feat(api_key): implement API key management with creation, retrieval, and deletion endpoints
This commit is contained in:
79
thoughts-backend/tests/api/api_key.rs
Normal file
79
thoughts-backend/tests/api/api_key.rs
Normal file
@@ -0,0 +1,79 @@
|
||||
use crate::api::main::{create_user_with_password, login_user, setup};
|
||||
use axum::http::{header, HeaderName, StatusCode};
|
||||
use http_body_util::BodyExt;
|
||||
use serde_json::{json, Value};
|
||||
use utils::testing::{make_jwt_request, make_request_with_headers};
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_api_key_flow() {
|
||||
let app = setup().await;
|
||||
let _ = create_user_with_password(&app.db, "apikey_user", "password123").await;
|
||||
let jwt = login_user(app.router.clone(), "apikey_user", "password123").await;
|
||||
|
||||
// 1. Create a new API key using JWT auth
|
||||
let create_body = json!({ "name": "My Test Key" }).to_string();
|
||||
let response = make_jwt_request(
|
||||
app.router.clone(),
|
||||
"/users/me/api-keys",
|
||||
"POST",
|
||||
Some(create_body),
|
||||
&jwt,
|
||||
)
|
||||
.await;
|
||||
assert_eq!(response.status(), StatusCode::CREATED);
|
||||
|
||||
let body = response.into_body().collect().await.unwrap().to_bytes();
|
||||
let v: Value = serde_json::from_slice(&body).unwrap();
|
||||
|
||||
let plaintext_key = v["plaintext_key"]
|
||||
.as_str()
|
||||
.expect("Plaintext key not found")
|
||||
.to_string();
|
||||
let key_id = v["id"].as_str().expect("Key ID not found").to_string();
|
||||
assert!(plaintext_key.starts_with("th_"));
|
||||
|
||||
// 2. Use the new API key to post a thought
|
||||
|
||||
let thought_body = json!({ "content": "Posting with an API key!" }).to_string();
|
||||
let key = plaintext_key.clone();
|
||||
let api_key_header = format!("ApiKey {}", key);
|
||||
let content_type = "application/json";
|
||||
let headers: Vec<(HeaderName, &str)> = vec![
|
||||
(header::AUTHORIZATION, &api_key_header),
|
||||
(header::CONTENT_TYPE, content_type),
|
||||
];
|
||||
|
||||
let response = make_request_with_headers(
|
||||
app.router.clone(),
|
||||
"/thoughts",
|
||||
"POST",
|
||||
Some(thought_body),
|
||||
headers,
|
||||
)
|
||||
.await;
|
||||
|
||||
assert_eq!(response.status(), StatusCode::CREATED);
|
||||
|
||||
// 3. Delete the API key using JWT auth
|
||||
let response = make_jwt_request(
|
||||
app.router.clone(),
|
||||
&format!("/users/me/api-keys/{}", key_id),
|
||||
"DELETE",
|
||||
None,
|
||||
&jwt,
|
||||
)
|
||||
.await;
|
||||
assert_eq!(response.status(), StatusCode::NO_CONTENT);
|
||||
|
||||
// 4. Try to use the deleted key again, expecting failure
|
||||
let body = json!({ "content": "This should fail" }).to_string();
|
||||
let headers: Vec<(HeaderName, &str)> = vec![
|
||||
(header::AUTHORIZATION, &api_key_header),
|
||||
(header::CONTENT_TYPE, content_type),
|
||||
];
|
||||
|
||||
let response =
|
||||
make_request_with_headers(app.router.clone(), "/thoughts", "POST", Some(body), headers)
|
||||
.await;
|
||||
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
mod activitypub;
|
||||
mod api_key;
|
||||
mod auth;
|
||||
mod feed;
|
||||
mod follow;
|
||||
|
||||
@@ -25,7 +25,6 @@ async fn test_hashtag_flow() {
|
||||
|
||||
// 3. Fetch thoughts by tag "rustlang"
|
||||
let response = make_get_request(app.router.clone(), "/tags/rustlang", Some(user.id)).await;
|
||||
println!("Response: {:?}", response);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
let body_bytes = response.into_body().collect().await.unwrap().to_bytes();
|
||||
let v: Value = serde_json::from_slice(&body_bytes).unwrap();
|
||||
|
||||
@@ -183,3 +183,56 @@ async fn test_update_me_top_friends() {
|
||||
assert_eq!(top_friends_list_2[0].friend_id, friend2.id);
|
||||
assert_eq!(top_friends_list_2[0].position, 1);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_update_me_css_and_images() {
|
||||
let app = setup().await;
|
||||
|
||||
// 1. Create and log in as a user
|
||||
let _ = create_user_with_password(&app.db, "css_user", "password123").await;
|
||||
let token = login_user(app.router.clone(), "css_user", "password123").await;
|
||||
|
||||
// 2. Attempt to update with an invalid avatar URL
|
||||
let invalid_body = json!({
|
||||
"avatar_url": "not-a-valid-url"
|
||||
})
|
||||
.to_string();
|
||||
|
||||
let response = make_jwt_request(
|
||||
app.router.clone(),
|
||||
"/users/me",
|
||||
"PUT",
|
||||
Some(invalid_body),
|
||||
&token,
|
||||
)
|
||||
.await;
|
||||
assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
|
||||
|
||||
// 3. Update profile with valid URLs and custom CSS
|
||||
let valid_body = json!({
|
||||
"avatar_url": "https://example.com/new-avatar.png",
|
||||
"header_url": "https://example.com/new-header.jpg",
|
||||
"custom_css": "body { color: blue; }"
|
||||
})
|
||||
.to_string();
|
||||
|
||||
let response = make_jwt_request(
|
||||
app.router.clone(),
|
||||
"/users/me",
|
||||
"PUT",
|
||||
Some(valid_body),
|
||||
&token,
|
||||
)
|
||||
.await;
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
// 4. Verify the changes were persisted by fetching the profile again
|
||||
let response = make_jwt_request(app.router.clone(), "/users/me", "GET", None, &token).await;
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
let body = response.into_body().collect().await.unwrap().to_bytes();
|
||||
let v: Value = serde_json::from_slice(&body).unwrap();
|
||||
|
||||
assert_eq!(v["avatar_url"], "https://example.com/new-avatar.png");
|
||||
assert_eq!(v["header_url"], "https://example.com/new-header.jpg");
|
||||
assert_eq!(v["custom_css"], "body { color: blue; }");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user