akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity

chore: Add tests for auth cookie extraction and rate limit middleware behavior

Browse Source 
- Implemented tests for `extractAuthCookieToken` to ensure it returns an empty string when the request is nil and ignores non-auth cookies.
- Added tests for `isAdminSecurityControlPlaneRequest` to verify it correctly uses the decoded raw path.
- Enhanced `NewRateLimitMiddleware` tests to check fallback behavior for non-positive window values and to ensure it bypasses rate limiting for control plane bearer requests.
This commit is contained in:
GitHub Actions
2026-02-17 15:13:56 +00:00
parent 0fdaa3fef3
commit 93325bb1ca
3 changed files with 1730 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
backend/internal/api/middleware/auth_test.go
View File

@@ -403,3 +403,27 @@ func TestAuthMiddleware_RejectsTokenAfterSessionInvalidation(t *testing.T) {
assert.Equal(t, http.StatusUnauthorized, w.Code)
}
func TestExtractAuthCookieToken_ReturnsEmptyWhenRequestNil(t *testing.T) {
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = nil
token := extractAuthCookieToken(ctx)
assert.Equal(t, "", token)
}
func TestExtractAuthCookieToken_IgnoresNonAuthCookies(t *testing.T) {
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req, err := http.NewRequest("GET", "/", http.NoBody)
require.NoError(t, err)
req.AddCookie(&http.Cookie{Name: "session", Value: "abc"})
ctx.Request = req
token := extractAuthCookieToken(ctx)
assert.Equal(t, "", token)
}