From a46ac6bd33c634bc18f15a5a658a3e1893e3aa23 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 17 Apr 2026 16:27:44 +0800 Subject: [PATCH] test(token-runtime): align auth tests with current http behavior --- .../middleware/token_auth_middleware_test.go | 2 +- .../internal/httpapi/token_api_test.go | 47 ++++++++++++++++++- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/platform-token-runtime/internal/auth/middleware/token_auth_middleware_test.go b/platform-token-runtime/internal/auth/middleware/token_auth_middleware_test.go index d2677473..90e72ceb 100644 --- a/platform-token-runtime/internal/auth/middleware/token_auth_middleware_test.go +++ b/platform-token-runtime/internal/auth/middleware/token_auth_middleware_test.go @@ -59,7 +59,7 @@ func TestQueryKeyRejectMiddleware(t *testing.T) { next := http.HandlerFunc(func(http.ResponseWriter, *http.Request) { nextCalled = true }) - handler := QueryKeyRejectMiddleware(next, auditor, fixedNow) + handler := QueryKeyRejectMiddleware(next, auditor, fixedNow, nil) req := httptest.NewRequest(http.MethodGet, "/api/v1/supply/accounts?api_key=secret", nil) rec := httptest.NewRecorder() diff --git a/platform-token-runtime/internal/httpapi/token_api_test.go b/platform-token-runtime/internal/httpapi/token_api_test.go index 597d4661..8d5643a2 100644 --- a/platform-token-runtime/internal/httpapi/token_api_test.go +++ b/platform-token-runtime/internal/httpapi/token_api_test.go @@ -203,10 +203,13 @@ func TestTokenAPIAuditEventsQuery(t *testing.T) { t.Fatalf("issue failed: code=%d body=%s", issueRec.Code, issueRec.Body.String()) } issueResp := decodeMap(t, issueRec.Body.Bytes()) - tokenID := issueResp["data"].(map[string]any)["token_id"].(string) + issueData := issueResp["data"].(map[string]any) + tokenID := issueData["token_id"].(string) + accessToken := issueData["access_token"].(string) queryReq := httptest.NewRequest(http.MethodGet, "/api/v1/platform/tokens/audit-events?token_id="+tokenID+"&limit=5", nil) queryReq.Header.Set("X-Request-Id", "req-audit-query-2") + queryReq.Header.Set("Authorization", "Bearer "+accessToken) queryRec := httptest.NewRecorder() mux.ServeHTTP(queryRec, queryReq) if queryRec.Code != http.StatusOK { @@ -236,8 +239,20 @@ func TestTokenAPIAuditEventsReady(t *testing.T) { mux := http.NewServeMux() api.Register(mux) + record, err := runtime.Issue(context.Background(), service.IssueTokenInput{ + SubjectID: "2011", + Role: "owner", + Scope: []string{"supply:*"}, + TTL: 5 * time.Minute, + RequestID: "req-audit-ready-issue", + }) + if err != nil { + t.Fatalf("issue token failed: %v", err) + } + req := httptest.NewRequest(http.MethodGet, "/api/v1/platform/tokens/audit-events?limit=3", nil) req.Header.Set("X-Request-Id", "req-audit-ready") + req.Header.Set("Authorization", "Bearer "+record.AccessToken) rec := httptest.NewRecorder() mux.ServeHTTP(rec, req) @@ -254,8 +269,20 @@ func TestTokenAPIAuditEventsWithoutQuerierReturnsEmptyList(t *testing.T) { mux := http.NewServeMux() api.Register(mux) + record, err := runtime.Issue(context.Background(), service.IssueTokenInput{ + SubjectID: "2012", + Role: "owner", + Scope: []string{"supply:*"}, + TTL: 5 * time.Minute, + RequestID: "req-audit-query-3-issue", + }) + if err != nil { + t.Fatalf("issue token failed: %v", err) + } + req := httptest.NewRequest(http.MethodGet, "/api/v1/platform/tokens/audit-events?limit=3", nil) req.Header.Set("X-Request-Id", "req-audit-query-3") + req.Header.Set("Authorization", "Bearer "+record.AccessToken) rec := httptest.NewRecorder() mux.ServeHTTP(rec, req) if rec.Code != http.StatusOK { @@ -269,6 +296,24 @@ func TestTokenAPIAuditEventsWithoutQuerierReturnsEmptyList(t *testing.T) { } } +func TestTokenAPIAuditEventsRequireAuthorization(t *testing.T) { + t.Parallel() + + runtime := service.NewInMemoryTokenRuntime(nil) + api := NewTokenAPI(runtime, service.NewMemoryAuditStore(), time.Now) + mux := http.NewServeMux() + api.Register(mux) + + req := httptest.NewRequest(http.MethodGet, "/api/v1/platform/tokens/audit-events?limit=3", nil) + req.Header.Set("X-Request-Id", "req-audit-auth-required") + rec := httptest.NewRecorder() + mux.ServeHTTP(rec, req) + + if rec.Code != http.StatusUnauthorized { + t.Fatalf("expected unauthorized audit query without bearer token: code=%d body=%s", rec.Code, rec.Body.String()) + } +} + func mustJSON(t *testing.T, payload any) *bytes.Reader { t.Helper() buf, err := json.Marshal(payload)