diff --git a/internal/api/api.go b/internal/api/api.go index f74ad3e4..94d36b06 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -24,6 +24,12 @@ func Mount(r chi.Router, pool *pgxpool.Pool, logger *slog.Logger) { authed.Use(auth.RequireUser(pool)) authed.Post("/auth/logout", h.handleLogout) authed.Get("/me", h.handleGetMe) + + authed.Get("/artists", h.handleListArtists) + authed.Get("/artists/{id}", h.handleGetArtist) + authed.Get("/albums/{id}", h.handleGetAlbum) + authed.Get("/tracks/{id}", h.handleGetTrack) + authed.Get("/search", h.handleSearch) }) }) } diff --git a/internal/api/library_test.go b/internal/api/library_test.go index fab8591f..6a5e368d 100644 --- a/internal/api/library_test.go +++ b/internal/api/library_test.go @@ -423,3 +423,33 @@ func TestHandleListArtists_EmptyDB(t *testing.T) { t.Errorf("total = %d", got.Total) } } + +// TestRoutesRegisteredInMount verifies the production Mount() wires every +// library route. We hit each path through the real Mount (no RequireUser +// stripped — we expect 401 from the middleware, which is fine — that +// proves the route reached the authenticated group). +func TestRoutesRegisteredInMount(t *testing.T) { + h, _ := testHandlers(t) + r := chi.NewRouter() + Mount(r, h.pool, h.logger) + + paths := []string{ + "/api/artists", + "/api/artists/00000000-0000-0000-0000-000000000001", + "/api/albums/00000000-0000-0000-0000-000000000001", + "/api/tracks/00000000-0000-0000-0000-000000000001", + "/api/search?q=x", + } + for _, p := range paths { + req := httptest.NewRequest(http.MethodGet, p, nil) + w := httptest.NewRecorder() + r.ServeHTTP(w, req) + // Unauthenticated → 401. What we must NOT see is 404 (route missing). + if w.Code == http.StatusNotFound { + t.Errorf("path %s returned 404 — route not registered", p) + } + if w.Code != http.StatusUnauthorized { + t.Errorf("path %s status = %d, want 401 (unauth)", p, w.Code) + } + } +}