ruochen/ez-api
1
0
Fork 0
mirror of https://github.com/EZ-Api/ez-api.git synced 2026-01-13 17:47:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(middleware): add unit tests for internal auth middleware

Browse Source 
Add comprehensive test coverage for InternalAuthMiddleware including scenarios
for allowed anonymous access, missing tokens, invalid tokens, and empty token
configuration to ensure access control logic correctness.
This commit is contained in:
zenfun
2026-01-03 16:18:59 +08:00
parent 4cd9b66a84
commit 8b63aa6ec0
1 changed files with 108 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
internal/middleware/internal_auth_test.go Normal file
View File

@@ -0,0 +1,108 @@
package middleware
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
)
func init() {
gin.SetMode(gin.TestMode)
}
func TestInternalAuthMiddleware_AllowAnonymous_Allows(t *testing.T) {
t.Parallel()
r := gin.New()
r.Use(InternalAuthMiddleware("secret-token", true))
r.GET("/internal/test", func(c *gin.Context) {
c.String(http.StatusOK, "ok")
})
req := httptest.NewRequest(http.MethodGet, "/internal/test", nil)
// No X-Internal-Token header
rr := httptest.NewRecorder()
r.ServeHTTP(rr, req)
if rr.Code != http.StatusOK {
t.Fatalf("expected 200 when allow_anonymous=true, got %d body=%s", rr.Code, rr.Body.String())
}
}
func TestInternalAuthMiddleware_TokenRequired_NoToken_Returns401(t *testing.T) {
t.Parallel()
r := gin.New()
r.Use(InternalAuthMiddleware("secret-token", false))
r.GET("/internal/test", func(c *gin.Context) {
c.String(http.StatusOK, "ok")
})
req := httptest.NewRequest(http.MethodGet, "/internal/test", nil)
// No X-Internal-Token header
rr := httptest.NewRecorder()
r.ServeHTTP(rr, req)
if rr.Code != http.StatusUnauthorized {
t.Fatalf("expected 401 when token required but missing, got %d", rr.Code)
}
}
func TestInternalAuthMiddleware_TokenRequired_ValidToken_Returns200(t *testing.T) {
t.Parallel()
r := gin.New()
r.Use(InternalAuthMiddleware("secret-token", false))
r.GET("/internal/test", func(c *gin.Context) {
c.String(http.StatusOK, "ok")
})
req := httptest.NewRequest(http.MethodGet, "/internal/test", nil)
req.Header.Set("X-Internal-Token", "secret-token")
rr := httptest.NewRecorder()
r.ServeHTTP(rr, req)
if rr.Code != http.StatusOK {
t.Fatalf("expected 200 with valid token, got %d body=%s", rr.Code, rr.Body.String())
}
}
func TestInternalAuthMiddleware_TokenRequired_InvalidToken_Returns401(t *testing.T) {
t.Parallel()
r := gin.New()
r.Use(InternalAuthMiddleware("secret-token", false))
r.GET("/internal/test", func(c *gin.Context) {
c.String(http.StatusOK, "ok")
})
req := httptest.NewRequest(http.MethodGet, "/internal/test", nil)
req.Header.Set("X-Internal-Token", "wrong-token")
rr := httptest.NewRecorder()
r.ServeHTTP(rr, req)
if rr.Code != http.StatusUnauthorized {
t.Fatalf("expected 401 with wrong token, got %d", rr.Code)
}
}
func TestInternalAuthMiddleware_EmptyTokenNotAnonymous_Returns401(t *testing.T) {
t.Parallel()
r := gin.New()
// Empty token and not allowing anonymous
r.Use(InternalAuthMiddleware("", false))
r.GET("/internal/test", func(c *gin.Context) {
c.String(http.StatusOK, "ok")
})
req := httptest.NewRequest(http.MethodGet, "/internal/test", nil)
rr := httptest.NewRecorder()
r.ServeHTTP(rr, req)
if rr.Code != http.StatusUnauthorized {
t.Fatalf("expected 401 when token empty and not anonymous, got %d body=%s", rr.Code, rr.Body.String())
}
}