396 lines
14 KiB
Go
396 lines
14 KiB
Go
package api
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/jackc/pgx/v5/pgtype"
|
|
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
|
)
|
|
|
|
// newRequestsRouter builds a test chi router wiring the /api/requests handlers
|
|
// with chi URL params but without RequireUser middleware. Tests inject a user
|
|
// into the context manually.
|
|
func newRequestsRouter(h *handlers) chi.Router {
|
|
r := chi.NewRouter()
|
|
r.Post("/api/requests", h.handleCreateRequest)
|
|
r.Get("/api/requests", h.handleListRequests)
|
|
r.Get("/api/requests/{id}", h.handleGetRequest)
|
|
r.Delete("/api/requests/{id}", h.handleCancelRequest)
|
|
return r
|
|
}
|
|
|
|
// withUser injects a user into the request context the same way RequireUser does.
|
|
func withUser(req *http.Request, user dbq.User) *http.Request {
|
|
return req.WithContext(context.WithValue(req.Context(), userCtxKeyForTest(), user))
|
|
}
|
|
|
|
// doCreateRequest fires POST /api/requests with the given JSON body as the given user.
|
|
func doCreateRequest(h *handlers, user dbq.User, body string) *httptest.ResponseRecorder {
|
|
req := httptest.NewRequest(http.MethodPost, "/api/requests", bytes.NewBufferString(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req = withUser(req, user)
|
|
w := httptest.NewRecorder()
|
|
newRequestsRouter(h).ServeHTTP(w, req)
|
|
return w
|
|
}
|
|
|
|
// doListRequests fires GET /api/requests as the given user.
|
|
func doListRequests(h *handlers, user dbq.User) *httptest.ResponseRecorder {
|
|
req := httptest.NewRequest(http.MethodGet, "/api/requests", nil)
|
|
req = withUser(req, user)
|
|
w := httptest.NewRecorder()
|
|
newRequestsRouter(h).ServeHTTP(w, req)
|
|
return w
|
|
}
|
|
|
|
// doGetRequest fires GET /api/requests/:id as the given user.
|
|
func doGetRequest(h *handlers, user dbq.User, id pgtype.UUID) *httptest.ResponseRecorder {
|
|
req := httptest.NewRequest(http.MethodGet, "/api/requests/"+uuidToString(id), nil)
|
|
req = withUser(req, user)
|
|
w := httptest.NewRecorder()
|
|
newRequestsRouter(h).ServeHTTP(w, req)
|
|
return w
|
|
}
|
|
|
|
// doCancelRequest fires DELETE /api/requests/:id as the given user.
|
|
func doCancelRequest(h *handlers, user dbq.User, id pgtype.UUID) *httptest.ResponseRecorder {
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/requests/"+uuidToString(id), nil)
|
|
req = withUser(req, user)
|
|
w := httptest.NewRecorder()
|
|
newRequestsRouter(h).ServeHTTP(w, req)
|
|
return w
|
|
}
|
|
|
|
// createArtistRequest is a convenience wrapper that seeds a valid artist request
|
|
// via the handler and returns the parsed response.
|
|
func createArtistRequest(t *testing.T, h *handlers, user dbq.User, artistMBID, artistName string) requestView {
|
|
t.Helper()
|
|
body := fmt.Sprintf(`{"kind":"artist","lidarr_artist_mbid":%q,"artist_name":%q}`, artistMBID, artistName)
|
|
w := doCreateRequest(h, user, body)
|
|
if w.Code != http.StatusCreated {
|
|
t.Fatalf("createArtistRequest: status = %d, want 201; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var rv requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &rv); err != nil {
|
|
t.Fatalf("createArtistRequest: decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
return rv
|
|
}
|
|
|
|
// TestHandleCreateRequest_AutoApprove_LidarrDisabled_StaysPending verifies
|
|
// that a user with auto_approve_requests=true still receives a 201 Created
|
|
// when Lidarr is disabled in the test environment — the auto-approve attempt
|
|
// fails inside Service.Approve with ErrLidarrDisabled, which the handler
|
|
// catches and logs, leaving the row in pending state. This is the U2.5
|
|
// fallback contract: a misconfigured Lidarr must not break request creation.
|
|
func TestHandleCreateRequest_AutoApprove_LidarrDisabled_StaysPending(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
if _, err := pool.Exec(context.Background(),
|
|
"UPDATE users SET auto_approve_requests = true WHERE id = $1", alice.ID); err != nil {
|
|
t.Fatalf("set auto_approve: %v", err)
|
|
}
|
|
// Re-fetch so the User row carried into the request context has the flag.
