From 8b63aa6ec0b36b8c872b35af0cf24480c2be73de Mon Sep 17 00:00:00 2001 From: zenfun Date: Sat, 3 Jan 2026 16:18:59 +0800 Subject: [PATCH] test(middleware): add unit tests for internal auth middleware Add comprehensive test coverage for InternalAuthMiddleware including scenarios for allowed anonymous access, missing tokens, invalid tokens, and empty token configuration to ensure access control logic correctness. --- internal/middleware/internal_auth_test.go | 108 ++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 internal/middleware/internal_auth_test.go diff --git a/internal/middleware/internal_auth_test.go b/internal/middleware/internal_auth_test.go new file mode 100644 index 0000000..987073f --- /dev/null +++ b/internal/middleware/internal_auth_test.go @@ -0,0 +1,108 @@ +package middleware + +import ( + "net/http" + "net/http/httptest" + "testing" + + "github.com/gin-gonic/gin" +) + +func init() { + gin.SetMode(gin.TestMode) +} + +func TestInternalAuthMiddleware_AllowAnonymous_Allows(t *testing.T) { + t.Parallel() + + r := gin.New() + r.Use(InternalAuthMiddleware("secret-token", true)) + r.GET("/internal/test", func(c *gin.Context) { + c.String(http.StatusOK, "ok") + }) + + req := httptest.NewRequest(http.MethodGet, "/internal/test", nil) + // No X-Internal-Token header + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != http.StatusOK { + t.Fatalf("expected 200 when allow_anonymous=true, got %d body=%s", rr.Code, rr.Body.String()) + } +} + +func TestInternalAuthMiddleware_TokenRequired_NoToken_Returns401(t *testing.T) { + t.Parallel() + + r := gin.New() + r.Use(InternalAuthMiddleware("secret-token", false)) + r.GET("/internal/test", func(c *gin.Context) { + c.String(http.StatusOK, "ok") + }) + + req := httptest.NewRequest(http.MethodGet, "/internal/test", nil) + // No X-Internal-Token header + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != http.StatusUnauthorized { + t.Fatalf("expected 401 when token required but missing, got %d", rr.Code) + } +} + +func TestInternalAuthMiddleware_TokenRequired_ValidToken_Returns200(t *testing.T) { + t.Parallel() + + r := gin.New() + r.Use(InternalAuthMiddleware("secret-token", false)) + r.GET("/internal/test", func(c *gin.Context) { + c.String(http.StatusOK, "ok") + }) + + req := httptest.NewRequest(http.MethodGet, "/internal/test", nil) + req.Header.Set("X-Internal-Token", "secret-token") + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != http.StatusOK { + t.Fatalf("expected 200 with valid token, got %d body=%s", rr.Code, rr.Body.String()) + } +} + +func TestInternalAuthMiddleware_TokenRequired_InvalidToken_Returns401(t *testing.T) { + t.Parallel() + + r := gin.New() + r.Use(InternalAuthMiddleware("secret-token", false)) + r.GET("/internal/test", func(c *gin.Context) { + c.String(http.StatusOK, "ok") + }) + + req := httptest.NewRequest(http.MethodGet, "/internal/test", nil) + req.Header.Set("X-Internal-Token", "wrong-token") + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != http.StatusUnauthorized { + t.Fatalf("expected 401 with wrong token, got %d", rr.Code) + } +} + +func TestInternalAuthMiddleware_EmptyTokenNotAnonymous_Returns401(t *testing.T) { + t.Parallel() + + r := gin.New() + // Empty token and not allowing anonymous + r.Use(InternalAuthMiddleware("", false)) + r.GET("/internal/test", func(c *gin.Context) { + c.String(http.StatusOK, "ok") + }) + + req := httptest.NewRequest(http.MethodGet, "/internal/test", nil) + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != http.StatusUnauthorized { + t.Fatalf("expected 401 when token empty and not anonymous, got %d body=%s", rr.Code, rr.Body.String()) + } +}