first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:41:46 +03:00
commit b6e74bd024
56 changed files with 16114 additions and 0 deletions

321
router/router_test.go Normal file
View File

@@ -0,0 +1,321 @@
package router
import (
"bufio"
"bytes"
"encoding/json"
"net"
"net/http"
"net/http/httptest"
"strconv"
"strings"
"testing"
"github.com/gin-gonic/gin"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"goaresv3/app/accounts/models"
"goaresv3/config"
jwtHelper "goaresv3/pkg/jwt"
)
func setupRouterTestDB(t *testing.T) *gorm.DB {
t.Helper()
db, err := gorm.Open(sqlite.Open("file:router_test?mode=memory&cache=shared"), &gorm.Config{})
if err != nil {
t.Fatalf("failed to open sqlite db: %v", err)
}
if err := db.AutoMigrate(&models.User{}, &models.SocialAccount{}, &models.Profile{}); err != nil {
t.Fatalf("failed to migrate models: %v", err)
}
config.DB = db
return db
}
func startFakeSMTP(t *testing.T) (host, port string, done chan error) {
t.Helper()
ln, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("failed to start fake smtp: %v", err)
}
done = make(chan error, 1)
go func() {
defer ln.Close()
conn, err := ln.Accept()
if err != nil {
done <- err
return
}
defer conn.Close()
r := bufio.NewReader(conn)
w := bufio.NewWriter(conn)
write := func(s string) error {
if _, err := w.WriteString(s); err != nil {
return err
}
return w.Flush()
}
if err := write("220 localhost SMTP ready\r\n"); err != nil {
done <- err
return
}
for {
line, err := r.ReadString('\n')
if err != nil {
done <- err
return
}
cmd := strings.TrimSpace(line)
switch {
case strings.HasPrefix(strings.ToUpper(cmd), "EHLO") || strings.HasPrefix(strings.ToUpper(cmd), "HELO"):
if err := write("250-localhost\r\n250 AUTH PLAIN\r\n"); err != nil {
done <- err
return
}
case strings.HasPrefix(strings.ToUpper(cmd), "MAIL FROM"):
if err := write("250 OK\r\n"); err != nil {
done <- err
return
}
case strings.HasPrefix(strings.ToUpper(cmd), "RCPT TO"):
if err := write("250 OK\r\n"); err != nil {
done <- err
return
}
case strings.HasPrefix(strings.ToUpper(cmd), "DATA"):
if err := write("354 End data with <CR><LF>.<CR><LF>\r\n"); err != nil {
done <- err
return
}
for {
d, err := r.ReadString('\n')
if err != nil {
done <- err
return
}
if strings.TrimSpace(d) == "." {
break
}
}
if err := write("250 OK queued\r\n"); err != nil {
done <- err
return
}
case strings.HasPrefix(strings.ToUpper(cmd), "QUIT"):
_ = write("221 Bye\r\n")
done <- nil
return
default:
if err := write("250 OK\r\n"); err != nil {
done <- err
return
}
}
}
}()
h, p, err := net.SplitHostPort(ln.Addr().String())
if err != nil {
t.Fatalf("failed to parse fake smtp address: %v", err)
}
if _, err := strconv.Atoi(p); err != nil {
t.Fatalf("invalid fake smtp port: %v", err)
}
return h, p, done
}
func TestAllEndpointsFlow(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRouterTestDB(t)
host, port, smtpDone := startFakeSMTP(t)
t.Setenv("JWT_SECRET", "test-secret-1234567890")
t.Setenv("JWT_REFRESH_SECRET", "test-refresh-secret-1234567890")
t.Setenv("APP_BASE_URL", "http://localhost:8080")
t.Setenv("EMAIL_HOST", host)
t.Setenv("EMAIL_PORT", port)
t.Setenv("EMAIL_HOST_USER", "")
t.Setenv("EMAIL_HOST_PASSWORD", "")
t.Setenv("EMAIL_USE_TLS", "false")
t.Setenv("EMAIL_USE_SSL", "false")
t.Setenv("EMAIL_FROM", "noreply@example.com")
r := gin.New()
Setup(r)
regBody := []byte(`{"username":"ali","email":"ali@example.com","password":"password123","confirm_password":"password123"}`)
regReq := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(regBody))
regReq.Header.Set("Content-Type", "application/json")
regResp := httptest.NewRecorder()
r.ServeHTTP(regResp, regReq)
if regResp.Code != http.StatusCreated {
t.Fatalf("register expected 201, got %d body=%s", regResp.Code, regResp.Body.String())
}
if err := <-smtpDone; err != nil {
t.Fatalf("fake smtp ended with error: %v", err)
}
invalidVerifyReq := httptest.NewRequest(http.MethodGet, "/api/v1/auth/verify-email?token=bad-token", nil)
invalidVerifyResp := httptest.NewRecorder()
r.ServeHTTP(invalidVerifyResp, invalidVerifyReq)
if invalidVerifyResp.Code != http.StatusBadRequest {
t.Fatalf("invalid verify expected 400, got %d", invalidVerifyResp.Code)
}
loginBody := []byte(`{"email":"ali@example.com","password":"password123"}`)
loginBeforeReq := httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
loginBeforeReq.Header.Set("Content-Type", "application/json")
loginBeforeResp := httptest.NewRecorder()
r.ServeHTTP(loginBeforeResp, loginBeforeReq)
if loginBeforeResp.Code != http.StatusForbidden {
