mirror of
https://github.com/go-shiori/shiori.git
synced 2025-10-28 06:59:05 +08:00
5e9847a288
* add new api * UI use new API * remove legacy route * fix request to new api destination and read that response * feat: allow authentication using cookies * fix: return proper error on validatesession * typo: secret key envionment variable in makefile * serve ebook file with new api * cache update use new api path * add skipexist and batch download use same route as cache * fix bug - update hasebook status * remove unneeded part of code * add swagger documentation * fix swagger documentation * fix swagger response * better statuscode * fix swagger documentation * covert to snake_case * recover coverage.txt that remove --------- Co-authored-by: Felipe M <me@fmartingr.com> Co-authored-by: Felipe Martin <812088+fmartingr@users.noreply.github.com>
86 lines
2.5 KiB
Go
86 lines
2.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/go-shiori/shiori/internal/model"
|
|
"github.com/go-shiori/shiori/internal/testutil"
|
|
"github.com/sirupsen/logrus"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestAuthenticationRequiredMiddleware(t *testing.T) {
|
|
t.Run("test unauthorized", func(t *testing.T) {
|
|
g := testutil.NewGin()
|
|
g.Use(AuthenticationRequired())
|
|
w := testutil.PerformRequest(g, "GET", "/")
|
|
require.Equal(t, http.StatusUnauthorized, w.Code)
|
|
})
|
|
|
|
t.Run("test authorized", func(t *testing.T) {
|
|
g := testutil.NewGin()
|
|
// Fake a logged in user in the context, which is the way the AuthMiddleware works.
|
|
g.Use(func(ctx *gin.Context) {
|
|
ctx.Set(model.ContextAccountKey, "test")
|
|
})
|
|
g.Use(AuthenticationRequired())
|
|
g.GET("/", func(c *gin.Context) {
|
|
c.Status(http.StatusOK)
|
|
})
|
|
w := testutil.PerformRequest(g, "GET", "/")
|
|
require.Equal(t, http.StatusOK, w.Code)
|
|
})
|
|
}
|
|
|
|
func TestAuthMiddleware(t *testing.T) {
|
|
ctx := context.TODO()
|
|
logger := logrus.New()
|
|
_, deps := testutil.GetTestConfigurationAndDependencies(t, ctx, logger)
|
|
middleware := AuthMiddleware(deps)
|
|
|
|
t.Run("test no authorization method", func(t *testing.T) {
|
|
w := httptest.NewRecorder()
|
|
c, router := gin.CreateTestContext(w)
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
router.Use(middleware)
|
|
router.ServeHTTP(w, req)
|
|
|
|
_, exists := c.Get("account")
|
|
require.False(t, exists)
|
|
})
|
|
|
|
t.Run("test authorization header", func(t *testing.T) {
|
|
account := model.Account{Username: "shiori"}
|
|
token, err := deps.Domains.Auth.CreateTokenForAccount(&account, time.Now().Add(time.Minute))
|
|
require.NoError(t, err)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request, _ = http.NewRequest("GET", "/", nil)
|
|
c.Request.Header.Set(model.AuthorizationHeader, model.AuthorizationTokenType+" "+token)
|
|
middleware(c)
|
|
_, exists := c.Get(model.ContextAccountKey)
|
|
require.True(t, exists)
|
|
})
|
|
|
|
t.Run("test authorization cookie", func(t *testing.T) {
|
|
account := model.Account{Username: "shiori"}
|
|
token, err := deps.Domains.Auth.CreateTokenForAccount(&account, time.Now().Add(time.Minute))
|
|
require.NoError(t, err)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request, _ = http.NewRequest("GET", "/", nil)
|
|
c.Request.AddCookie(&http.Cookie{
|
|
Name: "token",
|
|
Value: token,
|
|
MaxAge: int(time.Now().Add(time.Minute).Unix()),
|
|
})
|
|
middleware(c)
|
|
_, exists := c.Get(model.ContextAccountKey)
|
|
require.True(t, exists)
|
|
})
|
|
}
|