package middleware_test import ( "net/http" "net/http/httptest" "testing" "time" "github.com/gin-gonic/gin" "github.com/google/uuid" "github.com/stretchr/testify/assert" "erp-mvp/core-service/internal/api/middleware" "erp-mvp/core-service/internal/auth" ) // TestNewAuthMiddleware тестирует создание AuthMiddleware func TestNewAuthMiddleware(t *testing.T) { // Arrange jwtService := auth.NewJWTService("test_secret", 24*time.Hour) // Act authMiddleware := middleware.NewAuthMiddleware(jwtService) // Assert assert.NotNil(t, authMiddleware) } // TestAuthMiddleware_ValidToken тестирует middleware с валидным токеном func TestAuthMiddleware_ValidToken(t *testing.T) { // Arrange gin.SetMode(gin.TestMode) jwtService := auth.NewJWTService("test_secret", 24*time.Hour) authMiddleware := middleware.NewAuthMiddleware(jwtService) // Создаем валидный токен userID := uuid.New() orgID := uuid.New() token, err := jwtService.GenerateToken(userID, orgID, "test@example.com", "admin") assert.NoError(t, err) router := gin.New() router.Use(authMiddleware.AuthRequired()) router.GET("/test", func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"message": "success"}) }) // Act w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/test", nil) req.Header.Set("Authorization", "Bearer "+token) router.ServeHTTP(w, req) // Assert assert.Equal(t, http.StatusOK, w.Code) } // TestAuthMiddleware_NoToken тестирует middleware без токена func TestAuthMiddleware_NoToken(t *testing.T) { // Arrange gin.SetMode(gin.TestMode) jwtService := auth.NewJWTService("test_secret", 24*time.Hour) authMiddleware := middleware.NewAuthMiddleware(jwtService) router := gin.New() router.Use(authMiddleware.AuthRequired()) router.GET("/test", func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"message": "success"}) }) // Act w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/test", nil) router.ServeHTTP(w, req) // Assert assert.Equal(t, http.StatusUnauthorized, w.Code) } // TestAuthMiddleware_InvalidToken тестирует middleware с невалидным токеном func TestAuthMiddleware_InvalidToken(t *testing.T) { // Arrange gin.SetMode(gin.TestMode) jwtService := auth.NewJWTService("test_secret", 24*time.Hour) authMiddleware := middleware.NewAuthMiddleware(jwtService) router := gin.New() router.Use(authMiddleware.AuthRequired()) router.GET("/test", func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"message": "success"}) }) // Act w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/test", nil) req.Header.Set("Authorization", "Bearer invalid_token") router.ServeHTTP(w, req) // Assert assert.Equal(t, http.StatusUnauthorized, w.Code) } // TestAuthMiddleware_InvalidHeader тестирует middleware с невалидным заголовком func TestAuthMiddleware_InvalidHeader(t *testing.T) { // Arrange gin.SetMode(gin.TestMode) jwtService := auth.NewJWTService("test_secret", 24*time.Hour) authMiddleware := middleware.NewAuthMiddleware(jwtService) router := gin.New() router.Use(authMiddleware.AuthRequired()) router.GET("/test", func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{"message": "success"}) }) // Act w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/test", nil) req.Header.Set("Authorization", "InvalidFormat token") router.ServeHTTP(w, req) // Assert assert.Equal(t, http.StatusUnauthorized, w.Code) } // TestGetClaims тестирует извлечение claims из контекста func TestGetClaims(t *testing.T) { // Arrange gin.SetMode(gin.TestMode) userID := uuid.New() orgID := uuid.New() email := "test@example.com" role := "admin" router := gin.New() router.GET("/test", func(c *gin.Context) { // Устанавливаем claims в контекст c.Set("user_id", userID) c.Set("organization_id", orgID) c.Set("email", email) c.Set("role", role) // Извлекаем claims claims := middleware.GetClaims(c) assert.NotNil(t, claims) assert.Equal(t, userID, claims.UserID) assert.Equal(t, orgID, claims.OrganizationID) assert.Equal(t, email, claims.Email) assert.Equal(t, role, claims.Role) c.JSON(http.StatusOK, gin.H{"message": "success"}) }) // Act w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/test", nil) router.ServeHTTP(w, req) // Assert assert.Equal(t, http.StatusOK, w.Code) }