintf("/api/posts/%d/vote", post.ID), nil)
|
||||
removeVoteRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
removeVoteRequest = testutils.WithUserContext(removeVoteRequest, middleware.UserIDKey, user.User.ID)
|
||||
removeVoteRequest = testutils.WithURLParams(removeVoteRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
removeVoteRecorder := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(removeVoteRecorder, removeVoteRequest)
|
||||
|
||||
assertStatus(t, removeVoteRec, http.StatusOK)
|
||||
assertStatus(t, removeVoteRecorder, http.StatusOK)
|
||||
|
||||
getVotesReq := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
|
||||
getVotesReq.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
getVotesReq = testutils.WithUserContext(getVotesReq, middleware.UserIDKey, user.User.ID)
|
||||
getVotesReq = testutils.WithURLParams(getVotesReq, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
getVotesRec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getVotesRec, getVotesReq)
|
||||
getVotesRequest := httptest.NewRequest("GET", fmt.Sprintf("/api/posts/%d/votes", post.ID), nil)
|
||||
getVotesRequest.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
getVotesRequest = testutils.WithUserContext(getVotesRequest, middleware.UserIDKey, user.User.ID)
|
||||
getVotesRequest = testutils.WithURLParams(getVotesRequest, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
getVotesRecorder := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(getVotesRecorder, getVotesRequest)
|
||||
|
||||
votesResponse := assertJSONResponse(t, getVotesRec, http.StatusOK)
|
||||
votesResponse := assertJSONResponse(t, getVotesRecorder, http.StatusOK)
|
||||
if votesResponse == nil {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -1,14 +1,10 @@
|
||||
package integration
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"goyco/internal/database"
|
||||
"goyco/internal/middleware"
|
||||
"goyco/internal/testutils"
|
||||
)
|
||||
|
||||
@@ -19,19 +15,14 @@ func TestIntegration_EmailService(t *testing.T) {
|
||||
t.Run("Registration_Email_Sent", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username": "email_reg_user",
|
||||
"email": "email_reg@example.com",
|
||||
"password": "SecurePass123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/register", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusCreated)
|
||||
assertStatus(t, request, http.StatusCreated)
|
||||
|
||||
token := ctx.Suite.EmailSender.VerificationToken()
|
||||
if token == "" {
|
||||
@@ -52,15 +43,10 @@ func TestIntegration_EmailService(t *testing.T) {
|
||||
t.Fatalf("Failed to create user: %v", err)
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username_or_email": "email_reset_user",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
makePostRequestWithJSON(t, router, "/api/auth/forgot-password", reqBody)
|
||||
|
||||
token := ctx.Suite.EmailSender.PasswordResetToken()
|
||||
if token == "" {
|
||||
@@ -72,17 +58,9 @@ func TestIntegration_EmailService(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "email_del_user", "email_del@example.com")
|
||||
|
||||
reqBody := map[string]string{}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("DELETE", "/api/auth/account", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeDeleteRequest(t, router, "/api/auth/account", user, nil)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
token := ctx.Suite.EmailSender.DeletionToken()
|
||||
if token == "" {
|
||||
@@ -94,17 +72,10 @@ func TestIntegration_EmailService(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "email_change_user", "email_change@example.com")
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"email": "newemail@example.com",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("PUT", "/api/auth/email", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
makePutRequest(t, router, "/api/auth/email", reqBody, user, nil)
|
||||
|
||||
token := ctx.Suite.EmailSender.VerificationToken()
|
||||
if token == "" {
|
||||
@@ -115,17 +86,12 @@ func TestIntegration_EmailService(t *testing.T) {
|
||||
t.Run("Email_Template_Content", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username": "template_user",
|
||||
"email": "template@example.com",
|
||||
"password": "SecurePass123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
makePostRequestWithJSON(t, router, "/api/auth/register", reqBody)
|
||||
|
||||
