test(18-01): add failing tests for web server, auth middleware, overview handler

- Test overview returns 200 with KeyHunter in body - Test static asset serving for htmx.min.js - Test auth returns 401 when configured but no credentials - Test basic auth and bearer token pass through - Test overview shows stat cards
2026-04-06 18:02:04 +03:00
parent dd2c8c5586
commit 3541c82448
1 changed files with 107 additions and 0 deletions
--- a/pkg/web/server_test.go
+++ b/pkg/web/server_test.go
@@ -0,0 +1,107 @@
+package web
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestOverview_Returns200WithKeyHunter(t *testing.T) {
+	srv, err := NewServer(Config{})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+	assert.Contains(t, rec.Body.String(), "KeyHunter")
+}
+
+func TestStaticAsset_HtmxJS(t *testing.T) {
+	srv, err := NewServer(Config{})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/static/htmx.min.js", nil)
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+	assert.Contains(t, rec.Body.String(), "htmx")
+}
+
+func TestAuth_Returns401_WhenConfiguredButNoCreds(t *testing.T) {
+	srv, err := NewServer(Config{
+		AuthUser: "admin",
+		AuthPass: "secret",
+	})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusUnauthorized, rec.Code)
+	assert.Contains(t, rec.Header().Get("WWW-Authenticate"), "Basic")
+}
+
+func TestAuth_BasicAuth_Returns200(t *testing.T) {
+	srv, err := NewServer(Config{
+		AuthUser: "admin",
+		AuthPass: "secret",
+	})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.SetBasicAuth("admin", "secret")
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+	assert.Contains(t, rec.Body.String(), "KeyHunter")
+}
+
+func TestAuth_BearerToken_Returns200(t *testing.T) {
+	srv, err := NewServer(Config{
+		AuthToken: "my-secret-token",
+	})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Authorization", "Bearer my-secret-token")
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+	assert.Contains(t, rec.Body.String(), "KeyHunter")
+}
+
+func TestAuth_NoAuthConfigured_PassesThrough(t *testing.T) {
+	srv, err := NewServer(Config{})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+}
+
+func TestOverview_ShowsStats(t *testing.T) {
+	srv, err := NewServer(Config{})
+	require.NoError(t, err)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	srv.Router().ServeHTTP(rec, req)
+
+	body := rec.Body.String()
+	// Should display stat values (zeroes when no DB)
+	assert.True(t, strings.Contains(body, "Total Keys Found"), "should show Total Keys stat card")
+	assert.True(t, strings.Contains(body, "Providers Loaded"), "should show Providers stat card")
+	assert.True(t, strings.Contains(body, "Recon Sources"), "should show Recon Sources stat card")
+}