build source

2026-04-16 04:16:36 +00:00 · 2026-04-16 04:16:36 +00:00 · ee1fec43ed
commit ee1fec43ed
4171 changed files with 1351288 additions and 0 deletions
--- a/internal/api/router_test.go
+++ b/internal/api/router_test.go
@ -0,0 +1,122 @@
+package api
+
+import (
+	"io"
+	"log/slog"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/iliaivanov/spec-kit-remote/cmd/dev-pod-api/internal/model"
+)
+
+func newTestRouter() (*mockKeyValidator, http.Handler) {
+	kv := newMockValidator()
+	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
+	srv := &Server{
+		Store:       kv,
+		K8s:         newMockPodManager(),
+		Users:       newMockUserStore(),
+		Usage:       newMockUsageStore(),
+		Logger:      logger,
+		GenerateKey: mockGenerateKey,
+	}
+	return kv, NewRouter(srv)
+}
+
+func TestHealthz(t *testing.T) {
+	_, router := newTestRouter()
+
+	req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
+	rr := httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+
+	if rr.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d", rr.Code)
+	}
+	if rr.Body.String() != "ok" {
+		t.Fatalf("expected body 'ok', got %q", rr.Body.String())
+	}
+}
+
+func TestHealthz_NoAuthRequired(t *testing.T) {
+	_, router := newTestRouter()
+
+	// No Authorization header — should still work
+	req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
+	rr := httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+
+	if rr.Code != http.StatusOK {
+		t.Fatalf("expected 200 without auth, got %d", rr.Code)
+	}
+}
+
+func TestAPIRoutes_RequireAuth(t *testing.T) {
+	_, router := newTestRouter()
+
+	routes := []struct {
+		method string
+		path   string
+	}{
+		{http.MethodGet, "/api/v1/pods"},
+		{http.MethodPost, "/api/v1/pods"},
+		{http.MethodGet, "/api/v1/pods/alice"},
+		{http.MethodDelete, "/api/v1/pods/alice"},
+		{http.MethodDelete, "/api/v1/pods/alice/main"},
+		{http.MethodPatch, "/api/v1/pods/alice/main"},
+		{http.MethodGet, "/api/v1/users"},
+		{http.MethodPost, "/api/v1/users"},
+		{http.MethodGet, "/api/v1/users/alice"},
+		{http.MethodDelete, "/api/v1/users/alice"},
+		{http.MethodPatch, "/api/v1/users/alice/quotas"},
+		{http.MethodGet, "/api/v1/users/alice/usage"},
+		{http.MethodGet, "/api/v1/billing/summary"},
+		{http.MethodGet, "/api/v1/billing/alice/history"},
+		{http.MethodGet, "/api/v1/cluster/status"},
+		{http.MethodGet, "/api/v1/cache/stats"},
+	}
+
+	for _, rt := range routes {
+		t.Run(rt.method+" "+rt.path, func(t *testing.T) {
+			req := httptest.NewRequest(rt.method, rt.path, nil)
+			rr := httptest.NewRecorder()
+			router.ServeHTTP(rr, req)
+
+			if rr.Code != http.StatusUnauthorized {
+				t.Fatalf("expected 401, got %d", rr.Code)
+			}
+		})
+	}
+}
+
+func TestAPIRoutes_ClusterStatus_RequiresAdmin(t *testing.T) {
+	kv, router := newTestRouter()
+	user := &model.User{ID: "alice", Quota: model.DefaultQuota()}
+	kv.addKey("dpk_test123", user, model.RoleUser)
+
+	// Non-admin user should get 403
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/cluster/status", nil)
+	req.Header.Set("Authorization", "Bearer dpk_test123")
+	rr := httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+
+	if rr.Code != http.StatusForbidden {
+		t.Fatalf("expected 403, got %d", rr.Code)
+	}
+}
+
+func TestAPIRoutes_NotFound(t *testing.T) {
+	kv, router := newTestRouter()
+	user := &model.User{ID: "alice", Quota: model.DefaultQuota()}
+	kv.addKey("dpk_test123", user, model.RoleUser)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/nonexistent", nil)
+	req.Header.Set("Authorization", "Bearer dpk_test123")
+	rr := httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+
+	if rr.Code != http.StatusNotFound {
+		t.Fatalf("expected 404, got %d", rr.Code)
+	}
+}