59 lines
1.5 KiB
Go
59 lines
1.5 KiB
Go
package http
|
|
|
|
import (
|
|
stdhttp "net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/oklog/ulid/v2"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/auth"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
// makeUser inserts a user with a known password ('test-password').
|
|
// Returns the user id. Used by RBAC middleware tests + the
|
|
// user-management handler tests.
|
|
//
|
|
//nolint:unused
|
|
func makeUser(t *testing.T, srv *Server, username string, role store.Role) string {
|
|
t.Helper()
|
|
id := ulid.Make().String()
|
|
hash, err := auth.HashPassword("test-password")
|
|
if err != nil {
|
|
t.Fatalf("hash: %v", err)
|
|
}
|
|
if err := srv.deps.Store.CreateUser(t.Context(), store.User{
|
|
ID: id, Username: username, PasswordHash: hash,
|
|
Role: role, CreatedAt: time.Now().UTC(),
|
|
}); err != nil {
|
|
t.Fatalf("create user %s: %v", username, err)
|
|
}
|
|
return id
|
|
}
|
|
|
|
// loginAs gets a session cookie for the given user. Skips the real
|
|
// /api/auth/login handler for speed and to keep these helpers usable
|
|
// even when login validation is mid-flight elsewhere.
|
|
//
|
|
//nolint:unused
|
|
func loginAs(t *testing.T, srv *Server, userID string) *stdhttp.Cookie {
|
|
t.Helper()
|
|
rawToken, err := auth.NewToken()
|
|
if err != nil {
|
|
t.Fatalf("token: %v", err)
|
|
}
|
|
hash := auth.HashToken(rawToken)
|
|
now := time.Now().UTC()
|
|
if err := srv.deps.Store.CreateSession(t.Context(), store.Session{
|
|
ID: hash, UserID: userID, CreatedAt: now,
|
|
ExpiresAt: now.Add(8 * time.Hour),
|
|
}, hash); err != nil {
|
|
t.Fatalf("session: %v", err)
|
|
}
|
|
return &stdhttp.Cookie{
|
|
Name: sessionCookieName,
|
|
Value: rawToken,
|
|
}
|
|
}
|