t.Fatalf("login before verify expected 403, got %d", loginBeforeResp.Code)
}
var user models.User
if err := db.Where("email = ?", "ali@example.com").First(&user).Error; err != nil {
t.Fatalf("failed to fetch registered user: %v", err)
}
if user.EmailVerifyToken == "" {
t.Fatal("expected email verify token to be set")
}
verifyReq := httptest.NewRequest(http.MethodGet, "/api/v1/auth/verify-email?token="+user.EmailVerifyToken, nil)
verifyResp := httptest.NewRecorder()
r.ServeHTTP(verifyResp, verifyReq)
if verifyResp.Code != http.StatusOK {
t.Fatalf("verify expected 200, got %d", verifyResp.Code)
}
loginReq := httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
loginReq.Header.Set("Content-Type", "application/json")
loginResp := httptest.NewRecorder()
r.ServeHTTP(loginResp, loginReq)
if loginResp.Code != http.StatusOK {
t.Fatalf("login expected 200, got %d body=%s", loginResp.Code, loginResp.Body.String())
}
var loginJSON map[string]any
if err := json.Unmarshal(loginResp.Body.Bytes(), &loginJSON); err != nil {
t.Fatalf("failed to decode login response: %v", err)
}
accessToken, _ := loginJSON["access_token"].(string)
refreshToken, _ := loginJSON["refresh_token"].(string)
if accessToken == "" || refreshToken == "" {
t.Fatal("expected access_token and refresh_token in login response")
}
refreshBody := []byte(`{"refresh_token":"` + refreshToken + `"}`)
refreshReq := httptest.NewRequest(http.MethodPost, "/api/v1/auth/refresh", bytes.NewReader(refreshBody))
refreshReq.Header.Set("Content-Type", "application/json")
refreshResp := httptest.NewRecorder()
r.ServeHTTP(refreshResp, refreshReq)
if refreshResp.Code != http.StatusOK {
t.Fatalf("refresh expected 200, got %d body=%s", refreshResp.Code, refreshResp.Body.String())
}
meReq := httptest.NewRequest(http.MethodGet, "/api/v1/me", nil)
meReq.Header.Set("Authorization", "Bearer "+accessToken)
meResp := httptest.NewRecorder()
r.ServeHTTP(meResp, meReq)
if meResp.Code != http.StatusOK {
t.Fatalf("me expected 200, got %d body=%s", meResp.Code, meResp.Body.String())
}
var meJSON map[string]any
if err := json.Unmarshal(meResp.Body.Bytes(), &meJSON); err != nil {
t.Fatalf("failed to decode me response: %v", err)
}
if _, ok := meJSON["username"]; !ok {
t.Fatal("expected username in /api/v1/me response")
}
swaggerReq := httptest.NewRequest(http.MethodGet, "/swagger/index.html", nil)
swaggerResp := httptest.NewRecorder()
r.ServeHTTP(swaggerResp, swaggerReq)
if swaggerResp.Code != http.StatusOK {
t.Fatalf("swagger index expected 200, got %d", swaggerResp.Code)
}
initializerReq := httptest.NewRequest(http.MethodGet, "/swagger/swagger-initializer.js", nil)
initializerResp := httptest.NewRecorder()
r.ServeHTTP(initializerResp, initializerReq)
if initializerResp.Code != http.StatusOK {
t.Fatalf("swagger initializer expected 200, got %d", initializerResp.Code)
}
if !strings.Contains(initializerResp.Body.String(), "requestInterceptor") {
t.Fatal("expected requestInterceptor in swagger initializer")
}
}
func TestProtectedEndpointWithoutAuthHeader(t *testing.T) {
gin.SetMode(gin.TestMode)
setupRouterTestDB(t)
t.Setenv("JWT_SECRET", "test-secret-1234567890")
r := gin.New()
Setup(r)
req := httptest.NewRequest(http.MethodGet, "/api/v1/me", nil)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
if w.Code != http.StatusUnauthorized {
t.Fatalf("expected 401, got %d", w.Code)
}
}
func TestProtectedEndpointWithRawTokenRejected(t *testing.T) {
gin.SetMode(gin.TestMode)
setupRouterTestDB(t)
t.Setenv("JWT_SECRET", "test-secret-1234567890")
t.Setenv("JWT_REFRESH_SECRET", "test-refresh-secret-1234567890")
verified := true
user := models.User{UserName: "raw", Email: "raw@example.com", EmailVerified: &verified}
if err := config.DB.Create(&user).Error; err != nil {
t.Fatalf("failed to seed user: %v", err)
}
access, err := jwtHelper.GenerateAccessToken(user.ID, user.Email, user.UserName)
if err != nil {
t.Fatalf("failed to generate access token: %v", err)
}
r := gin.New()
Setup(r)
req := httptest.NewRequest(http.MethodGet, "/api/v1/me", nil)
req.Header.Set("Authorization", access)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
if w.Code != http.StatusUnauthorized {
t.Fatalf("expected 401, got %d", w.Code)
}
}
func TestSwaggerDisallowsNonGET(t *testing.T) {
gin.SetMode(gin.TestMode)
setupRouterTestDB(t)
r := gin.New()
Setup(r)
req := httptest.NewRequest(http.MethodPost, "/swagger/index.html", nil)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
if w.Code != http.StatusNotFound {
t.Fatalf("expected 404, got %d", w.Code)
}
}