213 lines
5.7 KiB
Go
213 lines
5.7 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
|
|
"github.com/dhao2001/mygo/internal/model"
|
|
"github.com/dhao2001/mygo/internal/repository"
|
|
"github.com/dhao2001/mygo/internal/service"
|
|
)
|
|
|
|
func setupTestAuthService(t *testing.T) (*service.AuthService, []byte) {
|
|
t.Helper()
|
|
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("open db: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&model.User{}, &model.Session{}, &model.Credential{}); err != nil {
|
|
t.Fatalf("migrate: %v", err)
|
|
}
|
|
|
|
secret := []byte("test-secret")
|
|
authService := service.NewAuthService(
|
|
repository.NewUserRepository(db),
|
|
repository.NewSessionRepository(db),
|
|
repository.NewCredentialRepository(db),
|
|
secret,
|
|
15*time.Minute,
|
|
7*24*time.Hour,
|
|
)
|
|
|
|
return authService, secret
|
|
}
|
|
|
|
func setupAuthHandler(t *testing.T) (*AuthHandler, []byte) {
|
|
t.Helper()
|
|
svc, secret := setupTestAuthService(t)
|
|
return NewAuthHandler(svc), secret
|
|
}
|
|
|
|
func setupAuthRouter(t *testing.T) (*gin.Engine, []byte) {
|
|
t.Helper()
|
|
|
|
handler, secret := setupAuthHandler(t)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
r := gin.New()
|
|
|
|
auth := r.Group("/api/v1/auth")
|
|
{
|
|
auth.POST("/register", handler.Register)
|
|
auth.POST("/login", handler.Login)
|
|
auth.POST("/refresh", handler.Refresh)
|
|
auth.POST("/logout", handler.Logout)
|
|
}
|
|
|
|
return r, secret
|
|
}
|
|
|
|
func TestRegisterHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusCreated {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusCreated, rec.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRegisterHandlerDuplicate(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
|
|
for i := range 2 {
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if i == 0 && rec.Code != http.StatusCreated {
|
|
t.Fatalf("first register: status = %d", rec.Code)
|
|
}
|
|
if i == 1 && rec.Code != http.StatusConflict {
|
|
t.Errorf("second register: status = %d, want %d", rec.Code, http.StatusConflict)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestLoginHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register first
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusCreated {
|
|
t.Fatalf("register failed: %d", rec.Code)
|
|
}
|
|
|
|
// Login
|
|
loginBody, _ := json.Marshal(gin.H{
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
|
|
}
|
|
|
|
var pair service.TokenPair
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &pair); err != nil {
|
|
t.Fatalf("unmarshal response: %v", err)
|
|
}
|
|
if pair.AccessToken == "" || pair.RefreshToken == "" {
|
|
t.Fatal("tokens should not be empty")
|
|
}
|
|
}
|
|
|
|
func TestLoginHandlerWrongPassword(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{
|
|
"email": "alice@example.com",
|
|
"password": "wrongpassword",
|
|
})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Errorf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
|
|
}
|
|
}
|
|
|
|
func TestRefreshHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register + Login
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
var pair service.TokenPair
|
|
json.Unmarshal(rec.Body.Bytes(), &pair)
|
|
|
|
// Refresh
|
|
refreshBody, _ := json.Marshal(gin.H{"refresh_token": pair.RefreshToken})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/refresh", bytes.NewReader(refreshBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
|
|
}
|
|
}
|