Huxley
3eeb9f6d26
- Add JWT token generation and validation - Implement bcrypt password hashing - Create auth service with register/login/refresh/logout - Add app passkey generation and management - Implement protected routes and auth middleware - Add comprehensive tests for new functionality
326 lines
9.3 KiB
Go
326 lines
9.3 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
|
|
"github.com/dhao2001/mygo/internal/middleware"
|
|
"github.com/dhao2001/mygo/internal/model"
|
|
"github.com/dhao2001/mygo/internal/repository"
|
|
"github.com/dhao2001/mygo/internal/service"
|
|
)
|
|
|
|
func setupAuthHandler(t *testing.T) (*AuthHandler, []byte) {
|
|
t.Helper()
|
|
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("open db: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&model.User{}, &model.Session{}, &model.Credential{}); err != nil {
|
|
t.Fatalf("migrate: %v", err)
|
|
}
|
|
|
|
secret := []byte("test-secret")
|
|
authService := service.NewAuthService(
|
|
repository.NewUserRepository(db),
|
|
repository.NewSessionRepository(db),
|
|
repository.NewCredentialRepository(db),
|
|
secret,
|
|
15*time.Minute,
|
|
7*24*time.Hour,
|
|
)
|
|
|
|
return NewAuthHandler(authService), secret
|
|
}
|
|
|
|
func setupAuthRouter(t *testing.T) (*gin.Engine, []byte) {
|
|
t.Helper()
|
|
|
|
handler, secret := setupAuthHandler(t)
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
r := gin.New()
|
|
|
|
auth := r.Group("/api/v1/auth")
|
|
{
|
|
auth.POST("/register", handler.Register)
|
|
auth.POST("/login", handler.Login)
|
|
auth.POST("/refresh", handler.Refresh)
|
|
auth.POST("/logout", handler.Logout)
|
|
}
|
|
|
|
protected := r.Group("/api/v1")
|
|
protected.Use(middleware.AuthRequired(secret))
|
|
{
|
|
account := protected.Group("/account")
|
|
{
|
|
account.GET("", handler.GetAccount)
|
|
|
|
passkeys := account.Group("/passkeys")
|
|
{
|
|
passkeys.GET("", handler.ListPasskeys)
|
|
passkeys.POST("", handler.CreatePasskey)
|
|
passkeys.DELETE("/:id", handler.RevokePasskey)
|
|
}
|
|
}
|
|
}
|
|
|
|
return r, secret
|
|
}
|
|
|
|
func TestRegisterHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusCreated {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusCreated, rec.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRegisterHandlerDuplicate(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
|
|
for i := range 2 {
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if i == 0 && rec.Code != http.StatusCreated {
|
|
t.Fatalf("first register: status = %d", rec.Code)
|
|
}
|
|
if i == 1 && rec.Code != http.StatusConflict {
|
|
t.Errorf("second register: status = %d, want %d", rec.Code, http.StatusConflict)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestLoginHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register first
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusCreated {
|
|
t.Fatalf("register failed: %d", rec.Code)
|
|
}
|
|
|
|
// Login
|
|
loginBody, _ := json.Marshal(gin.H{
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
|
|
}
|
|
|
|
var pair service.TokenPair
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &pair); err != nil {
|
|
t.Fatalf("unmarshal response: %v", err)
|
|
}
|
|
if pair.AccessToken == "" || pair.RefreshToken == "" {
|
|
t.Fatal("tokens should not be empty")
|
|
}
|
|
}
|
|
|
|
func TestLoginHandlerWrongPassword(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{
|
|
"email": "alice@example.com",
|
|
"password": "wrongpassword",
|
|
})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Errorf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
|
|
}
|
|
}
|
|
|
|
func TestRefreshHandler(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register + Login
|
|
body, _ := json.Marshal(gin.H{
|
|
"username": "alice",
|
|
"email": "alice@example.com",
|
|
"password": "password123",
|
|
})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
httptest.NewRecorder().Body = nil
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
var pair service.TokenPair
|
|
json.Unmarshal(rec.Body.Bytes(), &pair)
|
|
|
|
// Refresh
|
|
refreshBody, _ := json.Marshal(gin.H{"refresh_token": pair.RefreshToken})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/refresh", bytes.NewReader(refreshBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestAccountEndpoint(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register + Login
|
|
body, _ := json.Marshal(gin.H{"username": "alice", "email": "alice@example.com", "password": "password123"})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
var pair service.TokenPair
|
|
json.Unmarshal(rec.Body.Bytes(), &pair)
|
|
|
|
// Get /account
|
|
req = httptest.NewRequest(http.MethodGet, "/api/v1/account", nil)
|
|
req.Header.Set("Authorization", "Bearer "+pair.AccessToken)
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", rec.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAccountEndpointUnauthorized(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/account", nil)
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Errorf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
|
|
}
|
|
}
|
|
|
|
func TestPasskeyCRUD(t *testing.T) {
|
|
r, _ := setupAuthRouter(t)
|
|
|
|
// Register + Login
|
|
body, _ := json.Marshal(gin.H{"username": "alice", "email": "alice@example.com", "password": "password123"})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec := httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
var pair service.TokenPair
|
|
json.Unmarshal(rec.Body.Bytes(), &pair)
|
|
authHeader := "Bearer " + pair.AccessToken
|
|
|
|
// Create passkey
|
|
pkBody, _ := json.Marshal(gin.H{"label": "My Phone"})
|
|
req = httptest.NewRequest(http.MethodPost, "/api/v1/account/passkeys", bytes.NewReader(pkBody))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("Authorization", authHeader)
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusCreated {
|
|
t.Fatalf("create passkey: status = %d, body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
|
|
// List passkeys
|
|
req = httptest.NewRequest(http.MethodGet, "/api/v1/account/passkeys", nil)
|
|
req.Header.Set("Authorization", authHeader)
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("list passkeys: status = %d", rec.Code)
|
|
}
|
|
|
|
// Revoke passkey
|
|
var creds []model.Credential
|
|
json.Unmarshal(rec.Body.Bytes(), &creds)
|
|
if len(creds) != 1 {
|
|
t.Fatalf("expected 1 passkey, got %d", len(creds))
|
|
}
|
|
|
|
req = httptest.NewRequest(http.MethodDelete, "/api/v1/account/passkeys/"+creds[0].ID, nil)
|
|
req.Header.Set("Authorization", authHeader)
|
|
rec = httptest.NewRecorder()
|
|
r.ServeHTTP(rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Errorf("revoke passkey: status = %d", rec.Code)
|
|
}
|
|
}
|