token := ctx.Suite.EmailSender.VerificationToken()
|
||||
if token == "" {
|
||||
|
||||
@@ -152,9 +152,9 @@ func TestIntegration_EndToEndUserJourneys(t *testing.T) {
|
||||
|
||||
if data, ok := getDataFromResponse(votesResponse); ok {
|
||||
if votes, ok := data["votes"].([]any); ok && len(votes) > 0 {
|
||||
unvoteRec := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
unvoteRequest := makeDeleteRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d/vote", post.ID), user, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
assertStatus(t, unvoteRec, http.StatusOK)
|
||||
assertStatus(t, unvoteRequest, http.StatusOK)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
@@ -2,7 +2,6 @@ package integration
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
@@ -19,58 +18,46 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "json_error_user", "json_error@example.com")
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("invalid json{")))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("invalid json{")))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
request.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
ctx.Router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusBadRequest)
|
||||
assertErrorResponse(t, recorder, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Validation_Error_Propagation", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username": "",
|
||||
"email": "invalid-email",
|
||||
"password": "weak",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusBadRequest)
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("Database_Error_Propagation", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "db_error_user", "db_error@example.com")
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"title": "Test Post",
|
||||
"url": "https://example.com/test",
|
||||
"content": "Test content",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequest(t, ctx.Router, "/api/posts", reqBody, user, nil)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code == http.StatusInternalServerError {
|
||||
assertErrorResponse(t, rec, http.StatusInternalServerError)
|
||||
if request.Code == http.StatusInternalServerError {
|
||||
assertErrorResponse(t, request, http.StatusInternalServerError)
|
||||
} else {
|
||||
assertStatus(t, rec, http.StatusCreated)
|
||||
assertStatus(t, request, http.StatusCreated)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -78,34 +65,23 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createAuthenticatedUser(t, ctx.AuthService, ctx.Suite.UserRepo, "notfound_error_user", "notfound_error@example.com")
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/posts/999999", nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": "999999"})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, ctx.Router, "/api/posts/999999", user, map[string]string{"id": "999999"})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusNotFound)
|
||||
assertErrorResponse(t, request, http.StatusNotFound)
|
||||
})
|
||||
|
||||
t.Run("Unauthorized_Error_Propagation", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"title": "Test Post",
|
||||
"url": "https://example.com/test",
|
||||
"content": "Test content",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/posts", reqBody)
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusUnauthorized)
|
||||
assertErrorResponse(t, request, http.StatusUnauthorized)
|
||||
})
|
||||
|
||||
t.Run("Forbidden_Error_Propagation", func(t *testing.T) {
|
||||
@@ -115,78 +91,58 @@ func TestIntegration_ErrorPropagation(t *testing.T) {
|
||||
|
||||
post := testutils.CreatePostWithRepo(t, ctx.Suite.PostRepo, owner.User.ID, "Forbidden Post", "https://example.com/forbidden")
|
||||
|
||||
updateBody := map[string]string{
|
||||
updateBody := map[string]any{
|
||||
"title": "Updated Title",
|
||||
"content": "Updated content",
|
||||
}
|
||||
body, _ := json.Marshal(updateBody)
|
||||
|
||||
req := httptest.NewRequest("PUT", fmt.Sprintf("/api/posts/%d", post.ID), bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+otherUser.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, otherUser.User.ID)
|
||||
req = testutils.WithURLParams(req, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePutRequest(t, ctx.Router, fmt.Sprintf("/api/posts/%d", post.ID), updateBody, otherUser, map[string]string{"id": fmt.Sprintf("%d", post.ID)})
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusForbidden)
|
||||
assertErrorResponse(t, request, http.StatusForbidden)
|
||||
})
|
||||
|
||||
t.Run("Service_Error_Propagation", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username": "existing_user",
|
||||
"email": "existing@example.com",
|
||||
"password": "SecurePass123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
request := makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
|
||||
|
||||
assertStatus(t, rec, http.StatusCreated)
|
||||
assertStatus(t, request, http.StatusCreated)
|
||||
|
||||
req = httptest.NewRequest("POST", "/api/auth/register", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec = httptest.NewRecorder()
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
request = makePostRequestWithJSON(t, ctx.Router, "/api/auth/register", reqBody)
|
||||
|
||||
assertStatusRange(t, rec, http.StatusBadRequest, http.StatusConflict)
|
||||
assertErrorResponse(t, rec, rec.Code)
|
||||
assertStatusRange(t, request, http.StatusBadRequest, http.StatusConflict)
|
||||
assertErrorResponse(t, request, request.Code)
|
||||
})
|
||||
|
||||
t.Run("Middleware_Error_Propagation", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("{}")))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer expired.invalid.token")
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("POST", "/api/posts", bytes.NewBuffer([]byte("{}")))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
request.Header.Set("Authorization", "Bearer expired.invalid.token")
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
ctx.Router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusUnauthorized)
|
||||
assertErrorResponse(t, recorder, http.StatusUnauthorized)
|
||||
})
|
||||
|
||||
t.Run("Handler_Error_Response_Format", func(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/nonexistent", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, ctx.Router, "/api/nonexistent")
|
||||
|
||||
ctx.Router.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code == http.StatusNotFound {
|
||||
if rec.Header().Get("Content-Type") == "application/json" {
|
||||
assertErrorResponse(t, rec, http.StatusNotFound)
|
||||
} else {
|
||||
if rec.Body.Len() == 0 {
|
||||
t.Error("Expected error response body")
|
||||
}
|
||||
if request.Code == http.StatusNotFound {
|
||||
if request.Header().Get("Content-Type") == "application/json" {
|
||||
assertErrorResponse(t, request, http.StatusNotFound)
|
||||
} else if request.Body.Len() == 0 {
|
||||
t.Error("Expected error response body")
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
@@ -377,15 +377,11 @@ func assertCookieCleared(t *testing.T, recorder *httptest.ResponseRecorder, name
|
||||
}
|
||||
}
|
||||
|
||||
func assertHeader(t *testing.T, recorder *httptest.ResponseRecorder, name, expectedValue string) {
|
||||
func assertHeader(t *testing.T, recorder *httptest.ResponseRecorder, name string) {
|
||||
t.Helper()
|
||||
actualValue := recorder.Header().Get(name)
|
||||
if expectedValue == "" {
|
||||
if actualValue == "" {
|
||||
t.Errorf("Expected header %s to be present", name)
|
||||
}
|
||||
} else if actualValue != expectedValue {
|
||||
t.Errorf("Expected header %s=%s, got %s", name, expectedValue, actualValue)
|
||||
if actualValue == "" {
|
||||
t.Errorf("Expected header %s to be present", name)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package integration
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
@@ -32,17 +30,12 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
t.Fatalf("Failed to create user: %v", err)
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username_or_email": "reset_user",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/forgot-password", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
response := assertJSONResponse(t, rec, http.StatusOK)
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if response != nil {
|
||||
if success, ok := response["success"].(bool); !ok || !success {
|
||||
t.Error("Expected success=true")
|
||||
@@ -77,18 +70,13 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
t.Fatal("Expected password reset token")
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"token": resetToken,
|
||||
"new_password": "NewPassword123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
loginResult, err := ctx.AuthService.Login("reset_complete_user", "NewPassword123!")
|
||||
if err != nil {
|
||||
@@ -120,14 +108,14 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
reqBody := url.Values{}
|
||||
reqBody.Set("username_or_email", "page_reset_user")
|
||||
reqBody.Set("csrf_token", csrfToken)
|
||||
req := httptest.NewRequest("POST", "/forgot-password", strings.NewReader(reqBody.Encode()))
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("POST", "/forgot-password", strings.NewReader(reqBody.Encode()))
|
||||
request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
request.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
pageRouter.ServeHTTP(rec, req)
|
||||
pageRouter.ServeHTTP(recorder, request)
|
||||
|
||||
assertStatusRange(t, rec, http.StatusOK, http.StatusSeeOther)
|
||||
assertStatusRange(t, recorder, http.StatusOK, http.StatusSeeOther)
|
||||
|
||||
resetToken := pageCtx.Suite.EmailSender.PasswordResetToken()
|
||||
if resetToken == "" {
|
||||
@@ -166,33 +154,23 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
t.Fatalf("Failed to update user: %v", err)
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"token": resetToken,
|
||||
"new_password": "NewPassword123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusBadRequest)
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("PasswordReset_InvalidToken", func(t *testing.T) {
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"token": "invalid-token",
|
||||
"new_password": "NewPassword123!",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusBadRequest)
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("PasswordReset_WeakPassword", func(t *testing.T) {
|
||||
@@ -214,18 +192,13 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
|
||||
resetToken := ctx.Suite.EmailSender.PasswordResetToken()
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"token": resetToken,
|
||||
"new_password": "123",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/reset-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, router, "/api/auth/reset-password", reqBody)
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusBadRequest)
|
||||
assertErrorResponse(t, request, http.StatusBadRequest)
|
||||
})
|
||||
|
||||
t.Run("PasswordReset_EmailIntegration", func(t *testing.T) {
|
||||
@@ -243,17 +216,12 @@ func TestIntegration_PasswordReset_CompleteFlow(t *testing.T) {
|
||||
t.Fatalf("Failed to create user: %v", err)
|
||||
}
|
||||
|
||||
reqBody := map[string]string{
|
||||
reqBody := map[string]any{
|
||||
"username_or_email": "email_reset@example.com",
|
||||
}
|
||||
body, _ := json.Marshal(reqBody)
|
||||
req := httptest.NewRequest("POST", "/api/auth/forgot-password", bytes.NewBuffer(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, freshCtx.Router, "/api/auth/forgot-password", reqBody)
|
||||
|
||||
freshCtx.Router.ServeHTTP(rec, req)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
resetToken := freshCtx.Suite.EmailSender.PasswordResetToken()
|
||||
if resetToken == "" {
|
||||
|
||||
@@ -51,24 +51,24 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
router, _ := setupRateLimitRouter(t, rateLimitConfig)
|
||||
|
||||
for i := 0; i < 2; i++ {
|
||||
req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusTooManyRequests)
|
||||
assertErrorResponse(t, recorder, http.StatusTooManyRequests)
|
||||
|
||||
assertHeader(t, rec, "Retry-After", "")
|
||||
assertHeader(t, recorder, "Retry-After")
|
||||
|
||||
var response map[string]any
|
||||
if err := json.NewDecoder(rec.Body).Decode(&response); err == nil {
|
||||
if err := json.NewDecoder(recorder.Body).Decode(&response); err == nil {
|
||||
if _, exists := response["retry_after"]; !exists {
|
||||
t.Error("Expected retry_after in response")
|
||||
}
|
||||
@@ -81,17 +81,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
router, _ := setupRateLimitRouter(t, rateLimitConfig)
|
||||
|
||||
for i := 0; i < 5; i++ {
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusTooManyRequests)
|
||||
assertErrorResponse(t, recorder, http.StatusTooManyRequests)
|
||||
})
|
||||
|
||||
t.Run("Health_RateLimit_Enforced", func(t *testing.T) {
|
||||
@@ -100,17 +100,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
router, _ := setupRateLimitRouter(t, rateLimitConfig)
|
||||
|
||||
for i := 0; i < 3; i++ {
|
||||
req := httptest.NewRequest("GET", "/health", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/health", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusTooManyRequests)
|
||||
assertErrorResponse(t, recorder, http.StatusTooManyRequests)
|
||||
})
|
||||
|
||||
t.Run("Metrics_RateLimit_Enforced", func(t *testing.T) {
|
||||
@@ -119,17 +119,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
router, _ := setupRateLimitRouter(t, rateLimitConfig)
|
||||
|
||||
for i := 0; i < 2; i++ {
|
||||
req := httptest.NewRequest("GET", "/metrics", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/metrics", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/metrics", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/metrics", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusTooManyRequests)
|
||||
assertErrorResponse(t, recorder, http.StatusTooManyRequests)
|
||||
})
|
||||
|
||||
t.Run("RateLimit_Different_Endpoints_Independent", func(t *testing.T) {
|
||||
@@ -139,17 +139,17 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
router, _ := setupRateLimitRouter(t, rateLimitConfig)
|
||||
|
||||
for i := 0; i < 2; i++ {
|
||||
req := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertStatus(t, rec, http.StatusOK)
|
||||
assertStatus(t, recorder, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("RateLimit_With_Authentication", func(t *testing.T) {
|
||||
@@ -166,20 +166,20 @@ func TestIntegration_RateLimiting(t *testing.T) {
|
||||
user := createAuthenticatedUser(t, authService, suite.UserRepo, uniqueTestUsername(t, "ratelimit_auth"), uniqueTestEmail(t, "ratelimit_auth"))
|
||||
|
||||
for i := 0; i < 3; i++ {
|
||||
req := httptest.NewRequest("GET", "/api/auth/me", nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
router.ServeHTTP(rec, req)
|
||||
request := httptest.NewRequest("GET", "/api/auth/me", nil)
|
||||
request.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
|
||||
recorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(recorder, request)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/api/auth/me", nil)
|
||||
req.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
req = testutils.WithUserContext(req, middleware.UserIDKey, user.User.ID)
|
||||
rec := httptest.NewRecorder()
|
||||
request := httptest.NewRequest("GET", "/api/auth/me", nil)
|
||||
request.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(rec, req)
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertErrorResponse(t, rec, http.StatusTooManyRequests)
|
||||
assertErrorResponse(t, recorder, http.StatusTooManyRequests)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -17,16 +17,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
router := ctx.Router
|
||||
|
||||
t.Run("SecurityHeaders_Present", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/health")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
assertStatus(t, recorder, http.StatusOK)
|
||||
|
||||
assertHeader(t, recorder, "X-Content-Type-Options", "")
|
||||
assertHeader(t, recorder, "X-Frame-Options", "")
|
||||
assertHeader(t, recorder, "X-XSS-Protection", "")
|
||||
assertHeader(t, request, "X-Content-Type-Options")
|
||||
assertHeader(t, request, "X-Frame-Options")
|
||||
assertHeader(t, request, "X-XSS-Protection")
|
||||
})
|
||||
|
||||
t.Run("CORS_Headers_Present", func(t *testing.T) {
|
||||
@@ -36,16 +33,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertHeader(t, recorder, "Access-Control-Allow-Origin", "")
|
||||
assertHeader(t, recorder, "Access-Control-Allow-Origin")
|
||||
})
|
||||
|
||||
t.Run("Logging_Middleware_Executes", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/health")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
if recorder.Code == 0 {
|
||||
if request.Code == 0 {
|
||||
t.Error("Expected logging middleware to execute")
|
||||
}
|
||||
})
|
||||
@@ -67,13 +61,10 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("DBMonitoring_Active", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
request := makeGetRequest(t, router, "/health")
|
||||
|
||||
var response map[string]any
|
||||
if err := json.NewDecoder(recorder.Body).Decode(&response); err == nil {
|
||||
if err := json.NewDecoder(request.Body).Decode(&response); err == nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["database_stats"]; !exists {
|
||||
t.Error("Expected database_stats in health response")
|
||||
@@ -83,12 +74,9 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Metrics_Middleware_Executes", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/metrics", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/metrics")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
response := assertJSONResponse(t, recorder, http.StatusOK)
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if response != nil {
|
||||
if data, ok := response["data"].(map[string]any); ok {
