Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 agent-company
|
feae2e19a1 |
+1
-1
@@ -33,7 +33,7 @@ func main() {
|
||||
|
||||
// Apply middleware chain: logging -> auth.
|
||||
var handler http.Handler = mux
|
||||
handler = middleware.Auth(cfg.SessionSecret)(handler)
|
||||
handler = middleware.Auth(cfg.SessionSecret, cfg.GiteaToken)(handler)
|
||||
handler = middleware.Logging()(handler)
|
||||
|
||||
slog.Info("server starting", "addr", cfg.ListenAddr, "gitea_url", cfg.GiteaURL)
|
||||
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
@@ -894,140 +893,6 @@ func TestListAllPullRequests_StateFilter(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// --- Issue #127: Tests for ApplyLabel and SubmitReview ---
|
||||
|
||||
func TestApplyLabel(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
t.Errorf("expected POST, got %s", r.Method)
|
||||
}
|
||||
if r.URL.Path != "/api/v1/repos/owner1/repo1/issues/42/labels" {
|
||||
t.Errorf("unexpected path: %s", r.URL.Path)
|
||||
}
|
||||
if r.Header.Get("Authorization") != "token test-token" {
|
||||
t.Error("missing or wrong Authorization header")
|
||||
}
|
||||
|
||||
var body map[string]interface{}
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
t.Fatalf("failed to decode body: %v", err)
|
||||
}
|
||||
labels, ok := body["labels"].([]interface{})
|
||||
if !ok {
|
||||
t.Fatalf("expected labels array, got %T", body["labels"])
|
||||
}
|
||||
if len(labels) != 2 {
|
||||
t.Errorf("expected 2 label IDs, got %d", len(labels))
|
||||
}
|
||||
// Verify the label IDs are correct (JSON numbers are float64).
|
||||
if labels[0].(float64) != 10 || labels[1].(float64) != 20 {
|
||||
t.Errorf("expected label IDs [10, 20], got %v", labels)
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode([]map[string]interface{}{
|
||||
{"id": 10, "name": "bug"},
|
||||
{"id": 20, "name": "enhancement"},
|
||||
})
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
c := NewClient(server.URL)
|
||||
c.setCache("issues-org1", "should-be-invalidated")
|
||||
|
||||
err := c.ApplyLabel(context.Background(), "test-token", "owner1", "repo1", 42, []int64{10, 20})
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
// Verify cache was invalidated.
|
||||
_, ok := c.getFromCache("issues-org1")
|
||||
if ok {
|
||||
t.Error("expected cache to be invalidated after ApplyLabel")
|
||||
}
|
||||
}
|
||||
|
||||
func TestApplyLabel_Error(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
fmt.Fprintln(w, `{"message":"issue not found"}`)
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
c := NewClient(server.URL)
|
||||
err := c.ApplyLabel(context.Background(), "test-token", "owner1", "repo1", 999, []int64{10})
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 404 response, got nil")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "404") {
|
||||
t.Errorf("error should contain status code 404, got: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSubmitReview(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
t.Errorf("expected POST, got %s", r.Method)
|
||||
}
|
||||
if r.URL.Path != "/api/v1/repos/owner1/repo1/pulls/7/reviews" {
|
||||
t.Errorf("unexpected path: %s", r.URL.Path)
|
||||
}
|
||||
if r.Header.Get("Authorization") != "token test-token" {
|
||||
t.Error("missing or wrong Authorization header")
|
||||
}
|
||||
|
||||
var body map[string]string
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
t.Fatalf("failed to decode body: %v", err)
|
||||
}
|
||||
if body["event"] != "APPROVED" {
|
||||
t.Errorf("expected event=APPROVED, got %q", body["event"])
|
||||
}
|
||||
if body["body"] != "Looks good!" {
|
||||
t.Errorf("expected body='Looks good!', got %q", body["body"])
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(map[string]interface{}{
|
||||
"id": 1,
|
||||
"state": "APPROVED",
|
||||
"body": body["body"],
|
||||
})
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
c := NewClient(server.URL)
|
||||
c.setCache("pulls-org1", "should-be-invalidated")
|
||||
|
||||
err := c.SubmitReview(context.Background(), "test-token", "owner1", "repo1", 7, "APPROVED", "Looks good!")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
// Verify cache was invalidated.
|
||||
_, ok := c.getFromCache("pulls-org1")
|
||||
if ok {
|
||||
t.Error("expected cache to be invalidated after SubmitReview")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSubmitReview_Error(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusUnprocessableEntity)
|
||||
fmt.Fprintln(w, `{"message":"validation failed"}`)
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
c := NewClient(server.URL)
|
||||
err := c.SubmitReview(context.Background(), "test-token", "owner1", "repo1", 7, "INVALID", "")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for 422 response, got nil")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "422") {
|
||||
t.Errorf("error should contain status code 422, got: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestListAllPullRequests_Pagination(t *testing.T) {
|
||||
now := time.Date(2026, 3, 28, 12, 0, 0, 0, time.UTC)
|
||||
|
||||
|
||||
@@ -23,9 +23,12 @@ func TokenFromContext(ctx context.Context) string {
|
||||
}
|
||||
|
||||
// Auth returns middleware that checks for a valid token cookie.
|
||||
// If no cookie token is found and fallbackToken is non-empty, the fallback
|
||||
// token is used instead (useful for single-user or service-account deployments
|
||||
// where GITEA_TOKEN is set in the environment).
|
||||
// Unauthenticated requests are redirected to the settings page.
|
||||
// The /health, /settings, and /static/ paths are exempt from auth.
|
||||
func Auth(sessionSecret string) func(http.Handler) http.Handler {
|
||||
func Auth(sessionSecret, fallbackToken string) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// Skip auth for exempt paths.
|
||||
@@ -37,6 +40,13 @@ func Auth(sessionSecret string) func(http.Handler) http.Handler {
|
||||
|
||||
token, err := auth.GetToken(r, sessionSecret)
|
||||
if err != nil || token == "" {
|
||||
// Fall back to environment token if available.
|
||||
if fallbackToken != "" {
|
||||
slog.Debug("using fallback token from environment", "path", path)
|
||||
ctx := context.WithValue(r.Context(), TokenContextKey, fallbackToken)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
return
|
||||
}
|
||||
slog.Debug("unauthenticated request, redirecting to settings", "path", path, "error", err)
|
||||
http.Redirect(w, r, "/settings", http.StatusSeeOther)
|
||||
return
|
||||
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
const testSecret = "test-secret-that-is-at-least-32-chars-long"
|
||||
|
||||
func TestAuth_HealthBypass(t *testing.T) {
|
||||
handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
@@ -25,7 +25,7 @@ func TestAuth_HealthBypass(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAuth_SettingsBypass(t *testing.T) {
|
||||
handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
@@ -39,7 +39,7 @@ func TestAuth_SettingsBypass(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAuth_RedirectWithoutToken(t *testing.T) {
|
||||
handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
@@ -57,7 +57,7 @@ func TestAuth_RedirectWithoutToken(t *testing.T) {
|
||||
|
||||
func TestAuth_PassWithToken(t *testing.T) {
|
||||
called := false
|
||||
handler := Auth(testSecret)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
called = true
|
||||
token := TokenFromContext(r.Context())
|
||||
if token != "my-token" {
|
||||
@@ -83,3 +83,72 @@ func TestAuth_PassWithToken(t *testing.T) {
|
||||
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuth_FallbackToken_UsedWhenNoCookie(t *testing.T) {
|
||||
called := false
|
||||
handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
called = true
|
||||
token := TokenFromContext(r.Context())
|
||||
if token != "env-fallback-token" {
|
||||
t.Errorf("token = %q, want %q", token, "env-fallback-token")
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
w := httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, req)
|
||||
|
||||
if !called {
|
||||
t.Error("next handler was not called with fallback token")
|
||||
}
|
||||
if w.Code != http.StatusOK {
|
||||
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuth_FallbackToken_CookieTakesPrecedence(t *testing.T) {
|
||||
called := false
|
||||
handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
called = true
|
||||
token := TokenFromContext(r.Context())
|
||||
if token != "cookie-token" {
|
||||
t.Errorf("token = %q, want %q (cookie should take precedence over fallback)", token, "cookie-token")
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
// Set a cookie token.
|
||||
cookieW := httptest.NewRecorder()
|
||||
auth.SetTokenCookie(cookieW, "cookie-token", testSecret, false)
|
||||
cookie := cookieW.Result().Cookies()[0]
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
req.AddCookie(cookie)
|
||||
w := httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, req)
|
||||
|
||||
if !called {
|
||||
t.Error("next handler was not called")
|
||||
}
|
||||
if w.Code != http.StatusOK {
|
||||
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuth_NoFallbackToken_RedirectsWithoutCookie(t *testing.T) {
|
||||
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/issues", nil)
|
||||
w := httptest.NewRecorder()
|
||||
handler.ServeHTTP(w, req)
|
||||
|
||||
if w.Code != http.StatusSeeOther {
|
||||
t.Errorf("status = %d, want %d", w.Code, http.StatusSeeOther)
|
||||
}
|
||||
if loc := w.Header().Get("Location"); loc != "/settings" {
|
||||
t.Errorf("Location = %q, want %q", loc, "/settings")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user