NotAShelf
ee5df288bc
Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ia09d2d3ad7f6613e21d20321e0877bc16a6a6964
274 lines
7.4 KiB
Rust
274 lines
7.4 KiB
Rust
mod common;
|
|
use std::sync::Arc;
|
|
|
|
use axum::{body::Body, http::StatusCode};
|
|
use common::{
|
|
default_config,
|
|
delete_authed,
|
|
get,
|
|
get_authed,
|
|
patch_json_authed,
|
|
post_json,
|
|
post_json_authed,
|
|
put_json_authed,
|
|
response_body,
|
|
setup_app,
|
|
setup_app_with_auth,
|
|
test_addr,
|
|
};
|
|
use http_body_util::BodyExt;
|
|
use pinakes_core::{config::PluginsConfig, plugin::PluginManager};
|
|
use tower::ServiceExt;
|
|
|
|
async fn setup_app_with_plugins()
|
|
-> (axum::Router, Arc<PluginManager>, tempfile::TempDir) {
|
|
use pinakes_core::{
|
|
cache::CacheLayer,
|
|
config::RateLimitConfig,
|
|
jobs::JobQueue,
|
|
storage::{StorageBackend, sqlite::SqliteBackend},
|
|
};
|
|
use tokio::sync::RwLock;
|
|
|
|
let backend = SqliteBackend::in_memory().expect("in-memory SQLite");
|
|
backend.run_migrations().await.expect("migrations");
|
|
let storage = Arc::new(backend) as pinakes_core::storage::DynStorageBackend;
|
|
|
|
let temp_dir = tempfile::TempDir::new().expect("create temp dir");
|
|
let data_dir = temp_dir.path().join("data");
|
|
let cache_dir = temp_dir.path().join("cache");
|
|
std::fs::create_dir_all(&data_dir).expect("create data dir");
|
|
std::fs::create_dir_all(&cache_dir).expect("create cache dir");
|
|
|
|
let plugin_config = PluginsConfig {
|
|
enabled: true,
|
|
data_dir: data_dir.clone(),
|
|
cache_dir: cache_dir.clone(),
|
|
plugin_dirs: vec![],
|
|
enable_hot_reload: false,
|
|
allow_unsigned: true,
|
|
max_concurrent_ops: 2,
|
|
plugin_timeout_secs: 10,
|
|
timeouts:
|
|
pinakes_core::config::PluginTimeoutConfig::default(),
|
|
max_consecutive_failures: 5,
|
|
trusted_keys: vec![],
|
|
};
|
|
|
|
let plugin_manager =
|
|
PluginManager::new(data_dir, cache_dir, plugin_config.clone().into())
|
|
.expect("create plugin manager");
|
|
let plugin_manager = Arc::new(plugin_manager);
|
|
|
|
let mut config = default_config();
|
|
config.plugins = plugin_config;
|
|
|
|
let job_queue =
|
|
JobQueue::new(1, 0, |_id, _kind, _cancel, _jobs| tokio::spawn(async {}));
|
|
let config = Arc::new(RwLock::new(config));
|
|
let scheduler = pinakes_core::scheduler::TaskScheduler::new(
|
|
job_queue.clone(),
|
|
tokio_util::sync::CancellationToken::new(),
|
|
config.clone(),
|
|
None,
|
|
);
|
|
|
|
let state = pinakes_server::state::AppState {
|
|
storage,
|
|
config,
|
|
config_path: None,
|
|
scan_progress: pinakes_core::scan::ScanProgress::new(),
|
|
job_queue,
|
|
cache: Arc::new(CacheLayer::new(60)),
|
|
scheduler: Arc::new(scheduler),
|
|
plugin_manager: Some(plugin_manager.clone()),
|
|
plugin_pipeline: None,
|
|
transcode_service: None,
|
|
managed_storage: None,
|
|
chunked_upload_manager: None,
|
|
session_semaphore: Arc::new(tokio::sync::Semaphore::new(64)),
|
|
webhook_dispatcher: None,
|
|
};
|
|
|
|
let router =
|
|
pinakes_server::app::create_router(state, &RateLimitConfig::default());
|
|
(router, plugin_manager, temp_dir)
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_list_plugins_empty() {
|
|
let (app, _pm, _tmp) = setup_app_with_plugins().await;
|
|
|
|
let response = app.oneshot(get("/api/v1/plugins")).await.unwrap();
|
|
|
|
assert_eq!(response.status(), StatusCode::OK);
|
|
let body = response.into_body().collect().await.unwrap().to_bytes();
|
|
let plugins: Vec<serde_json::Value> = serde_json::from_slice(&body).unwrap();
|
|
assert_eq!(plugins.len(), 0, "should start with no plugins loaded");
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_plugin_manager_exists() {
|
|
let (app, _pm, _tmp) = setup_app_with_plugins().await;
|
|
|
|
let plugins = _pm.list_plugins().await;
|
|
assert_eq!(plugins.len(), 0);
|
|
|
|
let response = app.oneshot(get("/api/v1/plugins")).await.unwrap();
|
|
assert_eq!(response.status(), StatusCode::OK);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_plugin_not_found() {
