Files
x0gp/server/internal/auth/auth_test.go
T

126 lines
3.6 KiB
Go

package auth
import (
"context"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/golang-jwt/jwt/v5"
)
const testSecret = "my-super-secret-supabase-jwt-key"
func generateTestToken(sub string, email string, expiresAt time.Time, secret string) (string, error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"sub": sub,
"email": email,
"exp": expiresAt.Unix(),
})
return token.SignedString([]byte(secret))
}
func TestValidateJWT(t *testing.T) {
// 1. Valid token
validToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(time.Hour), testSecret)
if err != nil {
t.Fatalf("failed to generate valid token: %v", err)
}
claims, err := ValidateJWT(validToken, testSecret)
if err != nil {
t.Errorf("expected no error, got: %v", err)
}
if claims.DriverID != "driver-uuid-123" || claims.Email != "driver@test.com" {
t.Errorf("unexpected claims: %+v", claims)
}
// 2. Expired token
expiredToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(-time.Hour), testSecret)
if err != nil {
t.Fatalf("failed to generate expired token: %v", err)
}
_, err = ValidateJWT(expiredToken, testSecret)
if err == nil {
t.Error("expected error for expired token, got nil")
}
// 3. Invalid signature
_, err = ValidateJWT(validToken, "wrong-secret-key")
if err == nil {
t.Error("expected error for wrong signature, got nil")
}
}
func TestAuthMiddleware(t *testing.T) {
nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
driverID, ok := DriverIDFromContext(r.Context())
if ok {
w.Header().Set("X-Driver-ID", driverID)
}
w.WriteHeader(http.StatusOK)
})
// 1. DevMode = true: bypass authentication
mwDev := Middleware(testSecret, true)(nextHandler)
req := httptest.NewRequest(http.MethodGet, "/api/races", nil)
w := httptest.NewRecorder()
mwDev.ServeHTTP(w, req)
if w.Code != http.StatusOK {
t.Errorf("expected 200 OK in DevMode, got %d", w.Code)
}
// 2. DevMode = false: missing Authorization header
mwProd := Middleware(testSecret, false)(nextHandler)
w = httptest.NewRecorder()
mwProd.ServeHTTP(w, req)
if w.Code != http.StatusUnauthorized {
t.Errorf("expected 401 Unauthorized for missing auth header, got %d", w.Code)
}
// 3. DevMode = false: invalid Authorization format
reqFormat := httptest.NewRequest(http.MethodGet, "/api/races", nil)
reqFormat.Header.Set("Authorization", "InvalidFormat token123")
w = httptest.NewRecorder()
mwProd.ServeHTTP(w, reqFormat)
if w.Code != http.StatusUnauthorized {
t.Errorf("expected 401 Unauthorized for invalid format, got %d", w.Code)
}
// 4. DevMode = false: valid token
validToken, err := generateTestToken("driver-uuid-123", "driver@test.com", time.Now().Add(time.Hour), testSecret)
if err != nil {
t.Fatalf("failed to generate valid token: %v", err)
}
reqValid := httptest.NewRequest(http.MethodGet, "/api/races", nil)
reqValid.Header.Set("Authorization", "Bearer "+validToken)
w = httptest.NewRecorder()
mwProd.ServeHTTP(w, reqValid)
if w.Code != http.StatusOK {
t.Errorf("expected 200 OK for valid token, got %d", w.Code)
}
if w.Header().Get("X-Driver-ID") != "driver-uuid-123" {
t.Errorf("expected X-Driver-ID header to be set in context, got %q", w.Header().Get("X-Driver-ID"))
}
}
func TestContextHelpers(t *testing.T) {
ctx := context.Background()
if _, ok := DriverIDFromContext(ctx); ok {
t.Error("expected ok=false for empty context")
}
ctx = context.WithValue(ctx, driverIDKey, "test-driver")
id, ok := DriverIDFromContext(ctx)
if !ok || id != "test-driver" {
t.Errorf("expected test-driver, got %s (ok=%t)", id, ok)
}
}