580 lines
19 KiB
Go
580 lines
19 KiB
Go
package handlers
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/models"
|
|
"github.com/Wikid82/charon/backend/internal/services"
|
|
)
|
|
|
|
func TestCertificateHandler_List_DBError(t *testing.T) {
|
|
db := OpenTestDB(t)
|
|
// Don't migrate to cause error
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.GET("/api/certificates", h.List)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusInternalServerError, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_InvalidID(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/invalid", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_NotFound(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/9999", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusInternalServerError, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_NoBackupService(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
// Create certificate
|
|
cert := models.SSLCertificate{UUID: "test-cert-no-backup", Name: "no-backup-cert", Provider: "custom", Domains: "nobackup.example.com"}
|
|
db.Create(&cert)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
|
|
// No backup service
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/"+toStr(cert.ID), http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
// Should still succeed without backup service
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_CheckUsageDBError(t *testing.T) {
|
|
db := OpenTestDB(t)
|
|
// Only migrate SSLCertificate, not ProxyHost to cause error when checking usage
|
|
_ = db.AutoMigrate(&models.SSLCertificate{})
|
|
|
|
// Create certificate
|
|
cert := models.SSLCertificate{UUID: "test-cert-db-err", Name: "db-error-cert", Provider: "custom", Domains: "dberr.example.com"}
|
|
db.Create(&cert)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/"+toStr(cert.ID), http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusInternalServerError, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_List_WithCertificates(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
// Create certificates
|
|
db.Create(&models.SSLCertificate{UUID: "cert-1", Name: "Cert 1", Provider: "custom", Domains: "one.example.com"})
|
|
db.Create(&models.SSLCertificate{UUID: "cert-2", Name: "Cert 2", Provider: "custom", Domains: "two.example.com"})
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.GET("/api/certificates", h.List)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Contains(t, w.Body.String(), "Cert 1")
|
|
assert.Contains(t, w.Body.String(), "Cert 2")
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_ZeroID(t *testing.T) {
|
|
// Tests the ID=0 validation check (line 149-152 in certificate_handler.go)
|
|
// DELETE /api/certificates/0 should return 400 Bad Request
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/0", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
assert.Contains(t, w.Body.String(), "invalid id")
|
|
}
|
|
|
|
func TestCertificateHandler_DBSetupOrdering(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
var certTableCount int64
|
|
if err := db.Raw("SELECT count(*) FROM sqlite_master WHERE type='table' AND name = ?", "ssl_certificates").Scan(&certTableCount).Error; err != nil {
|
|
t.Fatalf("failed to verify ssl_certificates table: %v", err)
|
|
}
|
|
if certTableCount != 1 {
|
|
t.Fatalf("expected ssl_certificates table to exist before service initialization")
|
|
}
|
|
|
|
var proxyHostsTableCount int64
|
|
if err := db.Raw("SELECT count(*) FROM sqlite_master WHERE type='table' AND name = ?", "proxy_hosts").Scan(&proxyHostsTableCount).Error; err != nil {
|
|
t.Fatalf("failed to verify proxy_hosts table: %v", err)
|
|
}
|
|
if proxyHostsTableCount != 1 {
|
|
t.Fatalf("expected proxy_hosts table to exist before service initialization")
|
|
}
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.GET("/api/certificates", h.List)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
}
|
|
|
|
// --- Get handler tests ---
|
|
|
|
func TestCertificateHandler_Get_Success(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
expiry := time.Now().Add(30 * 24 * time.Hour)
|
|
db.Create(&models.SSLCertificate{UUID: "get-uuid-1", Name: "Get Test", Provider: "custom", Domains: "get.example.com", ExpiresAt: &expiry})
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.GET("/api/certificates/:uuid", h.Get)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates/get-uuid-1", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Contains(t, w.Body.String(), "get-uuid-1")
|
|
assert.Contains(t, w.Body.String(), "Get Test")
|
|
}
|
|
|
|
func TestCertificateHandler_Get_NotFound(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.GET("/api/certificates/:uuid", h.Get)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates/nonexistent-uuid", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Get_EmptyUUID(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
// Route with empty uuid param won't match, test the handler directly with blank uuid
|
|
r.GET("/api/certificates/", h.Get)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/certificates/", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
// Empty uuid should return 400 or 404 depending on router handling
|
|
assert.True(t, w.Code == http.StatusBadRequest || w.Code == http.StatusNotFound)
|
|
}
|
|
|
|
// --- SetDB test ---
|
|
|
|
func TestCertificateHandler_SetDB(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
assert.Nil(t, h.db)
|
|
|
|
h.SetDB(db)
|
|
assert.NotNil(t, h.db)
|
|
}
|
|
|
|
// --- Update handler tests ---
|
|
|
|
func TestCertificateHandler_Update_Success(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
expiry := time.Now().Add(30 * 24 * time.Hour)
|
|
db.Create(&models.SSLCertificate{UUID: "upd-uuid-1", Name: "Old Name", Provider: "custom", Domains: "update.example.com", ExpiresAt: &expiry})
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.PUT("/api/certificates/:uuid", h.Update)
|
|
|
|
body, _ := json.Marshal(map[string]string{"name": "New Name"})
|
|
req := httptest.NewRequest(http.MethodPut, "/api/certificates/upd-uuid-1", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Contains(t, w.Body.String(), "New Name")
|
|
}
|
|
|
|
func TestCertificateHandler_Update_NotFound(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.PUT("/api/certificates/:uuid", h.Update)
|
|
|
|
body, _ := json.Marshal(map[string]string{"name": "New Name"})
|
|
req := httptest.NewRequest(http.MethodPut, "/api/certificates/nonexistent-uuid", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Update_BadJSON(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.PUT("/api/certificates/:uuid", h.Update)
|
|
|
|
req := httptest.NewRequest(http.MethodPut, "/api/certificates/some-uuid", strings.NewReader("{invalid"))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Update_MissingName(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.PUT("/api/certificates/:uuid", h.Update)
|
|
|
|
body, _ := json.Marshal(map[string]string{})
|
|
req := httptest.NewRequest(http.MethodPut, "/api/certificates/some-uuid", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
// --- Validate handler tests ---
|
|
|
|
func TestCertificateHandler_Validate_Success(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/validate", h.Validate)
|
|
|
|
certPEM, keyPEM, err := generateSelfSignedCertPEM()
|
|
require.NoError(t, err)
|
|
|
|
var body bytes.Buffer
|
|
writer := multipart.NewWriter(&body)
|
|
part, _ := writer.CreateFormFile("certificate_file", "cert.pem")
|
|
_, _ = part.Write([]byte(certPEM))
|
|
part2, _ := writer.CreateFormFile("key_file", "key.pem")
|
|
_, _ = part2.Write([]byte(keyPEM))
|
|
_ = writer.Close()
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/validate", &body)
|
|
req.Header.Set("Content-Type", writer.FormDataContentType())
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Contains(t, w.Body.String(), "valid")
|
|
}
|
|
|
|
func TestCertificateHandler_Validate_NoCertFile(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/validate", h.Validate)
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/validate", strings.NewReader(""))
|
|
req.Header.Set("Content-Type", "multipart/form-data")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Validate_CertOnly(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/validate", h.Validate)
|
|
|
|
certPEM, _, err := generateSelfSignedCertPEM()
|
|
require.NoError(t, err)
|
|
|
|
var body bytes.Buffer
|
|
writer := multipart.NewWriter(&body)
|
|
part, _ := writer.CreateFormFile("certificate_file", "cert.pem")
|
|
_, _ = part.Write([]byte(certPEM))
|
|
_ = writer.Close()
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/validate", &body)
|
|
req.Header.Set("Content-Type", writer.FormDataContentType())
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
}
|
|
|
|
// --- Export handler tests ---
|
|
|
|
func TestCertificateHandler_Export_EmptyUUID(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
body, _ := json.Marshal(map[string]any{"format": "pem"})
|
|
// Use a route that provides :uuid param as empty would not match normal routing
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates//export", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
// Router won't match empty uuid, so 404 or redirect
|
|
assert.True(t, w.Code == http.StatusNotFound || w.Code == http.StatusMovedPermanently || w.Code == http.StatusBadRequest)
|
|
}
|
|
|
|
func TestCertificateHandler_Export_BadJSON(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/some-uuid/export", strings.NewReader("{bad"))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusBadRequest, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Export_NotFound(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
body, _ := json.Marshal(map[string]any{"format": "pem"})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/nonexistent-uuid/export", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Export_PEMSuccess(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
certPEM, _, err := generateSelfSignedCertPEM()
|
|
require.NoError(t, err)
|
|
|
|
cert := models.SSLCertificate{UUID: "export-uuid-1", Name: "Export Test", Provider: "custom", Domains: "export.example.com", Certificate: certPEM}
|
|
db.Create(&cert)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
tmpDir := t.TempDir()
|
|
svc := services.NewCertificateService(tmpDir, db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
body, _ := json.Marshal(map[string]any{"format": "pem"})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/export-uuid-1/export", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
assert.Contains(t, w.Header().Get("Content-Disposition"), "Export Test.pem")
|
|
}
|
|
|
|
func TestCertificateHandler_Export_IncludeKeyNoPassword(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
cert := models.SSLCertificate{UUID: "export-uuid-2", Name: "Key Test", Provider: "custom", Domains: "key.example.com"}
|
|
db.Create(&cert)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
body, _ := json.Marshal(map[string]any{"format": "pem", "include_key": true})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/export-uuid-2/export", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusForbidden, w.Code)
|
|
assert.Contains(t, w.Body.String(), "password required")
|
|
}
|
|
|
|
func TestCertificateHandler_Export_IncludeKeyNoDBSet(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
cert := models.SSLCertificate{UUID: "export-uuid-3", Name: "No DB Test", Provider: "custom", Domains: "nodb.example.com"}
|
|
db.Create(&cert)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
// h.db is nil - not set via SetDB
|
|
r.POST("/api/certificates/:uuid/export", h.Export)
|
|
|
|
body, _ := json.Marshal(map[string]any{"format": "pem", "include_key": true, "password": "test123"})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/certificates/export-uuid-3/export", bytes.NewBuffer(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusForbidden, w.Code)
|
|
assert.Contains(t, w.Body.String(), "authentication required")
|
|
}
|
|
|
|
// --- Delete via UUID path tests ---
|
|
|
|
func TestCertificateHandler_Delete_UUIDPath_NotFound(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
// Valid UUID format but does not exist
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/00000000-0000-0000-0000-000000000001", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusNotFound, w.Code)
|
|
}
|
|
|
|
func TestCertificateHandler_Delete_UUIDPath_InUse(t *testing.T) {
|
|
db := OpenTestDBWithMigrations(t)
|
|
cert := models.SSLCertificate{UUID: "11111111-1111-1111-1111-111111111111", Name: "InUse UUID", Provider: "custom", Domains: "uuid-inuse.example.com"}
|
|
db.Create(&cert)
|
|
|
|
ph := models.ProxyHost{UUID: "ph-uuid-del", Name: "Proxy", DomainNames: "uuid-inuse.example.com", ForwardHost: "localhost", ForwardPort: 8080, CertificateID: &cert.ID}
|
|
db.Create(&ph)
|
|
|
|
r := gin.New()
|
|
r.Use(mockAuthMiddleware())
|
|
svc := services.NewCertificateService("/tmp", db, nil)
|
|
h := NewCertificateHandler(svc, nil, nil)
|
|
r.DELETE("/api/certificates/:uuid", h.Delete)
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/certificates/11111111-1111-1111-1111-111111111111", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
r.ServeHTTP(w, req)
|
|
|
|
assert.Equal(t, http.StatusConflict, w.Code)
|
|
}
|
|
|
|
// --- sanitizeCertRef tests ---
|
|
|
|
func TestSanitizeCertRef(t *testing.T) {
|
|
assert.Equal(t, "00000000-0000-0000-0000-000000000001", sanitizeCertRef("00000000-0000-0000-0000-000000000001"))
|
|
assert.Equal(t, "123", sanitizeCertRef("123"))
|
|
assert.Equal(t, "[invalid-ref]", sanitizeCertRef("not-valid"))
|
|
assert.Equal(t, "0", sanitizeCertRef("0"))
|
|
}
|