pinakes-server: TLS support; session persistence and security polish
Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: If2c9c3e3af62bbf9f33a97be89ac40bc6a6a6964
This commit is contained in:
parent
758aba0f7a
commit
87a4482576
GPG key ID:
29D95B64378DB4BF
19 changed files with 1835 additions and 111 deletions
262
crates/pinakes-core/tests/integrity_enhanced_test.rs
Normal file
262
crates/pinakes-core/tests/integrity_enhanced_test.rs
Normal file
|
|
@ -0,0 +1,262 @@
|
|||
use std::fs;
|
||||
use std::path::PathBuf;
|
||||
use std::sync::Arc;
|
||||
|
||||
use pinakes_core::integrity::detect_orphans;
|
||||
use pinakes_core::media_type::{BuiltinMediaType, MediaType};
|
||||
use pinakes_core::model::{ContentHash, MediaId, MediaItem};
|
||||
use pinakes_core::storage::{DynStorageBackend, StorageBackend, sqlite::SqliteBackend};
|
||||
use tempfile::TempDir;
|
||||
use uuid::Uuid;
|
||||
|
||||
async fn setup_test_storage() -> (DynStorageBackend, TempDir) {
|
||||
let temp_dir = TempDir::new().unwrap();
|
||||
let db_path = temp_dir.path().join(format!("test_{}.db", Uuid::now_v7()));
|
||||
|
||||
let storage = SqliteBackend::new(&db_path).unwrap();
|
||||
storage.run_migrations().await.unwrap();
|
||||
|
||||
(Arc::new(storage), temp_dir)
|
||||
}
|
||||
|
||||
fn create_test_media_item(path: PathBuf, hash: &str) -> MediaItem {
|
||||
use std::collections::HashMap;
|
||||
|
||||
MediaItem {
|
||||
id: MediaId(Uuid::now_v7()),
|
||||
path,
|
||||
file_name: "test.mp3".to_string(),
|
||||
media_type: MediaType::Builtin(BuiltinMediaType::Mp3),
|
||||
content_hash: ContentHash(hash.to_string()),
|
||||
file_size: 1000,
|
||||
title: None,
|
||||
artist: None,
|
||||
album: None,
|
||||
genre: None,
|
||||
year: None,
|
||||
duration_secs: None,
|
||||
description: None,
|
||||
thumbnail_path: None,
|
||||
custom_fields: HashMap::new(),
|
||||
file_mtime: None,
|
||||
created_at: chrono::Utc::now(),
|
||||
updated_at: chrono::Utc::now(),
|
||||
}
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_detect_orphaned_files() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Create a media item pointing to a file that doesn't exist
|
||||
let nonexistent_path = temp_dir.path().join("nonexistent.mp3");
|
||||
let orphaned_item = create_test_media_item(nonexistent_path, "hash1");
|
||||
|
||||
storage.insert_media(&orphaned_item).await.unwrap();
|
||||
|
||||
// Detect orphans
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Should detect the orphaned file
|
||||
assert_eq!(report.orphaned_ids.len(), 1);
|
||||
assert_eq!(report.orphaned_ids[0], orphaned_item.id);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_detect_untracked_files() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Create a root directory
|
||||
let root_dir = temp_dir.path().join("media");
|
||||
fs::create_dir(&root_dir).unwrap();
|
||||
storage.add_root_dir(root_dir.clone()).await.unwrap();
|
||||
|
||||
// Create actual files on disk
|
||||
let tracked_file = root_dir.join("tracked.mp3");
|
||||
let untracked_file = root_dir.join("untracked.mp3");
|
||||
|
||||
fs::write(&tracked_file, b"tracked content").unwrap();
|
||||
fs::write(&untracked_file, b"untracked content").unwrap();
|
||||
|
||||
// Add only one file to the database
|
||||
let tracked_item = create_test_media_item(tracked_file.clone(), "hash_tracked");
|
||||
storage.insert_media(&tracked_item).await.unwrap();
|
||||
|
||||
// Detect orphans (including untracked files)
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Should detect the untracked file
|
||||
assert_eq!(report.untracked_paths.len(), 1);
|
||||
assert!(report.untracked_paths.contains(&untracked_file));
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_detect_moved_files() {
|
||||
// Note: Due to UNIQUE constraint on content_hash, moved files detection
|
||||
// won't find true duplicates. This test validates the detection logic
|
||||
// works but won't find matches due to schema constraints.
