akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

chore: Refactor test setup for Gin framework

Browse Source 
- Removed redundant `gin.SetMode(gin.TestMode)` calls from individual test files.
- Introduced a centralized `TestMain` function in `testmain_test.go` to set the Gin mode for all tests.
- Ensured consistent test environment setup across various handler test files.
This commit is contained in:
GitHub Actions
2026-03-25 22:00:07 +00:00
parent f40fca844f
commit e6c4e46dd8
93 changed files with 58 additions and 1203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/internal/api/handlers/access_list_handler_coverage_test.go
View File

@@ -121,7 +121,6 @@ func TestAccessListHandler_List_DBError(t *testing.T) {
db, _ := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
// Don't migrate the table to cause error
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewAccessListHandler(db)
@@ -138,7 +137,6 @@ func TestAccessListHandler_Get_DBError(t *testing.T) {
db, _ := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
// Don't migrate the table to cause error
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewAccessListHandler(db)
@@ -157,7 +155,6 @@ func TestAccessListHandler_Delete_InternalError(t *testing.T) {
// Migrate AccessList but not ProxyHost to cause internal error on delete
_ = db.AutoMigrate(&models.AccessList{})
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewAccessListHandler(db)
@@ -285,7 +282,6 @@ func TestAccessListHandler_TestIP_InternalError(t *testing.T) {
db, _ := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
// Don't migrate - this causes a "no such table" error which is an internal error
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewAccessListHandler(db)

1
backend/internal/api/handlers/access_list_handler_test.go
View File

@@ -21,7 +21,6 @@ func setupAccessListTestRouter(t *testing.T) (*gin.Engine, *gorm.DB) {
err = db.AutoMigrate(&models.AccessList{}, &models.ProxyHost{})
assert.NoError(t, err)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewAccessListHandler(db)

37
backend/internal/api/handlers/additional_coverage_test.go
View File

@@ -27,7 +27,6 @@ func setupImportCoverageDB(t *testing.T) *gorm.DB {
}
func TestImportHandler_Commit_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -44,7 +43,6 @@ func TestImportHandler_Commit_InvalidJSON(t *testing.T) {
}
func TestImportHandler_Commit_InvalidSessionUUID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -67,7 +65,6 @@ func TestImportHandler_Commit_InvalidSessionUUID(t *testing.T) {
}
func TestImportHandler_Commit_SessionNotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -98,7 +95,6 @@ func setupRemoteServerCoverageDB2(t *testing.T) *gorm.DB {
}
func TestRemoteServerHandler_TestConnection_Unreachable(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB2(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -137,7 +133,6 @@ func setupSecurityCoverageDB3(t *testing.T) *gorm.DB {
}
func TestSecurityHandler_GetConfig_InternalError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -157,7 +152,6 @@ func TestSecurityHandler_GetConfig_InternalError(t *testing.T) {
}
func TestSecurityHandler_UpdateConfig_ApplyCaddyError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
// Create handler with nil caddy manager (ApplyConfig will be called but is nil)
@@ -181,7 +175,6 @@ func TestSecurityHandler_UpdateConfig_ApplyCaddyError(t *testing.T) {
}
func TestSecurityHandler_GenerateBreakGlass_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -201,7 +194,6 @@ func TestSecurityHandler_GenerateBreakGlass_Error(t *testing.T) {
}
func TestSecurityHandler_ListDecisions_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -220,7 +212,6 @@ func TestSecurityHandler_ListDecisions_Error(t *testing.T) {
}
func TestSecurityHandler_ListRuleSets_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -239,7 +230,6 @@ func TestSecurityHandler_ListRuleSets_Error(t *testing.T) {
}
func TestSecurityHandler_UpsertRuleSet_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -265,7 +255,6 @@ func TestSecurityHandler_UpsertRuleSet_Error(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_LogError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -291,7 +280,6 @@ func TestSecurityHandler_CreateDecision_LogError(t *testing.T) {
}
func TestSecurityHandler_DeleteRuleSet_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSecurityCoverageDB3(t)
h := NewSecurityHandler(config.SecurityConfig{}, db, nil)
@@ -313,7 +301,6 @@ func TestSecurityHandler_DeleteRuleSet_Error(t *testing.T) {
// CrowdSec ImportConfig additional coverage tests
func TestCrowdsec_ImportConfig_EmptyUpload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -344,7 +331,6 @@ func TestCrowdsec_ImportConfig_EmptyUpload(t *testing.T) {
// Backup Handler additional coverage tests
func TestBackupHandler_List_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
// Use a non-writable temp dir to simulate errors
tmpDir := t.TempDir()
@@ -370,7 +356,6 @@ func TestBackupHandler_List_DBError(t *testing.T) {
// ImportHandler UploadMulti coverage tests
func TestImportHandler_UploadMulti_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -387,7 +372,6 @@ func TestImportHandler_UploadMulti_InvalidJSON(t *testing.T) {
}
func TestImportHandler_UploadMulti_MissingCaddyfile(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -411,7 +395,6 @@ func TestImportHandler_UploadMulti_MissingCaddyfile(t *testing.T) {
}
func TestImportHandler_UploadMulti_EmptyContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -435,7 +418,6 @@ func TestImportHandler_UploadMulti_EmptyContent(t *testing.T) {
}
func TestImportHandler_UploadMulti_PathTraversal(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -481,7 +463,6 @@ func setupLogsDownloadTest(t *testing.T) (h *LogsHandler, logsDir string) {
}
func TestLogsHandler_Download_PathTraversal(t *testing.T) {
gin.SetMode(gin.TestMode)
h, _ := setupLogsDownloadTest(t)
w := httptest.NewRecorder()
@@ -496,7 +477,6 @@ func TestLogsHandler_Download_PathTraversal(t *testing.T) {
}
func TestLogsHandler_Download_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
h, _ := setupLogsDownloadTest(t)
w := httptest.NewRecorder()
@@ -511,7 +491,6 @@ func TestLogsHandler_Download_NotFound(t *testing.T) {
}
func TestLogsHandler_Download_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
h, logsDir := setupLogsDownloadTest(t)
// Create a log file to download
@@ -531,7 +510,6 @@ func TestLogsHandler_Download_Success(t *testing.T) {
// Import Handler Upload error tests
func TestImportHandler_Upload_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -548,7 +526,6 @@ func TestImportHandler_Upload_InvalidJSON(t *testing.T) {
}
func TestImportHandler_Upload_EmptyContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -571,7 +548,6 @@ func TestImportHandler_Upload_EmptyContent(t *testing.T) {
// Additional Backup Handler tests
func TestBackupHandler_List_ServiceError(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create a temp dir with invalid permission for backup dir
tmpDir := t.TempDir()
@@ -608,7 +584,6 @@ func TestBackupHandler_List_ServiceError(t *testing.T) {
}
func TestBackupHandler_Delete_PathTraversal(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -639,7 +614,6 @@ func TestBackupHandler_Delete_PathTraversal(t *testing.T) {
}
func TestBackupHandler_Delete_InternalError2(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -689,7 +663,6 @@ func TestBackupHandler_Delete_InternalError2(t *testing.T) {
// Remote Server TestConnection error paths
func TestRemoteServerHandler_TestConnection_NotFound2(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB2(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -704,7 +677,6 @@ func TestRemoteServerHandler_TestConnection_NotFound2(t *testing.T) {
}
func TestRemoteServerHandler_TestConnectionCustom_Unreachable2(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB2(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -735,7 +707,6 @@ func setupAuthCoverageDB(t *testing.T) *gorm.DB {
}
func TestAuthHandler_Register_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuthCoverageDB(t)
cfg := config.Config{JWTSecret: "test-secret"}
@@ -755,7 +726,6 @@ func TestAuthHandler_Register_InvalidJSON(t *testing.T) {
// Health handler coverage
func TestHealthHandler_Basic(t *testing.T) {
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -771,7 +741,6 @@ func TestHealthHandler_Basic(t *testing.T) {
// Backup Create error coverage
func TestBackupHandler_Create_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
// Use a path where database file doesn't exist
tmpDir := t.TempDir()
@@ -811,7 +780,6 @@ func setupSettingsCoverageDB(t *testing.T) *gorm.DB {
}
func TestSettingsHandler_GetSettings_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsCoverageDB(t)
h := NewSettingsHandler(db)
@@ -830,7 +798,6 @@ func TestSettingsHandler_GetSettings_Error(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsCoverageDB(t)
h := NewSettingsHandler(db)
@@ -849,7 +816,6 @@ func TestSettingsHandler_UpdateSetting_InvalidJSON(t *testing.T) {
// Additional remote server TestConnection tests
func TestRemoteServerHandler_TestConnection_Reachable(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB2(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -873,7 +839,6 @@ func TestRemoteServerHandler_TestConnection_Reachable(t *testing.T) {
}
func TestRemoteServerHandler_TestConnection_EmptyHost(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB2(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -900,7 +865,6 @@ func TestRemoteServerHandler_TestConnection_EmptyHost(t *testing.T) {
// Additional UploadMulti test with valid Caddyfile content
func TestImportHandler_UploadMulti_ValidCaddyfile(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")
@@ -925,7 +889,6 @@ func TestImportHandler_UploadMulti_ValidCaddyfile(t *testing.T) {
}
func TestImportHandler_UploadMulti_SubdirFile(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageDB(t)
h := NewImportHandler(db, "", t.TempDir(), "")

9
backend/internal/api/handlers/audit_log_handler_test.go
View File

@@ -30,7 +30,6 @@ func setupAuditLogTestDB(t *testing.T) *gorm.DB {
}
func TestAuditLogHandler_List(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -130,7 +129,6 @@ func TestAuditLogHandler_List(t *testing.T) {
}
func TestAuditLogHandler_Get(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -198,7 +196,6 @@ func TestAuditLogHandler_Get(t *testing.T) {
}
func TestAuditLogHandler_ListByProvider(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -286,7 +283,6 @@ func TestAuditLogHandler_ListByProvider(t *testing.T) {
}
func TestAuditLogHandler_ListWithDateFilters(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -371,7 +367,6 @@ func TestAuditLogHandler_ListWithDateFilters(t *testing.T) {
// TestAuditLogHandler_ServiceErrors tests error handling when service layer fails
func TestAuditLogHandler_ServiceErrors(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -422,7 +417,6 @@ func TestAuditLogHandler_ServiceErrors(t *testing.T) {
// TestAuditLogHandler_List_PaginationBoundaryEdgeCases tests pagination boundary edge cases
func TestAuditLogHandler_List_PaginationBoundaryEdgeCases(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -513,7 +507,6 @@ func TestAuditLogHandler_List_PaginationBoundaryEdgeCases(t *testing.T) {
// TestAuditLogHandler_ListByProvider_PaginationBoundaryEdgeCases tests pagination boundary edge cases for provider list
func TestAuditLogHandler_ListByProvider_PaginationBoundaryEdgeCases(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -583,7 +576,6 @@ func TestAuditLogHandler_ListByProvider_PaginationBoundaryEdgeCases(t *testing.T
// TestAuditLogHandler_List_InvalidDateFormats tests handling of invalid date formats
func TestAuditLogHandler_List_InvalidDateFormats(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditLogTestDB(t)
securityService := services.NewSecurityService(db)
defer securityService.Close()
@@ -624,7 +616,6 @@ func TestAuditLogHandler_List_InvalidDateFormats(t *testing.T) {
// TestAuditLogHandler_Get_InternalError tests Get when service returns internal error
func TestAuditLogHandler_Get_InternalError(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create a fresh DB and immediately close it to simulate internal error
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})

65
backend/internal/api/handlers/auth_handler_test.go
View File

@@ -6,7 +6,6 @@ import (
"encoding/json"
"net/http"
"net/http/httptest"
"os"
"testing"
"github.com/Wikid82/charon/backend/internal/api/middleware"
@@ -45,7 +44,6 @@ func TestAuthHandler_Login(t *testing.T) {
_ = user.SetPassword("password123")
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/login", handler.Login)
@@ -65,9 +63,6 @@ func TestAuthHandler_Login(t *testing.T) {
}
func TestSetSecureCookie_HTTPS_Strict(t *testing.T) {
gin.SetMode(gin.TestMode)
_ = os.Setenv("CHARON_ENV", "production")
defer func() { _ = os.Unsetenv("CHARON_ENV") }()
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "https://example.com/login", http.NoBody)
@@ -83,7 +78,6 @@ func TestSetSecureCookie_HTTPS_Strict(t *testing.T) {
func TestSetSecureCookie_HTTP_Lax(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://192.0.2.10/login", http.NoBody)
@@ -100,7 +94,6 @@ func TestSetSecureCookie_HTTP_Lax(t *testing.T) {
func TestSetSecureCookie_HTTP_Loopback_Insecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://127.0.0.1:8080/login", http.NoBody)
@@ -118,9 +111,6 @@ func TestSetSecureCookie_HTTP_Loopback_Insecure(t *testing.T) {
func TestSetSecureCookie_ForwardedHTTPS_LocalhostForcesInsecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
_ = os.Setenv("CHARON_ENV", "production")
defer func() { _ = os.Unsetenv("CHARON_ENV") }()
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
@@ -139,9 +129,6 @@ func TestSetSecureCookie_ForwardedHTTPS_LocalhostForcesInsecure(t *testing.T) {
func TestSetSecureCookie_ForwardedHTTPS_LoopbackForcesInsecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
_ = os.Setenv("CHARON_ENV", "production")
defer func() { _ = os.Unsetenv("CHARON_ENV") }()
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
@@ -160,9 +147,6 @@ func TestSetSecureCookie_ForwardedHTTPS_LoopbackForcesInsecure(t *testing.T) {
func TestSetSecureCookie_ForwardedHostLocalhostForcesInsecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
_ = os.Setenv("CHARON_ENV", "production")
defer func() { _ = os.Unsetenv("CHARON_ENV") }()
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
@@ -182,9 +166,6 @@ func TestSetSecureCookie_ForwardedHostLocalhostForcesInsecure(t *testing.T) {
func TestSetSecureCookie_OriginLoopbackForcesInsecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
_ = os.Setenv("CHARON_ENV", "production")
defer func() { _ = os.Unsetenv("CHARON_ENV") }()
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
@@ -204,7 +185,6 @@ func TestSetSecureCookie_OriginLoopbackForcesInsecure(t *testing.T) {
func TestSetSecureCookie_HTTP_PrivateIP_Insecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://192.168.1.50:8080/login", http.NoBody)
@@ -222,7 +202,6 @@ func TestSetSecureCookie_HTTP_PrivateIP_Insecure(t *testing.T) {
func TestSetSecureCookie_HTTP_10Network_Insecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://10.0.0.5:8080/login", http.NoBody)
@@ -240,7 +219,6 @@ func TestSetSecureCookie_HTTP_10Network_Insecure(t *testing.T) {
func TestSetSecureCookie_HTTP_172Network_Insecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://172.16.0.1:8080/login", http.NoBody)
@@ -258,7 +236,6 @@ func TestSetSecureCookie_HTTP_172Network_Insecure(t *testing.T) {
func TestSetSecureCookie_HTTPS_PrivateIP_Secure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "https://192.168.1.50:8080/login", http.NoBody)
@@ -276,7 +253,6 @@ func TestSetSecureCookie_HTTPS_PrivateIP_Secure(t *testing.T) {
func TestSetSecureCookie_HTTP_IPv6ULA_Insecure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://[fd12::1]:8080/login", http.NoBody)
@@ -294,7 +270,6 @@ func TestSetSecureCookie_HTTP_IPv6ULA_Insecure(t *testing.T) {
func TestSetSecureCookie_HTTP_PublicIP_Secure(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
req := httptest.NewRequest("POST", "http://203.0.113.5:8080/login", http.NoBody)
@@ -322,7 +297,6 @@ func TestIsProduction(t *testing.T) {
}
func TestRequestScheme(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Run("forwarded proto first value wins", func(t *testing.T) {
recorder := httptest.NewRecorder()
@@ -393,7 +367,6 @@ func TestHostHelpers(t *testing.T) {
}
func TestIsLocalRequest(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Run("forwarded host list includes localhost", func(t *testing.T) {
recorder := httptest.NewRecorder()
@@ -428,7 +401,6 @@ func TestIsLocalRequest(t *testing.T) {
}
func TestClearSecureCookie(t *testing.T) {
gin.SetMode(gin.TestMode)
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest("POST", "http://example.com/logout", http.NoBody)
@@ -445,7 +417,6 @@ func TestClearSecureCookie(t *testing.T) {
func TestAuthHandler_Login_Errors(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/login", handler.Login)
@@ -473,7 +444,6 @@ func TestAuthHandler_Register(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/register", handler.Register)
@@ -497,7 +467,6 @@ func TestAuthHandler_Register_Duplicate(t *testing.T) {
handler, db := setupAuthHandler(t)
db.Create(&models.User{UUID: uuid.NewString(), Email: "dup@example.com", Name: "Dup"})
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/register", handler.Register)
@@ -519,7 +488,6 @@ func TestAuthHandler_Logout(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/logout", handler.Logout)
@@ -548,7 +516,6 @@ func TestAuthHandler_Me(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
// Simulate middleware
r.Use(func(c *gin.Context) {
@@ -574,7 +541,6 @@ func TestAuthHandler_Me(t *testing.T) {
func TestAuthHandler_Me_NotFound(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(999)) // Non-existent ID
@@ -602,7 +568,6 @@ func TestAuthHandler_ChangePassword(t *testing.T) {
_ = user.SetPassword("oldpassword")
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
// Simulate middleware
r.Use(func(c *gin.Context) {
@@ -637,7 +602,6 @@ func TestAuthHandler_ChangePassword_WrongOld(t *testing.T) {
_ = user.SetPassword("correct")
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -661,7 +625,6 @@ func TestAuthHandler_ChangePassword_WrongOld(t *testing.T) {
func TestAuthHandler_ChangePassword_Errors(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/change-password", handler.ChangePassword)
@@ -708,7 +671,6 @@ func TestNewAuthHandlerWithDB(t *testing.T) {
func TestAuthHandler_Verify_NoCookie(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -723,7 +685,6 @@ func TestAuthHandler_Verify_NoCookie(t *testing.T) {
func TestAuthHandler_Verify_InvalidToken(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -753,7 +714,6 @@ func TestAuthHandler_Verify_ValidToken(t *testing.T) {
// Generate token
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -783,7 +743,6 @@ func TestAuthHandler_Verify_BearerToken(t *testing.T) {
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -813,7 +772,6 @@ func TestAuthHandler_Verify_DisabledUser(t *testing.T) {
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -853,7 +811,6 @@ func TestAuthHandler_Verify_ForwardAuthDenied(t *testing.T) {
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -869,7 +826,6 @@ func TestAuthHandler_Verify_ForwardAuthDenied(t *testing.T) {
func TestAuthHandler_VerifyStatus_NotAuthenticated(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/status", handler.VerifyStatus)
@@ -886,7 +842,6 @@ func TestAuthHandler_VerifyStatus_NotAuthenticated(t *testing.T) {
func TestAuthHandler_VerifyStatus_InvalidToken(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/status", handler.VerifyStatus)
@@ -917,7 +872,6 @@ func TestAuthHandler_VerifyStatus_Authenticated(t *testing.T) {
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/status", handler.VerifyStatus)
@@ -951,7 +905,6 @@ func TestAuthHandler_VerifyStatus_DisabledUser(t *testing.T) {
token, _ := handler.authService.GenerateToken(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/status", handler.VerifyStatus)
@@ -969,7 +922,6 @@ func TestAuthHandler_VerifyStatus_DisabledUser(t *testing.T) {
func TestAuthHandler_GetAccessibleHosts_Unauthorized(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/hosts", handler.GetAccessibleHosts)
@@ -1000,7 +952,6 @@ func TestAuthHandler_GetAccessibleHosts_AllowAll(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1037,7 +988,6 @@ func TestAuthHandler_GetAccessibleHosts_DenyAll(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1077,7 +1027,6 @@ func TestAuthHandler_GetAccessibleHosts_PermittedHosts(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1100,7 +1049,6 @@ func TestAuthHandler_GetAccessibleHosts_UserNotFound(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(99999))
@@ -1118,7 +1066,6 @@ func TestAuthHandler_GetAccessibleHosts_UserNotFound(t *testing.T) {
func TestAuthHandler_CheckHostAccess_Unauthorized(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/hosts/:hostId/access", handler.CheckHostAccess)
@@ -1136,7 +1083,6 @@ func TestAuthHandler_CheckHostAccess_InvalidHostID(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "check@example.com", Enabled: true}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1166,7 +1112,6 @@ func TestAuthHandler_CheckHostAccess_Allowed(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1199,7 +1144,6 @@ func TestAuthHandler_CheckHostAccess_Denied(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1276,7 +1220,6 @@ func TestAuthHandler_Me_RequiresUserContext(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/me", handler.Me)
@@ -1360,7 +1303,6 @@ func TestAuthHandler_Refresh(t *testing.T) {
require.NoError(t, user.SetPassword("password123"))
require.NoError(t, db.Create(user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/refresh", func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -1381,7 +1323,6 @@ func TestAuthHandler_Refresh_Unauthorized(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/refresh", handler.Refresh)
@@ -1396,7 +1337,6 @@ func TestAuthHandler_Register_BadRequest(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/register", handler.Register)
@@ -1412,7 +1352,6 @@ func TestAuthHandler_Logout_InvalidateSessionsFailure(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(999999))
@@ -1456,7 +1395,6 @@ func TestAuthHandler_Verify_UsesOriginalHostFallback(t *testing.T) {
token, err := handler.authService.GenerateToken(user)
require.NoError(t, err)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/verify", handler.Verify)
@@ -1474,7 +1412,6 @@ func TestAuthHandler_GetAccessibleHosts_DatabaseUnavailable(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(1))
@@ -1494,7 +1431,6 @@ func TestAuthHandler_CheckHostAccess_DatabaseUnavailable(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(1))
@@ -1514,7 +1450,6 @@ func TestAuthHandler_CheckHostAccess_UserNotFound(t *testing.T) {
t.Parallel()
handler, _ := setupAuthHandlerWithDB(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", uint(999999))

1
backend/internal/api/handlers/backup_handler_sanitize_test.go
View File

@@ -16,7 +16,6 @@ import (
)
func TestBackupHandlerSanitizesFilename(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// prepare a fake "database"
dbPath := filepath.Join(tmpDir, "db.sqlite")

1
backend/internal/api/handlers/cerberus_logs_ws_test.go
View File

@@ -21,7 +21,6 @@ import (
)
func init() {
gin.SetMode(gin.TestMode)
}
// TestCerberusLogsHandler_NewHandler verifies handler creation.