|
|
let (app, _pm, _tmp) = setup_app_with_plugins().await;
|
|
|
|
let response = app
|
|
.oneshot(get("/api/v1/plugins/nonexistent"))
|
|
.await
|
|
.unwrap();
|
|
|
|
assert_eq!(response.status(), StatusCode::NOT_FOUND);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_plugin_enable_disable() {
|
|
let (app, pm, _tmp) = setup_app_with_plugins().await;
|
|
|
|
assert!(pm.list_plugins().await.is_empty());
|
|
|
|
let mut req = axum::http::Request::builder()
|
|
.method("POST")
|
|
.uri("/api/v1/plugins/test-plugin/enable")
|
|
.body(Body::empty())
|
|
.unwrap();
|
|
req.extensions_mut().insert(test_addr());
|
|
|
|
let response = app.clone().oneshot(req).await.unwrap();
|
|
|
|
assert_eq!(response.status(), StatusCode::NOT_FOUND);
|
|
|
|
let mut req = axum::http::Request::builder()
|
|
.method("POST")
|
|
.uri("/api/v1/plugins/test-plugin/disable")
|
|
.body(Body::empty())
|
|
.unwrap();
|
|
req.extensions_mut().insert(test_addr());
|
|
|
|
let response = app.oneshot(req).await.unwrap();
|
|
|
|
assert_eq!(response.status(), StatusCode::NOT_FOUND);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_plugin_uninstall_not_found() {
|
|
let (app, _pm, _tmp) = setup_app_with_plugins().await;
|
|
|
|
let mut req = axum::http::Request::builder()
|
|
.method("DELETE")
|
|
.uri("/api/v1/plugins/nonexistent")
|
|
.body(Body::empty())
|
|
.unwrap();
|
|
req.extensions_mut().insert(test_addr());
|
|
|
|
let response = app.oneshot(req).await.unwrap();
|
|
|
|
assert!(
|
|
response.status() == StatusCode::BAD_REQUEST
|
|
|| response.status() == StatusCode::NOT_FOUND
|
|
);
|
|
}
|
|
|
|
// RBAC tests using common helpers with auth setup
|
|
|
|
#[tokio::test]
|
|
async fn media_list_unauthenticated() {
|
|
let app = setup_app().await;
|
|
let resp = app.oneshot(get("/api/v1/media")).await.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
let body = response_body(resp).await;
|
|
assert!(body.is_array());
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn media_list_authenticated() {
|
|
let (app, _, _, viewer) = setup_app_with_auth().await;
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(get_authed("/api/v1/media", &viewer))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn import_unauthenticated_rejected() {
|
|
let (app, ..) = setup_app_with_auth().await;
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(post_json(
|
|
"/api/v1/media/import",
|
|
r#"{"path":"/tmp/test.txt"}"#,
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn import_viewer_forbidden() {
|
|
let (app, _, _, viewer) = setup_app_with_auth().await;
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(post_json_authed(
|
|
"/api/v1/media/import",
|
|
r#"{"path":"/tmp/test.txt"}"#,
|
|
&viewer,
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::FORBIDDEN);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn update_media_viewer_forbidden() {
|
|
let (app, _, _, viewer) = setup_app_with_auth().await;
|
|
let fake_id = uuid::Uuid::now_v7();
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(patch_json_authed(
|
|
&format!("/api/v1/media/{fake_id}"),
|
|
r#"{"title":"new"}"#,
|
|
&viewer,
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::FORBIDDEN);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn delete_media_viewer_forbidden() {
|
|
let (app, _, _, viewer) = setup_app_with_auth().await;
|
|
let fake_id = uuid::Uuid::now_v7();
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(delete_authed(&format!("/api/v1/media/{fake_id}"), &viewer))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::FORBIDDEN);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn update_sync_device_viewer_forbidden() {
|
|
let (app, _, _, viewer) = setup_app_with_auth().await;
|
|
let fake_id = uuid::Uuid::now_v7();
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(put_json_authed(
|
|
&format!("/api/v1/sync/devices/{fake_id}"),
|
|
r#"{"name":"renamed"}"#,
|
|
&viewer,
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::FORBIDDEN);
|
|
}
|