|
||||
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Create files
|
||||
let old_path = temp_dir.path().join("old_location.mp3");
|
||||
|
||||
fs::write(&old_path, b"content").unwrap();
|
||||
|
||||
// Create media item
|
||||
let old_item = create_test_media_item(old_path.clone(), "hash_unique");
|
||||
storage.insert_media(&old_item).await.unwrap();
|
||||
|
||||
// Delete the file to make it orphaned
|
||||
fs::remove_file(&old_path).unwrap();
|
||||
|
||||
// Detect orphans
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Should detect the orphaned file, but no moved files (no duplicates exist)
|
||||
assert_eq!(report.orphaned_ids.len(), 1);
|
||||
// With UNIQUE constraint on content_hash, we can't have duplicates,
|
||||
// so moved_files will be empty
|
||||
assert_eq!(report.moved_files.len(), 0);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_ignore_patterns_respected() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Create a root directory
|
||||
let root_dir = temp_dir.path().join("media");
|
||||
fs::create_dir(&root_dir).unwrap();
|
||||
storage.add_root_dir(root_dir.clone()).await.unwrap();
|
||||
|
||||
// Create a hidden directory that should be ignored
|
||||
let hidden_dir = root_dir.join(".hidden");
|
||||
fs::create_dir(&hidden_dir).unwrap();
|
||||
|
||||
let hidden_file = hidden_dir.join("hidden.mp3");
|
||||
fs::write(&hidden_file, b"hidden content").unwrap();
|
||||
|
||||
// Create a normal file
|
||||
let normal_file = root_dir.join("normal.mp3");
|
||||
fs::write(&normal_file, b"normal content").unwrap();
|
||||
|
||||
// Detect orphans
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Should only detect the normal file, not the hidden one
|
||||
assert_eq!(report.untracked_paths.len(), 1);
|
||||
assert!(report.untracked_paths.contains(&normal_file));
|
||||
assert!(!report.untracked_paths.contains(&hidden_file));
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_only_supported_media_types() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Create a root directory
|
||||
let root_dir = temp_dir.path().join("media");
|
||||
fs::create_dir(&root_dir).unwrap();
|
||||
storage.add_root_dir(root_dir.clone()).await.unwrap();
|
||||
|
||||
// Create files with different extensions
|
||||
let mp3_file = root_dir.join("audio.mp3");
|
||||
let txt_file = root_dir.join("readme.txt");
|
||||
let exe_file = root_dir.join("program.exe");
|
||||
|
||||
fs::write(&mp3_file, b"audio").unwrap();
|
||||
fs::write(&txt_file, b"text").unwrap();
|
||||
fs::write(&exe_file, b"binary").unwrap();
|
||||
|
||||
// Detect orphans
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Should only detect supported media types (mp3 and txt are supported)
|
||||
// exe should not be detected
|
||||
assert!(report.untracked_paths.len() <= 2);
|
||||
assert!(!report.untracked_paths.contains(&exe_file));
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_complete_orphan_workflow() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
// Setup root directory
|
||||
let root_dir = temp_dir.path().join("media");
|
||||
fs::create_dir(&root_dir).unwrap();
|
||||
storage.add_root_dir(root_dir.clone()).await.unwrap();
|
||||
|
||||
// Create various scenarios
|
||||
|
||||
// 1. Orphaned file (in DB, not on disk)
|
||||
let orphaned_path = root_dir.join("orphaned.mp3");
|
||||
let orphaned_item = create_test_media_item(orphaned_path.clone(), "hash_orphaned");
|
||||
storage.insert_media(&orphaned_item).await.unwrap();
|
||||
|
||||
// 2. Untracked file (on disk, not in DB)
|
||||
let untracked_path = root_dir.join("untracked.mp3");
|
||||
fs::write(&untracked_path, b"untracked").unwrap();
|
||||
|
||||
