0536f57ec2
- Add API token model with SHA-256 hashed tokens
- Add migration 006_add_api_tokens.sql
- Add Bearer token auth middleware
- Add API endpoints under /api/v1/:
- GET /whoami
- POST /tokens (create new API token)
- GET /apps (list all apps)
- POST /apps (create app)
- GET /apps/{id} (get app)
- DELETE /apps/{id} (delete app)
- POST /apps/{id}/deploy (trigger deployment)
- GET /apps/{id}/deployments (list deployments)
- Add comprehensive tests for all API endpoints
- All tests pass, zero lint issues
255 lines
6.6 KiB
Go
255 lines
6.6 KiB
Go
package handlers_test
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"git.eeqj.de/sneak/upaas/internal/models"
|
|
)
|
|
|
|
func setupAPITest(t *testing.T) (*testContext, string) {
|
|
t.Helper()
|
|
|
|
tc := setupTestHandlers(t)
|
|
|
|
// Create a user first.
|
|
_, err := tc.authSvc.CreateUser(t.Context(), "admin", "password123")
|
|
require.NoError(t, err)
|
|
|
|
user, err := models.FindUserByUsername(t.Context(), tc.database, "admin")
|
|
require.NoError(t, err)
|
|
require.NotNil(t, user)
|
|
|
|
// Generate an API token.
|
|
rawToken, _, err := models.GenerateAPIToken(t.Context(), tc.database, user.ID, "test")
|
|
require.NoError(t, err)
|
|
|
|
return tc, rawToken
|
|
}
|
|
|
|
func apiRequest(
|
|
t *testing.T,
|
|
tc *testContext,
|
|
token, method, path string,
|
|
body string,
|
|
) *httptest.ResponseRecorder {
|
|
t.Helper()
|
|
|
|
var req *http.Request
|
|
if body != "" {
|
|
req = httptest.NewRequest(method, path, strings.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
} else {
|
|
req = httptest.NewRequest(method, path, nil)
|
|
}
|
|
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
|
|
rr := httptest.NewRecorder()
|
|
|
|
// Build a chi router with API routes.
|
|
r := chi.NewRouter()
|
|
mw := tc.middleware
|
|
|
|
r.Route("/api/v1", func(apiR chi.Router) {
|
|
apiR.Use(mw.APITokenAuth())
|
|
apiR.Get("/whoami", tc.handlers.HandleAPIWhoAmI())
|
|
apiR.Post("/tokens", tc.handlers.HandleAPICreateToken())
|
|
apiR.Get("/apps", tc.handlers.HandleAPIListApps())
|
|
apiR.Post("/apps", tc.handlers.HandleAPICreateApp())
|
|
apiR.Get("/apps/{id}", tc.handlers.HandleAPIGetApp())
|
|
apiR.Delete("/apps/{id}", tc.handlers.HandleAPIDeleteApp())
|
|
apiR.Post("/apps/{id}/deploy", tc.handlers.HandleAPITriggerDeploy())
|
|
apiR.Get("/apps/{id}/deployments", tc.handlers.HandleAPIListDeployments())
|
|
})
|
|
|
|
r.ServeHTTP(rr, req)
|
|
|
|
return rr
|
|
}
|
|
|
|
func TestAPIAuthRejectsNoToken(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc := setupTestHandlers(t)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/apps", nil)
|
|
rr := httptest.NewRecorder()
|
|
|
|
r := chi.NewRouter()
|
|
r.Route("/api/v1", func(apiR chi.Router) {
|
|
apiR.Use(tc.middleware.APITokenAuth())
|
|
apiR.Get("/apps", tc.handlers.HandleAPIListApps())
|
|
})
|
|
|
|
r.ServeHTTP(rr, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rr.Code)
|
|
}
|
|
|
|
func TestAPIAuthRejectsInvalidToken(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc := setupTestHandlers(t)
|
|
|
|
rr := apiRequest(t, tc, "invalid-token", http.MethodGet, "/api/v1/apps", "")
|
|
assert.Equal(t, http.StatusUnauthorized, rr.Code)
|
|
}
|
|
|
|
func TestAPIWhoAmI(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/whoami", "")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
|
|
var resp map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
|
|
assert.Equal(t, "admin", resp["username"])
|
|
}
|
|
|
|
func TestAPIListAppsEmpty(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps", "")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
|
|
var apps []any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &apps))
|
|
assert.Empty(t, apps)
|
|
}
|
|
|
|
func TestAPICreateApp(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
body := `{"name":"test-app","repoUrl":"https://github.com/example/repo"}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
|
|
assert.Equal(t, http.StatusCreated, rr.Code)
|
|
|
|
var app map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &app))
|
|
assert.Equal(t, "test-app", app["name"])
|
|
assert.Equal(t, "pending", app["status"])
|
|
}
|
|
|
|
func TestAPICreateAppValidation(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
// Missing required fields.
|
|
body := `{"name":"","repoUrl":""}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
|
|
assert.Equal(t, http.StatusBadRequest, rr.Code)
|
|
}
|
|
|
|
func TestAPIGetApp(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
// Create an app first.
|
|
body := `{"name":"my-app","repoUrl":"https://github.com/example/repo"}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
|
|
require.Equal(t, http.StatusCreated, rr.Code)
|
|
|
|
var created map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
|
|
|
|
appID, ok := created["id"].(string)
|
|
require.True(t, ok)
|
|
|
|
// Get the app.
|
|
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID, "")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
|
|
var app map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &app))
|
|
assert.Equal(t, "my-app", app["name"])
|
|
}
|
|
|
|
func TestAPIGetAppNotFound(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
rr := apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/nonexistent", "")
|
|
assert.Equal(t, http.StatusNotFound, rr.Code)
|
|
}
|
|
|
|
func TestAPIDeleteApp(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
// Create an app.
|
|
body := `{"name":"delete-me","repoUrl":"https://github.com/example/repo"}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
|
|
require.Equal(t, http.StatusCreated, rr.Code)
|
|
|
|
var created map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
|
|
|
|
appID, ok := created["id"].(string)
|
|
require.True(t, ok)
|
|
|
|
// Delete it.
|
|
rr = apiRequest(t, tc, token, http.MethodDelete, "/api/v1/apps/"+appID, "")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
|
|
// Verify it's gone.
|
|
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID, "")
|
|
assert.Equal(t, http.StatusNotFound, rr.Code)
|
|
}
|
|
|
|
func TestAPIListDeployments(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
// Create an app.
|
|
body := `{"name":"deploy-app","repoUrl":"https://github.com/example/repo"}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/apps", body)
|
|
require.Equal(t, http.StatusCreated, rr.Code)
|
|
|
|
var created map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &created))
|
|
|
|
appID, ok := created["id"].(string)
|
|
require.True(t, ok)
|
|
|
|
// List deployments (should be empty).
|
|
rr = apiRequest(t, tc, token, http.MethodGet, "/api/v1/apps/"+appID+"/deployments", "")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
|
|
var deployments []any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &deployments))
|
|
assert.Empty(t, deployments)
|
|
}
|
|
|
|
func TestAPICreateToken(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tc, token := setupAPITest(t)
|
|
|
|
body := `{"name":"new-token"}`
|
|
rr := apiRequest(t, tc, token, http.MethodPost, "/api/v1/tokens", body)
|
|
assert.Equal(t, http.StatusCreated, rr.Code)
|
|
|
|
var resp map[string]any
|
|
require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
|
|
assert.Equal(t, "new-token", resp["name"])
|
|
assert.NotEmpty(t, resp["token"])
|
|
}
|