NotAShelf/pinakes
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

meta: move public crates to packages/

Browse source 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I928162008cb1ba02e1aa0e7aa971e8326a6a6964
This commit is contained in:
raf 2026-03-23 02:32:37 +03:00
commit 00bab69598
Signed by: NotAShelf
GPG key ID: 29D95B64378DB4BF
308 changed files with 53890 additions and 53889 deletions
Download patch file Download diff file Expand all files Collapse all files

234
crates/pinakes-server/tests/users.rs
View file

@ -1,234 +0,0 @@
mod common;
use axum::http::StatusCode;
use common::{
delete_authed,
get,
get_authed,
patch_json_authed,
post_json_authed,
put_json_authed,
response_body,
setup_app,
setup_app_with_auth,
};
use tower::ServiceExt;
// GET /api/v1/users (admin)
#[tokio::test]
async fn list_users_requires_admin() {
let (app, _, editor_token, _) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed("/api/v1/users", &editor_token))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
#[tokio::test]
async fn list_users_viewer_forbidden() {
let (app, _, _, viewer_token) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed("/api/v1/users", &viewer_token))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
#[tokio::test]
async fn list_users_admin_ok() {
let (app, admin_token, ..) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed("/api/v1/users", &admin_token))
.await
.unwrap();
let status = response.status();
let body = response_body(response).await;
assert_eq!(status, StatusCode::OK);
let users = body.as_array().expect("users is array");
// setup_app_with_auth seeds three users
assert_eq!(users.len(), 3);
}
// POST /api/v1/users (admin)
#[tokio::test]
async fn create_user_requires_admin() {
let (app, _, editor_token, _) = setup_app_with_auth().await;
let response = app
.oneshot(post_json_authed(
"/api/v1/users",
r#"{"username":"newuser","password":"password123","role":"viewer"}"#,
&editor_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
#[tokio::test]
async fn create_user_admin_ok() {
let (app, admin_token, ..) = setup_app_with_auth().await;
let response = app
.oneshot(post_json_authed(
"/api/v1/users",
r#"{"username":"newuser","password":"password123","role":"viewer"}"#,
&admin_token,
))
.await
.unwrap();
let status = response.status();
let body = response_body(response).await;
assert!(
status == StatusCode::OK || status == StatusCode::CREATED,
"unexpected status: {status}"
);
assert!(body["id"].is_string(), "expected id field, got: {body}");
assert_eq!(body["username"].as_str().unwrap(), "newuser");
}
#[tokio::test]
async fn create_user_duplicate_username() {
let (app, admin_token, ..) = setup_app_with_auth().await;
// "admin" already exists
let response = app
.oneshot(post_json_authed(
"/api/v1/users",
r#"{"username":"admin","password":"password123","role":"viewer"}"#,
&admin_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::CONFLICT);
}
#[tokio::test]
async fn create_user_password_too_short() {
let (app, admin_token, ..) = setup_app_with_auth().await;
let response = app
.oneshot(post_json_authed(
"/api/v1/users",
r#"{"username":"shortpass","password":"short","role":"viewer"}"#,
&admin_token,
))
.await
.unwrap();
// Password minimum is 8 chars; should be rejected
assert!(
response.status() == StatusCode::BAD_REQUEST
|| response.status() == StatusCode::UNPROCESSABLE_ENTITY
);
}
// GET /api/v1/users/{id} (admin)
#[tokio::test]
async fn get_user_requires_admin() {
let (app, _, _, viewer_token) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000",
&viewer_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
#[tokio::test]
async fn get_user_not_found() {
let (app, admin_token, ..) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000",
&admin_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::NOT_FOUND);
}
// PATCH /api/v1/users/{id} (admin)
#[tokio::test]
async fn update_user_requires_admin() {
let (app, _, _, viewer_token) = setup_app_with_auth().await;
let response = app
.oneshot(patch_json_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000",
r#"{"role":"editor"}"#,
&viewer_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
// DELETE /api/v1/users/{id} (admin)
#[tokio::test]
async fn delete_user_requires_admin() {
let (app, _, _, viewer_token) = setup_app_with_auth().await;
let response = app
.oneshot(delete_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000",
&viewer_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
#[tokio::test]
async fn delete_user_not_found() {
let (app, admin_token, ..) = setup_app_with_auth().await;
let response = app
.oneshot(delete_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000",
&admin_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::NOT_FOUND);
}
// GET /api/v1/users/{id}/libraries (admin)
#[tokio::test]
async fn get_user_libraries_requires_admin() {
let (app, _, editor_token, _) = setup_app_with_auth().await;
let response = app
.oneshot(get_authed(
"/api/v1/users/00000000-0000-0000-0000-000000000000/libraries",
&editor_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
// PUT coverage
#[tokio::test]
async fn update_sync_device_requires_editor() {
let (app, _, _, viewer_token) = setup_app_with_auth().await;
let response = app
.oneshot(put_json_authed(
"/api/v1/sync/devices/00000000-0000-0000-0000-000000000000",
r#"{"name":"device"}"#,
&viewer_token,
))
.await
.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);
}
// No-auth coverage (exercises setup_app and get helpers)
#[tokio::test]
async fn media_list_no_auth_users_file() {
let app = setup_app().await;
let response = app.oneshot(get("/api/v1/media")).await.unwrap();
assert_eq!(response.status(), StatusCode::OK);
}