package middleware import ( "net/http" "net/http/httptest" "testing" "github.com/gin-gonic/gin" jwtHelper "goaresv3/pkg/jwt" ) func TestAuthRequiredValidBearerPasses(t *testing.T) { gin.SetMode(gin.TestMode) t.Setenv("JWT_SECRET", "test-secret-1234567890") token, err := jwtHelper.GenerateAccessToken(7, "u@example.com", "user7") if err != nil { t.Fatalf("failed to generate token: %v", err) } r := gin.New() r.GET("/protected", AuthRequired(), func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"ok": true}) }) req := httptest.NewRequest(http.MethodGet, "/protected", nil) req.Header.Set("Authorization", "Bearer "+token) w := httptest.NewRecorder() r.ServeHTTP(w, req) if w.Code != http.StatusOK { t.Fatalf("expected 200, got %d", w.Code) } } func TestAuthRequiredRawTokenRejected(t *testing.T) { gin.SetMode(gin.TestMode) t.Setenv("JWT_SECRET", "test-secret-1234567890") token, err := jwtHelper.GenerateAccessToken(7, "u@example.com", "user7") if err != nil { t.Fatalf("failed to generate token: %v", err) } r := gin.New() r.GET("/protected", AuthRequired(), func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"ok": true}) }) req := httptest.NewRequest(http.MethodGet, "/protected", nil) req.Header.Set("Authorization", token) w := httptest.NewRecorder() r.ServeHTTP(w, req) if w.Code != http.StatusUnauthorized { t.Fatalf("expected 401, got %d", w.Code) } }