8
backend/internal/api/handlers/certificate_handler_coverage_test.go
View File

@@ -16,7 +16,6 @@ func TestCertificateHandler_List_DBError(t *testing.T) {
db := OpenTestDB(t)
// Don't migrate to cause error
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -33,7 +32,6 @@ func TestCertificateHandler_List_DBError(t *testing.T) {
func TestCertificateHandler_Delete_InvalidID(t *testing.T) {
db := OpenTestDBWithMigrations(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -50,7 +48,6 @@ func TestCertificateHandler_Delete_InvalidID(t *testing.T) {
func TestCertificateHandler_Delete_NotFound(t *testing.T) {
db := OpenTestDBWithMigrations(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -71,7 +68,6 @@ func TestCertificateHandler_Delete_NoBackupService(t *testing.T) {
cert := models.SSLCertificate{UUID: "test-cert-no-backup", Name: "no-backup-cert", Provider: "custom", Domains: "nobackup.example.com"}
db.Create(&cert)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -97,7 +93,6 @@ func TestCertificateHandler_Delete_CheckUsageDBError(t *testing.T) {
cert := models.SSLCertificate{UUID: "test-cert-db-err", Name: "db-error-cert", Provider: "custom", Domains: "dberr.example.com"}
db.Create(&cert)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -118,7 +113,6 @@ func TestCertificateHandler_List_WithCertificates(t *testing.T) {
db.Create(&models.SSLCertificate{UUID: "cert-1", Name: "Cert 1", Provider: "custom", Domains: "one.example.com"})
db.Create(&models.SSLCertificate{UUID: "cert-2", Name: "Cert 2", Provider: "custom", Domains: "two.example.com"})
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -139,7 +133,6 @@ func TestCertificateHandler_Delete_ZeroID(t *testing.T) {
// DELETE /api/certificates/0 should return 400 Bad Request
db := OpenTestDBWithMigrations(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -173,7 +166,6 @@ func TestCertificateHandler_DBSetupOrdering(t *testing.T) {
t.Fatalf("expected proxy_hosts table to exist before service initialization")
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())

5
backend/internal/api/handlers/certificate_handler_security_test.go
View File

@@ -25,7 +25,6 @@ func TestCertificateHandler_Delete_RequiresAuth(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
// Add a middleware that rejects all unauthenticated requests
r.Use(func(c *gin.Context) {
@@ -55,7 +54,6 @@ func TestCertificateHandler_List_RequiresAuth(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
// Add a middleware that rejects all unauthenticated requests
r.Use(func(c *gin.Context) {
@@ -85,7 +83,6 @@ func TestCertificateHandler_Upload_RequiresAuth(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
// Add a middleware that rejects all unauthenticated requests
r.Use(func(c *gin.Context) {
@@ -126,7 +123,6 @@ func TestCertificateHandler_Delete_DiskSpaceCheck(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -179,7 +175,6 @@ func TestCertificateHandler_Delete_NotificationRateLimiting(t *testing.T) {
t.Fatalf("failed to create cert2: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)

19
backend/internal/api/handlers/certificate_handler_test.go
View File

@@ -36,7 +36,6 @@ func mockAuthMiddleware() gin.HandlerFunc {
func setupCertTestRouter(t *testing.T, db *gorm.DB) *gin.Engine {
t.Helper()
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
@@ -110,7 +109,6 @@ func TestDeleteCertificate_CreatesBackup(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -164,7 +162,6 @@ func TestDeleteCertificate_BackupFailure(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -218,7 +215,6 @@ func TestDeleteCertificate_InUse_NoBackup(t *testing.T) {
t.Fatalf("failed to create proxy host: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -296,7 +292,6 @@ func TestCertificateHandler_List(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
r.Use(mockAuthMiddleware())
@@ -324,7 +319,6 @@ func TestCertificateHandler_Upload_MissingName(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -352,7 +346,6 @@ func TestCertificateHandler_Upload_MissingCertFile(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -383,7 +376,6 @@ func TestCertificateHandler_Upload_MissingKeyFile(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -410,7 +402,6 @@ func TestCertificateHandler_Upload_MissingKeyFile_MultipartWithCert(t *testing.T
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -450,7 +441,6 @@ func TestCertificateHandler_Upload_Success(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
@@ -525,7 +515,6 @@ func TestCertificateHandler_Upload_WithNotificationService(t *testing.T) {
require.NoError(t, err)
require.NoError(t, db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}, &models.Setting{}, &models.NotificationProvider{}))
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
@@ -564,7 +553,6 @@ func TestDeleteCertificate_InvalidID(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -590,7 +578,6 @@ func TestDeleteCertificate_ZeroID(t *testing.T) {
t.Fatalf("failed to migrate: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -622,7 +609,6 @@ func TestDeleteCertificate_LowDiskSpace(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -671,7 +657,6 @@ func TestDeleteCertificate_DiskSpaceCheckError(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -730,7 +715,6 @@ func TestDeleteCertificate_ExpiredLetsEncrypt_NotInUse(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -789,7 +773,6 @@ func TestDeleteCertificate_ValidLetsEncrypt_NotInUse(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -835,7 +818,6 @@ func TestDeleteCertificate_UsageCheckError(t *testing.T) {
t.Fatalf("failed to create cert: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)
@@ -873,7 +855,6 @@ func TestDeleteCertificate_NotificationRateLimit(t *testing.T) {
t.Fatalf("failed to create cert2: %v", err)
}
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(mockAuthMiddleware())
svc := services.NewCertificateService("/tmp", db)

16
backend/internal/api/handlers/coverage_helpers_test.go
View File

@@ -129,7 +129,6 @@ func Test_mapCrowdsecStatus(t *testing.T) {
// Test actorFromContext helper function
func Test_actorFromContext(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Run("with userID in context", func(t *testing.T) {
c, _ := gin.CreateTestContext(httptest.NewRecorder())
@@ -157,7 +156,6 @@ func Test_actorFromContext(t *testing.T) {
// Test hubEndpoints helper function
func Test_hubEndpoints(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Run("nil Hub returns nil", func(t *testing.T) {
h := &CrowdsecHandler{Hub: nil}
@@ -193,7 +191,6 @@ func TestRealCommandExecutor_Execute(t *testing.T) {
// Test isCerberusEnabled helper
func Test_isCerberusEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}))
@@ -243,7 +240,6 @@ func Test_isCerberusEnabled(t *testing.T) {
// Test isConsoleEnrollmentEnabled helper
func Test_isConsoleEnrollmentEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}))
@@ -293,7 +289,6 @@ func Test_isConsoleEnrollmentEnabled(t *testing.T) {
// Test CrowdsecHandler.ExportConfig
func TestCrowdsecHandler_ExportConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -320,7 +315,6 @@ func TestCrowdsecHandler_ExportConfig(t *testing.T) {
// Test CrowdsecHandler.CheckLAPIHealth
func TestCrowdsecHandler_CheckLAPIHealth(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -340,7 +334,6 @@ func TestCrowdsecHandler_CheckLAPIHealth(t *testing.T) {
// Test CrowdsecHandler Console endpoints
func TestCrowdsecHandler_ConsoleStatus(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}, &models.CrowdsecConsoleEnrollment{}))
@@ -362,7 +355,6 @@ func TestCrowdsecHandler_ConsoleStatus(t *testing.T) {
}
func TestCrowdsecHandler_ConsoleEnroll_Disabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -385,7 +377,6 @@ func TestCrowdsecHandler_ConsoleEnroll_Disabled(t *testing.T) {
}
func TestCrowdsecHandler_DeleteConsoleEnrollment(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -405,7 +396,6 @@ func TestCrowdsecHandler_DeleteConsoleEnrollment(t *testing.T) {
// Test CrowdsecHandler.BanIP and UnbanIP
func TestCrowdsecHandler_BanIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -434,7 +424,6 @@ func TestCrowdsecHandler_BanIP(t *testing.T) {
}
func TestCrowdsecHandler_UnbanIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -460,7 +449,6 @@ func TestCrowdsecHandler_UnbanIP(t *testing.T) {
// Test CrowdsecHandler.UpdateAcquisitionConfig
func TestCrowdsecHandler_UpdateAcquisitionConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -540,7 +528,6 @@ func Test_safeFloat64ToUint(t *testing.T) {
// Test CrowdsecHandler_DiagnosticsConnectivity
func TestCrowdsecHandler_DiagnosticsConnectivity(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}, &models.CrowdsecConsoleEnrollment{}))
@@ -569,7 +556,6 @@ func TestCrowdsecHandler_DiagnosticsConnectivity(t *testing.T) {
// Test CrowdsecHandler_DiagnosticsConfig
func TestCrowdsecHandler_DiagnosticsConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -595,7 +581,6 @@ func TestCrowdsecHandler_DiagnosticsConfig(t *testing.T) {
// Test CrowdsecHandler_ConsoleHeartbeat
func TestCrowdsecHandler_ConsoleHeartbeat(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}, &models.CrowdsecConsoleEnrollment{}))
@@ -623,7 +608,6 @@ func TestCrowdsecHandler_ConsoleHeartbeat(t *testing.T) {
// Test CrowdsecHandler_ConsoleHeartbeat_Disabled
func TestCrowdsecHandler_ConsoleHeartbeat_Disabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))

1
backend/internal/api/handlers/coverage_quick_test.go
View File

@@ -33,7 +33,6 @@ func createValidSQLiteDB(t *testing.T, dbPath string) error {
// Use a real BackupService, but point it at tmpDir for isolation
func TestBackupHandlerQuick(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// Create a valid SQLite database for backup operations
dbPath := filepath.Join(tmpDir, "db.sqlite")

1
backend/internal/api/handlers/credential_handler_test.go
View File

@@ -31,7 +31,6 @@ func setupCredentialHandlerTest(t *testing.T) (*gin.Engine, *gorm.DB, *models.DN
_ = os.Unsetenv("CHARON_ENCRYPTION_KEY")
})
gin.SetMode(gin.TestMode)
router := gin.New()
// Use test name for unique database with WAL mode to avoid locking issues

2
backend/internal/api/handlers/crowdsec_archive_validation_test.go
View File

@@ -251,7 +251,6 @@ func TestConfigArchiveValidator_RequiredFiles(t *testing.T) {
// TestImportConfig_Validation tests the enhanced ImportConfig handler with validation.
func TestImportConfig_Validation(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -320,7 +319,6 @@ func TestImportConfig_Validation(t *testing.T) {
// TestImportConfig_Rollback tests backup restoration on validation failure.
func TestImportConfig_Rollback(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()

1
backend/internal/api/handlers/crowdsec_cache_verification_test.go
View File

@@ -16,7 +16,6 @@ import (
// TestListPresetsShowsCachedStatus verifies the /presets endpoint marks cached presets.
func TestListPresetsShowsCachedStatus(t *testing.T) {
gin.SetMode(gin.TestMode)
cacheDir := t.TempDir()
dataDir := t.TempDir()

6
backend/internal/api/handlers/crowdsec_coverage_boost_test.go
View File

@@ -16,7 +16,6 @@ import (
// ============================================
func TestUpdateAcquisitionConfigMissingContent(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -33,7 +32,6 @@ func TestUpdateAcquisitionConfigMissingContent(t *testing.T) {
}
func TestUpdateAcquisitionConfigInvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -49,7 +47,6 @@ func TestUpdateAcquisitionConfigInvalidJSON(t *testing.T) {
}
func TestGetLAPIDecisionsWithIPFilter(t *testing.T) {
gin.SetMode(gin.TestMode)
mockExec := &mockCommandExecutor{output: []byte(`[]`), err: nil}
h := &CrowdsecHandler{
CmdExec: mockExec,
@@ -68,7 +65,6 @@ func TestGetLAPIDecisionsWithIPFilter(t *testing.T) {
}
func TestGetLAPIDecisionsWithScopeFilter(t *testing.T) {
gin.SetMode(gin.TestMode)
mockExec := &mockCommandExecutor{output: []byte(`[]`), err: nil}
h := &CrowdsecHandler{
CmdExec: mockExec,
@@ -86,7 +82,6 @@ func TestGetLAPIDecisionsWithScopeFilter(t *testing.T) {
}
func TestGetLAPIDecisionsWithTypeFilter(t *testing.T) {
gin.SetMode(gin.TestMode)
mockExec := &mockCommandExecutor{output: []byte(`[]`), err: nil}
h := &CrowdsecHandler{
CmdExec: mockExec,
@@ -104,7 +99,6 @@ func TestGetLAPIDecisionsWithTypeFilter(t *testing.T) {
}
func TestGetLAPIDecisionsWithMultipleFilters(t *testing.T) {
gin.SetMode(gin.TestMode)
mockExec := &mockCommandExecutor{output: []byte(`[]`), err: nil}
h := &CrowdsecHandler{
CmdExec: mockExec,

3
backend/internal/api/handlers/crowdsec_coverage_gap_test.go
View File

@@ -32,7 +32,6 @@ func (m *MockCommandExecutor) ExecuteWithEnv(ctx context.Context, name string, a
// TestConsoleEnrollMissingKey covers the "enrollment_key required" branch
func TestConsoleEnrollMissingKey(t *testing.T) {
gin.SetMode(gin.TestMode)
mockExec := new(MockCommandExecutor)
@@ -59,7 +58,6 @@ func TestConsoleEnrollMissingKey(t *testing.T) {
// TestGetCachedPreset_ValidationAndMiss covers path param validation empty check (if any) and cache miss
func TestGetCachedPreset_ValidationAndMiss(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
cache, _ := crowdsec.NewHubCache(tmpDir, time.Hour)
@@ -86,7 +84,6 @@ func TestGetCachedPreset_ValidationAndMiss(t *testing.T) {
}
func TestGetCachedPreset_SlugRequired(t *testing.T) {
gin.SetMode(gin.TestMode)
h := &CrowdsecHandler{}
t.Setenv("FEATURE_CERBERUS_ENABLED", "1")

12
backend/internal/api/handlers/crowdsec_coverage_target_test.go
View File

@@ -22,7 +22,6 @@ import (
// TestUpdateAcquisitionConfigSuccess tests successful config update
func TestUpdateAcquisitionConfigSuccess(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// Create fake acquis.yaml path in tmp
@@ -50,7 +49,6 @@ func TestUpdateAcquisitionConfigSuccess(t *testing.T) {
// TestRegisterBouncerScriptPathError tests script not found
func TestRegisterBouncerScriptPathError(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -92,7 +90,6 @@ func (f *fakeExecWithOutput) Status(ctx context.Context, configDir string) (runn
// TestGetLAPIDecisionsRequestError tests request creation error
func TestGetLAPIDecisionsEmptyResponse(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -109,7 +106,6 @@ func TestGetLAPIDecisionsEmptyResponse(t *testing.T) {
// TestGetLAPIDecisionsWithFilters tests query parameter handling
func TestGetLAPIDecisionsIPQueryParam(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -124,7 +120,6 @@ func TestGetLAPIDecisionsIPQueryParam(t *testing.T) {
// TestGetLAPIDecisionsScopeParam tests scope parameter
func TestGetLAPIDecisionsScopeParam(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -139,7 +134,6 @@ func TestGetLAPIDecisionsScopeParam(t *testing.T) {
// TestGetLAPIDecisionsTypeParam tests type parameter
func TestGetLAPIDecisionsTypeParam(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -154,7 +148,6 @@ func TestGetLAPIDecisionsTypeParam(t *testing.T) {
// TestGetLAPIDecisionsCombinedParams tests multiple query params
func TestGetLAPIDecisionsCombinedParams(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -169,7 +162,6 @@ func TestGetLAPIDecisionsCombinedParams(t *testing.T) {
// TestCheckLAPIHealthTimeout tests health check
func TestCheckLAPIHealthRequest(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -223,7 +215,6 @@ func TestGetLAPIKeyAlternative(t *testing.T) {
// TestStatusContextTimeout tests context handling
func TestStatusRequest(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")
@@ -238,7 +229,6 @@ func TestStatusRequest(t *testing.T) {
// TestRegisterBouncerExecutionSuccess tests successful registration
func TestRegisterBouncerFlow(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// Create fake script
@@ -267,7 +257,6 @@ func TestRegisterBouncerFlow(t *testing.T) {
// TestRegisterBouncerWithError tests execution error
func TestRegisterBouncerExecutionFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// Create fake script
@@ -294,7 +283,6 @@ func TestRegisterBouncerExecutionFailure(t *testing.T) {
// TestGetAcquisitionConfigFileError tests file read error
func TestGetAcquisitionConfigNotPresent(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
r := gin.New()
g := r.Group("/api/v1")

4
backend/internal/api/handlers/crowdsec_dashboard.go
View File

@@ -203,7 +203,7 @@ func (h *CrowdsecHandler) fetchActiveDecisionCount(ctx context.Context) int64 {
}
}
baseURL, err := validateCrowdsecLAPIBaseURL(lapiURL)
baseURL, err := h.resolveLAPIURLValidator(lapiURL)
if err != nil {
return -1
}
@@ -476,7 +476,7 @@ func (h *CrowdsecHandler) fetchLAPIAlerts(ctx context.Context, since time.Time,
}
}
baseURL, err := validateCrowdsecLAPIBaseURL(lapiURL)
baseURL, err := h.resolveLAPIURLValidator(lapiURL)
if err != nil {
return h.fetchAlertsCscli(ctx, scenario, limit)
}

85
backend/internal/api/handlers/crowdsec_dashboard_test.go
View File

@@ -19,7 +19,6 @@ import (
// setupDashboardHandler creates a CrowdsecHandler with an in-memory DB seeded with decisions.
func setupDashboardHandler(t *testing.T) (*CrowdsecHandler, *gin.Engine) {
t.Helper()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
@@ -419,7 +418,6 @@ func TestDashboardCache_TTLExpiry_DeletesEntry(t *testing.T) {
func TestDashboardSummary_DecisionsTrend(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
@@ -582,7 +580,6 @@ func TestDashboardSummary_7dRange(t *testing.T) {
func TestDashboardSummary_TrendNegative100(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
@@ -914,7 +911,6 @@ func TestExportDecisions_AllSources(t *testing.T) {
func TestDashboardSummary_ActiveDecisions_LAPIReachable(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -922,12 +918,6 @@ func TestDashboardSummary_ActiveDecisions_LAPIReachable(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
@@ -938,6 +928,7 @@ func TestDashboardSummary_ActiveDecisions_LAPIReachable(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -961,19 +952,12 @@ func TestDashboardSummary_ActiveDecisions_LAPIReachable(t *testing.T) {
func TestDashboardSummary_ActiveDecisions_LAPIBadStatus(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusInternalServerError)
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -981,6 +965,7 @@ func TestDashboardSummary_ActiveDecisions_LAPIBadStatus(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -998,7 +983,6 @@ func TestDashboardSummary_ActiveDecisions_LAPIBadStatus(t *testing.T) {
func TestDashboardSummary_ActiveDecisions_LAPIBadJSON(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1006,12 +990,6 @@ func TestDashboardSummary_ActiveDecisions_LAPIBadJSON(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1019,6 +997,7 @@ func TestDashboardSummary_ActiveDecisions_LAPIBadJSON(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1036,7 +1015,6 @@ func TestDashboardSummary_ActiveDecisions_LAPIBadJSON(t *testing.T) {
func TestListAlerts_LAPISuccess(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1044,12 +1022,6 @@ func TestListAlerts_LAPISuccess(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1057,6 +1029,7 @@ func TestListAlerts_LAPISuccess(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1075,7 +1048,6 @@ func TestListAlerts_LAPISuccess(t *testing.T) {
func TestListAlerts_LAPISuccessWithOffset(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1083,12 +1055,6 @@ func TestListAlerts_LAPISuccessWithOffset(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1096,6 +1062,7 @@ func TestListAlerts_LAPISuccessWithOffset(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1116,7 +1083,6 @@ func TestListAlerts_LAPISuccessWithOffset(t *testing.T) {
func TestListAlerts_LAPISuccessWithLargeOffset(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1124,12 +1090,6 @@ func TestListAlerts_LAPISuccessWithLargeOffset(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1137,6 +1097,7 @@ func TestListAlerts_LAPISuccessWithLargeOffset(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1159,7 +1120,6 @@ func TestListAlerts_LAPISuccessWithLargeOffset(t *testing.T) {
func TestListAlerts_LAPISuccessWithLimitSlicing(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1167,12 +1127,6 @@ func TestListAlerts_LAPISuccessWithLimitSlicing(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1180,6 +1134,7 @@ func TestListAlerts_LAPISuccessWithLimitSlicing(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1200,7 +1155,6 @@ func TestListAlerts_LAPISuccessWithLimitSlicing(t *testing.T) {
func TestListAlerts_LAPIBadJSON(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -1208,12 +1162,6 @@ func TestListAlerts_LAPIBadJSON(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1221,6 +1169,7 @@ func TestListAlerts_LAPIBadJSON(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1239,19 +1188,12 @@ func TestListAlerts_LAPIBadJSON(t *testing.T) {
func TestListAlerts_LAPIBadStatus(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusForbidden)
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1259,6 +1201,7 @@ func TestListAlerts_LAPIBadStatus(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1276,7 +1219,6 @@ func TestListAlerts_LAPIBadStatus(t *testing.T) {
func TestListAlerts_LAPIWithScenarioFilter(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
var capturedQuery string
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -1286,12 +1228,6 @@ func TestListAlerts_LAPIWithScenarioFilter(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() { validateCrowdsecLAPIBaseURLFunc = original })
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
require.NoError(t, db.Create(&models.SecurityConfig{
@@ -1299,6 +1235,7 @@ func TestListAlerts_LAPIWithScenarioFilter(t *testing.T) {
}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", t.TempDir())
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
@@ -1314,7 +1251,6 @@ func TestListAlerts_LAPIWithScenarioFilter(t *testing.T) {
func TestFetchAlertsCscli_ErrorExec(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))
@@ -1345,7 +1281,6 @@ func TestFetchAlertsCscli_ErrorExec(t *testing.T) {
func TestFetchAlertsCscli_ValidJSON(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityConfig{}, &models.Setting{}))

13
backend/internal/api/handlers/crowdsec_decisions_test.go
View File

@@ -28,7 +28,6 @@ func (m *mockCommandExecutor) Execute(ctx context.Context, name string, args ...
}
func TestListDecisions_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -67,7 +66,6 @@ func TestListDecisions_Success(t *testing.T) {
}
func TestListDecisions_EmptyList(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -98,7 +96,6 @@ func TestListDecisions_EmptyList(t *testing.T) {
}
func TestListDecisions_CscliError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -130,7 +127,6 @@ func TestListDecisions_CscliError(t *testing.T) {
}
func TestListDecisions_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -154,7 +150,6 @@ func TestListDecisions_InvalidJSON(t *testing.T) {
}
func TestBanIP_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -205,7 +200,6 @@ func TestBanIP_Success(t *testing.T) {
}
func TestBanIP_DefaultDuration(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -245,7 +239,6 @@ func TestBanIP_DefaultDuration(t *testing.T) {
}
func TestBanIP_MissingIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -268,7 +261,6 @@ func TestBanIP_MissingIP(t *testing.T) {
}
func TestBanIP_EmptyIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -293,7 +285,6 @@ func TestBanIP_EmptyIP(t *testing.T) {
}
func TestBanIP_CscliError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -323,7 +314,6 @@ func TestBanIP_CscliError(t *testing.T) {
}
func TestUnbanIP_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -357,7 +347,6 @@ func TestUnbanIP_Success(t *testing.T) {
}
func TestUnbanIP_CscliError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -381,7 +370,6 @@ func TestUnbanIP_CscliError(t *testing.T) {
}
func TestListDecisions_MultipleDecisions(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -430,7 +418,6 @@ func TestListDecisions_MultipleDecisions(t *testing.T) {
}
func TestBanIP_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()

44
backend/internal/api/handlers/crowdsec_handler.go
View File

@@ -68,6 +68,11 @@ type CrowdsecHandler struct {
LAPIPollInterval time.Duration // For testing; 0 means 500ms default
dashCache *dashboardCache
// validateLAPIURL validates and parses a LAPI base URL.
// This field allows tests to inject a permissive validator for mock servers
// without mutating package-level state (which causes data races).
validateLAPIURL func(string) (*url.URL, error)
// registrationMutex protects concurrent bouncer registration attempts
registrationMutex sync.Mutex
@@ -85,6 +90,14 @@ const (
bouncerName = "caddy-bouncer"
)
// resolveLAPIURLValidator returns the handler's validator or the default.
func (h *CrowdsecHandler) resolveLAPIURLValidator(raw string) (*url.URL, error) {
if h.validateLAPIURL != nil {
return h.validateLAPIURL(raw)
}
return validateCrowdsecLAPIBaseURLDefault(raw)
}
func (h *CrowdsecHandler) bouncerKeyPath() string {
if h != nil && strings.TrimSpace(h.DataDir) != "" {
return filepath.Join(h.DataDir, "bouncer_key")
@@ -371,15 +384,16 @@ func NewCrowdsecHandler(db *gorm.DB, executor CrowdsecExecutor, binPath, dataDir
consoleSvc = crowdsec.NewConsoleEnrollmentService(db, &crowdsec.SecureCommandExecutor{}, dataDir, consoleSecret)
}
return &CrowdsecHandler{
DB: db,
Executor: executor,
CmdExec: &RealCommandExecutor{},
BinPath: binPath,
DataDir: dataDir,
Hub: hubSvc,
Console: consoleSvc,
Security: securitySvc,
dashCache: newDashboardCache(),
DB: db,
Executor: executor,
CmdExec: &RealCommandExecutor{},
BinPath: binPath,
DataDir: dataDir,
Hub: hubSvc,
Console: consoleSvc,
Security: securitySvc,
dashCache: newDashboardCache(),
validateLAPIURL: validateCrowdsecLAPIBaseURLDefault,
}
}
@@ -1444,18 +1458,10 @@ const (
defaultCrowdsecLAPIPort = 8085
)
// validateCrowdsecLAPIBaseURLFunc is a variable holding the LAPI URL validation function.
// This indirection allows tests to inject a permissive validator for mock servers.
var validateCrowdsecLAPIBaseURLFunc = validateCrowdsecLAPIBaseURLDefault
func validateCrowdsecLAPIBaseURLDefault(raw string) (*url.URL, error) {
return security.ValidateInternalServiceBaseURL(raw, defaultCrowdsecLAPIPort, security.InternalServiceHostAllowlist())
}
func validateCrowdsecLAPIBaseURL(raw string) (*url.URL, error) {
return validateCrowdsecLAPIBaseURLFunc(raw)
}
// GetLAPIDecisions queries CrowdSec LAPI directly for current decisions.
// This is an alternative to ListDecisions which uses cscli.
// Query params:
@@ -1473,7 +1479,7 @@ func (h *CrowdsecHandler) GetLAPIDecisions(c *gin.Context) {
}
}
baseURL, err := validateCrowdsecLAPIBaseURL(lapiURL)
baseURL, err := h.resolveLAPIURLValidator(lapiURL)
if err != nil {
logger.Log().WithError(err).WithField("lapi_url", lapiURL).Warn("Blocked CrowdSec LAPI URL by internal allowlist policy")
// Fallback to cscli-based method.
@@ -2144,7 +2150,7 @@ func (h *CrowdsecHandler) CheckLAPIHealth(c *gin.Context) {
ctx, cancel := context.WithTimeout(c.Request.Context(), 5*time.Second)
defer cancel()
baseURL, err := validateCrowdsecLAPIBaseURL(lapiURL)
baseURL, err := h.resolveLAPIURLValidator(lapiURL)
if err != nil {
c.JSON(http.StatusOK, gin.H{"healthy": false, "error": "invalid LAPI URL (blocked by SSRF policy)", "lapi_url": lapiURL})
return

12
backend/internal/api/handlers/crowdsec_handler_comprehensive_test.go
View File

@@ -106,7 +106,6 @@ func TestMapCrowdsecStatus(t *testing.T) {
// TestIsConsoleEnrollmentEnabled tests the isConsoleEnrollmentEnabled helper
func TestIsConsoleEnrollmentEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
tests := []struct {
name string
@@ -191,7 +190,6 @@ func TestActorFromContext(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
tt.setupCtx(c)
@@ -204,7 +202,6 @@ func TestActorFromContext(t *testing.T) {
// TestHubEndpoints tests the hubEndpoints helper
func TestHubEndpoints(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -233,7 +230,6 @@ func TestHubEndpoints(t *testing.T) {
// TestGetCachedPreset tests the GetCachedPreset handler
func TestGetCachedPreset(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -264,7 +260,6 @@ func TestGetCachedPreset(t *testing.T) {
// TestGetCachedPreset_NotFound tests GetCachedPreset with non-existent preset
func TestGetCachedPreset_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -293,7 +288,6 @@ func TestGetCachedPreset_NotFound(t *testing.T) {
// TestGetLAPIDecisions tests the GetLAPIDecisions handler
func TestGetLAPIDecisions(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -313,7 +307,6 @@ func TestGetLAPIDecisions(t *testing.T) {
// TestCheckLAPIHealth tests the CheckLAPIHealth handler
func TestCheckLAPIHealth(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -332,7 +325,6 @@ func TestCheckLAPIHealth(t *testing.T) {
// TestListDecisions tests the ListDecisions handler
func TestListDecisions(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -351,7 +343,6 @@ func TestListDecisions(t *testing.T) {
// TestBanIP tests the BanIP handler
func TestBanIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -373,7 +364,6 @@ func TestBanIP(t *testing.T) {
// TestUnbanIP tests the UnbanIP handler
func TestUnbanIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
@@ -395,7 +385,6 @@ func TestUnbanIP(t *testing.T) {
// TestGetAcquisitionConfig tests the GetAcquisitionConfig handler
func TestGetAcquisitionConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
acquisPath := filepath.Join(tmpDir, "acquis.yaml")
@@ -417,7 +406,6 @@ func TestGetAcquisitionConfig(t *testing.T) {
// TestUpdateAcquisitionConfig tests the UpdateAcquisitionConfig handler
func TestUpdateAcquisitionConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
tmpDir := t.TempDir()
acquisPath := filepath.Join(tmpDir, "acquis.yaml")