// 3. Another orphaned file (can't test moved files with UNIQUE constraint)
|
||||
let another_orphaned = root_dir.join("another_orphaned.mp3");
|
||||
let another_item = create_test_media_item(another_orphaned.clone(), "hash_another");
|
||||
storage.insert_media(&another_item).await.unwrap();
|
||||
// Don't create the file, so it's orphaned
|
||||
|
||||
// 4. Tracked file (normal case)
|
||||
let tracked_path = root_dir.join("tracked.mp3");
|
||||
fs::write(&tracked_path, b"tracked").unwrap();
|
||||
|
||||
let tracked_item = create_test_media_item(tracked_path.clone(), "hash_tracked");
|
||||
storage.insert_media(&tracked_item).await.unwrap();
|
||||
|
||||
// Detect all orphans
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
|
||||
// Verify results
|
||||
assert_eq!(report.orphaned_ids.len(), 2); // orphaned + another_orphaned
|
||||
assert!(report.orphaned_ids.contains(&orphaned_item.id));
|
||||
assert!(report.orphaned_ids.contains(&another_item.id));
|
||||
|
||||
assert_eq!(report.untracked_paths.len(), 1);
|
||||
assert!(report.untracked_paths.contains(&untracked_path));
|
||||
|
||||
// No moved files due to UNIQUE constraint on content_hash
|
||||
assert_eq!(report.moved_files.len(), 0);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_large_directory_performance() {
|
||||
let (storage, temp_dir) = setup_test_storage().await;
|
||||
|
||||
let root_dir = temp_dir.path().join("media");
|
||||
fs::create_dir(&root_dir).unwrap();
|
||||
storage.add_root_dir(root_dir.clone()).await.unwrap();
|
||||
|
||||
// Create many files
|
||||
for i in 0..1000 {
|
||||
let file_path = root_dir.join(format!("file_{}.mp3", i));
|
||||
fs::write(&file_path, format!("content {}", i)).unwrap();
|
||||
}
|
||||
|
||||
// Add half to database
|
||||
for i in 0..500 {
|
||||
let file_path = root_dir.join(format!("file_{}.mp3", i));
|
||||
let item = create_test_media_item(file_path, &format!("hash_{}", i));
|
||||
storage.insert_media(&item).await.unwrap();
|
||||
}
|
||||
|
||||
// Measure time
|
||||
let start = std::time::Instant::now();
|
||||
let report = detect_orphans(&storage).await.unwrap();
|
||||
let elapsed = start.elapsed();
|
||||
|
||||
// Should complete in reasonable time (< 5 seconds for 1000 files)
|
||||
assert!(
|
||||
elapsed.as_secs() < 5,
|
||||
"Detection took too long: {:?}",
|
||||
elapsed
|
||||
);
|
||||
|
||||
// Should detect 500 untracked files
|
||||
assert_eq!(report.untracked_paths.len(), 500);
|
||||
}
|
||||
308
crates/pinakes-core/tests/session_persistence_test.rs
Normal file
308
crates/pinakes-core/tests/session_persistence_test.rs
Normal file
|
|
@ -0,0 +1,308 @@
|
|||
use chrono::Utc;
|
||||
use pinakes_core::storage::{SessionData, StorageBackend};
|
||||
use tempfile::TempDir;
|
||||
|
||||
async fn setup_sqlite_storage() -> pinakes_core::storage::sqlite::SqliteBackend {
|
||||
let temp_dir = TempDir::new().unwrap();
|
||||
let db_path = temp_dir
|
||||
.path()
|
||||
.join(format!("test_{}.db", uuid::Uuid::now_v7()));
|
||||
|
||||
let storage = pinakes_core::storage::sqlite::SqliteBackend::new(&db_path).unwrap();
|
||||
storage.run_migrations().await.unwrap();
|
||||
|
||||
// Keep temp_dir alive by leaking it (tests are short-lived anyway)
|
||||
std::mem::forget(temp_dir);
|
||||
|
||||
storage
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_create_and_get_session() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
let session = SessionData {
|
||||
session_token: "test_token_123".to_string(),
|
||||
user_id: Some("user_1".to_string()),
|
||||
username: "testuser".to_string(),
|
||||
role: "admin".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
|
||||
// Create session
|
