popiart-server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

152 lines
5.2 KiB

package server
import (
"bytes"
"encoding/json"
"mime/multipart"
"net/http"
"net/http/httptest"
"path/filepath"
"testing"
)
func TestArtifactsListReturnsOnlyOwnerArtifacts(t *testing.T) {
cfg := Config{
SQLitePath: filepath.Join(t.TempDir(), "popiart.db"),
SkillhubDir: makeEmptySkillhub(t),
SessionSecret: "test-secret",
}
server, err := NewWithConfig(cfg)
if err != nil {
t.Fatalf("NewWithConfig: %v", err)
}
srv := httptest.NewServer(server.Handler())
defer srv.Close()
server.cfg.PublicBaseURL = srv.URL
ownerToken, _, ok, err := server.store.createSession("sk-artifacts-owner")
if err != nil {
t.Fatalf("createSession owner: %v", err)
}
if !ok {
t.Fatal("expected owner session creation to succeed")
}
otherToken, _, ok, err := server.store.createSession("sk-artifacts-other")
if err != nil {
t.Fatalf("createSession other: %v", err)
}
if !ok {
t.Fatal("expected other session creation to succeed")
}
ownerArtifact := uploadArtifactForListTest(t, server, ownerToken, "proj_owner", "owner.png")
otherArtifact := uploadArtifactForListTest(t, server, otherToken, "proj_other", "other.png")
req := httptest.NewRequest(http.MethodGet, "/v1/artifacts", nil)
req.Header.Set("Authorization", "Bearer "+ownerToken)
rec := httptest.NewRecorder()
server.Handler().ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("expected list 200, got %d body=%s", rec.Code, rec.Body.String())
}
var envelope struct {
OK bool `json:"ok"`
Data struct {
Items []artifact `json:"items"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
} `json:"data"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &envelope); err != nil {
t.Fatalf("decode artifacts list: %v body=%s", err, rec.Body.String())
}
if !envelope.OK {
t.Fatalf("expected ok artifacts list, got %s", rec.Body.String())
}
if envelope.Data.Total != 1 {
t.Fatalf("expected total 1, got %d payload=%s", envelope.Data.Total, rec.Body.String())
}
if len(envelope.Data.Items) != 1 {
t.Fatalf("expected one artifact, got %d payload=%s", len(envelope.Data.Items), rec.Body.String())
}
if envelope.Data.Items[0].ID != ownerArtifact.ID {
t.Fatalf("expected owner artifact %q, got %#v", ownerArtifact.ID, envelope.Data.Items[0])
}
if envelope.Data.Items[0].ID == otherArtifact.ID {
t.Fatalf("expected foreign artifact to be filtered out, got %#v", envelope.Data.Items[0])
}
filterReq := httptest.NewRequest(http.MethodGet, "/v1/artifacts?project_id=proj_owner", nil)
filterReq.Header.Set("Authorization", "Bearer "+ownerToken)
filterRec := httptest.NewRecorder()
server.Handler().ServeHTTP(filterRec, filterReq)
if filterRec.Code != http.StatusOK {
t.Fatalf("expected filtered list 200, got %d body=%s", filterRec.Code, filterRec.Body.String())
}
if err := json.Unmarshal(filterRec.Body.Bytes(), &envelope); err != nil {
t.Fatalf("decode filtered artifacts list: %v body=%s", err, filterRec.Body.String())
}
if envelope.Data.Total != 1 || len(envelope.Data.Items) != 1 {
t.Fatalf("expected one filtered owner artifact, got payload=%s", filterRec.Body.String())
}
foreignReq := httptest.NewRequest(http.MethodGet, "/v1/artifacts?job_id="+otherArtifact.JobID, nil)
foreignReq.Header.Set("Authorization", "Bearer "+ownerToken)
foreignRec := httptest.NewRecorder()
server.Handler().ServeHTTP(foreignRec, foreignReq)
if foreignRec.Code != http.StatusOK {
t.Fatalf("expected foreign job list 200, got %d body=%s", foreignRec.Code, foreignRec.Body.String())
}
if err := json.Unmarshal(foreignRec.Body.Bytes(), &envelope); err != nil {
t.Fatalf("decode foreign job artifacts list: %v body=%s", err, foreignRec.Body.String())
}
if envelope.Data.Total != 0 || len(envelope.Data.Items) != 0 {
t.Fatalf("expected foreign job artifacts to be hidden, got payload=%s", foreignRec.Body.String())
}
}
func uploadArtifactForListTest(t *testing.T, server *Server, sessionToken, projectID, filename string) artifact {
t.Helper()
imageBytes := tinyPNG(t)
var body bytes.Buffer
writer := multipart.NewWriter(&body)
if projectID != "" {
if err := writer.WriteField("project_id", projectID); err != nil {
t.Fatalf("write project_id: %v", err)
}
}
part, err := writer.CreateFormFile("file", filename)
if err != nil {
t.Fatalf("create form file: %v", err)
}
if _, err := part.Write(imageBytes); err != nil {
t.Fatalf("write image bytes: %v", err)
}
if err := writer.Close(); err != nil {
t.Fatalf("close multipart writer: %v", err)
}
req := httptest.NewRequest(http.MethodPost, "/v1/artifacts/upload", &body)
req.Header.Set("Authorization", "Bearer "+sessionToken)
req.Header.Set("Content-Type", writer.FormDataContentType())
rec := httptest.NewRecorder()
server.Handler().ServeHTTP(rec, req)
if rec.Code != http.StatusCreated {
t.Fatalf("expected artifact upload 201, got %d body=%s", rec.Code, rec.Body.String())
}
var envelope struct {
OK bool `json:"ok"`
Data artifact `json:"data"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &envelope); err != nil {
t.Fatalf("decode artifact upload: %v body=%s", err, rec.Body.String())
}
if !envelope.OK {
t.Fatalf("expected ok artifact upload, got %s", rec.Body.String())
}
return envelope.Data
}