47 lines
1.2 KiB
Go
47 lines
1.2 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"haixun-backend/internal/config"
|
|
"haixun-backend/internal/library/authctx"
|
|
)
|
|
|
|
func TestMemberAuth_DevHeaderFallback(t *testing.T) {
|
|
called := false
|
|
handler := MemberAuth(nil, config.AuthConf{DevHeaderFallback: true}, func(w http.ResponseWriter, r *http.Request) {
|
|
called = true
|
|
actor, ok := authctx.ActorFromContext(r.Context())
|
|
if !ok || actor.UID != "u1" {
|
|
t.Fatalf("actor = %+v, ok=%v", actor, ok)
|
|
}
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/ai/chat", nil)
|
|
req.Header.Set("X-Tenant-ID", "default")
|
|
req.Header.Set("X-UID", "u1")
|
|
req.Header.Set("Authorization", "Bearer sk-provider-key")
|
|
rec := httptest.NewRecorder()
|
|
handler(rec, req)
|
|
|
|
if !called {
|
|
t.Fatal("expected handler to be called via dev headers")
|
|
}
|
|
}
|
|
|
|
func TestAuth_RequiresAuthorizationBearer(t *testing.T) {
|
|
handler := Auth(nil, config.AuthConf{DevHeaderFallback: false}, func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("handler should not be called")
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/jobs", nil)
|
|
rec := httptest.NewRecorder()
|
|
handler(rec, req)
|
|
|
|
if rec.Code != http.StatusUnauthorized {
|
|
t.Fatalf("status = %d, want 401", rec.Code)
|
|
}
|
|
}
|