feat(api): register library + search routes under RequireUser
This commit is contained in:
@@ -24,6 +24,12 @@ func Mount(r chi.Router, pool *pgxpool.Pool, logger *slog.Logger) {
|
||||
authed.Use(auth.RequireUser(pool))
|
||||
authed.Post("/auth/logout", h.handleLogout)
|
||||
authed.Get("/me", h.handleGetMe)
|
||||
|
||||
authed.Get("/artists", h.handleListArtists)
|
||||
authed.Get("/artists/{id}", h.handleGetArtist)
|
||||
authed.Get("/albums/{id}", h.handleGetAlbum)
|
||||
authed.Get("/tracks/{id}", h.handleGetTrack)
|
||||
authed.Get("/search", h.handleSearch)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
@@ -423,3 +423,33 @@ func TestHandleListArtists_EmptyDB(t *testing.T) {
|
||||
t.Errorf("total = %d", got.Total)
|
||||
}
|
||||
}
|
||||
|
||||
// TestRoutesRegisteredInMount verifies the production Mount() wires every
|
||||
// library route. We hit each path through the real Mount (no RequireUser
|
||||
// stripped — we expect 401 from the middleware, which is fine — that
|
||||
// proves the route reached the authenticated group).
|
||||
func TestRoutesRegisteredInMount(t *testing.T) {
|
||||
h, _ := testHandlers(t)
|
||||
r := chi.NewRouter()
|
||||
Mount(r, h.pool, h.logger)
|
||||
|
||||
paths := []string{
|
||||
"/api/artists",
|
||||
"/api/artists/00000000-0000-0000-0000-000000000001",
|
||||
"/api/albums/00000000-0000-0000-0000-000000000001",
|
||||
"/api/tracks/00000000-0000-0000-0000-000000000001",
|
||||
"/api/search?q=x",
|
||||
}
|
||||
for _, p := range paths {
|
||||
req := httptest.NewRequest(http.MethodGet, p, nil)
|
||||
w := httptest.NewRecorder()
|
||||
r.ServeHTTP(w, req)
|
||||
// Unauthenticated → 401. What we must NOT see is 404 (route missing).
|
||||
if w.Code == http.StatusNotFound {
|
||||
t.Errorf("path %s returned 404 — route not registered", p)
|
||||
}
|
||||
if w.Code != http.StatusUnauthorized {
|
||||
t.Errorf("path %s status = %d, want 401 (unauth)", p, w.Code)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user