Files
minstrel/internal/api/cast_token_test.go
T
bvandeusen e774097fd8
test-go / test (push) Failing after 15s
test-go / integration (push) Failing after 5m54s
feat(server): POST /api/cast/stream-token + secret bootstrap (UPnP slice 2/6)
Adds the client-facing endpoint that issues a signed stream URL for
the current track. Authenticated via the standard session cookie.
Returns {token, exp, url} where url is a fully-formed stream URL
the client passes verbatim to a UPnP / Sonos device's
AVTransport.SetAVTransportURI call.

expSeconds clamped to [60, 86400]; default 21600 (6h) - long enough
to play through any typical track without re-minting mid-playback.

MINSTREL_STREAM_SECRET is loaded from env var with a per-machine
fallback persisted at <Storage.DataDir>/stream_secret (auto-generated
on first boot via 64 random bytes, base64-url-encoded, 0600). The
file-based fallback is operator-machine-scoped runtime state, not a
user-facing setting - chosen over a DB column to avoid a migration
and keep the secret out of cross-instance restores. Operator can
override at any time via the env var; default path requires zero
config.

Tests cover happy-path token issuance + URL formatting, bad-UUID
rejection, unauthenticated rejection, the expSeconds clamp at all
boundaries, secret env override, auto-gen + file persistence at 0600,
second-boot reuse of the persisted file, and rejection of a malformed
env value.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-03 11:46:57 -04:00

153 lines
4.5 KiB
Go

package api
import (
"bytes"
"encoding/json"
"net/http"
"net/http/httptest"
"strings"
"testing"
"time"
)
const testTrackUUID = "11111111-1111-1111-1111-111111111111"
func TestCastStreamToken_HappyPath(t *testing.T) {
h, pool := testHandlers(t)
user := seedUser(t, pool, "alice", "hunter2", false)
h.streamSecret = []byte("cast-token-test-secret")
body, err := json.Marshal(castTokenRequest{
TrackID: testTrackUUID,
ExpSeconds: 3600,
})
if err != nil {
t.Fatalf("marshal: %v", err)
}
req := httptest.NewRequest(http.MethodPost, "/api/cast/stream-token", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = withUser(req, user)
w := httptest.NewRecorder()
h.handleCastStreamToken(w, req)
if w.Code != http.StatusOK {
t.Fatalf("status = %d, want 200; body=%s", w.Code, w.Body.String())
}
var resp castTokenResponse
if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
t.Fatalf("decode: %v", err)
}
if resp.Token == "" || resp.Exp == 0 || resp.URL == "" {
t.Fatalf("empty fields in response: %+v", resp)
}
if !strings.Contains(resp.URL, "token="+resp.Token) {
t.Fatalf("URL missing token query: %s", resp.URL)
}
if !strings.Contains(resp.URL, "/api/tracks/"+testTrackUUID+"/stream") {
t.Fatalf("URL missing stream path: %s", resp.URL)
}
if !VerifyStreamToken(h.streamSecret, testTrackUUID, resp.Exp, resp.Token) {
t.Fatal("returned token does not verify")
}
}
func TestCastStreamToken_RejectsBadUUID(t *testing.T) {
h, pool := testHandlers(t)
user := seedUser(t, pool, "alice", "hunter2", false)
h.streamSecret = []byte("cast-token-test-secret")
body, err := json.Marshal(castTokenRequest{TrackID: "not-a-uuid"})
if err != nil {
t.Fatalf("marshal: %v", err)
}
req := httptest.NewRequest(http.MethodPost, "/api/cast/stream-token", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = withUser(req, user)
w := httptest.NewRecorder()
h.handleCastStreamToken(w, req)
if w.Code != http.StatusBadRequest {
t.Fatalf("status = %d, want 400; body=%s", w.Code, w.Body.String())
}
}
func TestCastStreamToken_RejectsUnauthenticated(t *testing.T) {
h, _ := testHandlers(t)
h.streamSecret = []byte("cast-token-test-secret")
body, err := json.Marshal(castTokenRequest{TrackID: testTrackUUID})
if err != nil {
t.Fatalf("marshal: %v", err)
}
req := httptest.NewRequest(http.MethodPost, "/api/cast/stream-token", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
// NO withUser — handler must reject via requireUser.
w := httptest.NewRecorder()
h.handleCastStreamToken(w, req)
if w.Code != http.StatusUnauthorized {
t.Fatalf("status = %d, want 401; body=%s", w.Code, w.Body.String())
}
}
func TestCastStreamToken_ClampsExpSeconds(t *testing.T) {
h, pool := testHandlers(t)
user := seedUser(t, pool, "alice", "hunter2", false)
h.streamSecret = []byte("cast-token-test-secret")
// Request 1 second (below min 60), expect clamp to 60s.
body, err := json.Marshal(castTokenRequest{
TrackID: testTrackUUID,
ExpSeconds: 1,
})
if err != nil {
t.Fatalf("marshal: %v", err)
}
before := time.Now().Unix()
req := httptest.NewRequest(http.MethodPost, "/api/cast/stream-token", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = withUser(req, user)
w := httptest.NewRecorder()
h.handleCastStreamToken(w, req)
if w.Code != http.StatusOK {
t.Fatalf("status = %d, want 200; body=%s", w.Code, w.Body.String())
}
var resp castTokenResponse
if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
t.Fatalf("decode: %v", err)
}
// Allow a small jitter window around the clamp target (60s).
delta := resp.Exp - before
if delta < 55 || delta > 70 {
t.Fatalf("expected ~60s expiry after clamp, got delta=%ds", delta)
}
}
func TestClampExpSeconds(t *testing.T) {
cases := []struct {
name string
in int
want int
}{
{"zero defaults to 6h", 0, castTokenDefaultExp},
{"negative defaults to 6h", -1, castTokenDefaultExp},
{"below min clamps up", 30, castTokenMinExpSeconds},
{"exact min passes through", castTokenMinExpSeconds, castTokenMinExpSeconds},
{"mid-range passes through", 3600, 3600},
{"exact max passes through", castTokenMaxExpSeconds, castTokenMaxExpSeconds},
{"above max clamps down", castTokenMaxExpSeconds + 1, castTokenMaxExpSeconds},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
if got := clampExpSeconds(tc.in); got != tc.want {
t.Fatalf("clampExpSeconds(%d) = %d, want %d", tc.in, got, tc.want)
}
})
}
}