From 6e271bccc0159744e1e181215288a31b741862e7 Mon Sep 17 00:00:00 2001 From: Alessio Date: Mon, 2 Dec 2024 20:30:56 -0800 Subject: [PATCH] Add more non-happy-path HTTP tests --- internal/webserver/handler_messages.go | 4 +++ internal/webserver/handler_messages_test.go | 36 +++++++++++++++++++ internal/webserver/handler_notifications.go | 10 ++++++ .../webserver/handler_notifications_test.go | 17 +++++++++ 4 files changed, 67 insertions(+) diff --git a/internal/webserver/handler_messages.go b/internal/webserver/handler_messages.go index d92572b..d69157f 100644 --- a/internal/webserver/handler_messages.go +++ b/internal/webserver/handler_messages.go @@ -102,6 +102,10 @@ func (app *Application) message_detail(w http.ResponseWriter, r *http.Request) { // Handle reactions if len(parts) == 1 && parts[0] == "reacc" { + if app.IsScrapingDisabled { + app.error_401(w, r) + return + } var data struct { MessageID scraper.DMMessageID `json:"message_id,string"` Reacc string `json:"reacc"` diff --git a/internal/webserver/handler_messages_test.go b/internal/webserver/handler_messages_test.go index 7b93c9c..2922e6e 100644 --- a/internal/webserver/handler_messages_test.go +++ b/internal/webserver/handler_messages_test.go @@ -185,3 +185,39 @@ func TestMessagesSend(t *testing.T) { )) require.Equal(401, resp.StatusCode) } + +// When scraping is disabled, sending a reacc should 401 +func TestMessagesSendReacc(t *testing.T) { + require := require.New(t) + + resp := do_request_with_active_user(httptest.NewRequest("GET", + "/messages/1488963321701171204-1178839081222115328/reacc", + strings.NewReader(`{"message_id": "1", "reacc": ":)"}`), + )) + require.Equal(401, resp.StatusCode) +} + +func TestMessagesRefreshConversationsList(t *testing.T) { + assert := assert.New(t) + require := require.New(t) + + // No active chat + req := httptest.NewRequest("GET", "/messages/refresh-list", nil) + req.Header.Set("HX-Request", "true") + resp := do_request_with_active_user(req) + require.Equal(200, resp.StatusCode) + root, err := html.Parse(resp.Body) + require.NoError(err) + assert.Len(cascadia.QueryAll(root, selector(".chat-list-entry")), 2) + assert.Len(cascadia.QueryAll(root, selector(".chat-list-entry.chat-list-entry--active-chat")), 0) + + // With an active chat + req1 := httptest.NewRequest("GET", "/messages/refresh-list?active-chat=1488963321701171204-1178839081222115328", nil) + req1.Header.Set("HX-Request", "true") + resp1 := do_request_with_active_user(req1) + require.Equal(200, resp1.StatusCode) + root1, err := html.Parse(resp1.Body) + require.NoError(err) + assert.Len(cascadia.QueryAll(root1, selector(".chat-list-entry")), 2) + assert.Len(cascadia.QueryAll(root1, selector(".chat-list-entry.chat-list-entry--active-chat")), 1) +} diff --git a/internal/webserver/handler_notifications.go b/internal/webserver/handler_notifications.go index 62602fe..5557e91 100644 --- a/internal/webserver/handler_notifications.go +++ b/internal/webserver/handler_notifications.go @@ -8,6 +8,12 @@ import ( func (app *Application) Notifications(w http.ResponseWriter, r *http.Request) { app.traceLog.Printf("'Notifications' handler (path: %q)", r.URL.Path) + + if app.ActiveUser.ID == 0 { + app.error_401(w, r) + return + } + parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/") if parts[0] == "mark-all-as-read" { app.NotificationsMarkAsRead(w, r) @@ -36,6 +42,10 @@ func (app *Application) Notifications(w http.ResponseWriter, r *http.Request) { } func (app *Application) NotificationsMarkAsRead(w http.ResponseWriter, r *http.Request) { + if app.IsScrapingDisabled { + app.error_401(w, r) + return + } err := app.API.MarkNotificationsAsRead() if err != nil { panic(err) diff --git a/internal/webserver/handler_notifications_test.go b/internal/webserver/handler_notifications_test.go index 8f99064..988fd7b 100644 --- a/internal/webserver/handler_notifications_test.go +++ b/internal/webserver/handler_notifications_test.go @@ -11,6 +11,14 @@ import ( "golang.org/x/net/html" ) +func TestNotificationsRequiresActiveSession(t *testing.T) { + require := require.New(t) + + req := httptest.NewRequest("GET", "/notifications", nil) + resp := do_request(req) + require.Equal(401, resp.StatusCode) +} + func TestNotifications(t *testing.T) { assert := assert.New(t) require := require.New(t) @@ -18,6 +26,7 @@ func TestNotifications(t *testing.T) { // Notifications page req := httptest.NewRequest("GET", "/notifications", nil) resp := do_request_with_active_user(req) + require.Equal(200, resp.StatusCode) root, err := html.Parse(resp.Body) require.NoError(err) assert.Len(cascadia.QueryAll(root, selector(".notification")), 6) @@ -30,3 +39,11 @@ func TestNotifications(t *testing.T) { require.NoError(err) assert.Len(cascadia.QueryAll(root, selector(".notification")), 5) } + +// When scraping is disabled, marking notifs as read should 401 +func TestNotificationsMarkAsRead(t *testing.T) { + require := require.New(t) + + resp := do_request_with_active_user(httptest.NewRequest("GET", "/notifications/mark-all-as-read", nil)) + require.Equal(401, resp.StatusCode) +}