package middleware import ( "context" "errors" "net/http" "net/http/httptest" "testing" "bugulma/backend/internal/domain" "bugulma/backend/internal/service" "github.com/gin-gonic/gin" "github.com/stretchr/testify/assert" ) // MockUserRepository for testing type MockUserRepository struct { getByIDFunc func(id string) (*domain.User, error) } func (m *MockUserRepository) GetByEmail(ctx context.Context, email string) (*domain.User, error) { return nil, errors.New("not implemented") } func (m *MockUserRepository) GetByID(ctx context.Context, id string) (*domain.User, error) { if m.getByIDFunc != nil { return m.getByIDFunc(id) } return nil, errors.New("mock not configured") } func (m *MockUserRepository) Create(ctx context.Context, user *domain.User) error { return errors.New("not implemented") } func (m *MockUserRepository) Activate(ctx context.Context, userID string) error { return errors.New("not implemented") } func (m *MockUserRepository) Update(ctx context.Context, user *domain.User) error { return errors.New("not implemented") } func (m *MockUserRepository) Delete(ctx context.Context, id string) error { return errors.New("not implemented") } func (m *MockUserRepository) List(ctx context.Context, filters domain.UserListFilters, pagination domain.PaginationParams) (*domain.PaginatedResult[domain.User], error) { return nil, errors.New("not implemented") } func (m *MockUserRepository) UpdateRole(ctx context.Context, userID string, role domain.UserRole) error { return errors.New("not implemented") } func (m *MockUserRepository) UpdatePermissions(ctx context.Context, userID string, permissions []string) error { return errors.New("not implemented") } func (m *MockUserRepository) Deactivate(ctx context.Context, userID string) error { return errors.New("not implemented") } func (m *MockUserRepository) UpdateLastLogin(ctx context.Context, userID string) error { return errors.New("not implemented") } func TestAuthMiddleware(t *testing.T) { gin.SetMode(gin.TestMode) t.Run("missing authorization header", func(t *testing.T) { mockRepo := &MockUserRepository{} authService := service.NewAuthService(mockRepo, "test-secret") middleware := AuthMiddleware(authService) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request, _ = http.NewRequest("GET", "/test", nil) middleware(c) assert.True(t, c.IsAborted()) assert.Equal(t, http.StatusUnauthorized, w.Code) }) t.Run("invalid authorization format", func(t *testing.T) { mockRepo := &MockUserRepository{} authService := service.NewAuthService(mockRepo, "test-secret") middleware := AuthMiddleware(authService) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request, _ = http.NewRequest("GET", "/test", nil) c.Request.Header.Set("Authorization", "InvalidFormat") middleware(c) assert.True(t, c.IsAborted()) assert.Equal(t, http.StatusUnauthorized, w.Code) }) t.Run("invalid token", func(t *testing.T) { mockRepo := &MockUserRepository{ getByIDFunc: func(id string) (*domain.User, error) { return nil, errors.New("invalid token") }, } authService := service.NewAuthService(mockRepo, "test-secret") middleware := AuthMiddleware(authService) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request, _ = http.NewRequest("GET", "/test", nil) c.Request.Header.Set("Authorization", "Bearer invalid-token") middleware(c) assert.True(t, c.IsAborted()) assert.Equal(t, http.StatusUnauthorized, w.Code) }) } func TestRequireRole(t *testing.T) { gin.SetMode(gin.TestMode) t.Run("user has required role", func(t *testing.T) { middleware := RequireRole("admin") w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Set("user_role", "admin") middleware(c) assert.False(t, c.IsAborted()) }) t.Run("user has insufficient permissions", func(t *testing.T) { middleware := RequireRole("admin") w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Set("user_role", "user") middleware(c) assert.True(t, c.IsAborted()) assert.Equal(t, http.StatusForbidden, w.Code) }) t.Run("no role found", func(t *testing.T) { middleware := RequireRole("admin") w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = httptest.NewRequest("GET", "/", nil) // No user_role set middleware(c) assert.True(t, c.IsAborted()) assert.Equal(t, http.StatusForbidden, w.Code) }) }