19
backend/internal/api/handlers/crowdsec_handler_coverage_test.go
View File

@@ -29,7 +29,6 @@ func (f *errorExec) Status(ctx context.Context, configDir string) (running bool,
}
func TestCrowdsec_Start_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -48,7 +47,6 @@ func TestCrowdsec_Start_Error(t *testing.T) {
}
func TestCrowdsec_Stop_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -67,7 +65,6 @@ func TestCrowdsec_Stop_Error(t *testing.T) {
}
func TestCrowdsec_Status_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -87,7 +84,6 @@ func TestCrowdsec_Status_Error(t *testing.T) {
// ReadFile tests
func TestCrowdsec_ReadFile_MissingPath(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -106,7 +102,6 @@ func TestCrowdsec_ReadFile_MissingPath(t *testing.T) {
}
func TestCrowdsec_ReadFile_PathTraversal(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -126,7 +121,6 @@ func TestCrowdsec_ReadFile_PathTraversal(t *testing.T) {
}
func TestCrowdsec_ReadFile_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -146,7 +140,6 @@ func TestCrowdsec_ReadFile_NotFound(t *testing.T) {
// WriteFile tests
func TestCrowdsec_WriteFile_InvalidPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -166,7 +159,6 @@ func TestCrowdsec_WriteFile_InvalidPayload(t *testing.T) {
}
func TestCrowdsec_WriteFile_MissingPath(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -189,7 +181,6 @@ func TestCrowdsec_WriteFile_MissingPath(t *testing.T) {
}
func TestCrowdsec_WriteFile_PathTraversal(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -214,7 +205,6 @@ func TestCrowdsec_WriteFile_PathTraversal(t *testing.T) {
// ExportConfig tests
func TestCrowdsec_ExportConfig_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
// Use a non-existent directory
nonExistentDir := "/tmp/crowdsec-nonexistent-dir-12345"
@@ -238,7 +228,6 @@ func TestCrowdsec_ExportConfig_NotFound(t *testing.T) {
// ListFiles tests
func TestCrowdsec_ListFiles_EmptyDir(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -263,7 +252,6 @@ func TestCrowdsec_ListFiles_EmptyDir(t *testing.T) {
}
func TestCrowdsec_ListFiles_NonExistent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
nonExistentDir := "/tmp/crowdsec-nonexistent-dir-67890"
_ = os.RemoveAll(nonExistentDir)
@@ -289,7 +277,6 @@ func TestCrowdsec_ListFiles_NonExistent(t *testing.T) {
// ImportConfig error cases
func TestCrowdsec_ImportConfig_NoFile(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -310,7 +297,6 @@ func TestCrowdsec_ImportConfig_NoFile(t *testing.T) {
// Additional ReadFile test with nested path that exists
func TestCrowdsec_ReadFile_NestedPath(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -336,7 +322,6 @@ func TestCrowdsec_ReadFile_NestedPath(t *testing.T) {
// Test WriteFile when backup fails (simulate by making dir unwritable)
func TestCrowdsec_WriteFile_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -364,7 +349,6 @@ func TestCrowdsec_WriteFile_Success(t *testing.T) {
}
func TestCrowdsec_ListPresets_Disabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
t.Setenv("FEATURE_CERBERUS_ENABLED", "false")
tmpDir := t.TempDir()
@@ -383,7 +367,6 @@ func TestCrowdsec_ListPresets_Disabled(t *testing.T) {
}
func TestCrowdsec_ListPresets_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -406,7 +389,6 @@ func TestCrowdsec_ListPresets_Success(t *testing.T) {
}
func TestCrowdsec_PullPreset_Validation(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -431,7 +413,6 @@ func TestCrowdsec_PullPreset_Validation(t *testing.T) {
}
func TestCrowdsec_ApplyPreset_Validation(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()

144
backend/internal/api/handlers/crowdsec_handler_test.go
View File

File diff suppressed because it is too large Load Diff

3
backend/internal/api/handlers/crowdsec_lapi_test.go
View File

@@ -12,7 +12,6 @@ import (
)
func TestGetLAPIDecisions_FallbackToCscli(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
// Create handler with mock executor
@@ -40,7 +39,6 @@ func TestGetLAPIDecisions_FallbackToCscli(t *testing.T) {
}
func TestGetLAPIDecisions_EmptyResponse(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
// Create handler with mock executor that returns empty array
@@ -67,7 +65,6 @@ func TestGetLAPIDecisions_EmptyResponse(t *testing.T) {
}
func TestCheckLAPIHealth_Handler(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
handler := &CrowdsecHandler{

14
backend/internal/api/handlers/crowdsec_presets_handler_test.go
View File

@@ -46,7 +46,6 @@ func makePresetTar(t *testing.T, files map[string]string) []byte {
}
func TestListPresetsIncludesCacheAndIndex(t *testing.T) {
gin.SetMode(gin.TestMode)
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
_, err = cache.Store(context.Background(), "crowdsecurity/demo", "etag1", "hub", "preview", []byte("archive"))
@@ -92,7 +91,6 @@ func TestListPresetsIncludesCacheAndIndex(t *testing.T) {
}
func TestPullPresetHandlerSuccess(t *testing.T) {
gin.SetMode(gin.TestMode)
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
dataDir := filepath.Join(t.TempDir(), "crowdsec")
@@ -132,7 +130,6 @@ func TestPullPresetHandlerSuccess(t *testing.T) {
}
func TestApplyPresetHandlerAudits(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.CrowdsecPresetEvent{}))
@@ -186,7 +183,6 @@ func TestApplyPresetHandlerAudits(t *testing.T) {
}
func TestPullPresetHandlerHubError(t *testing.T) {
gin.SetMode(gin.TestMode)
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
@@ -213,7 +209,6 @@ func TestPullPresetHandlerHubError(t *testing.T) {
}
func TestPullPresetHandlerTimeout(t *testing.T) {
gin.SetMode(gin.TestMode)
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
@@ -241,7 +236,6 @@ func TestPullPresetHandlerTimeout(t *testing.T) {
}
func TestGetCachedPresetNotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
@@ -260,7 +254,6 @@ func TestGetCachedPresetNotFound(t *testing.T) {
}
func TestGetCachedPresetServiceUnavailable(t *testing.T) {
gin.SetMode(gin.TestMode)
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
h.Hub = &crowdsec.HubService{}
@@ -277,7 +270,6 @@ func TestGetCachedPresetServiceUnavailable(t *testing.T) {
}
func TestApplyPresetHandlerBackupFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.CrowdsecPresetEvent{}))
@@ -325,7 +317,6 @@ func TestApplyPresetHandlerBackupFailure(t *testing.T) {
}
func TestListPresetsMergesCuratedAndHub(t *testing.T) {
gin.SetMode(gin.TestMode)
hub := crowdsec.NewHubService(nil, nil, t.TempDir())
hub.HubBaseURL = "http://hub.example"
@@ -375,7 +366,6 @@ func TestListPresetsMergesCuratedAndHub(t *testing.T) {
}
func TestGetCachedPresetSuccess(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("FEATURE_CERBERUS_ENABLED", "true")
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
@@ -403,7 +393,6 @@ func TestGetCachedPresetSuccess(t *testing.T) {
}
func TestGetCachedPresetSlugRequired(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("FEATURE_CERBERUS_ENABLED", "true")
cache, err := crowdsec.NewHubCache(t.TempDir(), time.Hour)
require.NoError(t, err)
@@ -424,7 +413,6 @@ func TestGetCachedPresetSlugRequired(t *testing.T) {
}
func TestGetCachedPresetPreviewError(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("FEATURE_CERBERUS_ENABLED", "true")
cacheDir := t.TempDir()
cache, err := crowdsec.NewHubCache(cacheDir, time.Hour)
@@ -451,7 +439,6 @@ func TestGetCachedPresetPreviewError(t *testing.T) {
}
func TestPullCuratedPresetSkipsHub(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("FEATURE_CERBERUS_ENABLED", "true")
// Setup handler with a hub service that would fail if called
@@ -489,7 +476,6 @@ func TestPullCuratedPresetSkipsHub(t *testing.T) {
}
func TestApplyCuratedPresetSkipsHub(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("FEATURE_CERBERUS_ENABLED", "true")
db := OpenTestDB(t)

3
backend/internal/api/handlers/crowdsec_pull_apply_integration_test.go
View File

@@ -24,7 +24,6 @@ import (
// TestPullThenApplyIntegration tests the complete pull→apply workflow from the user's perspective.
// This reproduces the scenario where a user pulls a preset and then tries to apply it.
func TestPullThenApplyIntegration(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup
cacheDir := t.TempDir()
@@ -111,7 +110,6 @@ func TestPullThenApplyIntegration(t *testing.T) {
// TestApplyWithoutPullReturnsProperError verifies the error message when applying without pulling first.
func TestApplyWithoutPullReturnsProperError(t *testing.T) {
gin.SetMode(gin.TestMode)
cacheDir := t.TempDir()
dataDir := t.TempDir()
@@ -155,7 +153,6 @@ func TestApplyWithoutPullReturnsProperError(t *testing.T) {
}
func TestApplyRollbackWhenCacheMissingAndRepullFails(t *testing.T) {
gin.SetMode(gin.TestMode)
cacheDir := t.TempDir()
dataRoot := t.TempDir()

6
backend/internal/api/handlers/crowdsec_state_sync_test.go
View File

@@ -14,7 +14,6 @@ import (
// TestStartSyncsSettingsTable verifies that Start() updates the settings table.
func TestStartSyncsSettingsTable(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
// Migrate both SecurityConfig and Setting tables
@@ -78,7 +77,6 @@ func TestStartSyncsSettingsTable(t *testing.T) {
// TestStopSyncsSettingsTable verifies that Stop() updates the settings table.
func TestStopSyncsSettingsTable(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
// Migrate both SecurityConfig and Setting tables
@@ -147,7 +145,6 @@ func TestStopSyncsSettingsTable(t *testing.T) {
// TestStartAndStopStateConsistency verifies consistent state across Start/Stop cycles.
func TestStartAndStopStateConsistency(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -219,7 +216,6 @@ func TestStartAndStopStateConsistency(t *testing.T) {
// TestExistingSettingIsUpdated verifies that an existing setting is updated, not duplicated.
func TestExistingSettingIsUpdated(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -293,7 +289,6 @@ func (f *fakeFailingExec) Status(ctx context.Context, configDir string) (running
// TestStartFailureRevertsSettings verifies that a failed Start reverts the settings.
func TestStartFailureRevertsSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -330,7 +325,6 @@ func TestStartFailureRevertsSettings(t *testing.T) {
// TestStatusResponseFormat verifies the status endpoint response format.
func TestStatusResponseFormat(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))

34
backend/internal/api/handlers/crowdsec_stop_lapi_test.go
View File

@@ -51,7 +51,6 @@ func createTestSecurityService(t *testing.T, db *gorm.DB) *services.SecurityServ
// TestCrowdsecHandler_Stop_Success tests the Stop handler with successful execution
func TestCrowdsecHandler_Stop_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -97,7 +96,6 @@ func TestCrowdsecHandler_Stop_Success(t *testing.T) {
// TestCrowdsecHandler_Stop_Error tests the Stop handler with an execution error
func TestCrowdsecHandler_Stop_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -123,7 +121,6 @@ func TestCrowdsecHandler_Stop_Error(t *testing.T) {
// TestCrowdsecHandler_Stop_NoSecurityConfig tests Stop when there's no existing SecurityConfig
func TestCrowdsecHandler_Stop_NoSecurityConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}))
@@ -152,10 +149,6 @@ func TestCrowdsecHandler_Stop_NoSecurityConfig(t *testing.T) {
// TestGetLAPIDecisions_WithMockServer tests GetLAPIDecisions with a mock LAPI server
func TestGetLAPIDecisions_WithMockServer(t *testing.T) {
// Use permissive validator for testing with mock server on random port
orig := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = permissiveLAPIURLValidator
defer func() { validateCrowdsecLAPIBaseURLFunc = orig }()
// Create a mock LAPI server
mockLAPI := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -165,7 +158,6 @@ func TestGetLAPIDecisions_WithMockServer(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -179,6 +171,7 @@ func TestGetLAPIDecisions_WithMockServer(t *testing.T) {
Security: secSvc,
CmdExec: &mockCommandExecutor{},
DataDir: t.TempDir(),
validateLAPIURL: permissiveLAPIURLValidator,
}
r := gin.New()
@@ -202,10 +195,6 @@ func TestGetLAPIDecisions_WithMockServer(t *testing.T) {
// TestGetLAPIDecisions_Unauthorized tests GetLAPIDecisions when LAPI returns 401
func TestGetLAPIDecisions_Unauthorized(t *testing.T) {
// Use permissive validator for testing with mock server on random port
orig := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = permissiveLAPIURLValidator
defer func() { validateCrowdsecLAPIBaseURLFunc = orig }()
// Create a mock LAPI server that returns 401
mockLAPI := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -213,7 +202,6 @@ func TestGetLAPIDecisions_Unauthorized(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -226,6 +214,7 @@ func TestGetLAPIDecisions_Unauthorized(t *testing.T) {
Security: secSvc,
CmdExec: &mockCommandExecutor{},
DataDir: t.TempDir(),
validateLAPIURL: permissiveLAPIURLValidator,
}
r := gin.New()
@@ -240,10 +229,6 @@ func TestGetLAPIDecisions_Unauthorized(t *testing.T) {
// TestGetLAPIDecisions_NullResponse tests GetLAPIDecisions when LAPI returns null
func TestGetLAPIDecisions_NullResponse(t *testing.T) {
// Use permissive validator for testing with mock server on random port
orig := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = permissiveLAPIURLValidator
defer func() { validateCrowdsecLAPIBaseURLFunc = orig }()
mockLAPI := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
@@ -252,7 +237,6 @@ func TestGetLAPIDecisions_NullResponse(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -265,6 +249,7 @@ func TestGetLAPIDecisions_NullResponse(t *testing.T) {
Security: secSvc,
CmdExec: &mockCommandExecutor{},
DataDir: t.TempDir(),
validateLAPIURL: permissiveLAPIURLValidator,
}
r := gin.New()
@@ -292,7 +277,6 @@ func TestGetLAPIDecisions_NonJSONContentType(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -320,10 +304,6 @@ func TestGetLAPIDecisions_NonJSONContentType(t *testing.T) {
// TestCheckLAPIHealth_WithMockServer tests CheckLAPIHealth with a healthy LAPI
func TestCheckLAPIHealth_WithMockServer(t *testing.T) {
// Use permissive validator for testing with mock server on random port
orig := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = permissiveLAPIURLValidator
defer func() { validateCrowdsecLAPIBaseURLFunc = orig }()
mockLAPI := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/health" {
@@ -335,7 +315,6 @@ func TestCheckLAPIHealth_WithMockServer(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -348,6 +327,7 @@ func TestCheckLAPIHealth_WithMockServer(t *testing.T) {
Security: secSvc,
CmdExec: &mockCommandExecutor{},
DataDir: t.TempDir(),
validateLAPIURL: permissiveLAPIURLValidator,
}
r := gin.New()
@@ -368,10 +348,6 @@ func TestCheckLAPIHealth_WithMockServer(t *testing.T) {
// TestCheckLAPIHealth_FallbackToDecisions tests the fallback to /v1/decisions endpoint
// when the primary /health endpoint is unreachable
func TestCheckLAPIHealth_FallbackToDecisions(t *testing.T) {
// Use permissive validator for testing with mock server on random port
orig := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = permissiveLAPIURLValidator
defer func() { validateCrowdsecLAPIBaseURLFunc = orig }()
// Create a mock server that only responds to /v1/decisions, not /health
mockLAPI := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -385,7 +361,6 @@ func TestCheckLAPIHealth_FallbackToDecisions(t *testing.T) {
}))
defer mockLAPI.Close()
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -398,6 +373,7 @@ func TestCheckLAPIHealth_FallbackToDecisions(t *testing.T) {
Security: secSvc,
CmdExec: &mockCommandExecutor{},
DataDir: t.TempDir(),
validateLAPIURL: permissiveLAPIURLValidator,
}
r := gin.New()

2
backend/internal/api/handlers/crowdsec_wave3_test.go
View File

@@ -47,7 +47,6 @@ func TestReadAcquisitionConfig_ErrorsAndSuccess(t *testing.T) {
}
func TestCrowdsec_AcquisitionEndpoints_InvalidConfiguredPath(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("CHARON_CROWDSEC_ACQUIS_PATH", "relative/path.yaml")
h := newTestCrowdsecHandler(t, OpenTestDB(t), &fakeExec{}, "/bin/false", t.TempDir())
@@ -68,7 +67,6 @@ func TestCrowdsec_AcquisitionEndpoints_InvalidConfiguredPath(t *testing.T) {
}
func TestCrowdsec_GetBouncerKey_NotConfigured(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("CROWDSEC_API_KEY", "")
t.Setenv("CROWDSEC_BOUNCER_API_KEY", "")
t.Setenv("CERBERUS_SECURITY_CROWDSEC_API_KEY", "")

20
backend/internal/api/handlers/crowdsec_wave5_test.go
View File

@@ -27,7 +27,6 @@ func TestCrowdsecWave5_ReadAcquisitionConfig_InvalidFilenameBranch(t *testing.T)
}
func TestCrowdsecWave5_GetLAPIDecisions_Unauthorized(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -36,17 +35,11 @@ func TestCrowdsecWave5_GetLAPIDecisions_Unauthorized(t *testing.T) {
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() {
validateCrowdsecLAPIBaseURLFunc = original
})
require.NoError(t, db.Create(&models.SecurityConfig{UUID: "default", CrowdSecAPIURL: server.URL}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", tmpDir)
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
r := gin.New()
g := r.Group("/api/v1")
h.RegisterRoutes(g)
@@ -60,7 +53,6 @@ func TestCrowdsecWave5_GetLAPIDecisions_Unauthorized(t *testing.T) {
}
func TestCrowdsecWave5_GetLAPIDecisions_NonJSONContentTypeFallsBack(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupCrowdDB(t)
tmpDir := t.TempDir()
@@ -71,17 +63,11 @@ func TestCrowdsecWave5_GetLAPIDecisions_NonJSONContentTypeFallsBack(t *testing.T
}))
t.Cleanup(server.Close)
original := validateCrowdsecLAPIBaseURLFunc
validateCrowdsecLAPIBaseURLFunc = func(raw string) (*url.URL, error) {
return url.Parse(raw)
}
t.Cleanup(func() {
validateCrowdsecLAPIBaseURLFunc = original
})
require.NoError(t, db.Create(&models.SecurityConfig{UUID: "default", CrowdSecAPIURL: server.URL}).Error)
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", tmpDir)
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
h.CmdExec = &mockCmdExecutor{output: []byte("[]"), err: nil}
r := gin.New()
g := r.Group("/api/v1")
@@ -96,7 +82,6 @@ func TestCrowdsecWave5_GetLAPIDecisions_NonJSONContentTypeFallsBack(t *testing.T
}
func TestCrowdsecWave5_GetBouncerInfo_And_GetBouncerKey_FileSource(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("CROWDSEC_BOUNCER_API_KEY", "")
t.Setenv("CERBERUS_SECURITY_CROWDSEC_API_KEY", "")
t.Setenv("CHARON_SECURITY_CROWDSEC_API_KEY", "")
@@ -105,6 +90,7 @@ func TestCrowdsecWave5_GetBouncerInfo_And_GetBouncerKey_FileSource(t *testing.T)
tmpDir := t.TempDir()
h := newTestCrowdsecHandler(t, db, &fakeExec{}, "/bin/false", tmpDir)
h.validateLAPIURL = func(raw string) (*url.URL, error) { return url.Parse(raw) }
keyPath := h.bouncerKeyPath()
require.NoError(t, os.MkdirAll(filepath.Dir(keyPath), 0o750))
require.NoError(t, os.WriteFile(keyPath, []byte("abcdefghijklmnop1234567890"), 0o600))

2
backend/internal/api/handlers/crowdsec_wave6_test.go
View File

@@ -17,7 +17,6 @@ func TestCrowdsecWave6_BouncerKeyPath_UsesEnvFallback(t *testing.T) {
}
func TestCrowdsecWave6_GetBouncerInfo_NoneSource(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("CROWDSEC_API_KEY", "")
t.Setenv("CROWDSEC_BOUNCER_API_KEY", "")
t.Setenv("CERBERUS_SECURITY_CROWDSEC_API_KEY", "")
@@ -40,7 +39,6 @@ func TestCrowdsecWave6_GetBouncerInfo_NoneSource(t *testing.T) {
}
func TestCrowdsecWave6_GetKeyStatus_NoKeyConfiguredMessage(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Setenv("CROWDSEC_API_KEY", "")
t.Setenv("CROWDSEC_BOUNCER_API_KEY", "")
t.Setenv("CERBERUS_SECURITY_CROWDSEC_API_KEY", "")

1
backend/internal/api/handlers/crowdsec_wave7_test.go
View File

@@ -28,7 +28,6 @@ func TestCrowdsecWave7_ReadAcquisitionConfig_ReadErrorOnDirectory(t *testing.T)
}
func TestCrowdsecWave7_Start_CreateSecurityConfigFailsOnReadOnlyDB(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dbPath := filepath.Join(tmpDir, "crowdsec-readonly.db")

7
backend/internal/api/handlers/db_health_handler_test.go
View File

@@ -36,7 +36,6 @@ func createTestSQLiteDB(dbPath string) error {
}
func TestDBHealthHandler_Check_Healthy(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create in-memory database
db, err := database.Connect("file::memory:?cache=shared")
@@ -65,7 +64,6 @@ func TestDBHealthHandler_Check_Healthy(t *testing.T) {
}
func TestDBHealthHandler_Check_WithBackupService(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup temp dirs for backup service
tmpDir := t.TempDir()
@@ -116,7 +114,6 @@ func TestDBHealthHandler_Check_WithBackupService(t *testing.T) {
}
func TestDBHealthHandler_Check_WALMode(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create file-based database to test WAL mode
tmpDir := t.TempDir()
@@ -145,7 +142,6 @@ func TestDBHealthHandler_Check_WALMode(t *testing.T) {
}
func TestDBHealthHandler_ResponseJSONTags(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := database.Connect("file::memory:?cache=shared")
require.NoError(t, err)
@@ -200,7 +196,6 @@ func TestNewDBHealthHandler(t *testing.T) {
// Phase 1 & 3: Critical coverage tests
func TestDBHealthHandler_Check_CorruptedDatabase(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create a file-based database and corrupt it
tmpDir := t.TempDir()
@@ -252,7 +247,6 @@ func TestDBHealthHandler_Check_CorruptedDatabase(t *testing.T) {
}
func TestDBHealthHandler_Check_BackupServiceError(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create database
db, err := database.Connect("file::memory:?cache=shared")
@@ -294,7 +288,6 @@ func TestDBHealthHandler_Check_BackupServiceError(t *testing.T) {
}
func TestDBHealthHandler_Check_BackupTimeZero(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create database
db, err := database.Connect("file::memory:?cache=shared")

8
backend/internal/api/handlers/dns_detection_handler_test.go
View File

@@ -51,7 +51,6 @@ func TestNewDNSDetectionHandler(t *testing.T) {
}
func TestDetect_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -177,7 +176,6 @@ func TestDetect_Success(t *testing.T) {
}
func TestDetect_ValidationErrors(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -216,7 +214,6 @@ func TestDetect_ValidationErrors(t *testing.T) {
}
func TestDetect_ServiceError(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -246,7 +243,6 @@ func TestDetect_ServiceError(t *testing.T) {
}
func TestGetPatterns(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -287,7 +283,6 @@ func TestGetPatterns(t *testing.T) {
}
func TestDetect_WildcardDomain(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -327,7 +322,6 @@ func TestDetect_WildcardDomain(t *testing.T) {
}
func TestDetect_LowConfidence(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -368,7 +362,6 @@ func TestDetect_LowConfidence(t *testing.T) {
}
func TestDetect_DNSLookupError(t *testing.T) {
gin.SetMode(gin.TestMode)
mockService := new(mockDNSDetectionService)
handler := NewDNSDetectionHandler(mockService)
@@ -438,7 +431,6 @@ func TestDetectRequest_Binding(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
c, _ := gin.CreateTestContext(httptest.NewRecorder())
c.Request = httptest.NewRequest(http.MethodPost, "/", bytes.NewBufferString(tt.body))
c.Request.Header.Set("Content-Type", "application/json")

1
backend/internal/api/handlers/dns_provider_handler_test.go
View File

@@ -106,7 +106,6 @@ func (m *MockDNSProviderService) GetDecryptedCredentials(ctx context.Context, id
}
func setupDNSProviderTestRouter() (*gin.Engine, *MockDNSProviderService) {
gin.SetMode(gin.TestMode)
router := gin.New()
mockService := new(MockDNSProviderService)
handler := NewDNSProviderHandler(mockService)

12
backend/internal/api/handlers/docker_handler_test.go
View File

@@ -41,7 +41,6 @@ func (f *fakeRemoteServerService) GetByUUID(uuidStr string) (*models.RemoteServe
}
func TestDockerHandler_ListContainers_InvalidHostRejected(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{}
@@ -60,7 +59,6 @@ func TestDockerHandler_ListContainers_InvalidHostRejected(t *testing.T) {
}
func TestDockerHandler_ListContainers_DockerUnavailableMappedTo503(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{err: services.NewDockerUnavailableError(errors.New("no docker socket"), "Local Docker socket is mounted but not accessible by current process")}
@@ -82,7 +80,6 @@ func TestDockerHandler_ListContainers_DockerUnavailableMappedTo503(t *testing.T)
}
func TestDockerHandler_ListContainers_ServerIDResolvesToTCPHost(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{ret: []services.DockerContainer{}}
@@ -103,7 +100,6 @@ func TestDockerHandler_ListContainers_ServerIDResolvesToTCPHost(t *testing.T) {
}
func TestDockerHandler_ListContainers_ServerIDNotFoundReturns404(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{}
@@ -125,7 +121,6 @@ func TestDockerHandler_ListContainers_ServerIDNotFoundReturns404(t *testing.T) {
func TestDockerHandler_ListContainers_Local(t *testing.T) {
// Test local/default docker connection (empty host parameter)
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{
@@ -163,7 +158,6 @@ func TestDockerHandler_ListContainers_Local(t *testing.T) {
func TestDockerHandler_ListContainers_RemoteServerSuccess(t *testing.T) {
// Test successful remote server connection via server_id
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{
@@ -203,7 +197,6 @@ func TestDockerHandler_ListContainers_RemoteServerSuccess(t *testing.T) {
func TestDockerHandler_ListContainers_RemoteServerNotFound(t *testing.T) {
// Test server_id that doesn't exist in database
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{}
@@ -226,7 +219,6 @@ func TestDockerHandler_ListContainers_RemoteServerNotFound(t *testing.T) {
func TestDockerHandler_ListContainers_InvalidHost(t *testing.T) {
// Test SSRF protection: reject arbitrary host values
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{}
@@ -289,7 +281,6 @@ func TestDockerHandler_ListContainers_DockerUnavailable(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{err: tt.err}
@@ -340,7 +331,6 @@ func TestDockerHandler_ListContainers_GenericError(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{err: tt.err}
@@ -362,7 +352,6 @@ func TestDockerHandler_ListContainers_GenericError(t *testing.T) {
}
func TestDockerHandler_ListContainers_503FallbackDetailsWhenEmpty(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
dockerSvc := &fakeDockerService{err: services.NewDockerUnavailableError(errors.New("socket error"))}
@@ -382,7 +371,6 @@ func TestDockerHandler_ListContainers_503FallbackDetailsWhenEmpty(t *testing.T)
}
func TestDockerHandler_ListContainers_503DetailsWithGroupGuidance(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
groupDetails := `Local Docker socket is mounted but not accessible by current process (uid=1000 gid=1000). Process groups (1000) do not include socket gid 988; run container with matching supplemental group (e.g., --group-add 988 or compose group_add: ["988"]).`

