Add AI service API token auth
All checks were successful
CI / test (push) Successful in 15s
Build and Deploy / build-and-deploy (push) Successful in 23s

This commit is contained in:
Grendgi
2026-06-08 14:16:24 +03:00
parent eb59298135
commit 038ad8d7cf
6 changed files with 89 additions and 0 deletions

View File

@@ -0,0 +1,47 @@
package httpapi
import (
"net/http"
"net/http/httptest"
"testing"
"ai-service/internal/config"
)
func TestAPITokenProtectsAPIRoutes(t *testing.T) {
srv := NewServer(nil, config.Config{APIAuthToken: "secret"})
req := httptest.NewRequest(http.MethodGet, "/api/v1/stats", nil)
rec := httptest.NewRecorder()
srv.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Fatalf("expected unauthorized API request to be 401, got %d", rec.Code)
}
req = httptest.NewRequest(http.MethodGet, "/api/v1/not-found", nil)
req.Header.Set("Authorization", "Bearer wrong")
rec = httptest.NewRecorder()
srv.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Fatalf("expected wrong token to be 401, got %d", rec.Code)
}
req = httptest.NewRequest(http.MethodGet, "/api/v1/not-found", nil)
req.Header.Set("Authorization", "Bearer secret")
rec = httptest.NewRecorder()
srv.ServeHTTP(rec, req)
if rec.Code != http.StatusNotFound {
t.Fatalf("expected authorized unknown route to be 404, got %d", rec.Code)
}
}
func TestAPITokenDoesNotProtectHealth(t *testing.T) {
srv := NewServer(nil, config.Config{APIAuthToken: "secret"})
req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
rec := httptest.NewRecorder()
srv.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("expected healthz to stay open, got %d", rec.Code)
}
}