feat: implement friends API with routes to get friends list and update thought visibility logic

2025-09-06 22:14:47 +02:00
parent bf7c6501c6
commit dc92945962
11 changed files with 241 additions and 11 deletions
--- a/thoughts-backend/tests/api/follow.rs
+++ b/thoughts-backend/tests/api/follow.rs
@@ -122,3 +122,41 @@ async fn test_follow_lists() {
    assert_eq!(v["following"].as_array().unwrap().len(), 1);
    assert_eq!(v["following"][0]["username"], "userB");
 }
+
+#[tokio::test]
+async fn test_get_friends_list() {
+    let app = setup().await;
+
+    let user_a = create_user_with_password(&app.db, "userA", "password123", "a@a.com").await;
+    let user_b = create_user_with_password(&app.db, "userB", "password123", "b@b.com").await;
+    let user_c = create_user_with_password(&app.db, "userC", "password123", "c@c.com").await;
+
+    // --- Create relationships ---
+    // A and B are friends (reciprocal follow)
+    app::persistence::follow::follow_user(&app.db, user_a.id, user_b.id)
+        .await
+        .unwrap();
+    app::persistence::follow::follow_user(&app.db, user_b.id, user_a.id)
+        .await
+        .unwrap();
+
+    // A follows C, but C does not follow A back
+    app::persistence::follow::follow_user(&app.db, user_a.id, user_c.id)
+        .await
+        .unwrap();
+
+    // --- Test as user_a ---
+    let jwt_a = login_user(app.router.clone(), "userA", "password123").await;
+    let response = make_jwt_request(app.router.clone(), "/friends", "GET", None, &jwt_a).await;
+    assert_eq!(response.status(), StatusCode::OK);
+
+    let body = response.into_body().collect().await.unwrap().to_bytes();
+    let v: Value = serde_json::from_slice(&body).unwrap();
+    let friends_list = v["users"].as_array().unwrap();
+
+    assert_eq!(friends_list.len(), 1, "User A should only have one friend");
+    assert_eq!(
+        friends_list[0]["username"], "userB",
+        "User B should be in User A's friend list"
+    );
+}
--- a/thoughts-backend/tests/api/thought.rs
+++ b/thoughts-backend/tests/api/thought.rs
@@ -163,3 +163,89 @@ async fn test_thought_visibility() {
        "Unauthenticated guest should see only public posts"
    );
 }
+
+async fn post_thought_and_get_id(
+    router: &Router,
+    content: &str,
+    visibility: &str,
+    token: &str,
+) -> String {
+    let body = json!({ "content": content, "visibility": visibility }).to_string();
+    let response = make_jwt_request(router.clone(), "/thoughts", "POST", Some(body), token).await;
+    assert_eq!(response.status(), StatusCode::CREATED);
+    let body = response.into_body().collect().await.unwrap().to_bytes();
+    let v: Value = serde_json::from_slice(&body).unwrap();
+    v["id"].as_str().unwrap().to_string()
+}
+
+#[tokio::test]
+async fn test_get_thought_by_id_visibility() {
+    let app = setup().await;
+    let author = create_user_with_password(&app.db, "author", "password123", "a@a.com").await;
+    let friend = create_user_with_password(&app.db, "friend", "password123", "f@f.com").await;
+    let _stranger = create_user_with_password(&app.db, "stranger", "password123", "s@s.com").await;
+
+    // Make author and friend follow each other
+    follow::follow_user(&app.db, author.id, friend.id)
+        .await
+        .unwrap();
+    follow::follow_user(&app.db, friend.id, author.id)
+        .await
+        .unwrap();
+
+    let author_jwt = login_user(app.router.clone(), "author", "password123").await;
+    let friend_jwt = login_user(app.router.clone(), "friend", "password123").await;
+    let stranger_jwt = login_user(app.router.clone(), "stranger", "password123").await;
+
+    // Author posts one of each visibility
+    let public_id = post_thought_and_get_id(&app.router, "public", "Public", &author_jwt).await;
+    let friends_id =
+        post_thought_and_get_id(&app.router, "friends", "FriendsOnly", &author_jwt).await;
+    let private_id = post_thought_and_get_id(&app.router, "private", "Private", &author_jwt).await;
+
+    // --- Test Assertions ---
+
+    // 1. Public thought
+    let public_url = format!("/thoughts/{}", public_id);
+    assert_eq!(
+        make_get_request(app.router.clone(), &public_url, None)
+            .await
+            .status(),
+        StatusCode::OK,
+        "Guest should see public thought"
+    );
+
+    // 2. Friends-only thought
+    let friends_url = format!("/thoughts/{}", friends_id);
+    assert_eq!(
+        make_jwt_request(app.router.clone(), &friends_url, "GET", None, &friend_jwt)
+            .await
+            .status(),
+        StatusCode::OK,
+        "Friend should see friends-only thought"
+    );
+    assert_eq!(
+        make_jwt_request(app.router.clone(), &friends_url, "GET", None, &stranger_jwt)
+            .await
+            .status(),
+        StatusCode::NOT_FOUND,
+        "Stranger should NOT see friends-only thought"
+    );
+
+    // 3. Private thought
+    let private_url = format!("/thoughts/{}", private_id);
+    assert_eq!(
+        make_jwt_request(app.router.clone(), &private_url, "GET", None, &author_jwt)
+            .await
+            .status(),
+        StatusCode::OK,
+        "Author should see their private thought"
+    );
+    assert_eq!(
+        make_jwt_request(app.router.clone(), &private_url, "GET", None, &friend_jwt)
+            .await
+            .status(),
+        StatusCode::NOT_FOUND,
+        "Friend should NOT see private thought"
+    );
+}