|
|
refreshed, err := dbq.New(pool).GetUserByID(context.Background(), alice.ID)
|
|
if err != nil {
|
|
t.Fatalf("reload user: %v", err)
|
|
}
|
|
if !refreshed.AutoApproveRequests {
|
|
t.Fatalf("auto_approve flag did not persist — bailing")
|
|
}
|
|
|
|
body := `{"kind":"artist","lidarr_artist_mbid":"auto-mbid-1","artist_name":"Autoband"}`
|
|
w := doCreateRequest(h, refreshed, body)
|
|
|
|
if w.Code != http.StatusCreated {
|
|
t.Fatalf("status = %d, want 201; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var rv requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &rv); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if rv.Status != "pending" {
|
|
t.Errorf("status = %q, want pending (auto-approve falls back when Lidarr disabled)", rv.Status)
|
|
}
|
|
}
|
|
|
|
// TestHandleCreateRequest_Artist_HappyPath verifies a valid artist request
|
|
// returns 201 with kind=artist and status=pending.
|
|
func TestHandleCreateRequest_Artist_HappyPath(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
body := `{"kind":"artist","lidarr_artist_mbid":"artist-mbid-1","artist_name":"The Beatles"}`
|
|
w := doCreateRequest(h, alice, body)
|
|
|
|
if w.Code != http.StatusCreated {
|
|
t.Fatalf("status = %d, want 201; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var rv requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &rv); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if string(rv.Kind) != "artist" {
|
|
t.Errorf("kind = %q, want artist", rv.Kind)
|
|
}
|
|
if rv.Status != "pending" {
|
|
t.Errorf("status = %q, want pending", rv.Status)
|
|
}
|
|
if rv.LidarrArtistMBID != "artist-mbid-1" {
|
|
t.Errorf("lidarr_artist_mbid = %q", rv.LidarrArtistMBID)
|
|
}
|
|
if rv.ArtistName != "The Beatles" {
|
|
t.Errorf("artist_name = %q", rv.ArtistName)
|
|
}
|
|
if !rv.ID.Valid {
|
|
t.Error("id not set")
|
|
}
|
|
}
|
|
|
|
// TestHandleCreateRequest_AlbumWithoutAlbumMBID_400 verifies that sending
|
|
// kind=album without lidarr_album_mbid returns 400 with mbid_required.
|
|
func TestHandleCreateRequest_AlbumWithoutAlbumMBID_400(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
// Missing lidarr_album_mbid and album_title.
|
|
body := `{"kind":"album","lidarr_artist_mbid":"artist-mbid-1","artist_name":"The Beatles"}`
|
|
w := doCreateRequest(h, alice, body)
|
|
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("status = %d, want 400; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var resp struct {
|
|
Error struct {
|
|
Code string `json:"code"`
|
|
} `json:"error"`
|
|
}
|
|
if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if resp.Error.Code != "mbid_required" {
|
|
t.Errorf("error.code = %q, want mbid_required", resp.Error.Code)
|
|
}
|
|
}
|
|
|
|
// TestHandleCreateRequest_TrackWithoutTrackFields_400 verifies that kind=track
|
|
// with missing track_mbid/track_title returns 400 with mbid_required.
|
|
func TestHandleCreateRequest_TrackWithoutTrackFields_400(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
// Provides album fields but misses track_mbid and track_title.
|
|
body := `{"kind":"track","lidarr_artist_mbid":"artist-mbid-1","artist_name":"Beatles","lidarr_album_mbid":"album-mbid-1","album_title":"Abbey Road"}`
|
|
w := doCreateRequest(h, alice, body)
|
|
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("status = %d, want 400; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var resp struct {
|
|
Error struct {
|
|
Code string `json:"code"`
|
|
} `json:"error"`
|
|
}
|
|
if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if resp.Error.Code != "mbid_required" {
|
|
t.Errorf("error.code = %q, want mbid_required", resp.Error.Code)
|
|
}
|
|
}
|
|
|
|
// TestHandleListRequests_OnlyOwnRequests verifies alice sees only her own
|
|
// requests, not bob's.
|
|
func TestHandleListRequests_OnlyOwnRequests(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
bob := seedUser(t, pool, "bob", "pw", false)
|
|
|
|
createArtistRequest(t, h, alice, "alice-mbid-1", "Alice Artist 1")
|
|
createArtistRequest(t, h, alice, "alice-mbid-2", "Alice Artist 2")
|
|
createArtistRequest(t, h, bob, "bob-mbid-1", "Bob Artist 1")
|
|
|
|
w := doListRequests(h, alice)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var results []requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &results); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if len(results) != 2 {
|
|
t.Fatalf("len(results) = %d, want 2", len(results))
|
|
}
|
|
for _, rv := range results {
|
|
if rv.UserID != alice.ID {
|
|
t.Errorf("result belongs to wrong user: %v", rv.UserID)
|
|
}
|
|
}
|
|
}
|
|
|
|
// TestHandleGetRequest_OwnReturns200 verifies a caller can fetch their own request.
|
|
func TestHandleGetRequest_OwnReturns200(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
rv := createArtistRequest(t, h, alice, "artist-mbid-get", "Get Artist")
|
|
|
|
w := doGetRequest(h, alice, rv.ID)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var got requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if got.ID != rv.ID {
|
|
t.Errorf("id mismatch")
|
|
}
|
|
}
|
|
|
|
// TestHandleGetRequest_OtherUserNotAdmin_404 verifies a non-admin caller
|
|
// cannot see another user's request.
