48 lines
1.3 KiB
Go
48 lines
1.3 KiB
Go
package httpapi
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"ai-service/internal/config"
|
|
)
|
|
|
|
func TestAPITokenProtectsAPIRoutes(t *testing.T) {
|
|
srv := NewServer(nil, config.Config{APIAuthToken: "secret"})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/stats", nil)
|
|
rec := httptest.NewRecorder()
|
|
srv.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected unauthorized API request to be 401, got %d", rec.Code)
|
|
}
|
|
|
|
req = httptest.NewRequest(http.MethodGet, "/api/v1/not-found", nil)
|
|
req.Header.Set("Authorization", "Bearer wrong")
|
|
rec = httptest.NewRecorder()
|
|
srv.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected wrong token to be 401, got %d", rec.Code)
|
|
}
|
|
|
|
req = httptest.NewRequest(http.MethodGet, "/api/v1/not-found", nil)
|
|
req.Header.Set("Authorization", "Bearer secret")
|
|
rec = httptest.NewRecorder()
|
|
srv.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusNotFound {
|
|
t.Fatalf("expected authorized unknown route to be 404, got %d", rec.Code)
|
|
}
|
|
}
|
|
|
|
func TestAPITokenDoesNotProtectHealth(t *testing.T) {
|
|
srv := NewServer(nil, config.Config{APIAuthToken: "secret"})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
|
|
rec := httptest.NewRecorder()
|
|
srv.ServeHTTP(rec, req)
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("expected healthz to stay open, got %d", rec.Code)
|
|
}
|
|
}
|