13
backend/internal/api/handlers/emergency_handler_test.go
View File

@@ -87,7 +87,6 @@ func setupEmergencyTestDB(t *testing.T) *gorm.DB {
}
func setupEmergencyRouter(handler *EmergencyHandler) *gin.Engine {
gin.SetMode(gin.TestMode)
router := gin.New()
_ = router.SetTrustedProxies(nil)
router.POST("/api/v1/emergency/security-reset", handler.SecurityReset)
@@ -385,7 +384,6 @@ func TestEmergencySecurityReset_MiddlewarePrevalidatedBypass(t *testing.T) {
db := setupEmergencyTestDB(t)
handler := NewEmergencyHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
router.POST("/api/v1/emergency/security-reset", func(c *gin.Context) {
c.Set("emergency_bypass", true)
@@ -407,7 +405,6 @@ func TestEmergencySecurityReset_MiddlewareBypass_ResetFailure(t *testing.T) {
require.NoError(t, err)
require.NoError(t, stdDB.Close())
gin.SetMode(gin.TestMode)
router := gin.New()
router.POST("/api/v1/emergency/security-reset", func(c *gin.Context) {
c.Set("emergency_bypass", true)
@@ -475,7 +472,6 @@ func TestGenerateToken_Success(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.POST("/api/v1/emergency/token", func(c *gin.Context) {
c.Set("role", "admin")
@@ -504,7 +500,6 @@ func TestGenerateToken_AdminRequired(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.POST("/api/v1/emergency/token", func(c *gin.Context) {
// No role set - simulating non-admin user
@@ -527,7 +522,6 @@ func TestGenerateToken_InvalidExpirationDays(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.POST("/api/v1/emergency/token", func(c *gin.Context) {
c.Set("role", "admin")
@@ -554,7 +548,6 @@ func TestGetTokenStatus_Success(t *testing.T) {
// Generate a token first
_, _ = tokenService.Generate(services.GenerateRequest{ExpirationDays: 30})
gin.SetMode(gin.TestMode)
router := gin.New()
router.GET("/api/v1/emergency/token/status", func(c *gin.Context) {
c.Set("role", "admin")
@@ -581,7 +574,6 @@ func TestGetTokenStatus_AdminRequired(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.GET("/api/v1/emergency/token/status", handler.GetTokenStatus)
@@ -602,7 +594,6 @@ func TestRevokeToken_Success(t *testing.T) {
// Generate a token first
_, _ = tokenService.Generate(services.GenerateRequest{ExpirationDays: 30})
gin.SetMode(gin.TestMode)
router := gin.New()
router.DELETE("/api/v1/emergency/token", func(c *gin.Context) {
c.Set("role", "admin")
@@ -624,7 +615,6 @@ func TestRevokeToken_AdminRequired(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.DELETE("/api/v1/emergency/token", handler.RevokeToken)
@@ -645,7 +635,6 @@ func TestUpdateTokenExpiration_Success(t *testing.T) {
// Generate a token first
_, _ = tokenService.Generate(services.GenerateRequest{ExpirationDays: 30})
gin.SetMode(gin.TestMode)
router := gin.New()
router.PATCH("/api/v1/emergency/token/expiration", func(c *gin.Context) {
c.Set("role", "admin")
@@ -669,7 +658,6 @@ func TestUpdateTokenExpiration_AdminRequired(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.PATCH("/api/v1/emergency/token/expiration", handler.UpdateTokenExpiration)
@@ -689,7 +677,6 @@ func TestUpdateTokenExpiration_InvalidDays(t *testing.T) {
handler := NewEmergencyTokenHandler(tokenService)
defer handler.Close()
gin.SetMode(gin.TestMode)
router := gin.New()
router.PATCH("/api/v1/emergency/token/expiration", func(c *gin.Context) {
c.Set("role", "admin")

5
backend/internal/api/handlers/encryption_handler_test.go
View File

@@ -40,7 +40,6 @@ func setupEncryptionTestDB(t *testing.T) *gorm.DB {
}
func setupEncryptionTestRouter(handler *EncryptionHandler, isAdmin bool) *gin.Engine {
gin.SetMode(gin.TestMode)
router := gin.New()
// Mock admin middleware - matches production auth middleware key names
@@ -558,7 +557,6 @@ func TestEncryptionHandler_IntegrationFlow(t *testing.T) {
// TestEncryptionHandler_HelperFunctions tests the isAdmin and getActorFromGinContext helpers
func TestEncryptionHandler_HelperFunctions(t *testing.T) {
gin.SetMode(gin.TestMode)
t.Run("isAdmin with invalid role type", func(t *testing.T) {
router := gin.New()
@@ -787,7 +785,6 @@ func TestEncryptionHandler_RefreshKey_InvalidOldKey(t *testing.T) {
// TestEncryptionHandler_GetActorFromGinContext_InvalidType tests getActorFromGinContext with invalid type
func TestEncryptionHandler_GetActorFromGinContext_InvalidType(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
var capturedActor string
@@ -884,7 +881,6 @@ func TestEncryptionHandler_RotateWithPartialFailures(t *testing.T) {
// TestEncryptionHandler_isAdmin_NoRoleSet tests isAdmin when no role is set
func TestEncryptionHandler_isAdmin_NoRoleSet(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
// No middleware setting user_role
@@ -905,7 +901,6 @@ func TestEncryptionHandler_isAdmin_NoRoleSet(t *testing.T) {
// TestEncryptionHandler_isAdmin_NonAdminRole tests isAdmin with non-admin role
func TestEncryptionHandler_isAdmin_NonAdminRole(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(func(c *gin.Context) {

3
backend/internal/api/handlers/feature_flags_blocker3_test.go
View File

@@ -15,7 +15,6 @@ import (
// TestBlocker3_SecurityProviderEventsFlagInResponse tests that the feature flag is included in GET response.
func TestBlocker3_SecurityProviderEventsFlagInResponse(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -50,7 +49,6 @@ func TestBlocker3_SecurityProviderEventsFlagInResponse(t *testing.T) {
// TestBlocker3_SecurityProviderEventsFlagDefaultValue tests the default value of the flag.
func TestBlocker3_SecurityProviderEventsFlagDefaultValue(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -85,7 +83,6 @@ func TestBlocker3_SecurityProviderEventsFlagDefaultValue(t *testing.T) {
// TestBlocker3_SecurityProviderEventsFlagCanBeEnabled tests that the flag can be enabled.
func TestBlocker3_SecurityProviderEventsFlagCanBeEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})

15
backend/internal/api/handlers/feature_flags_handler_coverage_test.go
View File

@@ -15,7 +15,6 @@ import (
)
func TestFeatureFlagsHandler_GetFlags_DBPrecedence(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set a flag in DB
@@ -48,7 +47,6 @@ func TestFeatureFlagsHandler_GetFlags_DBPrecedence(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_EnvFallback(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set env var (no DB value exists)
@@ -73,7 +71,6 @@ func TestFeatureFlagsHandler_GetFlags_EnvFallback(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_EnvShortForm(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set short form env var (CERBERUS_ENABLED instead of FEATURE_CERBERUS_ENABLED)
@@ -98,7 +95,6 @@ func TestFeatureFlagsHandler_GetFlags_EnvShortForm(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_EnvNumeric(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set numeric env var (1/0 instead of true/false)
@@ -123,7 +119,6 @@ func TestFeatureFlagsHandler_GetFlags_EnvNumeric(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_DefaultTrue(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// No DB value, no env var - check defaults
@@ -148,7 +143,6 @@ func TestFeatureFlagsHandler_GetFlags_DefaultTrue(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_AllDefaultFlagsPresent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -173,7 +167,6 @@ func TestFeatureFlagsHandler_GetFlags_AllDefaultFlagsPresent(t *testing.T) {
}
func TestFeatureFlagsHandler_UpdateFlags_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -208,7 +201,6 @@ func TestFeatureFlagsHandler_UpdateFlags_Success(t *testing.T) {
}
func TestFeatureFlagsHandler_UpdateFlags_Upsert(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Create existing setting
@@ -249,7 +241,6 @@ func TestFeatureFlagsHandler_UpdateFlags_Upsert(t *testing.T) {
}
func TestFeatureFlagsHandler_UpdateFlags_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -265,7 +256,6 @@ func TestFeatureFlagsHandler_UpdateFlags_InvalidJSON(t *testing.T) {
}
func TestFeatureFlagsHandler_UpdateFlags_OnlyAllowedKeys(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -298,7 +288,6 @@ func TestFeatureFlagsHandler_UpdateFlags_OnlyAllowedKeys(t *testing.T) {
}
func TestFeatureFlagsHandler_UpdateFlags_EmptyPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -339,7 +328,6 @@ func TestFeatureFlagsHandler_GetFlags_DBValueVariants(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set flag with test value
@@ -387,7 +375,6 @@ func TestFeatureFlagsHandler_GetFlags_EnvValueVariants(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
// Set env var (no DB value)
@@ -425,7 +412,6 @@ func TestFeatureFlagsHandler_UpdateFlags_BoolValues(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
@@ -462,7 +448,6 @@ func TestFeatureFlagsHandler_NewFeatureFlagsHandler(t *testing.T) {
}
func TestFeatureFlagsHandler_GetFlags_EmailFlagDefaultFalse(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)

5
backend/internal/api/handlers/feature_flags_handler_test.go
View File

@@ -28,7 +28,6 @@ func TestFeatureFlags_GetAndUpdate(t *testing.T) {
h := NewFeatureFlagsHandler(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/api/v1/feature-flags", h.GetFlags)
r.PUT("/api/v1/feature-flags", h.UpdateFlags)
@@ -81,7 +80,6 @@ func TestFeatureFlags_EnvFallback(t *testing.T) {
db := setupFlagsDB(t)
// Do not write any settings so DB lookup fails and env is used
h := NewFeatureFlagsHandler(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/api/v1/feature-flags", h.GetFlags)
@@ -178,7 +176,6 @@ func TestGetFlags_BatchQuery(t *testing.T) {
db.Create(&models.Setting{Key: "feature.crowdsec.console_enrollment", Value: "true", Type: "bool", Category: "feature"})
h := NewFeatureFlagsHandler(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/api/v1/feature-flags", h.GetFlags)
@@ -219,7 +216,6 @@ func TestUpdateFlags_TransactionRollback(t *testing.T) {
_ = sqlDB.Close()
h := NewFeatureFlagsHandler(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.PUT("/api/v1/feature-flags", h.UpdateFlags)
@@ -244,7 +240,6 @@ func TestUpdateFlags_TransactionAtomic(t *testing.T) {
db := setupFlagsDB(t)
h := NewFeatureFlagsHandler(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.PUT("/api/v1/feature-flags", h.UpdateFlags)

34
backend/internal/api/handlers/handlers_blackbox_test.go
View File

@@ -50,7 +50,6 @@ func addAdminMiddleware(router *gin.Engine) {
}
func TestImportHandler_GetStatus(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Case 1: No active session, no mount
@@ -78,7 +77,6 @@ func TestImportHandler_GetStatus(t *testing.T) {
}
func TestImportHandler_Commit(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -120,7 +118,6 @@ func TestImportHandler_Commit(t *testing.T) {
}
func TestImportHandler_Upload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Use fake caddy script
@@ -151,7 +148,6 @@ func TestImportHandler_Upload(t *testing.T) {
}
func TestImportHandler_GetPreview_WithContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
handler := handlers.NewImportHandler(db, "echo", tmpDir, "")
@@ -188,7 +184,6 @@ func TestImportHandler_GetPreview_WithContent(t *testing.T) {
}
func TestImportHandler_Commit_Errors(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -233,7 +228,6 @@ func TestImportHandler_Commit_Errors(t *testing.T) {
}
func TestImportHandler_Cancel_Errors(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -279,7 +273,6 @@ func TestCheckMountedImport(t *testing.T) {
}
func TestImportHandler_Upload_Failure(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Use fake caddy script that fails
@@ -310,7 +303,6 @@ func TestImportHandler_Upload_Failure(t *testing.T) {
}
func TestImportHandler_Upload_Conflict(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Pre-create a host to cause conflict
@@ -359,7 +351,6 @@ func TestImportHandler_Upload_Conflict(t *testing.T) {
}
func TestImportHandler_GetPreview_BackupContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
handler := handlers.NewImportHandler(db, "echo", tmpDir, "")
@@ -410,7 +401,6 @@ func TestImportHandler_RegisterRoutes(t *testing.T) {
}
func TestImportHandler_GetPreview_TransientMount(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
mountPath := filepath.Join(tmpDir, "mounted.caddyfile")
@@ -455,7 +445,6 @@ func TestImportHandler_GetPreview_TransientMount(t *testing.T) {
}
func TestImportHandler_Commit_TransientUpload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
@@ -515,7 +504,6 @@ func TestImportHandler_Commit_TransientUpload(t *testing.T) {
}
func TestImportHandler_Commit_TransientMount(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
mountPath := filepath.Join(tmpDir, "mounted.caddyfile")
@@ -562,7 +550,6 @@ func TestImportHandler_Commit_TransientMount(t *testing.T) {
}
func TestImportHandler_Cancel_TransientUpload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
@@ -597,7 +584,6 @@ func TestImportHandler_Cancel_TransientUpload(t *testing.T) {
}
func TestImportHandler_DetectImports(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -660,7 +646,6 @@ func TestImportHandler_DetectImports(t *testing.T) {
}
func TestImportHandler_DetectImports_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -676,7 +661,6 @@ func TestImportHandler_DetectImports_InvalidJSON(t *testing.T) {
}
func TestImportHandler_UploadMulti(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
@@ -791,7 +775,6 @@ func TestImportHandler_UploadMulti(t *testing.T) {
// Additional tests for comprehensive coverage
func TestImportHandler_Cancel_MissingSessionUUID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -810,7 +793,6 @@ func TestImportHandler_Cancel_MissingSessionUUID(t *testing.T) {
}
func TestImportHandler_Cancel_InvalidSessionUUID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -829,7 +811,6 @@ func TestImportHandler_Cancel_InvalidSessionUUID(t *testing.T) {
}
func TestImportHandler_Commit_InvalidSessionUUID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := handlers.NewImportHandler(db, "echo", "/tmp", "")
router := gin.New()
@@ -884,7 +865,6 @@ func (m *mockProxyHostService) List() ([]models.ProxyHost, error) {
// TestImportHandler_Commit_UpdateFailure tests the error logging path when Update fails (line 676)
func TestImportHandler_Commit_UpdateFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create an existing host that we'll try to overwrite
@@ -959,7 +939,6 @@ func TestImportHandler_Commit_UpdateFailure(t *testing.T) {
// TestImportHandler_Commit_CreateFailure tests the error logging path when Create fails (line 682)
func TestImportHandler_Commit_CreateFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create an existing host to cause a duplicate error
@@ -1019,7 +998,6 @@ func TestImportHandler_Commit_CreateFailure(t *testing.T) {
// TestUpload_NormalizationSuccess tests the success path where NormalizeCaddyfile succeeds (line 271)
func TestUpload_NormalizationSuccess(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Use fake caddy script that handles both fmt and adapt
@@ -1065,7 +1043,6 @@ func TestUpload_NormalizationSuccess(t *testing.T) {
// TestUpload_NormalizationFallback tests the fallback path where NormalizeCaddyfile fails (line 269)
func TestUpload_NormalizationFallback(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Use fake caddy script that fails fmt but succeeds on adapt
@@ -1113,7 +1090,6 @@ func TestUpload_NormalizationFallback(t *testing.T) {
// TestCommit_OverwriteAction tests that overwrite preserves certificate ID
func TestCommit_OverwriteAction(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create existing host with certificate association
@@ -1184,7 +1160,6 @@ func ptrToUint(v uint) *uint {
// TestCommit_RenameAction tests that rename appends suffix
func TestCommit_RenameAction(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create existing host
@@ -1252,7 +1227,6 @@ func TestCommit_RenameAction(t *testing.T) {
}
func TestGetPreview_WithConflictDetails(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
mountPath := filepath.Join(tmpDir, "mounted.caddyfile")
@@ -1310,7 +1284,6 @@ func TestGetPreview_WithConflictDetails(t *testing.T) {
}
func TestSafeJoin_PathTraversalCases(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
handler := handlers.NewImportHandler(db, "echo", tmpDir, "")
@@ -1375,7 +1348,6 @@ func TestSafeJoin_PathTraversalCases(t *testing.T) {
}
func TestCommit_SkipAction(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
session := models.ImportSession{
@@ -1433,7 +1405,6 @@ func TestCommit_SkipAction(t *testing.T) {
}
func TestCommit_CustomNames(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
session := models.ImportSession{
@@ -1483,7 +1454,6 @@ func TestCommit_CustomNames(t *testing.T) {
}
func TestGetStatus_AlreadyCommittedMount(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
tmpDir := t.TempDir()
mountPath := filepath.Join(tmpDir, "mounted.caddyfile")
@@ -1519,7 +1489,6 @@ func TestGetStatus_AlreadyCommittedMount(t *testing.T) {
}
func TestImportHandler_Commit_SessionSaveWarning(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create an import session with one host to create
@@ -1591,7 +1560,6 @@ func newTestImportHandler(t *testing.T, db *gorm.DB, importDir string, mountPath
// TestGetStatus_DatabaseError tests GetStatus when database query fails
func TestGetStatus_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
handler := newTestImportHandler(t, db, t.TempDir(), "")
@@ -1613,7 +1581,6 @@ func TestGetStatus_DatabaseError(t *testing.T) {
// TestGetPreview_MountAlreadyCommitted tests GetPreview when mount is already committed with FUTURE timestamp
func TestGetPreview_MountAlreadyCommitted(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create mount file
@@ -1648,7 +1615,6 @@ func TestGetPreview_MountAlreadyCommitted(t *testing.T) {
// TestUpload_MkdirAllFailure tests Upload when MkdirAll fails
func TestUpload_MkdirAllFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportTestDB(t)
// Create a FILE where uploads directory should be (blocks MkdirAll)

11
backend/internal/api/handlers/handlers_test.go
View File

@@ -36,7 +36,6 @@ func setupTestDB(t *testing.T) *gorm.DB {
func TestRemoteServerHandler_List(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test server
@@ -71,7 +70,6 @@ func TestRemoteServerHandler_List(t *testing.T) {
func TestRemoteServerHandler_Create(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
ns := services.NewNotificationService(db, nil)
@@ -105,7 +103,6 @@ func TestRemoteServerHandler_Create(t *testing.T) {
func TestRemoteServerHandler_TestConnection(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test server
@@ -140,7 +137,6 @@ func TestRemoteServerHandler_TestConnection(t *testing.T) {
func TestRemoteServerHandler_Get(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test server
@@ -174,7 +170,6 @@ func TestRemoteServerHandler_Get(t *testing.T) {
func TestRemoteServerHandler_Update(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test server
@@ -220,7 +215,6 @@ func TestRemoteServerHandler_Update(t *testing.T) {
func TestRemoteServerHandler_Delete(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test server
@@ -256,7 +250,6 @@ func TestRemoteServerHandler_Delete(t *testing.T) {
func TestProxyHostHandler_List(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Create test proxy host
@@ -292,7 +285,6 @@ func TestProxyHostHandler_List(t *testing.T) {
func TestProxyHostHandler_Create(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
ns := services.NewNotificationService(db, nil)
@@ -328,7 +320,6 @@ func TestProxyHostHandler_Create(t *testing.T) {
func TestProxyHostHandler_PartialUpdate_DoesNotWipeFields(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Seed a proxy host
@@ -386,7 +377,6 @@ func TestProxyHostHandler_PartialUpdate_DoesNotWipeFields(t *testing.T) {
func TestHealthHandler(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
router := gin.New()
router.GET("/health", handlers.HealthHandler)
@@ -405,7 +395,6 @@ func TestHealthHandler(t *testing.T) {
func TestRemoteServerHandler_Errors(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
ns := services.NewNotificationService(db, nil)

1
backend/internal/api/handlers/health_handler_test.go
View File

@@ -11,7 +11,6 @@ import (
)
func TestHealthHandler(t *testing.T) {
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/health", HealthHandler)

12
backend/internal/api/handlers/import_handler_coverage_test.go
View File

@@ -101,7 +101,6 @@ func (m *MockImporterService) ValidateCaddyBinary() error {
// TestUploadMulti_EmptyList covers the manual check for len(Files) == 0
func TestUploadMulti_EmptyList(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
@@ -135,7 +134,6 @@ func TestUploadMulti_EmptyList(t *testing.T) {
// TestUploadMulti_FileServerDetected covers the logic where parsable routes trigger a warning
// because they contain file_server but no valid reverse_proxy hosts
func TestUploadMulti_FileServerDetected(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
mockSvc := new(MockImporterService)
@@ -185,7 +183,6 @@ func TestUploadMulti_FileServerDetected(t *testing.T) {
// TestUploadMulti_NoSitesParsed covers successfull parsing but 0 result hosts
func TestUploadMulti_NoSitesParsed(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
mockSvc := new(MockImporterService)
@@ -227,7 +224,6 @@ func TestUploadMulti_NoSitesParsed(t *testing.T) {
}
func TestUpload_ImportsDetectedNoImportableHosts(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
mockSvc := new(MockImporterService)
@@ -263,7 +259,6 @@ func TestUpload_ImportsDetectedNoImportableHosts(t *testing.T) {
}
func TestUploadMulti_RequiresMainCaddyfile(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
h := NewImportHandler(db, "caddy", t.TempDir(), "")
@@ -291,7 +286,6 @@ func TestUploadMulti_RequiresMainCaddyfile(t *testing.T) {
}
func TestUploadMulti_RejectsEmptyFileContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
h := NewImportHandler(db, "caddy", t.TempDir(), "")
@@ -319,7 +313,6 @@ func TestUploadMulti_RejectsEmptyFileContent(t *testing.T) {
}
func TestCommitAndCancel_InvalidSessionUUID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
tmpImport := t.TempDir()
@@ -352,7 +345,6 @@ func TestCommitAndCancel_InvalidSessionUUID(t *testing.T) {
}
func TestCancel_RemovesTransientUpload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupImportCoverageTestDB(t)
tmpImport := t.TempDir()
@@ -381,7 +373,6 @@ func TestCancel_RemovesTransientUpload(t *testing.T) {
}
func TestUpload_ReadOnlyDBRespondsWithPermissionError(t *testing.T) {
gin.SetMode(gin.TestMode)
roDB := setupReadOnlyImportDB(t)
mockSvc := new(MockImporterService)
@@ -414,7 +405,6 @@ func TestUpload_ReadOnlyDBRespondsWithPermissionError(t *testing.T) {
}
func TestUploadMulti_ReadOnlyDBRespondsWithPermissionError(t *testing.T) {
gin.SetMode(gin.TestMode)
roDB := setupReadOnlyImportDB(t)
mockSvc := new(MockImporterService)
@@ -448,7 +438,6 @@ func TestUploadMulti_ReadOnlyDBRespondsWithPermissionError(t *testing.T) {
}
func TestCommit_ReadOnlyDBSaveRespondsWithPermissionError(t *testing.T) {
gin.SetMode(gin.TestMode)
roDB := setupReadOnlyImportDB(t)
mockSvc := new(MockImporterService)
@@ -483,7 +472,6 @@ func TestCommit_ReadOnlyDBSaveRespondsWithPermissionError(t *testing.T) {
}
func TestCancel_ReadOnlyDBSaveRespondsWithPermissionError(t *testing.T) {
gin.SetMode(gin.TestMode)
tmp := t.TempDir()
dbPath := filepath.Join(tmp, "cancel_ro.db")

1
backend/internal/api/handlers/import_handler_sanitize_test.go
View File

@@ -17,7 +17,6 @@ import (
)
func TestImportUploadSanitizesFilename(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
// set up in-memory DB for handler
db := OpenTestDB(t)

19
backend/internal/api/handlers/import_handler_test.go
View File

@@ -136,7 +136,6 @@ func TestImportHandler_GetStatus_MountCommittedUnchanged(t *testing.T) {
handler, _, _ := setupTestHandler(t, tx)
handler.mountPath = mountPath
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -173,7 +172,6 @@ func TestImportHandler_GetStatus_MountModifiedAfterCommit(t *testing.T) {
handler, _, _ := setupTestHandler(t, tx)
handler.mountPath = mountPath
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -223,7 +221,6 @@ func TestUpload_NormalizationSuccess(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -272,7 +269,6 @@ func TestUpload_NormalizationFailure(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -313,7 +309,6 @@ func TestUpload_PathTraversalBlocked(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -354,7 +349,6 @@ func TestUploadMulti_ArchiveExtraction(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -400,7 +394,6 @@ func TestUploadMulti_ConflictDetection(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -439,7 +432,6 @@ func TestCommit_TransientToImport(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -484,7 +476,6 @@ func TestCommit_RollbackOnError(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -517,7 +508,6 @@ func TestDetectImports_EmptyCaddyfile(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -662,7 +652,6 @@ func TestImportHandler_Upload_NullByteInjection(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -689,7 +678,6 @@ func TestImportHandler_DetectImports_MalformedFile(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -835,7 +823,6 @@ func TestImportHandler_Upload_InvalidSessionPaths(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -860,7 +847,6 @@ func TestImportHandler_Commit_InvalidSessionUUID_BranchCoverage(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -893,7 +879,6 @@ func TestImportHandler_Upload_NoImportableHosts_WithImportsDetected(t *testing.T
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -925,7 +910,6 @@ func TestImportHandler_Upload_NoImportableHosts_NoImportsNoFileServer(t *testing
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -967,7 +951,6 @@ func TestImportHandler_Commit_OverwriteAndRenameFlows(t *testing.T) {
req.Header.Set("Content-Type", "application/json")
w := httptest.NewRecorder()
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -986,7 +969,6 @@ func TestImportHandler_Cancel_ValidationAndNotFound_BranchCoverage(t *testing.T)
testutil.WithTx(t, setupImportTestDB(t), func(tx *gorm.DB) {
handler, _, _ := setupTestHandler(t, tx)
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))
@@ -1021,7 +1003,6 @@ func TestImportHandler_Cancel_TransientUploadCancelled_BranchCoverage(t *testing
uploadPath := filepath.Join(uploadDir, sessionID+".caddyfile")
require.NoError(t, os.WriteFile(uploadPath, []byte("example.com { respond \"ok\" }"), 0o600))
gin.SetMode(gin.TestMode)
router := gin.New()
addAdminMiddleware(router)
handler.RegisterRoutes(router.Group("/api/v1"))