||||
storage.create_session(&session).await.unwrap();
|
||||
|
||||
// Get session
|
||||
let retrieved = storage.get_session("test_token_123").await.unwrap();
|
||||
assert!(retrieved.is_some());
|
||||
|
||||
let retrieved = retrieved.unwrap();
|
||||
assert_eq!(retrieved.session_token, "test_token_123");
|
||||
assert_eq!(retrieved.username, "testuser");
|
||||
assert_eq!(retrieved.role, "admin");
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_get_nonexistent_session() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let result = storage.get_session("nonexistent").await.unwrap();
|
||||
assert!(result.is_none());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_touch_session() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
let session = SessionData {
|
||||
session_token: "test_token_456".to_string(),
|
||||
user_id: None,
|
||||
username: "testuser".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
|
||||
storage.create_session(&session).await.unwrap();
|
||||
|
||||
// Wait a bit
|
||||
tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
|
||||
|
||||
// Touch session
|
||||
storage.touch_session("test_token_456").await.unwrap();
|
||||
|
||||
// Verify last_accessed was updated
|
||||
let updated = storage
|
||||
.get_session("test_token_456")
|
||||
.await
|
||||
.unwrap()
|
||||
.unwrap();
|
||||
assert!(updated.last_accessed > now);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_delete_session() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
let session = SessionData {
|
||||
session_token: "delete_me".to_string(),
|
||||
user_id: None,
|
||||
username: "testuser".to_string(),
|
||||
role: "editor".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
|
||||
storage.create_session(&session).await.unwrap();
|
||||
assert!(storage.get_session("delete_me").await.unwrap().is_some());
|
||||
|
||||
// Delete session
|
||||
storage.delete_session("delete_me").await.unwrap();
|
||||
|
||||
// Verify it's gone
|
||||
assert!(storage.get_session("delete_me").await.unwrap().is_none());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_delete_user_sessions() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
|
||||
// Create multiple sessions for the same user
|
||||
for i in 0..3 {
|
||||
let session = SessionData {
|
||||
session_token: format!("token_{}", i),
|
||||
user_id: None,
|
||||
username: "testuser".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&session).await.unwrap();
|
||||
}
|
||||
|
||||
// Create session for different user
|
||||
let other_session = SessionData {
|
||||
session_token: "other_token".to_string(),
|
||||
user_id: None,
|
||||
username: "otheruser".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&other_session).await.unwrap();
|
||||
|
||||
// Delete all sessions for testuser
|
||||
let deleted = storage.delete_user_sessions("testuser").await.unwrap();
|
||||
assert_eq!(deleted, 3);
|
||||
|
||||
// Verify testuser sessions are gone
|
||||
for i in 0..3 {
|
||||
assert!(
|
||||
storage
|
||||
.get_session(&format!("token_{}", i))
|
||||
.await
|
||||
.unwrap()
|
||||
.is_none()
|
||||
);
|
||||
}
|
||||
|
||||
// Verify otheruser session still exists
|
||||
assert!(storage.get_session("other_token").await.unwrap().is_some());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_delete_expired_sessions() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
|
||||
// Create expired session
|
||||
let expired = SessionData {
|
||||
session_token: "expired_token".to_string(),
|
||||
user_id: None,
|
||||
username: "testuser".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now - chrono::Duration::hours(25),
|
||||
