mirror of
https://github.com/coder/coder.git
synced 2025-07-08 11:39:50 +00:00
591523a078
* chore: Move httpmw to /coderd directory httpmw is specific to coderd and should be scoped under coderd * chore: Move httpapi to /coderd directory httpapi is specific to coderd and should be scoped under coderd * chore: Move database to /coderd directory database is specific to coderd and should be scoped under coderd * chore: Update codecov & gitattributes for generated files * chore: Update Makefile
160 lines
4.2 KiB
Go
160 lines
4.2 KiB
Go
package httpmw_test
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/coder/coder/coderd/database"
|
|
"github.com/coder/coder/coderd/database/databasefake"
|
|
"github.com/coder/coder/coderd/httpmw"
|
|
"github.com/coder/coder/cryptorand"
|
|
)
|
|
|
|
func TestProjectParam(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
setupAuthentication := func(db database.Store) (*http.Request, database.Organization) {
|
|
var (
|
|
id, secret = randomAPIKeyParts()
|
|
hashed = sha256.Sum256([]byte(secret))
|
|
)
|
|
r := httptest.NewRequest("GET", "/", nil)
|
|
r.AddCookie(&http.Cookie{
|
|
Name: httpmw.AuthCookie,
|
|
Value: fmt.Sprintf("%s-%s", id, secret),
|
|
})
|
|
userID, err := cryptorand.String(16)
|
|
require.NoError(t, err)
|
|
username, err := cryptorand.String(8)
|
|
require.NoError(t, err)
|
|
user, err := db.InsertUser(r.Context(), database.InsertUserParams{
|
|
ID: userID,
|
|
Email: "testaccount@coder.com",
|
|
Name: "example",
|
|
LoginType: database.LoginTypeBuiltIn,
|
|
HashedPassword: hashed[:],
|
|
Username: username,
|
|
CreatedAt: database.Now(),
|
|
UpdatedAt: database.Now(),
|
|
})
|
|
require.NoError(t, err)
|
|
_, err = db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
|
|
ID: id,
|
|
UserID: user.ID,
|
|
HashedSecret: hashed[:],
|
|
LastUsed: database.Now(),
|
|
ExpiresAt: database.Now().Add(time.Minute),
|
|
})
|
|
require.NoError(t, err)
|
|
orgID, err := cryptorand.String(16)
|
|
require.NoError(t, err)
|
|
organization, err := db.InsertOrganization(r.Context(), database.InsertOrganizationParams{
|
|
ID: orgID,
|
|
Name: "banana",
|
|
Description: "wowie",
|
|
CreatedAt: database.Now(),
|
|
UpdatedAt: database.Now(),
|
|
})
|
|
require.NoError(t, err)
|
|
_, err = db.InsertOrganizationMember(r.Context(), database.InsertOrganizationMemberParams{
|
|
OrganizationID: orgID,
|
|
UserID: user.ID,
|
|
CreatedAt: database.Now(),
|
|
UpdatedAt: database.Now(),
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
ctx := chi.NewRouteContext()
|
|
r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, ctx))
|
|
return r, organization
|
|
}
|
|
|
|
t.Run("None", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
rtr := chi.NewRouter()
|
|
rtr.Use(httpmw.ExtractProjectParam(db))
|
|
rtr.Get("/", nil)
|
|
r, _ := setupAuthentication(db)
|
|
rw := httptest.NewRecorder()
|
|
rtr.ServeHTTP(rw, r)
|
|
|
|
res := rw.Result()
|
|
defer res.Body.Close()
|
|
require.Equal(t, http.StatusBadRequest, res.StatusCode)
|
|
})
|
|
|
|
t.Run("NotFound", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
rtr := chi.NewRouter()
|
|
rtr.Use(httpmw.ExtractProjectParam(db))
|
|
rtr.Get("/", nil)
|
|
|
|
r, _ := setupAuthentication(db)
|
|
chi.RouteContext(r.Context()).URLParams.Add("project", uuid.NewString())
|
|
rw := httptest.NewRecorder()
|
|
rtr.ServeHTTP(rw, r)
|
|
|
|
res := rw.Result()
|
|
defer res.Body.Close()
|
|
require.Equal(t, http.StatusNotFound, res.StatusCode)
|
|
})
|
|
|
|
t.Run("BadUUID", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
rtr := chi.NewRouter()
|
|
rtr.Use(httpmw.ExtractProjectParam(db))
|
|
rtr.Get("/", nil)
|
|
|
|
r, _ := setupAuthentication(db)
|
|
chi.RouteContext(r.Context()).URLParams.Add("project", "not-a-uuid")
|
|
rw := httptest.NewRecorder()
|
|
rtr.ServeHTTP(rw, r)
|
|
|
|
res := rw.Result()
|
|
defer res.Body.Close()
|
|
require.Equal(t, http.StatusBadRequest, res.StatusCode)
|
|
})
|
|
|
|
t.Run("Project", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
rtr := chi.NewRouter()
|
|
rtr.Use(
|
|
httpmw.ExtractAPIKey(db, nil),
|
|
httpmw.ExtractProjectParam(db),
|
|
httpmw.ExtractOrganizationParam(db),
|
|
)
|
|
rtr.Get("/", func(rw http.ResponseWriter, r *http.Request) {
|
|
_ = httpmw.ProjectParam(r)
|
|
rw.WriteHeader(http.StatusOK)
|
|
})
|
|
|
|
r, org := setupAuthentication(db)
|
|
project, err := db.InsertProject(context.Background(), database.InsertProjectParams{
|
|
ID: uuid.New(),
|
|
OrganizationID: org.ID,
|
|
Name: "moo",
|
|
})
|
|
require.NoError(t, err)
|
|
chi.RouteContext(r.Context()).URLParams.Add("project", project.ID.String())
|
|
rw := httptest.NewRecorder()
|
|
rtr.ServeHTTP(rw, r)
|
|
|
|
res := rw.Result()
|
|
defer res.Body.Close()
|
|
require.Equal(t, http.StatusOK, res.StatusCode)
|
|
})
|
|
}
|