11
backend/internal/api/handlers/json_import_handler_test.go
View File

@@ -40,7 +40,6 @@ func TestJSONImportHandler_RegisterRoutes(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -60,7 +59,6 @@ func TestJSONImportHandler_Upload_CharonFormat(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -119,7 +117,6 @@ func TestJSONImportHandler_Upload_NPMFormatFallback(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -162,7 +159,6 @@ func TestJSONImportHandler_Upload_UnrecognizedFormat(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -188,7 +184,6 @@ func TestJSONImportHandler_Upload_InvalidJSON(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -208,7 +203,6 @@ func TestJSONImportHandler_Commit_CharonFormat(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -277,7 +271,6 @@ func TestJSONImportHandler_Commit_NPMFormatFallback(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -339,7 +332,6 @@ func TestJSONImportHandler_Commit_SessionNotFound(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -370,7 +362,6 @@ func TestJSONImportHandler_Cancel(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -459,7 +450,6 @@ func TestJSONImportHandler_ConflictDetection(t *testing.T) {
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -501,7 +491,6 @@ func TestJSONImportHandler_Cancel_RequiresValidJSONBody(t *testing.T) {
db := setupJSONTestDB(t)
handler := NewJSONImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)

7
backend/internal/api/handlers/logs_handler_coverage_test.go
View File

@@ -17,7 +17,6 @@ import (
)
func TestLogsHandler_Read_FilterBySearch(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -50,7 +49,6 @@ func TestLogsHandler_Read_FilterBySearch(t *testing.T) {
}
func TestLogsHandler_Read_FilterByHost(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -80,7 +78,6 @@ func TestLogsHandler_Read_FilterByHost(t *testing.T) {
}
func TestLogsHandler_Read_FilterByLevel(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -110,7 +107,6 @@ func TestLogsHandler_Read_FilterByLevel(t *testing.T) {
}
func TestLogsHandler_Read_FilterByStatus(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -140,7 +136,6 @@ func TestLogsHandler_Read_FilterByStatus(t *testing.T) {
}
func TestLogsHandler_Read_SortAsc(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -170,7 +165,6 @@ func TestLogsHandler_Read_SortAsc(t *testing.T) {
}
func TestLogsHandler_List_DirectoryIsFile(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")
@@ -197,7 +191,6 @@ func TestLogsHandler_List_DirectoryIsFile(t *testing.T) {
}
func TestLogsHandler_Download_TempFileError(t *testing.T) {
gin.SetMode(gin.TestMode)
tmpDir := t.TempDir()
dataDir := filepath.Join(tmpDir, "data")

2
backend/internal/api/handlers/logs_ws_test.go
View File

@@ -71,7 +71,6 @@ func TestUpgraderCheckOrigin(t *testing.T) {
}
func TestLogsWebSocketHandler_DeprecatedWrapperUpgradeFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
charonlogger.Init(false, io.Discard)
r := gin.New()
@@ -85,7 +84,6 @@ func TestLogsWebSocketHandler_DeprecatedWrapperUpgradeFailure(t *testing.T) {
}
func TestLogsWSHandler_StreamWithFiltersAndTracker(t *testing.T) {
gin.SetMode(gin.TestMode)
charonlogger.Init(false, io.Discard)
tracker := services.NewWebSocketTracker()

2
backend/internal/api/handlers/manual_challenge_handler_test.go
View File

@@ -82,7 +82,6 @@ func (m *mockDNSProviderServiceForChallenge) Get(ctx context.Context, id uint) (
}
func setupChallengeTestRouter() *gin.Engine {
gin.SetMode(gin.TestMode)
return gin.New()
}
@@ -507,7 +506,6 @@ func TestGetUserIDFromContext(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
c, _ := gin.CreateTestContext(httptest.NewRecorder())
if tt.value != nil {
c.Set("user_id", tt.value)

17
backend/internal/api/handlers/misc_coverage_test.go
View File

@@ -23,7 +23,6 @@ func setupDomainCoverageDB(t *testing.T) *gorm.DB {
}
func TestDomainHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupDomainCoverageDB(t)
h := NewDomainHandler(db, nil)
@@ -40,7 +39,6 @@ func TestDomainHandler_List_Error(t *testing.T) {
}
func TestDomainHandler_Create_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupDomainCoverageDB(t)
h := NewDomainHandler(db, nil)
@@ -55,7 +53,6 @@ func TestDomainHandler_Create_InvalidJSON(t *testing.T) {
}
func TestDomainHandler_Create_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupDomainCoverageDB(t)
h := NewDomainHandler(db, nil)
@@ -76,7 +73,6 @@ func TestDomainHandler_Create_DBError(t *testing.T) {
}
func TestDomainHandler_Delete_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupDomainCoverageDB(t)
h := NewDomainHandler(db, nil)
@@ -103,7 +99,6 @@ func setupRemoteServerCoverageDB(t *testing.T) *gorm.DB {
}
func TestRemoteServerHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -121,7 +116,6 @@ func TestRemoteServerHandler_List_Error(t *testing.T) {
}
func TestRemoteServerHandler_List_EnabledOnly(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -140,7 +134,6 @@ func TestRemoteServerHandler_List_EnabledOnly(t *testing.T) {
}
func TestRemoteServerHandler_Update_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -155,7 +148,6 @@ func TestRemoteServerHandler_Update_NotFound(t *testing.T) {
}
func TestRemoteServerHandler_Update_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -176,7 +168,6 @@ func TestRemoteServerHandler_Update_InvalidJSON(t *testing.T) {
}
func TestRemoteServerHandler_TestConnection_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -191,7 +182,6 @@ func TestRemoteServerHandler_TestConnection_NotFound(t *testing.T) {
}
func TestRemoteServerHandler_TestConnectionCustom_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -207,7 +197,6 @@ func TestRemoteServerHandler_TestConnectionCustom_InvalidJSON(t *testing.T) {
}
func TestRemoteServerHandler_TestConnectionCustom_Unreachable(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupRemoteServerCoverageDB(t)
svc := services.NewRemoteServerService(db)
h := NewRemoteServerHandler(svc, nil)
@@ -239,7 +228,6 @@ func setupUptimeCoverageDB(t *testing.T) *gorm.DB {
}
func TestUptimeHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)
@@ -257,7 +245,6 @@ func TestUptimeHandler_List_Error(t *testing.T) {
}
func TestUptimeHandler_GetHistory_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)
@@ -276,7 +263,6 @@ func TestUptimeHandler_GetHistory_Error(t *testing.T) {
}
func TestUptimeHandler_Update_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)
@@ -293,7 +279,6 @@ func TestUptimeHandler_Update_InvalidJSON(t *testing.T) {
}
func TestUptimeHandler_Sync_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)
@@ -311,7 +296,6 @@ func TestUptimeHandler_Sync_Error(t *testing.T) {
}
func TestUptimeHandler_Delete_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)
@@ -330,7 +314,6 @@ func TestUptimeHandler_Delete_Error(t *testing.T) {
}
func TestUptimeHandler_CheckMonitor_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUptimeCoverageDB(t)
svc := services.NewUptimeService(db, nil)
h := NewUptimeHandler(svc)

38
backend/internal/api/handlers/notification_coverage_test.go
View File

@@ -33,7 +33,6 @@ func setAdminContext(c *gin.Context) {
// Notification Handler Tests
func TestNotificationHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationHandler(svc)
@@ -55,7 +54,6 @@ func TestNotificationHandler_List_Error(t *testing.T) {
}
func TestNotificationHandler_List_UnreadOnly(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationHandler(svc)
@@ -75,7 +73,6 @@ func TestNotificationHandler_List_UnreadOnly(t *testing.T) {
}
func TestNotificationHandler_MarkAsRead_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationHandler(svc)
@@ -95,7 +92,6 @@ func TestNotificationHandler_MarkAsRead_Error(t *testing.T) {
}
func TestNotificationHandler_MarkAllAsRead_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationHandler(svc)
@@ -116,7 +112,6 @@ func TestNotificationHandler_MarkAllAsRead_Error(t *testing.T) {
// Notification Provider Handler Tests
func TestNotificationProviderHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -135,7 +130,6 @@ func TestNotificationProviderHandler_List_Error(t *testing.T) {
}
func TestNotificationProviderHandler_Create_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -152,7 +146,6 @@ func TestNotificationProviderHandler_Create_InvalidJSON(t *testing.T) {
}
func TestNotificationProviderHandler_Create_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -180,7 +173,6 @@ func TestNotificationProviderHandler_Create_DBError(t *testing.T) {
}
func TestNotificationProviderHandler_Create_InvalidTemplate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -206,7 +198,6 @@ func TestNotificationProviderHandler_Create_InvalidTemplate(t *testing.T) {
}
func TestNotificationProviderHandler_Update_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -224,7 +215,6 @@ func TestNotificationProviderHandler_Update_InvalidJSON(t *testing.T) {
}
func TestNotificationProviderHandler_Update_InvalidTemplate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -256,7 +246,6 @@ func TestNotificationProviderHandler_Update_InvalidTemplate(t *testing.T) {
}
func TestNotificationProviderHandler_Update_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -285,7 +274,6 @@ func TestNotificationProviderHandler_Update_DBError(t *testing.T) {
}
func TestNotificationProviderHandler_Delete_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -305,7 +293,6 @@ func TestNotificationProviderHandler_Delete_Error(t *testing.T) {
}
func TestNotificationProviderHandler_Test_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -322,7 +309,6 @@ func TestNotificationProviderHandler_Test_InvalidJSON(t *testing.T) {
}
func TestNotificationProviderHandler_Test_RejectsClientSuppliedGotifyToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -354,7 +340,6 @@ func TestNotificationProviderHandler_Test_RejectsClientSuppliedGotifyToken(t *te
}
func TestNotificationProviderHandler_Test_RejectsGotifyTokenWithWhitespace(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -499,7 +484,6 @@ func TestClassifyProviderTestFailure_SlackNoService(t *testing.T) {
}
func TestNotificationProviderHandler_Test_RejectsSlackTokenInTestRequest(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -530,7 +514,6 @@ func TestNotificationProviderHandler_Test_RejectsSlackTokenInTestRequest(t *test
}
func TestNotificationProviderHandler_Templates(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -548,7 +531,6 @@ func TestNotificationProviderHandler_Templates(t *testing.T) {
}
func TestNotificationProviderHandler_Preview_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -565,7 +547,6 @@ func TestNotificationProviderHandler_Preview_InvalidJSON(t *testing.T) {
}
func TestNotificationProviderHandler_Preview_WithData(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -591,7 +572,6 @@ func TestNotificationProviderHandler_Preview_WithData(t *testing.T) {
}
func TestNotificationProviderHandler_Preview_InvalidTemplate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -616,7 +596,6 @@ func TestNotificationProviderHandler_Preview_InvalidTemplate(t *testing.T) {
// Notification Template Handler Tests
func TestNotificationTemplateHandler_List_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -635,7 +614,6 @@ func TestNotificationTemplateHandler_List_Error(t *testing.T) {
}
func TestNotificationTemplateHandler_Create_BadJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -652,7 +630,6 @@ func TestNotificationTemplateHandler_Create_BadJSON(t *testing.T) {
}
func TestNotificationTemplateHandler_Create_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -678,7 +655,6 @@ func TestNotificationTemplateHandler_Create_DBError(t *testing.T) {
}
func TestNotificationTemplateHandler_Update_BadJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -696,7 +672,6 @@ func TestNotificationTemplateHandler_Update_BadJSON(t *testing.T) {
}
func TestNotificationTemplateHandler_Update_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -723,7 +698,6 @@ func TestNotificationTemplateHandler_Update_DBError(t *testing.T) {
}
func TestNotificationTemplateHandler_Delete_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -743,7 +717,6 @@ func TestNotificationTemplateHandler_Delete_Error(t *testing.T) {
}
func TestNotificationTemplateHandler_Preview_BadJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -760,7 +733,6 @@ func TestNotificationTemplateHandler_Preview_BadJSON(t *testing.T) {
}
func TestNotificationTemplateHandler_Preview_TemplateNotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -783,7 +755,6 @@ func TestNotificationTemplateHandler_Preview_TemplateNotFound(t *testing.T) {
}
func TestNotificationTemplateHandler_Preview_WithStoredTemplate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -815,7 +786,6 @@ func TestNotificationTemplateHandler_Preview_WithStoredTemplate(t *testing.T) {
}
func TestNotificationTemplateHandler_Preview_InvalidTemplate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationTemplateHandler(svc)
@@ -837,7 +807,6 @@ func TestNotificationTemplateHandler_Preview_InvalidTemplate(t *testing.T) {
}
func TestNotificationProviderHandler_Preview_TokenWriteOnly(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -861,7 +830,6 @@ func TestNotificationProviderHandler_Preview_TokenWriteOnly(t *testing.T) {
}
func TestNotificationProviderHandler_Update_TypeChangeRejected(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -895,7 +863,6 @@ func TestNotificationProviderHandler_Update_TypeChangeRejected(t *testing.T) {
}
func TestNotificationProviderHandler_Test_MissingProviderID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -918,7 +885,6 @@ func TestNotificationProviderHandler_Test_MissingProviderID(t *testing.T) {
}
func TestNotificationProviderHandler_Test_ProviderNotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -942,7 +908,6 @@ func TestNotificationProviderHandler_Test_ProviderNotFound(t *testing.T) {
}
func TestNotificationProviderHandler_Test_EmptyProviderURL(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -995,7 +960,6 @@ func TestIsProviderValidationError_Comprehensive(t *testing.T) {
}
func TestNotificationProviderHandler_Update_UnsupportedType(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -1028,7 +992,6 @@ func TestNotificationProviderHandler_Update_UnsupportedType(t *testing.T) {
}
func TestNotificationProviderHandler_Update_GotifyKeepsExistingToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)
@@ -1066,7 +1029,6 @@ func TestNotificationProviderHandler_Update_GotifyKeepsExistingToken(t *testing.
}
func TestNotificationProviderHandler_Test_ReadDBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationCoverageDB(t)
svc := services.NewNotificationService(db, nil)
h := NewNotificationProviderHandler(svc)

5
backend/internal/api/handlers/notification_handler_test.go
View File

@@ -29,7 +29,6 @@ func setupNotificationTestDB(t *testing.T) *gorm.DB {
}
func TestNotificationHandler_List(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationTestDB(t)
// Seed data
@@ -65,7 +64,6 @@ func TestNotificationHandler_List(t *testing.T) {
}
func TestNotificationHandler_MarkAsRead(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationTestDB(t)
// Seed data
@@ -89,7 +87,6 @@ func TestNotificationHandler_MarkAsRead(t *testing.T) {
}
func TestNotificationHandler_MarkAllAsRead(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationTestDB(t)
// Seed data
@@ -113,7 +110,6 @@ func TestNotificationHandler_MarkAllAsRead(t *testing.T) {
}
func TestNotificationHandler_MarkAllAsRead_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationTestDB(t)
service := services.NewNotificationService(db, nil)
handler := handlers.NewNotificationHandler(service)
@@ -132,7 +128,6 @@ func TestNotificationHandler_MarkAllAsRead_Error(t *testing.T) {
}
func TestNotificationHandler_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupNotificationTestDB(t)
service := services.NewNotificationService(db, nil)
handler := handlers.NewNotificationHandler(service)

7
backend/internal/api/handlers/notification_provider_blocker3_test.go
View File

@@ -17,7 +17,6 @@ import (
// TestBlocker3_CreateProviderValidationWithSecurityEvents verifies supported/unsupported provider handling with security events enabled.
func TestBlocker3_CreateProviderRejectsNonDiscordWithSecurityEvents(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -89,7 +88,6 @@ func TestBlocker3_CreateProviderRejectsNonDiscordWithSecurityEvents(t *testing.T
// TestBlocker3_CreateProviderAcceptsDiscordWithSecurityEvents tests that create accepts Discord providers with security events.
func TestBlocker3_CreateProviderAcceptsDiscordWithSecurityEvents(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -137,7 +135,6 @@ func TestBlocker3_CreateProviderAcceptsDiscordWithSecurityEvents(t *testing.T) {
// TestBlocker3_CreateProviderAcceptsNonDiscordWithoutSecurityEvents verifies webhook create without security events remains accepted.
func TestBlocker3_CreateProviderAcceptsNonDiscordWithoutSecurityEvents(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -182,7 +179,6 @@ func TestBlocker3_CreateProviderAcceptsNonDiscordWithoutSecurityEvents(t *testin
// TestBlocker3_UpdateProviderRejectsNonDiscordWithSecurityEvents verifies webhook update with security events is allowed in PR-1 scope.
func TestBlocker3_UpdateProviderRejectsNonDiscordWithSecurityEvents(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -238,7 +234,6 @@ func TestBlocker3_UpdateProviderRejectsNonDiscordWithSecurityEvents(t *testing.T
// TestBlocker3_UpdateProviderAcceptsDiscordWithSecurityEvents tests that update accepts Discord providers with security events.
func TestBlocker3_UpdateProviderAcceptsDiscordWithSecurityEvents(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -295,7 +290,6 @@ func TestBlocker3_UpdateProviderAcceptsDiscordWithSecurityEvents(t *testing.T) {
// TestBlocker3_MultipleSecurityEventsEnforcesDiscordOnly tests webhook remains accepted with security flags in PR-1 scope.
func TestBlocker3_MultipleSecurityEventsEnforcesDiscordOnly(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
@@ -352,7 +346,6 @@ func TestBlocker3_MultipleSecurityEventsEnforcesDiscordOnly(t *testing.T) {
// TestBlocker3_UpdateProvider_DatabaseError tests database error handling when fetching existing provider (lines 137-139).
func TestBlocker3_UpdateProvider_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
// Setup test database
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})

8
backend/internal/api/handlers/notification_provider_discord_only_test.go
View File

@@ -18,7 +18,6 @@ import (
// TestDiscordOnly_CreateRejectsNonDiscord verifies unsupported provider types are rejected while supported types are accepted.
func TestDiscordOnly_CreateRejectsNonDiscord(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -81,7 +80,6 @@ func TestDiscordOnly_CreateRejectsNonDiscord(t *testing.T) {
// TestDiscordOnly_CreateAcceptsDiscord tests that create accepts Discord providers.
func TestDiscordOnly_CreateAcceptsDiscord(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -115,7 +113,6 @@ func TestDiscordOnly_CreateAcceptsDiscord(t *testing.T) {
// TestDiscordOnly_UpdateRejectsTypeMutation tests that update blocks type mutation for deprecated providers.
func TestDiscordOnly_UpdateRejectsTypeMutation(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -169,7 +166,6 @@ func TestDiscordOnly_UpdateRejectsTypeMutation(t *testing.T) {
// TestDiscordOnly_UpdateRejectsEnable tests that update blocks enabling deprecated providers.
func TestDiscordOnly_UpdateRejectsEnable(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -217,7 +213,6 @@ func TestDiscordOnly_UpdateRejectsEnable(t *testing.T) {
// TestDiscordOnly_UpdateAllowsDisabledDeprecated tests that update allows updating disabled deprecated providers (except type/enable).
func TestDiscordOnly_UpdateAllowsDisabledDeprecated(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -265,7 +260,6 @@ func TestDiscordOnly_UpdateAllowsDisabledDeprecated(t *testing.T) {
// TestDiscordOnly_UpdateAcceptsDiscord tests that update accepts Discord provider updates.
func TestDiscordOnly_UpdateAcceptsDiscord(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -313,7 +307,6 @@ func TestDiscordOnly_UpdateAcceptsDiscord(t *testing.T) {
// TestDiscordOnly_DeleteAllowsDeprecated tests that delete works for deprecated providers.
func TestDiscordOnly_DeleteAllowsDeprecated(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)
@@ -405,7 +398,6 @@ func TestDiscordOnly_ErrorCodes(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
require.NoError(t, err)

2
backend/internal/api/handlers/notification_provider_patch_coverage_test.go
View File

@@ -36,7 +36,6 @@ func TestUpdate_BlockTypeMutationForNonDiscord(t *testing.T) {
service := services.NewNotificationService(db, nil)
handler := NewNotificationProviderHandler(service)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -88,7 +87,6 @@ func TestUpdate_AllowTypeMutationForDiscord(t *testing.T) {
service := services.NewNotificationService(db, nil)
handler := NewNotificationProviderHandler(service)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")

10
backend/internal/api/handlers/npm_import_handler_test.go
View File

@@ -39,7 +39,6 @@ func TestNPMImportHandler_RegisterRoutes(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -59,7 +58,6 @@ func TestNPMImportHandler_Upload_ValidNPMExport(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -121,7 +119,6 @@ func TestNPMImportHandler_Upload_EmptyExport(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -146,7 +143,6 @@ func TestNPMImportHandler_Upload_InvalidJSON(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -177,7 +173,6 @@ func TestNPMImportHandler_Upload_ConflictDetection(t *testing.T) {
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -219,7 +214,6 @@ func TestNPMImportHandler_Commit_CreateNew(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -288,7 +282,6 @@ func TestNPMImportHandler_Commit_SkipAction(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -351,7 +344,6 @@ func TestNPMImportHandler_Commit_SessionNotFound(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -382,7 +374,6 @@ func TestNPMImportHandler_Cancel(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)
@@ -457,7 +448,6 @@ func TestNPMImportHandler_Cancel_RequiresValidJSONBody(t *testing.T) {
db := setupNPMTestDB(t)
handler := NewNPMImportHandler(db)
gin.SetMode(gin.TestMode)
router := gin.New()
api := router.Group("/api/v1")
handler.RegisterRoutes(api)

28
backend/internal/api/handlers/plugin_handler_test.go
View File

@@ -32,7 +32,6 @@ func TestPluginHandler_NewPluginHandler(t *testing.T) {
}
func TestPluginHandler_ListPlugins(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -82,7 +81,6 @@ func TestPluginHandler_ListPlugins(t *testing.T) {
}
func TestPluginHandler_GetPlugin_InvalidID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -99,7 +97,6 @@ func TestPluginHandler_GetPlugin_InvalidID(t *testing.T) {
}
func TestPluginHandler_GetPlugin_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -116,7 +113,6 @@ func TestPluginHandler_GetPlugin_NotFound(t *testing.T) {
}
func TestPluginHandler_GetPlugin_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -152,7 +148,6 @@ func TestPluginHandler_GetPlugin_Success(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_InvalidID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -168,7 +163,6 @@ func TestPluginHandler_EnablePlugin_InvalidID(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -184,7 +178,6 @@ func TestPluginHandler_EnablePlugin_NotFound(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_AlreadyEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -212,7 +205,6 @@ func TestPluginHandler_EnablePlugin_AlreadyEnabled(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -245,7 +237,6 @@ func TestPluginHandler_EnablePlugin_Success(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_InvalidID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -261,7 +252,6 @@ func TestPluginHandler_DisablePlugin_InvalidID(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -277,7 +267,6 @@ func TestPluginHandler_DisablePlugin_NotFound(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_AlreadyDisabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -309,7 +298,6 @@ func TestPluginHandler_DisablePlugin_AlreadyDisabled(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_InUse(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -346,7 +334,6 @@ func TestPluginHandler_DisablePlugin_InUse(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -378,7 +365,6 @@ func TestPluginHandler_DisablePlugin_Success(t *testing.T) {
}
func TestPluginHandler_ReloadPlugins_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
pluginLoader := services.NewPluginLoaderService(db, "/nonexistent/plugins", nil)
handler := NewPluginHandler(db, pluginLoader)
@@ -397,7 +383,6 @@ func TestPluginHandler_ReloadPlugins_Success(t *testing.T) {
// TestPluginHandler_ListPlugins_WithBuiltInProviders tests listing when built-in providers are registered
func TestPluginHandler_ListPlugins_WithBuiltInProviders(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -502,7 +487,6 @@ func (m *mockDNSProvider) PollingInterval() time.Duration {
// =============================================================================
func TestPluginHandler_ListPlugins_ExternalLoadedPlugin(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -570,7 +554,6 @@ func TestPluginHandler_ListPlugins_ExternalLoadedPlugin(t *testing.T) {
}
func TestPluginHandler_GetPlugin_WithProvider(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -619,7 +602,6 @@ func TestPluginHandler_GetPlugin_WithProvider(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_WithLoadError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/nonexistent/plugins", nil)
@@ -663,7 +645,6 @@ func TestPluginHandler_EnablePlugin_WithLoadError(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_WithUnloadError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -698,7 +679,6 @@ func TestPluginHandler_DisablePlugin_WithUnloadError(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_MultipleProviders(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -741,7 +721,6 @@ func TestPluginHandler_DisablePlugin_MultipleProviders(t *testing.T) {
}
func TestPluginHandler_ReloadPlugins_WithErrors(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
// Create a regular file and use it as pluginDir to force os.ReadDir error deterministically.
@@ -763,7 +742,6 @@ func TestPluginHandler_ReloadPlugins_WithErrors(t *testing.T) {
}
func TestPluginHandler_ListPlugins_FailedPluginWithLoadedAt(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -813,7 +791,6 @@ func TestPluginHandler_ListPlugins_FailedPluginWithLoadedAt(t *testing.T) {
}
func TestPluginHandler_GetPlugin_WithLoadedAt(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -868,7 +845,6 @@ func TestPluginHandler_Count(t *testing.T) {
// TestPluginHandler_EnablePlugin_DBUpdateError tests DB error when updating plugin enabled status
func TestPluginHandler_EnablePlugin_DBUpdateError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -901,7 +877,6 @@ func TestPluginHandler_EnablePlugin_DBUpdateError(t *testing.T) {
// TestPluginHandler_DisablePlugin_DBUpdateError tests DB error when updating plugin disabled status
func TestPluginHandler_DisablePlugin_DBUpdateError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -934,7 +909,6 @@ func TestPluginHandler_DisablePlugin_DBUpdateError(t *testing.T) {
// TestPluginHandler_GetPlugin_DBInternalError tests DB internal error when getting a plugin
func TestPluginHandler_GetPlugin_DBInternalError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -968,7 +942,6 @@ func TestPluginHandler_GetPlugin_DBInternalError(t *testing.T) {
// TestPluginHandler_EnablePlugin_FirstDBLookupError tests DB error in first plugin lookup
func TestPluginHandler_EnablePlugin_FirstDBLookupError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -1002,7 +975,6 @@ func TestPluginHandler_EnablePlugin_FirstDBLookupError(t *testing.T) {
// TestPluginHandler_DisablePlugin_FirstDBLookupError tests DB error in first plugin lookup during disable
func TestPluginHandler_DisablePlugin_FirstDBLookupError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)

22
backend/internal/api/handlers/pr_coverage_test.go
View File

@@ -26,7 +26,6 @@ import (
// =============================================================================
func TestPluginHandler_EnablePlugin_DatabaseUpdateError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -58,7 +57,6 @@ func TestPluginHandler_EnablePlugin_DatabaseUpdateError(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_DatabaseUpdateError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -90,7 +88,6 @@ func TestPluginHandler_DisablePlugin_DatabaseUpdateError(t *testing.T) {
}
func TestPluginHandler_GetPlugin_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -122,7 +119,6 @@ func TestPluginHandler_GetPlugin_DatabaseError(t *testing.T) {
}
func TestPluginHandler_EnablePlugin_DatabaseFirstError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -144,7 +140,6 @@ func TestPluginHandler_EnablePlugin_DatabaseFirstError(t *testing.T) {
}
func TestPluginHandler_DisablePlugin_DatabaseFirstError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
pluginLoader := services.NewPluginLoaderService(db, "/tmp/plugins", nil)
@@ -170,7 +165,6 @@ func TestPluginHandler_DisablePlugin_DatabaseFirstError(t *testing.T) {
// =============================================================================
func TestEncryptionHandler_Validate_NonAdminAccess(t *testing.T) {
gin.SetMode(gin.TestMode)
currentKey, _ := crypto.GenerateNewKey()
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", currentKey))
@@ -192,7 +186,6 @@ func TestEncryptionHandler_Validate_NonAdminAccess(t *testing.T) {
}
func TestEncryptionHandler_GetHistory_PaginationBoundary(t *testing.T) {
gin.SetMode(gin.TestMode)
currentKey, _ := crypto.GenerateNewKey()
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", currentKey))
@@ -227,7 +220,6 @@ func TestEncryptionHandler_GetHistory_PaginationBoundary(t *testing.T) {
}
func TestEncryptionHandler_GetStatus_VersionInfo(t *testing.T) {
gin.SetMode(gin.TestMode)
currentKey, _ := crypto.GenerateNewKey()
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", currentKey))
@@ -261,7 +253,6 @@ func TestEncryptionHandler_GetStatus_VersionInfo(t *testing.T) {
// =============================================================================
func TestSettingsHandler_TestPublicURL_RoleNotExists(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
require.NoError(t, err)
@@ -282,7 +273,6 @@ func TestSettingsHandler_TestPublicURL_RoleNotExists(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_InvalidURLFormat(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
require.NoError(t, err)
@@ -306,7 +296,6 @@ func TestSettingsHandler_TestPublicURL_InvalidURLFormat(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_PrivateIPBlocked_Coverage(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
require.NoError(t, err)
@@ -335,7 +324,6 @@ func TestSettingsHandler_TestPublicURL_PrivateIPBlocked_Coverage(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_WithTrailingSlash(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
require.NoError(t, err)
@@ -363,7 +351,6 @@ func TestSettingsHandler_ValidatePublicURL_WithTrailingSlash(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_MissingScheme(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())), &gorm.Config{})
require.NoError(t, err)
@@ -395,7 +382,6 @@ func TestSettingsHandler_ValidatePublicURL_MissingScheme(t *testing.T) {
// =============================================================================
func TestAuditLogHandler_List_PaginationEdgeCases(t *testing.T) {
gin.SetMode(gin.TestMode)
dbPath := fmt.Sprintf("/tmp/test_audit_pagination_%d.db", time.Now().UnixNano())
t.Cleanup(func() { _ = os.Remove(dbPath) })
@@ -429,7 +415,6 @@ func TestAuditLogHandler_List_PaginationEdgeCases(t *testing.T) {
}
func TestAuditLogHandler_List_CategoryFilter(t *testing.T) {
gin.SetMode(gin.TestMode)
dbPath := fmt.Sprintf("/tmp/test_audit_category_%d.db", time.Now().UnixNano())
t.Cleanup(func() { _ = os.Remove(dbPath) })
@@ -467,7 +452,6 @@ func TestAuditLogHandler_List_CategoryFilter(t *testing.T) {
}
func TestAuditLogHandler_ListByProvider_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
dbPath := fmt.Sprintf("/tmp/test_audit_db_error_%d.db", time.Now().UnixNano())
t.Cleanup(func() { _ = os.Remove(dbPath) })
@@ -494,7 +478,6 @@ func TestAuditLogHandler_ListByProvider_DatabaseError(t *testing.T) {
}
func TestAuditLogHandler_ListByProvider_InvalidProviderID(t *testing.T) {
gin.SetMode(gin.TestMode)
dbPath := fmt.Sprintf("/tmp/test_audit_invalid_id_%d.db", time.Now().UnixNano())
t.Cleanup(func() { _ = os.Remove(dbPath) })
@@ -521,7 +504,6 @@ func TestAuditLogHandler_ListByProvider_InvalidProviderID(t *testing.T) {
// =============================================================================
func TestGetActorFromGinContext_InvalidUserIDType(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
var capturedActor string
@@ -547,7 +529,6 @@ func TestGetActorFromGinContext_InvalidUserIDType(t *testing.T) {
// =============================================================================
func TestIsAdmin_NonAdminRole(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(func(c *gin.Context) {
@@ -577,7 +558,6 @@ func setupCredentialHandlerTestWithCtx(t *testing.T) (*gin.Engine, *gorm.DB, *mo
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="))
t.Cleanup(func() { require.NoError(t, os.Unsetenv("CHARON_ENCRYPTION_KEY")) })
gin.SetMode(gin.TestMode)
router := gin.New()
dbName := fmt.Sprintf("file:%s?mode=memory&cache=shared&_journal_mode=WAL", t.Name())
@@ -679,7 +659,6 @@ func TestCredentialHandler_List_DatabaseClosed(t *testing.T) {
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", "MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY="))
defer func() { require.NoError(t, os.Unsetenv("CHARON_ENCRYPTION_KEY")) }()
gin.SetMode(gin.TestMode)
router := gin.New()
dbName := fmt.Sprintf("file:%s?mode=memory&cache=shared", t.Name())
@@ -820,7 +799,6 @@ func TestCredentialHandler_EnableMultiCredentials_BadProviderID(t *testing.T) {
// =============================================================================
func TestEncryptionHandler_Validate_AdminSuccess(t *testing.T) {
gin.SetMode(gin.TestMode)
currentKey, _ := crypto.GenerateNewKey()
require.NoError(t, os.Setenv("CHARON_ENCRYPTION_KEY", currentKey))

2
backend/internal/api/handlers/proxy_host_handler_update_test.go
View File

@@ -23,7 +23,6 @@ import (
// Uses a dedicated in-memory SQLite database with all required models migrated.
func setupUpdateTestRouter(t *testing.T) (*gin.Engine, *gorm.DB) {
t.Helper()
gin.SetMode(gin.TestMode)
dsn := "file:" + t.Name() + "?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})
@@ -951,7 +950,6 @@ func TestProxyHostUpdate_SecurityHeaderProfileID_SetToNull(t *testing.T) {
// (other than not found) during profile lookup returns a 500 Internal Server Error.
func TestBulkUpdateSecurityHeaders_DBError_NonNotFound(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
dsn := "file:" + t.Name() + "?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})

9
backend/internal/api/handlers/security_event_intake_test.go
View File

@@ -59,7 +59,6 @@ func TestSecurityEventIntakeAuthLocalhost(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -100,7 +99,6 @@ func TestSecurityEventIntakeAuthManagementCIDR(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -141,7 +139,6 @@ func TestSecurityEventIntakeAuthUnauthorizedIP(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -187,7 +184,6 @@ func TestSecurityEventIntakeAuthInvalidIP(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -246,7 +242,6 @@ func TestSecurityEventIntakeDispatchInvoked(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -315,7 +310,6 @@ func TestSecurityEventIntakeR6Intact(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
router := gin.New()
// Add auth middleware that sets user context
@@ -386,7 +380,6 @@ func TestSecurityEventIntakeDiscordOnly(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -431,7 +424,6 @@ func TestSecurityEventIntakeMalformedPayload(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -466,7 +458,6 @@ func TestSecurityEventIntakeIPv6Localhost(t *testing.T) {
managementCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)

6
backend/internal/api/handlers/security_geoip_endpoints_test.go
View File

@@ -15,7 +15,6 @@ import (
)
func TestSecurityHandler_GetGeoIPStatus_NotInitialized(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
r := gin.New()
@@ -34,7 +33,6 @@ func TestSecurityHandler_GetGeoIPStatus_NotInitialized(t *testing.T) {
}
func TestSecurityHandler_GetGeoIPStatus_Initialized_NotLoaded(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
h.SetGeoIPService(&services.GeoIPService{})
@@ -55,7 +53,6 @@ func TestSecurityHandler_GetGeoIPStatus_Initialized_NotLoaded(t *testing.T) {
}
func TestSecurityHandler_ReloadGeoIP_NotInitialized(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
r := gin.New()
@@ -73,7 +70,6 @@ func TestSecurityHandler_ReloadGeoIP_NotInitialized(t *testing.T) {
}
func TestSecurityHandler_ReloadGeoIP_LoadError(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
h.SetGeoIPService(&services.GeoIPService{}) // dbPath empty => Load() will error
@@ -94,7 +90,6 @@ func TestSecurityHandler_ReloadGeoIP_LoadError(t *testing.T) {
}
func TestSecurityHandler_LookupGeoIP_MissingIPAddress(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
r := gin.New()
@@ -115,7 +110,6 @@ func TestSecurityHandler_LookupGeoIP_MissingIPAddress(t *testing.T) {
}
func TestSecurityHandler_LookupGeoIP_ServiceUnavailable(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSecurityHandler(config.SecurityConfig{}, nil, nil)
h.SetGeoIPService(&services.GeoIPService{}) // present but not loaded

14
backend/internal/api/handlers/security_handler_audit_test.go
View File

@@ -56,7 +56,6 @@ func setupAuditTestDB(t *testing.T) *gorm.DB {
// =============================================================================
func TestSecurityHandler_GetStatus_SQLInjection(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Seed malicious setting keys that could be used in SQL injection
@@ -93,7 +92,6 @@ func TestSecurityHandler_GetStatus_SQLInjection(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_SQLInjection(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -140,7 +138,6 @@ func TestSecurityHandler_CreateDecision_SQLInjection(t *testing.T) {
// =============================================================================
func TestSecurityHandler_UpsertRuleSet_MassivePayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -176,7 +173,6 @@ func TestSecurityHandler_UpsertRuleSet_MassivePayload(t *testing.T) {
}
func TestSecurityHandler_UpsertRuleSet_EmptyName(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -208,7 +204,6 @@ func TestSecurityHandler_UpsertRuleSet_EmptyName(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_EmptyFields(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -250,7 +245,6 @@ func TestSecurityHandler_CreateDecision_EmptyFields(t *testing.T) {
// =============================================================================
func TestSecurityHandler_GetStatus_SettingsOverride(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Create SecurityConfig with all security features enabled (DB priority)
@@ -308,7 +302,6 @@ func TestSecurityHandler_GetStatus_SettingsOverride(t *testing.T) {
}
func TestSecurityHandler_GetStatus_DisabledViaSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Seed settings that disable everything
@@ -356,7 +349,6 @@ func TestSecurityHandler_GetStatus_DisabledViaSettings(t *testing.T) {
// =============================================================================
func TestSecurityAudit_DeleteRuleSet_InvalidID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -401,7 +393,6 @@ func TestSecurityAudit_DeleteRuleSet_InvalidID(t *testing.T) {
// =============================================================================
func TestSecurityHandler_UpsertRuleSet_XSSInContent(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -450,7 +441,6 @@ func TestSecurityHandler_UpsertRuleSet_XSSInContent(t *testing.T) {
// =============================================================================
func TestSecurityHandler_UpdateConfig_RateLimitBounds(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
cfg := config.SecurityConfig{}
@@ -512,7 +502,6 @@ func TestSecurityHandler_UpdateConfig_RateLimitBounds(t *testing.T) {
// =============================================================================
func TestSecurityHandler_GetStatus_NilDB(t *testing.T) {
gin.SetMode(gin.TestMode)
// Handler with nil DB should not panic
cfg := config.SecurityConfig{CerberusEnabled: true}
@@ -537,7 +526,6 @@ func TestSecurityHandler_GetStatus_NilDB(t *testing.T) {
// =============================================================================
func TestSecurityHandler_Enable_WithoutWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Create config without whitelist
@@ -564,7 +552,6 @@ func TestSecurityHandler_Enable_WithoutWhitelist(t *testing.T) {
}
func TestSecurityHandler_Disable_RequiresToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Create config with break-glass hash
@@ -592,7 +579,6 @@ func TestSecurityHandler_Disable_RequiresToken(t *testing.T) {
// =============================================================================
func TestSecurityHandler_GetStatus_CrowdSecModeValidation(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupAuditTestDB(t)
// Try to set invalid CrowdSec modes via settings

1
backend/internal/api/handlers/security_handler_authz_test.go
View File

@@ -15,7 +15,6 @@ import (
)
func TestSecurityHandler_MutatorsRequireAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityRuleSet{}, &models.SecurityDecision{}, &models.SecurityAudit{}))

1
backend/internal/api/handlers/security_handler_cache_test.go
View File

@@ -21,7 +21,6 @@ func (t *testCacheInvalidator) InvalidateCache() {
}
func TestSecurityHandler_ToggleSecurityModule_InvalidatesCache(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}))

9
backend/internal/api/handlers/security_handler_clean_test.go
View File

@@ -28,7 +28,6 @@ func setupTestDB(t *testing.T) *gorm.DB {
}
func TestSecurityHandler_GetStatus_Clean(t *testing.T) {
gin.SetMode(gin.TestMode)
// Basic disabled scenario
cfg := config.SecurityConfig{
@@ -54,7 +53,6 @@ func TestSecurityHandler_GetStatus_Clean(t *testing.T) {
}
func TestSecurityHandler_Cerberus_DBOverride(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// set DB to enable cerberus
@@ -80,7 +78,6 @@ func TestSecurityHandler_Cerberus_DBOverride(t *testing.T) {
}
func TestSecurityHandler_ACL_DBOverride(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// set DB to enable ACL (override config)
@@ -116,7 +113,6 @@ func TestSecurityHandler_ACL_DBOverride(t *testing.T) {
}
func TestSecurityHandler_GenerateBreakGlass_ReturnsToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
handler := NewSecurityHandler(config.SecurityConfig{}, db, nil)
router := gin.New()
@@ -139,7 +135,6 @@ func TestSecurityHandler_GenerateBreakGlass_ReturnsToken(t *testing.T) {
}
func TestSecurityHandler_ACL_DisabledWhenCerberusOff(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// set DB to enable ACL but disable Cerberus
@@ -171,7 +166,6 @@ func TestSecurityHandler_ACL_DisabledWhenCerberusOff(t *testing.T) {
}
func TestSecurityHandler_CrowdSec_Mode_DBOverride(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// set DB to configure crowdsec.mode to local
@@ -197,7 +191,6 @@ func TestSecurityHandler_CrowdSec_Mode_DBOverride(t *testing.T) {
}
func TestSecurityHandler_CrowdSec_ExternalMappedToDisabled_DBOverride(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// set DB to configure crowdsec.mode to external
if err := db.Create(&models.Setting{Key: "security.crowdsec.mode", Value: "unknown"}).Error; err != nil {
@@ -221,7 +214,6 @@ func TestSecurityHandler_CrowdSec_ExternalMappedToDisabled_DBOverride(t *testing
}
func TestSecurityHandler_ExternalModeMappedToDisabled(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.SecurityConfig{
CrowdSecMode: "unknown",
WAFMode: "disabled",
@@ -245,7 +237,6 @@ func TestSecurityHandler_ExternalModeMappedToDisabled(t *testing.T) {
}
func TestSecurityHandler_Enable_Disable_WithAdminWhitelistAndToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Add SecurityConfig with no admin whitelist - should refuse enable
sec := models.SecurityConfig{Name: "default", Enabled: false, AdminWhitelist: ""}

38
backend/internal/api/handlers/security_handler_coverage_test.go
View File

@@ -21,7 +21,6 @@ import (
// Tests for UpdateConfig handler to improve coverage (currently 46%)
func TestSecurityHandler_UpdateConfig_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityRuleSet{}, &models.SecurityDecision{}, &models.SecurityAudit{}))
@@ -53,7 +52,6 @@ func TestSecurityHandler_UpdateConfig_Success(t *testing.T) {
}
func TestSecurityHandler_UpdateConfig_DefaultName(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityRuleSet{}, &models.SecurityDecision{}, &models.SecurityAudit{}))
@@ -80,7 +78,6 @@ func TestSecurityHandler_UpdateConfig_DefaultName(t *testing.T) {
}
func TestSecurityHandler_UpdateConfig_InvalidPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -102,7 +99,6 @@ func TestSecurityHandler_UpdateConfig_InvalidPayload(t *testing.T) {
// Tests for GetConfig handler
func TestSecurityHandler_GetConfig_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -126,7 +122,6 @@ func TestSecurityHandler_GetConfig_Success(t *testing.T) {
}
func TestSecurityHandler_GetConfig_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -147,7 +142,6 @@ func TestSecurityHandler_GetConfig_NotFound(t *testing.T) {
// Tests for ListDecisions handler
func TestSecurityHandler_ListDecisions_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}))
@@ -172,7 +166,6 @@ func TestSecurityHandler_ListDecisions_Success(t *testing.T) {
}
func TestSecurityHandler_ListDecisions_WithLimit(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}))
@@ -199,7 +192,6 @@ func TestSecurityHandler_ListDecisions_WithLimit(t *testing.T) {
// Tests for CreateDecision handler
func TestSecurityHandler_CreateDecision_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}, &models.SecurityAudit{}))
@@ -228,7 +220,6 @@ func TestSecurityHandler_CreateDecision_Success(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_MissingIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}))
@@ -254,7 +245,6 @@ func TestSecurityHandler_CreateDecision_MissingIP(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_MissingAction(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}))
@@ -280,7 +270,6 @@ func TestSecurityHandler_CreateDecision_MissingAction(t *testing.T) {
}
func TestSecurityHandler_CreateDecision_InvalidPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityDecision{}))
@@ -302,7 +291,6 @@ func TestSecurityHandler_CreateDecision_InvalidPayload(t *testing.T) {
// Tests for ListRuleSets handler
func TestSecurityHandler_ListRuleSets_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -328,7 +316,6 @@ func TestSecurityHandler_ListRuleSets_Success(t *testing.T) {
// Tests for UpsertRuleSet handler
func TestSecurityHandler_UpsertRuleSet_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}, &models.SecurityAudit{}))
@@ -356,7 +343,6 @@ func TestSecurityHandler_UpsertRuleSet_Success(t *testing.T) {
}
func TestSecurityHandler_UpsertRuleSet_MissingName(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -383,7 +369,6 @@ func TestSecurityHandler_UpsertRuleSet_MissingName(t *testing.T) {
}
func TestSecurityHandler_UpsertRuleSet_InvalidPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -405,7 +390,6 @@ func TestSecurityHandler_UpsertRuleSet_InvalidPayload(t *testing.T) {
// Tests for DeleteRuleSet handler (currently 52%)
func TestSecurityHandler_DeleteRuleSet_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}, &models.SecurityAudit{}))
@@ -433,7 +417,6 @@ func TestSecurityHandler_DeleteRuleSet_Success(t *testing.T) {
}
func TestSecurityHandler_DeleteRuleSet_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -453,7 +436,6 @@ func TestSecurityHandler_DeleteRuleSet_NotFound(t *testing.T) {
}
func TestSecurityHandler_DeleteRuleSet_InvalidID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -473,7 +455,6 @@ func TestSecurityHandler_DeleteRuleSet_InvalidID(t *testing.T) {
}
func TestSecurityHandler_DeleteRuleSet_EmptyID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityRuleSet{}))
@@ -497,7 +478,6 @@ func TestSecurityHandler_DeleteRuleSet_EmptyID(t *testing.T) {
// Tests for Enable handler
func TestSecurityHandler_Enable_NoConfigNoWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -515,7 +495,6 @@ func TestSecurityHandler_Enable_NoConfigNoWhitelist(t *testing.T) {
}
func TestSecurityHandler_Enable_WithWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -537,7 +516,6 @@ func TestSecurityHandler_Enable_WithWhitelist(t *testing.T) {
}
func TestSecurityHandler_Enable_IPNotInWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -559,7 +537,6 @@ func TestSecurityHandler_Enable_IPNotInWhitelist(t *testing.T) {
}
func TestSecurityHandler_Enable_WithValidBreakGlassToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -600,7 +577,6 @@ func TestSecurityHandler_Enable_WithValidBreakGlassToken(t *testing.T) {
}
func TestSecurityHandler_Enable_WithInvalidBreakGlassToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -625,7 +601,6 @@ func TestSecurityHandler_Enable_WithInvalidBreakGlassToken(t *testing.T) {
// Tests for Disable handler (currently 44%)
func TestSecurityHandler_Disable_FromLocalhost(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -654,7 +629,6 @@ func TestSecurityHandler_Disable_FromLocalhost(t *testing.T) {
}
func TestSecurityHandler_Disable_FromRemoteWithToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -695,7 +669,6 @@ func TestSecurityHandler_Disable_FromRemoteWithToken(t *testing.T) {
}
func TestSecurityHandler_Disable_FromRemoteNoToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -719,7 +692,6 @@ func TestSecurityHandler_Disable_FromRemoteNoToken(t *testing.T) {
}
func TestSecurityHandler_Disable_FromRemoteInvalidToken(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -747,7 +719,6 @@ func TestSecurityHandler_Disable_FromRemoteInvalidToken(t *testing.T) {
// Tests for GenerateBreakGlass handler
func TestSecurityHandler_GenerateBreakGlass_NoConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -773,7 +744,6 @@ func TestSecurityHandler_GenerateBreakGlass_NoConfig(t *testing.T) {
// Test Enable with IPv6 localhost
func TestSecurityHandler_Disable_FromIPv6Localhost(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -798,7 +768,6 @@ func TestSecurityHandler_Disable_FromIPv6Localhost(t *testing.T) {
// Test Enable with CIDR whitelist matching
func TestSecurityHandler_Enable_WithCIDRWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -821,7 +790,6 @@ func TestSecurityHandler_Enable_WithCIDRWhitelist(t *testing.T) {
// Test Enable with exact IP in whitelist
func TestSecurityHandler_Enable_WithExactIPWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -843,7 +811,6 @@ func TestSecurityHandler_Enable_WithExactIPWhitelist(t *testing.T) {
}
func TestSecurityHandler_GetStatus_BackwardCompatibilityOverrides(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.Setting{}, &models.CaddyConfig{}))
@@ -887,7 +854,6 @@ func TestSecurityHandler_GetStatus_BackwardCompatibilityOverrides(t *testing.T)
}
func TestSecurityHandler_AddWAFExclusion_InvalidExistingJSONStillAdds(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
require.NoError(t, db.Create(&models.SecurityConfig{Name: "default", WAFExclusions: "{"}).Error)
@@ -910,7 +876,6 @@ func TestSecurityHandler_AddWAFExclusion_InvalidExistingJSONStillAdds(t *testing
}
func TestSecurityHandler_ToggleSecurityModule_SnapshotSettingsError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
@@ -935,7 +900,6 @@ func TestSecurityHandler_ToggleSecurityModule_SnapshotSettingsError(t *testing.T
}
func TestSecurityHandler_ToggleSecurityModule_SnapshotSecurityConfigError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
require.NoError(t, db.Exec("DROP TABLE security_configs").Error)
@@ -957,7 +921,6 @@ func TestSecurityHandler_ToggleSecurityModule_SnapshotSecurityConfigError(t *tes
}
func TestSecurityHandler_SnapshotAndRestoreHelpers(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
@@ -983,7 +946,6 @@ func TestSecurityHandler_SnapshotAndRestoreHelpers(t *testing.T) {
}
func TestSecurityHandler_DefaultSecurityConfigStateHelpers(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))

1
backend/internal/api/handlers/security_handler_fixed_test.go
View File

@@ -13,7 +13,6 @@ import (
)
func TestSecurityHandler_GetStatus_Fixed(t *testing.T) {
gin.SetMode(gin.TestMode)
tests := []struct {
name string

9
backend/internal/api/handlers/security_handler_settings_test.go
View File

@@ -21,7 +21,6 @@ import (
// reads WAF, Rate Limit, and CrowdSec enabled states from the settings table,
// overriding the static config values.
func TestSecurityHandler_GetStatus_RespectsSettingsTable(t *testing.T) {
gin.SetMode(gin.TestMode)
tests := []struct {
name string
@@ -167,7 +166,6 @@ func TestSecurityHandler_GetStatus_RespectsSettingsTable(t *testing.T) {
// TestSecurityHandler_GetStatus_WAFModeFromSettings verifies that WAF mode
// is properly reflected when enabled via settings.
func TestSecurityHandler_GetStatus_WAFModeFromSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}))
@@ -200,7 +198,6 @@ func TestSecurityHandler_GetStatus_WAFModeFromSettings(t *testing.T) {
// TestSecurityHandler_GetStatus_RateLimitModeFromSettings verifies that Rate Limit mode
// is properly reflected when enabled via settings.
func TestSecurityHandler_GetStatus_RateLimitModeFromSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}))
@@ -234,7 +231,6 @@ func TestSecurityHandler_GetStatus_RateLimitModeFromSettings(t *testing.T) {
}
func TestSecurityHandler_GetStatus_IncludesLatestConfigApplyState(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.CaddyConfig{}))
@@ -261,7 +257,6 @@ func TestSecurityHandler_GetStatus_IncludesLatestConfigApplyState(t *testing.T)
}
func TestSecurityHandler_PatchACL_RequiresAdminWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
require.NoError(t, db.Create(&models.SecurityConfig{Name: "default", AdminWhitelist: "192.0.2.1/32"}).Error)
@@ -283,7 +278,6 @@ func TestSecurityHandler_PatchACL_RequiresAdminWhitelist(t *testing.T) {
}
func TestSecurityHandler_PatchACL_AllowsWhitelistedIP(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDBWithMigrations(t)
require.NoError(t, db.Create(&models.SecurityConfig{Name: "default", AdminWhitelist: "203.0.113.0/24"}).Error)
@@ -315,7 +309,6 @@ func TestSecurityHandler_PatchACL_AllowsWhitelistedIP(t *testing.T) {
}
func TestSecurityHandler_PatchACL_SetsACLAndCerberusSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
dsn := "file:TestSecurityHandler_PatchACL_SetsACLAndCerberusSettings?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{})
@@ -352,7 +345,6 @@ func TestSecurityHandler_PatchACL_SetsACLAndCerberusSettings(t *testing.T) {
}
func TestSecurityHandler_EnsureSecurityConfigEnabled_CreatesWhenMissing(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
@@ -368,7 +360,6 @@ func TestSecurityHandler_EnsureSecurityConfigEnabled_CreatesWhenMissing(t *testi
}
func TestSecurityHandler_PatchACL_AllowsEmergencyBypass(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
require.NoError(t, db.Create(&models.SecurityConfig{Name: "default", AdminWhitelist: "192.0.2.1/32"}).Error)

26
backend/internal/api/handlers/security_handler_waf_test.go
View File

@@ -25,7 +25,6 @@ import (
// Tests for GetWAFExclusions handler
func TestSecurityHandler_GetWAFExclusions_Empty(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -46,7 +45,6 @@ func TestSecurityHandler_GetWAFExclusions_Empty(t *testing.T) {
}
func TestSecurityHandler_GetWAFExclusions_WithExclusions(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -77,7 +75,6 @@ func TestSecurityHandler_GetWAFExclusions_WithExclusions(t *testing.T) {
}
func TestSecurityHandler_GetWAFExclusions_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -104,7 +101,6 @@ func TestSecurityHandler_GetWAFExclusions_InvalidJSON(t *testing.T) {
// Tests for AddWAFExclusion handler
func TestSecurityHandler_AddWAFExclusion_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -138,7 +134,6 @@ func TestSecurityHandler_AddWAFExclusion_Success(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_WithTarget(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -172,7 +167,6 @@ func TestSecurityHandler_AddWAFExclusion_WithTarget(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_ToExistingConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -216,7 +210,6 @@ func TestSecurityHandler_AddWAFExclusion_ToExistingConfig(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_Duplicate(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -249,7 +242,6 @@ func TestSecurityHandler_AddWAFExclusion_Duplicate(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_DuplicateWithDifferentTarget(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -282,7 +274,6 @@ func TestSecurityHandler_AddWAFExclusion_DuplicateWithDifferentTarget(t *testing
}
func TestSecurityHandler_AddWAFExclusion_MissingRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -308,7 +299,6 @@ func TestSecurityHandler_AddWAFExclusion_MissingRuleID(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_InvalidRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -335,7 +325,6 @@ func TestSecurityHandler_AddWAFExclusion_InvalidRuleID(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_NegativeRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -361,7 +350,6 @@ func TestSecurityHandler_AddWAFExclusion_NegativeRuleID(t *testing.T) {
}
func TestSecurityHandler_AddWAFExclusion_InvalidPayload(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -383,7 +371,6 @@ func TestSecurityHandler_AddWAFExclusion_InvalidPayload(t *testing.T) {
// Tests for DeleteWAFExclusion handler
func TestSecurityHandler_DeleteWAFExclusion_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -423,7 +410,6 @@ func TestSecurityHandler_DeleteWAFExclusion_Success(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_WithTarget(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}, &models.SecurityAudit{}))
@@ -463,7 +449,6 @@ func TestSecurityHandler_DeleteWAFExclusion_WithTarget(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -488,7 +473,6 @@ func TestSecurityHandler_DeleteWAFExclusion_NotFound(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_NoConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -508,7 +492,6 @@ func TestSecurityHandler_DeleteWAFExclusion_NoConfig(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_InvalidRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -528,7 +511,6 @@ func TestSecurityHandler_DeleteWAFExclusion_InvalidRuleID(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_ZeroRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -548,7 +530,6 @@ func TestSecurityHandler_DeleteWAFExclusion_ZeroRuleID(t *testing.T) {
}
func TestSecurityHandler_DeleteWAFExclusion_NegativeRuleID(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -569,7 +550,6 @@ func TestSecurityHandler_DeleteWAFExclusion_NegativeRuleID(t *testing.T) {
// Integration test: Full WAF exclusion workflow
func TestSecurityHandler_WAFExclusion_FullWorkflow(t *testing.T) {
gin.SetMode(gin.TestMode)
// Create a temporary file-based SQLite database for complete isolation
// This avoids all the shared memory locking issues with in-memory databases
@@ -673,7 +653,6 @@ func TestSecurityHandler_WAFExclusion_FullWorkflow(t *testing.T) {
// Test WAFDisabled field on ProxyHost
func TestProxyHost_WAFDisabled_DefaultFalse(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.ProxyHost{}))
@@ -693,7 +672,6 @@ func TestProxyHost_WAFDisabled_DefaultFalse(t *testing.T) {
}
func TestProxyHost_WAFDisabled_SetTrue(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.ProxyHost{}))
@@ -715,7 +693,6 @@ func TestProxyHost_WAFDisabled_SetTrue(t *testing.T) {
// Test WAFParanoiaLevel field on SecurityConfig
func TestSecurityConfig_WAFParanoiaLevel_Default(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -733,7 +710,6 @@ func TestSecurityConfig_WAFParanoiaLevel_Default(t *testing.T) {
}
func TestSecurityConfig_WAFParanoiaLevel_CustomValue(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -752,7 +728,6 @@ func TestSecurityConfig_WAFParanoiaLevel_CustomValue(t *testing.T) {
// Test WAFExclusions field on SecurityConfig
func TestSecurityConfig_WAFExclusions_Empty(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))
@@ -769,7 +744,6 @@ func TestSecurityConfig_WAFExclusions_Empty(t *testing.T) {
}
func TestSecurityConfig_WAFExclusions_JSONArray(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.SecurityConfig{}))

7
backend/internal/api/handlers/security_headers_handler_test.go
View File

@@ -23,7 +23,6 @@ func setupSecurityHeadersTestRouter(t *testing.T) (*gin.Engine, *gorm.DB) {
err = db.AutoMigrate(&models.SecurityHeaderProfile{}, &models.ProxyHost{})
assert.NoError(t, err)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -638,7 +637,6 @@ func TestUpdateProfile_LookupDBError(t *testing.T) {
err = db.AutoMigrate(&models.SecurityHeaderProfile{}, &models.ProxyHost{})
assert.NoError(t, err)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -685,7 +683,6 @@ func TestDeleteProfile_LookupDBError(t *testing.T) {
err = db.AutoMigrate(&models.SecurityHeaderProfile{}, &models.ProxyHost{})
assert.NoError(t, err)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -716,7 +713,6 @@ func TestDeleteProfile_CountDBError(t *testing.T) {
}
db.Create(&profile)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -742,7 +738,6 @@ func TestDeleteProfile_DeleteDBError(t *testing.T) {
}
db.Create(&profile)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -852,7 +847,6 @@ func TestGetProfile_UUID_DBError_NonNotFound(t *testing.T) {
err = db.AutoMigrate(&models.SecurityHeaderProfile{}, &models.ProxyHost{})
assert.NoError(t, err)
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)
@@ -902,7 +896,6 @@ func TestUpdateProfile_SaveError(t *testing.T) {
db.Create(&profile)
profileID := profile.ID
gin.SetMode(gin.TestMode)
router := gin.New()
handler := NewSecurityHeadersHandler(db, nil)

10
backend/internal/api/handlers/security_notifications_compatibility_test.go
View File

@@ -67,7 +67,6 @@ func TestCompatibilityGET_ORAggregation(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -104,7 +103,6 @@ func TestCompatibilityGET_AllFalse(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -145,7 +143,6 @@ func TestCompatibilityGET_DisabledProvidersIgnored(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -182,7 +179,6 @@ func TestCompatibilityPUT_DeterministicTargetSet(t *testing.T) {
"security_rate_limit_enabled": true
}`)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
setAdminContext(c)
@@ -216,7 +212,6 @@ func TestCompatibilityPUT_CreatesManagedProviderIfNone(t *testing.T) {
"webhook_url": "https://example.com/webhook"
}`)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
setAdminContext(c)
@@ -259,7 +254,6 @@ func TestCompatibilityPUT_Idempotency(t *testing.T) {
}`)
// First PUT
gin.SetMode(gin.TestMode)
w1 := httptest.NewRecorder()
c1, _ := gin.CreateTestContext(w1)
setAdminContext(c1)
@@ -305,7 +299,6 @@ func TestCompatibilityPUT_WebhookMapping(t *testing.T) {
"webhook_url": "https://example.com/webhook"
}`)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
setAdminContext(c)
@@ -336,7 +329,6 @@ func TestCompatibilityPUT_MultipleDestinations422(t *testing.T) {
"discord_webhook_url": "https://discord.com/webhook"
}`)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
setAdminContext(c)
@@ -432,7 +424,6 @@ func TestCompatibilityPUT_MultipleManagedProviders_UpdatesAll(t *testing.T) {
"security_rate_limit_enabled": true
}`)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
setAdminContext(c)
@@ -547,7 +538,6 @@ func TestFeatureFlag_Disabled(t *testing.T) {
handler := NewSecurityNotificationHandler(service)
// GET should still work via compatibility path
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)

7
backend/internal/api/handlers/security_notifications_final_blockers_test.go
View File

@@ -31,7 +31,6 @@ func TestFinalBlocker1_DestinationAmbiguous_ZeroManagedProviders(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -67,7 +66,6 @@ func TestFinalBlocker1_DestinationAmbiguous_OneManagedProvider(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -112,7 +110,6 @@ func TestFinalBlocker1_DestinationAmbiguous_MultipleManagedProviders(t *testing.
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -201,7 +198,6 @@ func TestFinalBlocker3_SupportedProviderTypes_WebhookDiscordSlackGotifyOnly(t *t
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -240,7 +236,6 @@ func TestFinalBlocker3_SupportedProviderTypes_UnsupportedTypesIgnored(t *testing
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -277,7 +272,6 @@ func TestBlocker2_GETReturnsSecurityFields(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -320,7 +314,6 @@ func TestBlocker2_GotifyTokenNeverExposed_Legacy(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)

4
backend/internal/api/handlers/security_notifications_patch_coverage_test.go
View File

@@ -27,7 +27,6 @@ func TestDeprecatedGetSettings_HeadersSet(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/legacy/security", http.NoBody)
@@ -59,7 +58,6 @@ func TestHandleSecurityEvent_InvalidCIDRWarning(t *testing.T) {
invalidCIDRs,
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -98,7 +96,6 @@ func TestHandleSecurityEvent_SeveritySet(t *testing.T) {
[]string{},
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
@@ -159,7 +156,6 @@ func TestHandleSecurityEvent_DispatchError(t *testing.T) {
[]string{},
)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)

6
backend/internal/api/handlers/security_notifications_single_source_test.go
View File

@@ -60,7 +60,6 @@ func TestR2_ProviderSecurityEventsCrowdSecDecisions(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -103,7 +102,6 @@ func TestR2_ProviderSecurityEventsCrowdSecDecisionsORSemantics(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)
@@ -127,7 +125,6 @@ func TestR6_LegacySecuritySettingsWrite410Gone(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
// Test canonical endpoint: PUT /api/v1/notifications/settings/security
t.Run("CanonicalEndpoint", func(t *testing.T) {
@@ -206,7 +203,6 @@ func TestR6_LegacyWrite410GoneNoMutation(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
// Attempt PUT to canonical endpoint
reqBody := map[string]interface{}{
@@ -241,7 +237,6 @@ func TestProviderCRUD_SecurityEventsIncludeCrowdSec(t *testing.T) {
service := services.NewNotificationService(db, nil)
handler := NewNotificationProviderHandler(service)
gin.SetMode(gin.TestMode)
// Test CREATE
t.Run("CreatePersistsCrowdSec", func(t *testing.T) {
@@ -329,7 +324,6 @@ func TestR2_CompatibilityGETIncludesCrowdSec(t *testing.T) {
service := services.NewEnhancedSecurityNotificationService(db)
handler := NewSecurityNotificationHandler(service)
gin.SetMode(gin.TestMode)
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("GET", "/api/v1/notifications/settings/security", http.NoBody)

2
backend/internal/api/handlers/security_notifications_test.go
View File

@@ -21,7 +21,6 @@ import (
// TestHandleSecurityEvent_TimestampZero covers line 146
func TestHandleSecurityEvent_TimestampZero(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
assert.NoError(t, err)
@@ -76,7 +75,6 @@ func (m *mockFailingService) SendViaProviders(ctx context.Context, event models.
// TestHandleSecurityEvent_SendViaProvidersError covers lines 163-164
func TestHandleSecurityEvent_SendViaProvidersError(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
assert.NoError(t, err)

2
backend/internal/api/handlers/security_priority_test.go
View File

@@ -19,7 +19,6 @@ import (
// 2. SecurityConfig DB (middle)
// 3. Static config (lowest)
func TestSecurityHandler_Priority_SettingsOverSecurityConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
tests := []struct {
name string
@@ -112,7 +111,6 @@ func TestSecurityHandler_Priority_SettingsOverSecurityConfig(t *testing.T) {
// TestSecurityHandler_Priority_AllModules verifies priority system works for all security modules
func TestSecurityHandler_Priority_AllModules(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))

3
backend/internal/api/handlers/security_ratelimit_test.go
View File

@@ -14,7 +14,6 @@ import (
)
func TestSecurityHandler_GetRateLimitPresets(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.SecurityConfig{}
handler := NewSecurityHandler(cfg, nil, nil)
@@ -49,7 +48,6 @@ func TestSecurityHandler_GetRateLimitPresets(t *testing.T) {
}
func TestSecurityHandler_GetRateLimitPresets_StandardPreset(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.SecurityConfig{}
handler := NewSecurityHandler(cfg, nil, nil)
@@ -75,7 +73,6 @@ func TestSecurityHandler_GetRateLimitPresets_StandardPreset(t *testing.T) {
}
func TestSecurityHandler_GetRateLimitPresets_LoginPreset(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.SecurityConfig{}
handler := NewSecurityHandler(cfg, nil, nil)

2
backend/internal/api/handlers/security_toggles_test.go
View File

@@ -17,7 +17,6 @@ import (
)
func setupToggleTest(t *testing.T) (*SecurityHandler, *gorm.DB) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
@@ -213,7 +212,6 @@ func TestACLEnabledIfIPWhitelisted(t *testing.T) {
}
func TestSecurityToggles_RollbackSettingWhenApplyFails(t *testing.T) {
gin.SetMode(gin.TestMode)
db := OpenTestDB(t)
require.NoError(t, db.AutoMigrate(&models.Setting{}, &models.SecurityConfig{}))
require.NoError(t, db.Create(&models.SecurityConfig{Name: "default", Enabled: true}).Error)

59
backend/internal/api/handlers/settings_handler_test.go
View File

@@ -160,7 +160,6 @@ func newAdminRouter() *gin.Engine {
}
func TestSettingsHandler_GetSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
// Seed data
@@ -183,7 +182,6 @@ func TestSettingsHandler_GetSettings(t *testing.T) {
}
func TestSettingsHandler_GetSettings_MasksSensitiveValues(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
db.Create(&models.Setting{Key: "smtp_password", Value: "super-secret-password", Category: "smtp", Type: "string"})
@@ -208,7 +206,6 @@ func TestSettingsHandler_GetSettings_MasksSensitiveValues(t *testing.T) {
}
func TestSettingsHandler_GetSettings_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
// Close the database to force an error
@@ -231,7 +228,6 @@ func TestSettingsHandler_GetSettings_DatabaseError(t *testing.T) {
}
func TestSettingsHandler_UpdateSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -274,7 +270,6 @@ func TestSettingsHandler_UpdateSettings(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_SyncsAdminWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -301,7 +296,6 @@ func TestSettingsHandler_UpdateSetting_SyncsAdminWhitelist(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_EnablesCerberusWhenACLEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -343,7 +337,6 @@ func TestSettingsHandler_UpdateSetting_EnablesCerberusWhenACLEnabled(t *testing.
}
func TestSettingsHandler_UpdateSetting_SecurityKeyAppliesConfigSynchronously(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
mgr := &mockCaddyConfigManager{}
@@ -367,7 +360,6 @@ func TestSettingsHandler_UpdateSetting_SecurityKeyAppliesConfigSynchronously(t *
}
func TestSettingsHandler_UpdateSetting_SecurityKeyApplyFailureReturnsError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
mgr := &mockCaddyConfigManager{applyFunc: func(context.Context) error {
@@ -393,7 +385,6 @@ func TestSettingsHandler_UpdateSetting_SecurityKeyApplyFailureReturnsError(t *te
}
func TestSettingsHandler_UpdateSetting_NonAdminForbidden(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -416,7 +407,6 @@ func TestSettingsHandler_UpdateSetting_NonAdminForbidden(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_InvalidAdminWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -439,7 +429,6 @@ func TestSettingsHandler_UpdateSetting_InvalidAdminWhitelist(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_EmptyValueAccepted(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -466,7 +455,6 @@ func TestSettingsHandler_UpdateSetting_EmptyValueAccepted(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_MissingKeyRejected(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -488,7 +476,6 @@ func TestSettingsHandler_UpdateSetting_MissingKeyRejected(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_InvalidKeepaliveIdle(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -511,7 +498,6 @@ func TestSettingsHandler_UpdateSetting_InvalidKeepaliveIdle(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_ValidKeepaliveCount(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -540,7 +526,6 @@ func TestSettingsHandler_UpdateSetting_ValidKeepaliveCount(t *testing.T) {
}
func TestSettingsHandler_UpdateSetting_SecurityKeyInvalidatesCache(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
mgr := &mockCaddyConfigManager{}
@@ -566,7 +551,6 @@ func TestSettingsHandler_UpdateSetting_SecurityKeyInvalidatesCache(t *testing.T)
}
func TestSettingsHandler_PatchConfig_InvalidAdminWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -590,7 +574,6 @@ func TestSettingsHandler_PatchConfig_InvalidAdminWhitelist(t *testing.T) {
}
func TestSettingsHandler_PatchConfig_InvalidKeepaliveCount(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -614,7 +597,6 @@ func TestSettingsHandler_PatchConfig_InvalidKeepaliveCount(t *testing.T) {
}
func TestSettingsHandler_PatchConfig_ValidKeepaliveSettings(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -648,7 +630,6 @@ func TestSettingsHandler_PatchConfig_ValidKeepaliveSettings(t *testing.T) {
}
func TestSettingsHandler_PatchConfig_ReloadFailureReturns500(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
mgr := &mockCaddyConfigManager{applyFunc: func(context.Context) error {
@@ -678,7 +659,6 @@ func TestSettingsHandler_PatchConfig_ReloadFailureReturns500(t *testing.T) {
}
func TestSettingsHandler_PatchConfig_SyncsAdminWhitelist(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -710,7 +690,6 @@ func TestSettingsHandler_PatchConfig_SyncsAdminWhitelist(t *testing.T) {
}
func TestSettingsHandler_PatchConfig_EnablesCerberusWhenACLEnabled(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -749,7 +728,6 @@ func TestSettingsHandler_PatchConfig_EnablesCerberusWhenACLEnabled(t *testing.T)
}
func TestSettingsHandler_UpdateSetting_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -779,7 +757,6 @@ func TestSettingsHandler_UpdateSetting_DatabaseError(t *testing.T) {
}
func TestSettingsHandler_Errors(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -830,7 +807,6 @@ func setupSettingsHandlerWithMail(t *testing.T) (*handlers.SettingsHandler, *gor
}
func TestSettingsHandler_GetSMTPConfig(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
// Seed SMTP config
@@ -859,7 +835,6 @@ func TestSettingsHandler_GetSMTPConfig(t *testing.T) {
}
func TestSettingsHandler_GetSMTPConfig_Empty(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -877,7 +852,6 @@ func TestSettingsHandler_GetSMTPConfig_Empty(t *testing.T) {
}
func TestSettingsHandler_GetSMTPConfig_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
sqlDB, _ := db.DB()
_ = sqlDB.Close()
@@ -893,7 +867,6 @@ func TestSettingsHandler_GetSMTPConfig_DatabaseError(t *testing.T) {
}
func TestSettingsHandler_GetSMTPConfig_NonAdminForbidden(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := gin.New()
@@ -912,7 +885,6 @@ func TestSettingsHandler_GetSMTPConfig_NonAdminForbidden(t *testing.T) {
}
func TestSettingsHandler_UpdateSMTPConfig_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -938,7 +910,6 @@ func TestSettingsHandler_UpdateSMTPConfig_NonAdmin(t *testing.T) {
}
func TestSettingsHandler_UpdateSMTPConfig_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -957,7 +928,6 @@ func TestSettingsHandler_UpdateSMTPConfig_InvalidJSON(t *testing.T) {
}
func TestSettingsHandler_UpdateSMTPConfig_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -985,7 +955,6 @@ func TestSettingsHandler_UpdateSMTPConfig_Success(t *testing.T) {
}
func TestSettingsHandler_UpdateSMTPConfig_KeepExistingPassword(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
// Seed existing password
@@ -1025,7 +994,6 @@ func TestSettingsHandler_UpdateSMTPConfig_KeepExistingPassword(t *testing.T) {
}
func TestSettingsHandler_TestSMTPConfig_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1043,7 +1011,6 @@ func TestSettingsHandler_TestSMTPConfig_NonAdmin(t *testing.T) {
}
func TestSettingsHandler_TestSMTPConfig_NotConfigured(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1064,7 +1031,6 @@ func TestSettingsHandler_TestSMTPConfig_NotConfigured(t *testing.T) {
}
func TestSettingsHandler_TestSMTPConfig_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
host, port := startTestSMTPServer(t)
@@ -1093,7 +1059,6 @@ func TestSettingsHandler_TestSMTPConfig_Success(t *testing.T) {
}
func TestSettingsHandler_SendTestEmail_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1114,7 +1079,6 @@ func TestSettingsHandler_SendTestEmail_NonAdmin(t *testing.T) {
}
func TestSettingsHandler_SendTestEmail_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1133,7 +1097,6 @@ func TestSettingsHandler_SendTestEmail_InvalidJSON(t *testing.T) {
}
func TestSettingsHandler_SendTestEmail_NotConfigured(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1157,7 +1120,6 @@ func TestSettingsHandler_SendTestEmail_NotConfigured(t *testing.T) {
}
func TestSettingsHandler_SendTestEmail_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
host, port := startTestSMTPServer(t)
@@ -1199,7 +1161,6 @@ func TestMaskPassword(t *testing.T) {
// ============= URL Testing Tests =============
func TestSettingsHandler_ValidatePublicURL_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1220,7 +1181,6 @@ func TestSettingsHandler_ValidatePublicURL_NonAdmin(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_InvalidFormat(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1257,7 +1217,6 @@ func TestSettingsHandler_ValidatePublicURL_InvalidFormat(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1297,7 +1256,6 @@ func TestSettingsHandler_ValidatePublicURL_Success(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1318,7 +1276,6 @@ func TestSettingsHandler_TestPublicURL_NonAdmin(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_NoRole(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := gin.New()
@@ -1336,7 +1293,6 @@ func TestSettingsHandler_TestPublicURL_NoRole(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1355,7 +1311,6 @@ func TestSettingsHandler_TestPublicURL_InvalidJSON(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_InvalidURL(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1380,7 +1335,6 @@ func TestSettingsHandler_TestPublicURL_InvalidURL(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_PrivateIPBlocked(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1430,7 +1384,6 @@ func contains(s, substr string) bool {
}
func TestSettingsHandler_TestPublicURL_Success(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
// NOTE: Using a real public URL instead of httptest.NewServer() because
@@ -1464,7 +1417,6 @@ func TestSettingsHandler_TestPublicURL_Success(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_DNSFailure(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1493,7 +1445,6 @@ func TestSettingsHandler_TestPublicURL_DNSFailure(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_ConnectivityError(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1584,7 +1535,6 @@ func TestSettingsHandler_TestPublicURL_SSRFProtection(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1619,7 +1569,6 @@ func TestSettingsHandler_TestPublicURL_SSRFProtection(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_EmbeddedCredentials(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1647,7 +1596,6 @@ func TestSettingsHandler_TestPublicURL_EmbeddedCredentials(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_EmptyURL(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1679,7 +1627,6 @@ func TestSettingsHandler_TestPublicURL_EmptyURL(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_InvalidScheme(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1719,7 +1666,6 @@ func TestSettingsHandler_TestPublicURL_InvalidScheme(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1738,7 +1684,6 @@ func TestSettingsHandler_ValidatePublicURL_InvalidJSON(t *testing.T) {
}
func TestSettingsHandler_ValidatePublicURL_URLWithWarning(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1765,7 +1710,6 @@ func TestSettingsHandler_ValidatePublicURL_URLWithWarning(t *testing.T) {
}
func TestSettingsHandler_UpdateSMTPConfig_DatabaseError(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, db := setupSettingsHandlerWithMail(t)
// Close the database to force an error
@@ -1798,7 +1742,6 @@ func TestSettingsHandler_UpdateSMTPConfig_DatabaseError(t *testing.T) {
}
func TestSettingsHandler_TestPublicURL_IPv6LocalhostBlocked(t *testing.T) {
gin.SetMode(gin.TestMode)
handler, _ := setupSettingsHandlerWithMail(t)
router := newAdminRouter()
@@ -1829,7 +1772,6 @@ func TestSettingsHandler_TestPublicURL_IPv6LocalhostBlocked(t *testing.T) {
// the tag is present. Re-adding the tag would silently regress the CrowdSec enable
// flow (which sends value="" to clear the setting).
func TestUpdateSetting_EmptyValueIsAccepted(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)
@@ -1853,7 +1795,6 @@ func TestUpdateSetting_EmptyValueIsAccepted(t *testing.T) {
// from Value and not accidentally also from Key. A request with no "key" field must
// still return 400.
func TestUpdateSetting_MissingKeyRejected(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupSettingsTestDB(t)
handler := handlers.NewSettingsHandler(db)