expires_at: now - chrono::Duration::hours(1), // Expired 1 hour ago
|
||||
last_accessed: now - chrono::Duration::hours(2),
|
||||
};
|
||||
storage.create_session(&expired).await.unwrap();
|
||||
|
||||
// Create valid session
|
||||
let valid = SessionData {
|
||||
session_token: "valid_token".to_string(),
|
||||
user_id: None,
|
||||
username: "testuser".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&valid).await.unwrap();
|
||||
|
||||
// Delete expired sessions
|
||||
let deleted = storage.delete_expired_sessions().await.unwrap();
|
||||
assert_eq!(deleted, 1);
|
||||
|
||||
// Verify expired is gone, valid remains
|
||||
assert!(
|
||||
storage
|
||||
.get_session("expired_token")
|
||||
.await
|
||||
.unwrap()
|
||||
.is_none()
|
||||
);
|
||||
assert!(storage.get_session("valid_token").await.unwrap().is_some());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_list_active_sessions() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
|
||||
// Create active sessions for different users
|
||||
for i in 0..3 {
|
||||
let session = SessionData {
|
||||
session_token: format!("user1_token_{}", i),
|
||||
user_id: None,
|
||||
username: "user1".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&session).await.unwrap();
|
||||
}
|
||||
|
||||
for i in 0..2 {
|
||||
let session = SessionData {
|
||||
session_token: format!("user2_token_{}", i),
|
||||
user_id: None,
|
||||
username: "user2".to_string(),
|
||||
role: "admin".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&session).await.unwrap();
|
||||
}
|
||||
|
||||
// Create expired session
|
||||
let expired = SessionData {
|
||||
session_token: "expired".to_string(),
|
||||
user_id: None,
|
||||
username: "user1".to_string(),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now - chrono::Duration::hours(25),
|
||||
expires_at: now - chrono::Duration::hours(1),
|
||||
last_accessed: now - chrono::Duration::hours(2),
|
||||
};
|
||||
storage.create_session(&expired).await.unwrap();
|
||||
|
||||
// List all active sessions
|
||||
let all_active = storage.list_active_sessions(None).await.unwrap();
|
||||
assert_eq!(all_active.len(), 5); // 3 + 2, expired not included
|
||||
|
||||
// List active sessions for user1
|
||||
let user1_active = storage.list_active_sessions(Some("user1")).await.unwrap();
|
||||
assert_eq!(user1_active.len(), 3);
|
||||
|
||||
// List active sessions for user2
|
||||
let user2_active = storage.list_active_sessions(Some("user2")).await.unwrap();
|
||||
assert_eq!(user2_active.len(), 2);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_concurrent_session_operations() {
|
||||
let storage = setup_sqlite_storage().await;
|
||||
|
||||
let now = Utc::now();
|
||||
let storage = std::sync::Arc::new(storage);
|
||||
|
||||
// Create sessions concurrently
|
||||
let mut handles = vec![];
|
||||
for i in 0..10 {
|
||||
let storage = storage.clone();
|
||||
let handle = tokio::spawn(async move {
|
||||
let session = SessionData {
|
||||
session_token: format!("concurrent_{}", i),
|
||||
user_id: None,
|
||||
username: format!("user{}", i),
|
||||
role: "viewer".to_string(),
|
||||
created_at: now,
|
||||
expires_at: now + chrono::Duration::hours(24),
|
||||
last_accessed: now,
|
||||
};
|
||||
storage.create_session(&session).await.unwrap();
|
||||
});
|
||||
handles.push(handle);
|
||||
}
|
||||
|
||||
// Wait for all to complete
|
||||
for handle in handles {
|
||||
handle.await.unwrap();
|
||||
}
|
||||
|
||||
// Verify all sessions were created
|
||||
for i in 0..10 {
|
||||
assert!(
|
||||
storage
|
||||
.get_session(&format!("concurrent_{}", i))
|
||||
.await
|
||||
.unwrap()
|
||||
.is_some()
|
||||
);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue