MyGO/mygo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0356bf103b0f6fe5838255fb9de026ce09395ad
mygo/internal/handler/account_test.go

158 lines
4.5 KiB
Go
Raw Blame History

package handler
import (
"bytes"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
"github.com/dhao2001/mygo/internal/middleware"
"github.com/dhao2001/mygo/internal/model"
"github.com/dhao2001/mygo/internal/service"
)
func setupAccountHandler(t *testing.T) (*AccountHandler, []byte) {
t.Helper()
svc, secret := setupTestAuthService(t)
return NewAccountHandler(svc), secret
}
func setupAccountRouter(t *testing.T) (*gin.Engine, []byte) {
t.Helper()
svc, secret := setupTestAuthService(t)
authHandler := NewAuthHandler(svc)
accountHandler := NewAccountHandler(svc)
gin.SetMode(gin.TestMode)
r := gin.New()
auth := r.Group("/api/v1/auth")
{
auth.POST("/register", authHandler.Register)
auth.POST("/login", authHandler.Login)
}
protected := r.Group("/api/v1")
protected.Use(middleware.AuthRequired(secret))
{
account := protected.Group("/account")
{
account.GET("", accountHandler.GetAccount)
passkeys := account.Group("/passkeys")
{
passkeys.GET("", accountHandler.ListPasskeys)
passkeys.POST("", accountHandler.CreatePasskey)
passkeys.DELETE("/:id", accountHandler.RevokePasskey)
}
}
}
return r, secret
}
func TestAccountEndpoint(t *testing.T) {
r, _ := setupAccountRouter(t)
// Register + Login
body, _ := json.Marshal(gin.H{"username": "alice", "email": "alice@example.com", "password": "password123"})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
var pair service.TokenPair
json.Unmarshal(rec.Body.Bytes(), &pair)
// Get /account
req = httptest.NewRequest(http.MethodGet, "/api/v1/account", nil)
req.Header.Set("Authorization", "Bearer "+pair.AccessToken)
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("status = %d, want %d", rec.Code, http.StatusOK)
}
}
func TestAccountEndpointUnauthorized(t *testing.T) {
r, _ := setupAccountRouter(t)
req := httptest.NewRequest(http.MethodGet, "/api/v1/account", nil)
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Errorf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
}
}
func TestPasskeyCRUD(t *testing.T) {
r, _ := setupAccountRouter(t)
// Register + Login
body, _ := json.Marshal(gin.H{"username": "alice", "email": "alice@example.com", "password": "password123"})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
var pair service.TokenPair
json.Unmarshal(rec.Body.Bytes(), &pair)
authHeader := "Bearer " + pair.AccessToken
// Create passkey
pkBody, _ := json.Marshal(gin.H{"label": "My Phone"})
req = httptest.NewRequest(http.MethodPost, "/api/v1/account/passkeys", bytes.NewReader(pkBody))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", authHeader)
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusCreated {
t.Fatalf("create passkey: status = %d, body = %s", rec.Code, rec.Body.String())
}
// List passkeys
req = httptest.NewRequest(http.MethodGet, "/api/v1/account/passkeys", nil)
req.Header.Set("Authorization", authHeader)
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("list passkeys: status = %d", rec.Code)
}
// Revoke passkey
var creds []model.Credential
json.Unmarshal(rec.Body.Bytes(), &creds)
if len(creds) != 1 {
t.Fatalf("expected 1 passkey, got %d", len(creds))
}
req = httptest.NewRequest(http.MethodDelete, "/api/v1/account/passkeys/"+creds[0].ID, nil)
req.Header.Set("Authorization", authHeader)
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("revoke passkey: status = %d", rec.Code)
}
}
Reference in New Issue View Git Blame Copy Permalink