1
backend/internal/api/handlers/system_handler_test.go
View File

@@ -44,7 +44,6 @@ func TestGetClientIPHeadersAndRemoteAddr(t *testing.T) {
}
func TestGetMyIPHandler(t *testing.T) {
gin.SetMode(gin.TestMode)
r := gin.New()
handler := NewSystemHandler()
r.GET("/myip", handler.GetMyIP)

11
backend/internal/api/handlers/system_permissions_handler_test.go
View File

@@ -47,7 +47,6 @@ func (stubPermissionChecker) Check(path, required string) util.PermissionCheck {
}
func TestSystemPermissionsHandler_GetPermissions_Admin(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.Config{
DatabasePath: "/app/data/charon.db",
@@ -81,7 +80,6 @@ func TestSystemPermissionsHandler_GetPermissions_Admin(t *testing.T) {
}
func TestSystemPermissionsHandler_GetPermissions_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
cfg := config.Config{}
h := NewSystemPermissionsHandler(cfg, nil, stubPermissionChecker{})
@@ -105,7 +103,6 @@ func TestSystemPermissionsHandler_RepairPermissions_NonRoot(t *testing.T) {
t.Skip("test requires non-root execution")
}
gin.SetMode(gin.TestMode)
cfg := config.Config{SingleContainer: true}
h := NewSystemPermissionsHandler(cfg, nil, stubPermissionChecker{})
@@ -213,7 +210,6 @@ func TestSystemPermissionsHandler_NewDefaultsCheckerToOSChecker(t *testing.T) {
}
func TestSystemPermissionsHandler_RepairPermissions_DisabledWhenNotSingleContainer(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSystemPermissionsHandler(config.Config{SingleContainer: false}, nil, stubPermissionChecker{})
@@ -236,7 +232,6 @@ func TestSystemPermissionsHandler_RepairPermissions_InvalidJSON(t *testing.T) {
t.Skip("test requires root execution")
}
gin.SetMode(gin.TestMode)
root := t.TempDir()
dataDir := filepath.Join(root, "data")
@@ -269,7 +264,6 @@ func TestSystemPermissionsHandler_RepairPermissions_Success(t *testing.T) {
t.Skip("test requires root execution")
}
gin.SetMode(gin.TestMode)
root := t.TempDir()
dataDir := filepath.Join(root, "data")
@@ -310,7 +304,6 @@ func TestSystemPermissionsHandler_RepairPermissions_Success(t *testing.T) {
}
func TestSystemPermissionsHandler_RepairPermissions_NonAdmin(t *testing.T) {
gin.SetMode(gin.TestMode)
h := NewSystemPermissionsHandler(config.Config{SingleContainer: true}, nil, stubPermissionChecker{})
@@ -330,7 +323,6 @@ func TestSystemPermissionsHandler_RepairPermissions_InvalidJSONWhenRoot(t *testi
t.Skip("test requires root execution")
}
gin.SetMode(gin.TestMode)
root := t.TempDir()
dataDir := filepath.Join(root, "data")
require.NoError(t, os.MkdirAll(dataDir, 0o750))
@@ -395,7 +387,6 @@ func TestSystemPermissionsHandler_IsWithinAllowlist_AllRelErrorsReturnFalse(t *t
}
func TestSystemPermissionsHandler_LogAudit_PersistsAuditWithUserID(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open("file::memory:?cache=shared"), &gorm.Config{})
require.NoError(t, err)
@@ -416,7 +407,6 @@ func TestSystemPermissionsHandler_LogAudit_PersistsAuditWithUserID(t *testing.T)
}
func TestSystemPermissionsHandler_LogAudit_PersistsAuditWithUnknownActor(t *testing.T) {
gin.SetMode(gin.TestMode)
db, err := gorm.Open(sqlite.Open("file::memory:?cache=shared"), &gorm.Config{})
require.NoError(t, err)
@@ -536,7 +526,6 @@ func TestSystemPermissionsHandler_RepairPermissions_InvalidRequestBody_Root(t *t
t.Skip("test requires root execution")
}
gin.SetMode(gin.TestMode)
tmp := t.TempDir()
dataDir := filepath.Join(tmp, "data")

1
backend/internal/api/handlers/system_permissions_wave6_test.go
View File

@@ -28,7 +28,6 @@ func TestSystemPermissionsWave6_RepairPermissions_NonRootBranchViaSeteuid(t *tes
require.NoError(t, restoreErr)
}()
gin.SetMode(gin.TestMode)
root := t.TempDir()
dataDir := filepath.Join(root, "data")

13
backend/internal/api/handlers/testmain_test.go Normal file
View File

@@ -0,0 +1,13 @@
package handlers
import (
"os"
"testing"
"github.com/gin-gonic/gin"
)
func TestMain(m *testing.M) {
gin.SetMode(gin.TestMode)
os.Exit(m.Run())
}

1
backend/internal/api/handlers/update_handler_test.go
View File

@@ -33,7 +33,6 @@ func TestUpdateHandler_Check(t *testing.T) {
h := NewUpdateHandler(svc)
// Setup Router
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/api/v1/update", h.Check)

1
backend/internal/api/handlers/uptime_monitor_initial_state_test.go
View File

@@ -19,7 +19,6 @@ import (
// Verifies that newly created monitors start in "pending" state, not "down"
func TestUptimeMonitorInitialStatePending(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
db := setupTestDB(t)
// Migrate UptimeMonitor model

14
backend/internal/api/handlers/user_handler_coverage_test.go
View File

@@ -21,7 +21,6 @@ func setupUserCoverageDB(t *testing.T) *gorm.DB {
}
func TestUserHandler_GetSetupStatus_Error(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -38,7 +37,6 @@ func TestUserHandler_GetSetupStatus_Error(t *testing.T) {
}
func TestUserHandler_Setup_CheckStatusError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -55,7 +53,6 @@ func TestUserHandler_Setup_CheckStatusError(t *testing.T) {
}
func TestUserHandler_Setup_AlreadyCompleted(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -74,7 +71,6 @@ func TestUserHandler_Setup_AlreadyCompleted(t *testing.T) {
}
func TestUserHandler_Setup_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -89,7 +85,6 @@ func TestUserHandler_Setup_InvalidJSON(t *testing.T) {
}
func TestUserHandler_RegenerateAPIKey_Unauthorized(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -103,7 +98,6 @@ func TestUserHandler_RegenerateAPIKey_Unauthorized(t *testing.T) {
}
func TestUserHandler_RegenerateAPIKey_DBError(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -121,7 +115,6 @@ func TestUserHandler_RegenerateAPIKey_DBError(t *testing.T) {
}
func TestUserHandler_GetProfile_Unauthorized(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -135,7 +128,6 @@ func TestUserHandler_GetProfile_Unauthorized(t *testing.T) {
}
func TestUserHandler_GetProfile_NotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -150,7 +142,6 @@ func TestUserHandler_GetProfile_NotFound(t *testing.T) {
}
func TestUserHandler_UpdateProfile_Unauthorized(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -164,7 +155,6 @@ func TestUserHandler_UpdateProfile_Unauthorized(t *testing.T) {
}
func TestUserHandler_UpdateProfile_InvalidJSON(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -180,7 +170,6 @@ func TestUserHandler_UpdateProfile_InvalidJSON(t *testing.T) {
}
func TestUserHandler_UpdateProfile_UserNotFound(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -201,7 +190,6 @@ func TestUserHandler_UpdateProfile_UserNotFound(t *testing.T) {
}
func TestUserHandler_UpdateProfile_EmailConflict(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -234,7 +222,6 @@ func TestUserHandler_UpdateProfile_EmailConflict(t *testing.T) {
}
func TestUserHandler_UpdateProfile_EmailChangeNoPassword(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)
@@ -261,7 +248,6 @@ func TestUserHandler_UpdateProfile_EmailChangeNoPassword(t *testing.T) {
}
func TestUserHandler_UpdateProfile_WrongPassword(t *testing.T) {
gin.SetMode(gin.TestMode)
db := setupUserCoverageDB(t)
h := NewUserHandler(db, nil)

92
backend/internal/api/handlers/user_handler_test.go
View File

@@ -76,7 +76,6 @@ func TestUserHandler_logUserAudit_NoOpBranches(t *testing.T) {
func TestUserHandler_GetSetupStatus(t *testing.T) {
handler, db := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/setup", handler.GetSetupStatus)
@@ -97,7 +96,6 @@ func TestUserHandler_GetSetupStatus(t *testing.T) {
func TestUserHandler_Setup(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/setup", handler.Setup)
@@ -133,7 +131,6 @@ func TestUserHandler_Setup(t *testing.T) {
func TestUserHandler_Setup_OneWayInvariant_ReentryRejectedAndSingleUser(t *testing.T) {
handler, db := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/setup", handler.Setup)
@@ -170,7 +167,6 @@ func TestUserHandler_Setup_OneWayInvariant_ReentryRejectedAndSingleUser(t *testi
func TestUserHandler_Setup_ConcurrentAttemptInvariant(t *testing.T) {
handler, db := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/setup", handler.Setup)
@@ -230,7 +226,6 @@ func TestUserHandler_Setup_ConcurrentAttemptInvariant(t *testing.T) {
func TestUserHandler_Setup_ResponseSecretEchoContract(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/setup", handler.Setup)
@@ -279,7 +274,6 @@ func TestUserHandler_GetProfile_SecretEchoContract(t *testing.T) {
}
require.NoError(t, db.Create(user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -321,7 +315,6 @@ func TestUserHandler_ListUsers_SecretEchoContract(t *testing.T) {
}
require.NoError(t, db.Create(user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -367,7 +360,6 @@ func TestUserHandler_RegenerateAPIKey(t *testing.T) {
user := &models.User{Email: "api@example.com"}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -402,7 +394,6 @@ func TestUserHandler_GetProfile(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -425,7 +416,6 @@ func TestUserHandler_GetProfile(t *testing.T) {
func TestUserHandler_RegisterRoutes(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
api := r.Group("/api")
handler.RegisterRoutes(api)
@@ -451,7 +441,6 @@ func TestUserHandler_RegisterRoutes(t *testing.T) {
func TestUserHandler_Errors(t *testing.T) {
handler, db := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
// Middleware to simulate missing userID
@@ -518,7 +507,6 @@ func TestUserHandler_UpdateProfile(t *testing.T) {
_ = user.SetPassword("password123")
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("userID", user.ID)
@@ -624,7 +612,6 @@ func TestUserHandler_UpdateProfile(t *testing.T) {
func TestUserHandler_UpdateProfile_Errors(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
// 1. Unauthorized (no userID)
@@ -668,7 +655,6 @@ func setupUserHandlerWithProxyHosts(t *testing.T) (*UserHandler, *gorm.DB) {
func TestUserHandler_ListUsers_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -692,7 +678,6 @@ func TestUserHandler_ListUsers_Admin(t *testing.T) {
db.Create(user1)
db.Create(user2)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -713,7 +698,6 @@ func TestUserHandler_ListUsers_Admin(t *testing.T) {
func TestUserHandler_CreateUser_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -737,7 +721,6 @@ func TestUserHandler_CreateUser_NonAdmin(t *testing.T) {
func TestUserHandler_CreateUser_Admin(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -767,7 +750,6 @@ func TestUserHandler_CreateUser_Admin(t *testing.T) {
func TestUserHandler_CreateUser_InvalidJSON(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -789,7 +771,6 @@ func TestUserHandler_CreateUser_DuplicateEmail(t *testing.T) {
existing := &models.User{UUID: uuid.NewString(), Email: "existing@example.com", Name: "Existing"}
db.Create(existing)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -817,7 +798,6 @@ func TestUserHandler_CreateUser_WithPermittedHosts(t *testing.T) {
host := &models.ProxyHost{Name: "Host 1", DomainNames: "host1.example.com", Enabled: true}
db.Create(host)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -843,7 +823,6 @@ func TestUserHandler_CreateUser_WithPermittedHosts(t *testing.T) {
func TestUserHandler_GetUser_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -860,7 +839,6 @@ func TestUserHandler_GetUser_NonAdmin(t *testing.T) {
func TestUserHandler_GetUser_InvalidID(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -877,7 +855,6 @@ func TestUserHandler_GetUser_InvalidID(t *testing.T) {
func TestUserHandler_GetUser_NotFound(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -898,7 +875,6 @@ func TestUserHandler_GetUser_Success(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "getuser@example.com", Name: "Get User"}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -920,7 +896,6 @@ func TestUserHandler_UpdateUser_NonAdmin(t *testing.T) {
target := &models.User{UUID: uuid.NewString(), Email: "target@example.com", Name: "Target", APIKey: uuid.NewString(), Role: models.RoleUser}
db.Create(target)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -941,7 +916,6 @@ func TestUserHandler_UpdateUser_NonAdmin(t *testing.T) {
func TestUserHandler_UpdateUser_InvalidID(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -967,7 +941,6 @@ func TestUserHandler_UpdateUser_InvalidJSON(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "toupdate@example.com", Name: "To Update", APIKey: uuid.NewString()}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -986,7 +959,6 @@ func TestUserHandler_UpdateUser_InvalidJSON(t *testing.T) {
func TestUserHandler_UpdateUser_NotFound(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1011,7 +983,6 @@ func TestUserHandler_UpdateUser_Success(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "update@example.com", Name: "Original", Role: models.RoleUser}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1048,7 +1019,6 @@ func TestUserHandler_UpdateUser_PasswordReset(t *testing.T) {
user.LockedUntil = &lockUntil
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1078,7 +1048,6 @@ func TestUserHandler_UpdateUser_PasswordReset(t *testing.T) {
func TestUserHandler_DeleteUser_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -1095,7 +1064,6 @@ func TestUserHandler_DeleteUser_NonAdmin(t *testing.T) {
func TestUserHandler_DeleteUser_InvalidID(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1112,7 +1080,6 @@ func TestUserHandler_DeleteUser_InvalidID(t *testing.T) {
func TestUserHandler_DeleteUser_NotFound(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1134,7 +1101,6 @@ func TestUserHandler_DeleteUser_Success(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "delete@example.com", Name: "Delete Me"}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1161,7 +1127,6 @@ func TestUserHandler_DeleteUser_CannotDeleteSelf(t *testing.T) {
user := &models.User{UUID: uuid.NewString(), Email: "self@example.com", Name: "Self"}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1179,7 +1144,6 @@ func TestUserHandler_DeleteUser_CannotDeleteSelf(t *testing.T) {
func TestUserHandler_UpdateUserPermissions_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -1199,7 +1163,6 @@ func TestUserHandler_UpdateUserPermissions_NonAdmin(t *testing.T) {
func TestUserHandler_UpdateUserPermissions_InvalidID(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1231,7 +1194,6 @@ func TestUserHandler_UpdateUserPermissions_InvalidJSON(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1249,7 +1211,6 @@ func TestUserHandler_UpdateUserPermissions_InvalidJSON(t *testing.T) {
func TestUserHandler_UpdateUserPermissions_NotFound(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1281,7 +1242,6 @@ func TestUserHandler_UpdateUserPermissions_Success(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1304,7 +1264,6 @@ func TestUserHandler_UpdateUserPermissions_Success(t *testing.T) {
func TestUserHandler_ValidateInvite_MissingToken(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/invite/validate", handler.ValidateInvite)
@@ -1317,7 +1276,6 @@ func TestUserHandler_ValidateInvite_MissingToken(t *testing.T) {
func TestUserHandler_ValidateInvite_InvalidToken(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/invite/validate", handler.ValidateInvite)
@@ -1342,7 +1300,6 @@ func TestUserHandler_ValidateInvite_ExpiredToken(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/invite/validate", handler.ValidateInvite)
@@ -1367,7 +1324,6 @@ func TestUserHandler_ValidateInvite_AlreadyAccepted(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/invite/validate", handler.ValidateInvite)
@@ -1392,7 +1348,6 @@ func TestUserHandler_ValidateInvite_Success(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.GET("/invite/validate", handler.ValidateInvite)
@@ -1409,7 +1364,6 @@ func TestUserHandler_ValidateInvite_Success(t *testing.T) {
func TestUserHandler_AcceptInvite_InvalidJSON(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/invite/accept", handler.AcceptInvite)
@@ -1423,7 +1377,6 @@ func TestUserHandler_AcceptInvite_InvalidJSON(t *testing.T) {
func TestUserHandler_AcceptInvite_InvalidToken(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/invite/accept", handler.AcceptInvite)
@@ -1455,7 +1408,6 @@ func TestUserHandler_AcceptInvite_Success(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/invite/accept", handler.AcceptInvite)
@@ -1498,7 +1450,6 @@ func TestGenerateSecureToken(t *testing.T) {
func TestUserHandler_InviteUser_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -1519,7 +1470,6 @@ func TestUserHandler_InviteUser_NonAdmin(t *testing.T) {
func TestUserHandler_InviteUser_InvalidJSON(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1547,7 +1497,6 @@ func TestUserHandler_InviteUser_DuplicateEmail(t *testing.T) {
}
db.Create(existingUser)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1578,7 +1527,6 @@ func TestUserHandler_InviteUser_Success(t *testing.T) {
}
db.Create(admin)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1639,7 +1587,6 @@ func TestUserHandler_InviteUser_WithPermittedHosts(t *testing.T) {
}
db.Create(host)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1696,7 +1643,6 @@ func TestUserHandler_InviteUser_WithSMTPConfigured(t *testing.T) {
// Reinitialize mail service to pick up new settings
handler.MailService = services.NewMailService(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1757,7 +1703,6 @@ func TestUserHandler_InviteUser_WithSMTPAndConfiguredPublicURL_IncludesInviteURL
handler.MailService = services.NewMailService(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1810,7 +1755,6 @@ func TestUserHandler_InviteUser_WithSMTPAndMalformedPublicURL_DoesNotExposeInvit
handler.MailService = services.NewMailService(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1866,7 +1810,6 @@ func TestUserHandler_InviteUser_WithSMTPConfigured_DefaultAppName(t *testing.T)
// Reinitialize mail service to pick up new settings
handler.MailService = services.NewMailService(db)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -1917,7 +1860,6 @@ func TestUserHandler_AcceptInvite_ExpiredToken(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/invite/accept", handler.AcceptInvite)
@@ -1949,7 +1891,6 @@ func TestUserHandler_AcceptInvite_AlreadyAccepted(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.POST("/invite/accept", handler.AcceptInvite)
@@ -1972,7 +1913,6 @@ func TestUserHandler_AcceptInvite_AlreadyAccepted(t *testing.T) {
// PreviewInviteURL Tests
func TestUserHandler_PreviewInviteURL_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -1993,7 +1933,6 @@ func TestUserHandler_PreviewInviteURL_NonAdmin(t *testing.T) {
func TestUserHandler_PreviewInviteURL_InvalidJSON(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2011,7 +1950,6 @@ func TestUserHandler_PreviewInviteURL_InvalidJSON(t *testing.T) {
func TestUserHandler_PreviewInviteURL_Success_Unconfigured(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2052,7 +1990,6 @@ func TestUserHandler_PreviewInviteURL_Success_Configured(t *testing.T) {
}
db.Create(publicURLSetting)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2145,7 +2082,6 @@ func TestUserHandler_UpdateUser_EmailConflict(t *testing.T) {
db.Create(user1)
db.Create(user2)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2172,7 +2108,6 @@ func TestUserHandler_UpdateUser_EmailConflict(t *testing.T) {
func TestUserHandler_CreateUser_EmailNormalization(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2212,7 +2147,6 @@ func TestUserHandler_InviteUser_EmailNormalization(t *testing.T) {
}
db.Create(admin)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2241,7 +2175,6 @@ func TestUserHandler_InviteUser_EmailNormalization(t *testing.T) {
func TestUserHandler_CreateUser_DefaultPermissionMode(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2281,7 +2214,6 @@ func TestUserHandler_InviteUser_DefaultPermissionMode(t *testing.T) {
}
db.Create(admin)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2310,7 +2242,6 @@ func TestUserHandler_InviteUser_DefaultPermissionMode(t *testing.T) {
func TestUserHandler_CreateUser_DefaultRole(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2350,7 +2281,6 @@ func TestUserHandler_InviteUser_DefaultRole(t *testing.T) {
}
db.Create(admin)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2382,7 +2312,6 @@ func TestUserHandler_InviteUser_DefaultRole(t *testing.T) {
// This prevents host header injection attacks (CodeQL go/email-injection remediation).
func TestUserHandler_PreviewInviteURL_Unconfigured_DoesNotUseRequestHost(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2417,7 +2346,6 @@ func TestUserHandler_PreviewInviteURL_Unconfigured_DoesNotUseRequestHost(t *test
func TestUserHandler_CreateUser_EmptyPermittedHosts(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2450,7 +2378,6 @@ func TestUserHandler_CreateUser_EmptyPermittedHosts(t *testing.T) {
func TestUserHandler_CreateUser_NonExistentPermittedHosts(t *testing.T) {
handler, db := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2484,7 +2411,6 @@ func TestUserHandler_CreateUser_NonExistentPermittedHosts(t *testing.T) {
func TestResendInvite_NonAdmin(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user")
@@ -2502,7 +2428,6 @@ func TestResendInvite_NonAdmin(t *testing.T) {
func TestResendInvite_InvalidID(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2520,7 +2445,6 @@ func TestResendInvite_InvalidID(t *testing.T) {
func TestResendInvite_UserNotFound(t *testing.T) {
handler, _ := setupUserHandlerWithProxyHosts(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2550,7 +2474,6 @@ func TestResendInvite_UserNotPending(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2583,7 +2506,6 @@ func TestResendInvite_Success(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2628,7 +2550,6 @@ func TestResendInvite_WithExpiredInvite(t *testing.T) {
}
db.Create(user)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2722,7 +2643,6 @@ func TestRedactInviteURL(t *testing.T) {
// --- Passthrough rejection tests ---
func setupPassthroughRouter(handler *UserHandler) *gin.Engine {
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", string(models.RolePassthrough))
@@ -2777,7 +2697,6 @@ func TestUserHandler_UpdateProfile_PassthroughRejected(t *testing.T) {
func TestUserHandler_CreateUser_InvalidRole(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2803,7 +2722,6 @@ func TestUserHandler_CreateUser_InvalidRole(t *testing.T) {
func TestUserHandler_InviteUser_InvalidRole(t *testing.T) {
handler, _ := setupUserHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2833,7 +2751,6 @@ func TestUserHandler_UpdateUser_MissingUserID(t *testing.T) {
user := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "target@example.com", Role: models.RoleUser, Enabled: true}
require.NoError(t, db.Create(&user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
// No userID set in context
r.Use(func(c *gin.Context) {
@@ -2858,7 +2775,6 @@ func TestUserHandler_UpdateUser_InvalidSessionType(t *testing.T) {
user := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "target2@example.com", Role: models.RoleUser, Enabled: true}
require.NoError(t, db.Create(&user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2885,7 +2801,6 @@ func TestUserHandler_UpdateUser_NonAdminSelfRoleChange(t *testing.T) {
user := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "self@example.com", Role: models.RoleUser, Enabled: true}
require.NoError(t, db.Create(&user).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "user") // non-admin
@@ -2912,7 +2827,6 @@ func TestUserHandler_UpdateUser_InvalidRole(t *testing.T) {
target := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "target3@example.com", Role: models.RoleUser, Enabled: true}
require.NoError(t, db.Create(&target).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2939,7 +2853,6 @@ func TestUserHandler_UpdateUser_SelfDemotion(t *testing.T) {
admin := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "admin@self.example.com", Role: models.RoleAdmin, Enabled: true}
require.NoError(t, db.Create(&admin).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2966,7 +2879,6 @@ func TestUserHandler_UpdateUser_SelfDisable(t *testing.T) {
disabled := false
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -2994,7 +2906,6 @@ func TestUserHandler_UpdateUser_LastAdminDemotion(t *testing.T) {
target := models.User{UUID: uuid.NewString(), APIKey: uuid.NewString(), Email: "last-admin@example.com", Role: models.RoleAdmin, Enabled: true}
require.NoError(t, db.Create(&target).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -3021,7 +2932,6 @@ func TestUserHandler_UpdateUser_LastAdminDisable(t *testing.T) {
disabled := false
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -3055,7 +2965,6 @@ func TestUserHandler_UpdateUser_WithSessionInvalidation(t *testing.T) {
handler := NewUserHandler(db, authSvc)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
@@ -3091,7 +3000,6 @@ func TestUserHandler_UpdateUser_SessionInvalidationError(t *testing.T) {
handler := NewUserHandler(mainDB, authSvc)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")

1
backend/internal/api/handlers/user_integration_test.go
View File

@@ -31,7 +31,6 @@ func TestUserLoginAfterEmailChange(t *testing.T) {
userHandler := NewUserHandler(db, nil)
// Setup Router
gin.SetMode(gin.TestMode)
r := gin.New()
// Register Routes

4
backend/internal/api/handlers/websocket_status_handler_test.go
View File

@@ -15,7 +15,6 @@ import (
)
func TestWebSocketStatusHandler_GetConnections(t *testing.T) {
gin.SetMode(gin.TestMode)
tracker := services.NewWebSocketTracker()
handler := NewWebSocketStatusHandler(tracker)
@@ -65,7 +64,6 @@ func TestWebSocketStatusHandler_GetConnections(t *testing.T) {
}
func TestWebSocketStatusHandler_GetConnectionsEmpty(t *testing.T) {
gin.SetMode(gin.TestMode)
tracker := services.NewWebSocketTracker()
handler := NewWebSocketStatusHandler(tracker)
@@ -92,7 +90,6 @@ func TestWebSocketStatusHandler_GetConnectionsEmpty(t *testing.T) {
}
func TestWebSocketStatusHandler_GetStats(t *testing.T) {
gin.SetMode(gin.TestMode)
tracker := services.NewWebSocketTracker()
handler := NewWebSocketStatusHandler(tracker)
@@ -141,7 +138,6 @@ func TestWebSocketStatusHandler_GetStats(t *testing.T) {
}
func TestWebSocketStatusHandler_GetStatsEmpty(t *testing.T) {
gin.SetMode(gin.TestMode)
tracker := services.NewWebSocketTracker()
handler := NewWebSocketStatusHandler(tracker)