first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:40:14 +03:00
commit e04ba85564
129 changed files with 17541 additions and 0 deletions

View File

@@ -0,0 +1,155 @@
package handlers
import (
"encoding/json"
"net/http"
"os"
"strings"
"testing"
"ginimageApi/app/accounts/models"
"ginimageApi/app/middleware"
"ginimageApi/configs"
"github.com/gin-gonic/gin"
)
func TestAdminUserProfileGetAndUpdate(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("JWT_SECRET", "test-secret")
setupHandlersTestDB(t)
adminFlag := true
active := true
verified := true
adminUser := models.User{
UserName: "admin",
Email: "admin-profile@example.com",
Password: "x",
IsAdmin: &adminFlag,
IsActive: &active,
EmailVerified: &verified,
}
if err := configs.DB.Create(&adminUser).Error; err != nil {
t.Fatalf("create admin failed: %v", err)
}
targetFlag := false
target := models.User{
UserName: "target",
Email: "target-profile@example.com",
Password: "x",
IsAdmin: &targetFlag,
IsActive: &active,
EmailVerified: &verified,
}
if err := configs.DB.Create(&target).Error; err != nil {
t.Fatalf("create target failed: %v", err)
}
oldAvatarURL, oldAvatarPath := createOldAvatarFixture(t, "old_admin_target_avatar.png")
seedProfile := models.Profile{UserID: uint64(target.ID), AvatarURL: oldAvatarURL}
if err := configs.DB.Create(&seedProfile).Error; err != nil {
t.Fatalf("seed profile failed: %v", err)
}
token, err := middleware.BuildAccessTokenForUser(adminUser)
if err != nil {
t.Fatalf("token create failed: %v", err)
}
r := gin.New()
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
r.PUT("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), UpdateAdminUserProfile)
// Profile kaydi yoksa GET ile otomatik olusmali.
wGet := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
"Authorization": "Bearer " + token,
})
if wGet.Code != http.StatusOK {
t.Fatalf("get admin profile expected 200, got %d body=%s", wGet.Code, wGet.Body.String())
}
var getResp map[string]any
if err := json.Unmarshal(wGet.Body.Bytes(), &getResp); err != nil {
t.Fatalf("parse get response failed: %v", err)
}
if int(getResp["user_id"].(float64)) != int(target.ID) {
t.Fatalf("user_id mismatch in get response")
}
wPut := performMultipart(
r,
http.MethodPut,
"/admin/users/"+toString(target.ID)+"/profile",
map[string]string{"first_name": "Admin", "last_name": "Updated"},
"avatar",
"admin.png",
tinyPNGFixture(t),
map[string]string{"Authorization": "Bearer " + token},
)
if wPut.Code != http.StatusOK {
t.Fatalf("update admin profile expected 200, got %d body=%s", wPut.Code, wPut.Body.String())
}
var profile models.Profile
if err := configs.DB.Where("user_id = ?", target.ID).First(&profile).Error; err != nil {
t.Fatalf("profile should exist after update: %v", err)
}
if profile.FirstName != "Admin" || profile.LastName != "Updated" {
t.Fatalf("profile name mismatch: %+v", profile)
}
if !strings.HasPrefix(profile.AvatarURL, "/uploads/avatars/") {
t.Fatalf("avatar path mismatch: %s", profile.AvatarURL)
}
if _, err := os.Stat(oldAvatarPath); !os.IsNotExist(err) {
t.Fatalf("old avatar should be deleted, err=%v", err)
}
}
func TestAdminUserProfileRequiresAdminRole(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("JWT_SECRET", "test-secret")
setupHandlersTestDB(t)
active := true
verified := true
nonAdminFlag := false
nonAdmin := models.User{
UserName: "nonadmin",
Email: "nonadmin-profile@example.com",
Password: "x",
IsAdmin: &nonAdminFlag,
IsActive: &active,
EmailVerified: &verified,
}
if err := configs.DB.Create(&nonAdmin).Error; err != nil {
t.Fatalf("create non-admin failed: %v", err)
}
target := models.User{
UserName: "target2",
Email: "target2-profile@example.com",
Password: "x",
IsAdmin: &nonAdminFlag,
IsActive: &active,
EmailVerified: &verified,
}
if err := configs.DB.Create(&target).Error; err != nil {
t.Fatalf("create target failed: %v", err)
}
token, err := middleware.BuildAccessTokenForUser(nonAdmin)
if err != nil {
t.Fatalf("token create failed: %v", err)
}
r := gin.New()
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
w := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
"Authorization": "Bearer " + token,
})
if w.Code != http.StatusForbidden {
t.Fatalf("expected 403 for non-admin, got %d body=%s", w.Code, w.Body.String())
}
}