|
|
func TestHandleGetRequest_OtherUserNotAdmin_404(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
bob := seedUser(t, pool, "bob", "pw", false)
|
|
charlie := seedUser(t, pool, "charlie", "pw", false)
|
|
|
|
rv := createArtistRequest(t, h, bob, "bob-artist-mbid", "Bob's Artist")
|
|
|
|
// Charlie is not an admin, tries to fetch Bob's request.
|
|
w := doGetRequest(h, charlie, rv.ID)
|
|
if w.Code != http.StatusNotFound {
|
|
t.Fatalf("status = %d, want 404; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var resp struct {
|
|
Error struct {
|
|
Code string `json:"code"`
|
|
} `json:"error"`
|
|
}
|
|
if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if resp.Error.Code != "request_not_found" {
|
|
t.Errorf("error.code = %q, want request_not_found", resp.Error.Code)
|
|
}
|
|
}
|
|
|
|
// TestHandleGetRequest_OtherUserAsAdmin_200 verifies an admin can fetch any
|
|
// user's request.
|
|
func TestHandleGetRequest_OtherUserAsAdmin_200(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
bob := seedUser(t, pool, "bob", "pw", false)
|
|
admin := seedUser(t, pool, "admin", "pw", true)
|
|
|
|
rv := createArtistRequest(t, h, bob, "bob-admin-mbid", "Bob's Artist For Admin")
|
|
|
|
// Admin fetches Bob's request — should succeed.
|
|
w := doGetRequest(h, admin, rv.ID)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var got requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if got.ID != rv.ID {
|
|
t.Errorf("id mismatch")
|
|
}
|
|
}
|
|
|
|
// TestHandleCancelRequest_PendingHappyPath verifies that cancelling a pending
|
|
// request returns 200 with status=rejected.
|
|
func TestHandleCancelRequest_PendingHappyPath(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
rv := createArtistRequest(t, h, alice, "cancel-mbid-1", "Cancel Me")
|
|
|
|
w := doCancelRequest(h, alice, rv.ID)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", w.Code, w.Body.String())
|
|
}
|
|
var got requestView
|
|
if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w.Body.String())
|
|
}
|
|
if got.Status != "rejected" {
|
|
t.Errorf("status = %q, want rejected", got.Status)
|
|
}
|
|
}
|
|
|
|
// TestHandleCancelRequest_NonPending_409 verifies that cancelling an already
|
|
// rejected request returns 409 with request_not_pending.
|
|
func TestHandleCancelRequest_NonPending_409(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice", "pw", false)
|
|
rv := createArtistRequest(t, h, alice, "cancel-mbid-2", "Cancel Twice")
|
|
|
|
// First cancel transitions to rejected.
|
|
w1 := doCancelRequest(h, alice, rv.ID)
|
|
if w1.Code != http.StatusOK {
|
|
t.Fatalf("first cancel: status = %d, want 200; body = %s", w1.Code, w1.Body.String())
|
|
}
|
|
|
|
// Second cancel on a now-rejected row → ErrNotPending → 409.
|
|
// The cancel SQL checks user_id = $2 AND status = 'pending'; zero rows → ErrNotPending.
|
|
// For this test we use dbq directly to reject via admin so Cancel returns ErrNotPending
|
|
// rather than the ownership miss. We already did first cancel so row is rejected.
|
|
w2 := doCancelRequest(h, alice, rv.ID)
|
|
if w2.Code != http.StatusConflict {
|
|
t.Fatalf("second cancel: status = %d, want 409; body = %s", w2.Code, w2.Body.String())
|
|
}
|
|
var resp struct {
|
|
Error struct {
|
|
Code string `json:"code"`
|
|
} `json:"error"`
|
|
}
|
|
if err := json.Unmarshal(w2.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("decode: %v; body = %s", err, w2.Body.String())
|
|
}
|
|
if resp.Error.Code != "request_not_pending" {
|
|
t.Errorf("error.code = %q, want request_not_pending", resp.Error.Code)
|
|
}
|
|
}
|
|
|
|
// TestHandleCancelRequest_WrongUser_409 verifies that attempting to cancel
|
|
// another user's request returns 409 (not_pending from the ownership miss).
|
|
func TestHandleCancelRequest_WrongUser_409(t *testing.T) {
|
|
h, pool := testHandlers(t)
|
|
resetLidarrState(t, h)
|
|
|
|
alice := seedUser(t, pool, "alice-cancel-owner", "pw", false)
|
|
bob := seedUser(t, pool, "bob-cancel-other", "pw", false)
|
|
|
|
rv := createArtistRequest(t, h, alice, "cancel-wrong-user-mbid", "Alice's Artist")
|
|
|
|
// Bob tries to cancel Alice's request: SQL WHERE user_id=bob AND status=pending → 0 rows.
|
|
w := doCancelRequest(h, bob, rv.ID)
|
|
if w.Code != http.StatusConflict {
|
|
t.Fatalf("status = %d, want 409; body = %s", w.Code, w.Body.String())
|
|
}
|
|
}
|