|
||||
if _, exists := data["database"]; !exists {
|
||||
@@ -99,34 +87,25 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("StaticFiles_Served", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/robots.txt", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/robots.txt")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
|
||||
assertStatus(t, recorder, http.StatusOK)
|
||||
|
||||
if !strings.Contains(recorder.Body.String(), "User-agent") {
|
||||
if !strings.Contains(request.Body.String(), "User-agent") {
|
||||
t.Error("Expected robots.txt content")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("API_Routes_Accessible", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/api/posts")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertStatus(t, recorder, http.StatusOK)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("Health_Endpoint_Accessible", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/health", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/health")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
response := assertJSONResponse(t, recorder, http.StatusOK)
|
||||
response := assertJSONResponse(t, request, http.StatusOK)
|
||||
if response != nil {
|
||||
if success, ok := response["success"].(bool); !ok || !success {
|
||||
t.Error("Expected success=true in health response")
|
||||
@@ -135,14 +114,11 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Middleware_Order_Correct", func(t *testing.T) {
|
||||
request := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeGetRequest(t, router, "/api/posts")
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
assertHeader(t, request, "X-Content-Type-Options")
|
||||
|
||||
assertHeader(t, recorder, "X-Content-Type-Options", "")
|
||||
|
||||
if recorder.Code == 0 {
|
||||
if request.Code == 0 {
|
||||
t.Error("Response should have status code")
|
||||
}
|
||||
})
|
||||
@@ -160,15 +136,11 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Cache_Middleware_Active", func(t *testing.T) {
|
||||
firstRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
firstRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(firstRecorder, firstRequest)
|
||||
firstRequest := makeGetRequest(t, router, "/api/posts")
|
||||
|
||||
secondRequest := httptest.NewRequest("GET", "/api/posts", nil)
|
||||
secondRecorder := httptest.NewRecorder()
|
||||
router.ServeHTTP(secondRecorder, secondRequest)
|
||||
secondRequest := makeGetRequest(t, router, "/api/posts")
|
||||
|
||||
if firstRecorder.Code != secondRecorder.Code {
|
||||
if firstRequest.Code != secondRequest.Code {
|
||||
t.Error("Cached responses should have same status")
|
||||
}
|
||||
})
|
||||
@@ -177,14 +149,9 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
ctx.Suite.EmailSender.Reset()
|
||||
user := createUserWithCleanup(t, ctx, "auth_middleware_user", "auth_middleware@example.com")
|
||||
|
||||
request := httptest.NewRequest("GET", "/api/auth/me", nil)
|
||||
request.Header.Set("Authorization", "Bearer "+user.Token)
|
||||
request = testutils.WithUserContext(request, middleware.UserIDKey, user.User.ID)
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makeAuthenticatedGetRequest(t, router, "/api/auth/me", user, nil)
|
||||
|
||||
router.ServeHTTP(recorder, request)
|
||||
|
||||
assertStatus(t, recorder, http.StatusOK)
|
||||
assertStatus(t, request, http.StatusOK)
|
||||
})
|
||||
|
||||
t.Run("RateLimit_Middleware_Integration", func(t *testing.T) {
|
||||
@@ -192,20 +159,13 @@ func TestIntegration_Router_FullMiddlewareChain(t *testing.T) {
|
||||
rateLimitRouter := rateLimitCtx.Router
|
||||
|
||||
for range 3 {
|
||||
request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
rateLimitRouter.ServeHTTP(recorder, request)
|
||||
request := makePostRequestWithJSON(t, rateLimitRouter, "/api/auth/login", map[string]any{"username": "test", "password": "test"})
|
||||
_ = request
|
||||
}
|
||||
|
||||
request := httptest.NewRequest("POST", "/api/auth/login", bytes.NewBufferString(`{"username":"test","password":"test"}`))
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
recorder := httptest.NewRecorder()
|
||||
request := makePostRequestWithJSON(t, rateLimitRouter, "/api/auth/login", map[string]any{"username": "test", "password": "test"})
|
||||
|
||||
rateLimitRouter.ServeHTTP(recorder, request)
|
||||
|
||||
if recorder.Code == http.StatusTooManyRequests {
|
||||
if request.Code == http.StatusTooManyRequests {
|
||||
t.Log("Rate limiting is working")
|
||||
}
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user