Dateien nach "/" hochladen
This commit is contained in:
+220
@@ -0,0 +1,220 @@
|
||||
package api_test
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"log/slog"
|
||||
"os"
|
||||
|
||||
"github.com/mailarchive/config"
|
||||
"github.com/mailarchive/internal/api"
|
||||
"github.com/mailarchive/internal/audit"
|
||||
"github.com/mailarchive/internal/auth"
|
||||
"github.com/mailarchive/internal/index"
|
||||
"github.com/mailarchive/internal/storage"
|
||||
"github.com/mailarchive/internal/userstore"
|
||||
)
|
||||
|
||||
type testEnv struct {
|
||||
server *api.Server
|
||||
users *userstore.Store
|
||||
store *storage.Store
|
||||
idx index.Indexer
|
||||
}
|
||||
|
||||
func newTestEnv(t *testing.T) *testEnv {
|
||||
t.Helper()
|
||||
dir := t.TempDir()
|
||||
logger := slog.New(slog.NewTextHandler(os.Discard, nil))
|
||||
|
||||
store, err := storage.New(filepath.Join(dir, "store"))
|
||||
if err != nil { t.Fatal(err) }
|
||||
|
||||
idx, err := index.New(filepath.Join(dir, "index"), 100, "bleve")
|
||||
if err != nil { t.Fatal(err) }
|
||||
|
||||
users, err := userstore.New(filepath.Join(dir, "users.db"))
|
||||
if err != nil { t.Fatal(err) }
|
||||
|
||||
audlog, err := audit.New(filepath.Join(dir, "audit.db"), dir, logger)
|
||||
if err != nil { t.Fatal(err) }
|
||||
|
||||
// Seed users
|
||||
users.Create(userstore.CreateUserRequest{Username: "admin", Email: "admin@x.com", Password: "adminpass", Role: userstore.RoleAdmin})
|
||||
users.Create(userstore.CreateUserRequest{Username: "auditor", Email: "auditor@x.com", Password: "auditorpass", Role: userstore.RoleAuditor})
|
||||
users.Create(userstore.CreateUserRequest{Username: "user1", Email: "user1@x.com", Password: "userpass", Role: userstore.RoleUser})
|
||||
|
||||
authMgr := auth.New(users, nil, "test-secret-must-be-long-enough-32")
|
||||
cfg := config.APIConfig{Bind: ":18080", Secret: "test-secret-must-be-long-enough-32"}
|
||||
srv := api.New(cfg, store, idx, authMgr, users, audlog, logger)
|
||||
|
||||
t.Cleanup(func() {
|
||||
idx.Close()
|
||||
users.Close()
|
||||
audlog.Close()
|
||||
})
|
||||
|
||||
return &testEnv{server: srv, users: users, store: store, idx: idx}
|
||||
}
|
||||
|
||||
func (e *testEnv) do(t *testing.T, method, path string, body interface{}, token string) *httptest.ResponseRecorder {
|
||||
t.Helper()
|
||||
var buf bytes.Buffer
|
||||
if body != nil {
|
||||
json.NewEncoder(&buf).Encode(body)
|
||||
}
|
||||
req := httptest.NewRequest(method, path, &buf)
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
if token != "" {
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
}
|
||||
w := httptest.NewRecorder()
|
||||
e.server.ServeHTTP(w, req)
|
||||
return w
|
||||
}
|
||||
|
||||
func (e *testEnv) login(t *testing.T, username, password string) string {
|
||||
t.Helper()
|
||||
w := e.do(t, "POST", "/api/auth/login",
|
||||
map[string]string{"username": username, "password": password}, "")
|
||||
if w.Code != 200 {
|
||||
t.Fatalf("login %s: status %d, body: %s", username, w.Code, w.Body.String())
|
||||
}
|
||||
var resp map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
return resp["token"].(string)
|
||||
}
|
||||
|
||||
// ---- Tests ----
|
||||
|
||||
func TestHealth(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
w := env.do(t, "GET", "/api/health", nil, "")
|
||||
if w.Code != 200 {
|
||||
t.Errorf("health: status %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoginAndMe(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "admin", "adminpass")
|
||||
|
||||
w := env.do(t, "GET", "/api/auth/me", nil, token)
|
||||
if w.Code != 200 {
|
||||
t.Fatalf("me: status %d", w.Code)
|
||||
}
|
||||
var resp map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
if resp["username"] != "admin" {
|
||||
t.Errorf("me username = %q", resp["username"])
|
||||
}
|
||||
if resp["role"] != "admin" {
|
||||
t.Errorf("me role = %q", resp["role"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoginWrongCredentials(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
w := env.do(t, "POST", "/api/auth/login",
|
||||
map[string]string{"username": "admin", "password": "wrong"}, "")
|
||||
if w.Code != 401 {
|
||||
t.Errorf("expected 401, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestUnauthenticatedSearchBlocked(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
w := env.do(t, "GET", "/api/search?q=test", nil, "")
|
||||
if w.Code != 401 {
|
||||
t.Errorf("expected 401, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLogout(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "admin", "adminpass")
|
||||
|
||||
w := env.do(t, "POST", "/api/auth/logout", nil, token)
|
||||
if w.Code != 200 {
|
||||
t.Fatalf("logout: status %d", w.Code)
|
||||
}
|
||||
|
||||
// Token should now be invalid
|
||||
w2 := env.do(t, "GET", "/api/auth/me", nil, token)
|
||||
if w2.Code != 401 {
|
||||
t.Errorf("after logout, me should return 401, got %d", w2.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdminUserCRUD(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "admin", "adminpass")
|
||||
|
||||
// List users
|
||||
w := env.do(t, "GET", "/api/users", nil, token)
|
||||
if w.Code != 200 {
|
||||
t.Fatalf("list users: status %d", w.Code)
|
||||
}
|
||||
var users []map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &users)
|
||||
if len(users) != 3 { // admin + auditor + user1
|
||||
t.Errorf("expected 3 users, got %d", len(users))
|
||||
}
|
||||
|
||||
// Create user
|
||||
w = env.do(t, "POST", "/api/users",
|
||||
map[string]string{"username": "newuser", "email": "new@x.com", "password": "pw123", "role": "user"},
|
||||
token)
|
||||
if w.Code != 201 {
|
||||
t.Fatalf("create user: status %d, body: %s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestNonAdminCannotManageUsers(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "user1", "userpass")
|
||||
|
||||
w := env.do(t, "GET", "/api/users", nil, token)
|
||||
if w.Code != 403 {
|
||||
t.Errorf("user role should not list users, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuditorCanAccessAuditLog(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "auditor", "auditorpass")
|
||||
|
||||
w := env.do(t, "GET", "/api/audit", nil, token)
|
||||
if w.Code != 200 {
|
||||
t.Errorf("auditor should access audit log, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestUserCannotAccessAuditLog(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "user1", "userpass")
|
||||
|
||||
w := env.do(t, "GET", "/api/audit", nil, token)
|
||||
if w.Code != 403 {
|
||||
t.Errorf("user role should not access audit log, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSearchReturnsResults(t *testing.T) {
|
||||
env := newTestEnv(t)
|
||||
token := env.login(t, "admin", "adminpass")
|
||||
|
||||
w := env.do(t, "GET", "/api/search?q=test", nil, token)
|
||||
if w.Code != 200 {
|
||||
t.Fatalf("search: status %d, body: %s", w.Code, w.Body.String())
|
||||
}
|
||||
var result map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &result)
|
||||
if _, ok := result["total"]; !ok {
|
||||
t.Error("search response missing 'total' field")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user