feat(api): register library + search routes under RequireUser

This commit is contained in:
2026-04-21 08:34:12 -04:00
parent 683c11661b
commit db2ee3b21f
2 changed files with 36 additions and 0 deletions
+6
View File
@@ -24,6 +24,12 @@ func Mount(r chi.Router, pool *pgxpool.Pool, logger *slog.Logger) {
authed.Use(auth.RequireUser(pool))
authed.Post("/auth/logout", h.handleLogout)
authed.Get("/me", h.handleGetMe)
authed.Get("/artists", h.handleListArtists)
authed.Get("/artists/{id}", h.handleGetArtist)
authed.Get("/albums/{id}", h.handleGetAlbum)
authed.Get("/tracks/{id}", h.handleGetTrack)
authed.Get("/search", h.handleSearch)
})
})
}
+30
View File
@@ -423,3 +423,33 @@ func TestHandleListArtists_EmptyDB(t *testing.T) {
t.Errorf("total = %d", got.Total)
}
}
// TestRoutesRegisteredInMount verifies the production Mount() wires every
// library route. We hit each path through the real Mount (no RequireUser
// stripped — we expect 401 from the middleware, which is fine — that
// proves the route reached the authenticated group).
func TestRoutesRegisteredInMount(t *testing.T) {
h, _ := testHandlers(t)
r := chi.NewRouter()
Mount(r, h.pool, h.logger)
paths := []string{
"/api/artists",
"/api/artists/00000000-0000-0000-0000-000000000001",
"/api/albums/00000000-0000-0000-0000-000000000001",
"/api/tracks/00000000-0000-0000-0000-000000000001",
"/api/search?q=x",
}
for _, p := range paths {
req := httptest.NewRequest(http.MethodGet, p, nil)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
// Unauthenticated → 401. What we must NOT see is 404 (route missing).
if w.Code == http.StatusNotFound {
t.Errorf("path %s returned 404 — route not registered", p)
}
if w.Code != http.StatusUnauthorized {
t.Errorf("path %s status = %d, want 401 (unauth)", p, w.Code)
}
}
}