Hugging Face's logo

Spaces:
abhisheksan
/
multiutility-server
Running

App Files Community
multiutility-server
File size: 3,195 Bytes 
9fe5a30
 
 
 
 
 
781f7b0
9fe5a30
 
 
 
 
781f7b0
9fe5a30
 
 
781f7b0
9fe5a30
 
 
 
781f7b0
 
 
9fe5a30
781f7b0
9fe5a30
 
 
 
781f7b0
9fe5a30
 
 
 
781f7b0
9fe5a30
 
 
 
781f7b0
9fe5a30
 
 
 
781f7b0
9fe5a30
 
 
 
 
 
 
 
 
 
781f7b0
9fe5a30
 
 
 
 
 
 
 
 
 
 
781f7b0
9fe5a30
 
 
 
781f7b0
9fe5a30
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
"""Tests for security and authentication."""

from unittest import mock
import pytest
from fastapi.testclient import TestClient

from app.core.security import verify_api_key
from app.core.exceptions import AuthenticationError


class TestAPIKeySecurity:
    """Test API key security functions."""

    def test_verify_api_key_valid(self, api_key):
        """Test verifying a valid API key."""
        assert verify_api_key(api_key) is True

    def test_verify_api_key_invalid(self, invalid_api_key):
        """Test verifying an invalid API key."""
        with pytest.raises(AuthenticationError):
            verify_api_key(invalid_api_key)

    def test_verify_api_key_empty(self):
        """Test verifying empty API key."""
        with pytest.raises(AuthenticationError):
            verify_api_key("")


class TestAPIKeyMiddleware:
    """Test API key middleware functionality."""

    def test_middleware_allows_health_endpoint(self, client):
        """Test that middleware allows access to health endpoint without API key."""
        response = client.get("/health")
        assert response.status_code == 200

    def test_middleware_allows_docs_endpoint(self, client):
        """Test that middleware allows access to docs endpoint without API key."""
        response = client.get("/docs")
        assert response.status_code == 200

    def test_middleware_allows_root_endpoint(self, client):
        """Test that middleware allows access to root endpoint without API key."""
        response = client.get("/")
        assert response.status_code == 200

    def test_middleware_blocks_api_without_key(self, client):
        """Test that middleware blocks API access without API key."""
        response = client.post(
            "/api/v1/subtitles/extract",
            json={"url": "https://www.youtube.com/watch?v=dQw4w9WgXcQ", "lang": "en"}
        )
        assert response.status_code == 401
        data = response.json()
        assert data["status"] == "error"
        assert "Missing API key" in data["message"]

    def test_middleware_blocks_api_with_invalid_key(self, client, invalid_api_key):
        """Test that middleware blocks API access with invalid API key."""
        response = client.post(
            "/api/v1/subtitles/extract",
            json={"url": "https://www.youtube.com/watch?v=dQw4w9WgXcQ", "lang": "en"},
            headers={"x-api-key": invalid_api_key}
        )
        assert response.status_code == 401
        data = response.json()
        assert data["status"] == "error"
        assert "Invalid API key" in data["message"]

    def test_middleware_allows_api_with_valid_key(self, client, api_key):
        """Test that middleware allows API access with valid API key."""
        with mock.patch('app.apis.subtitles.service.subtitle_service.extract_subtitles') as mock_extract:
            mock_extract.return_value = ("dQw4w9WgXcQ", ["Test subtitle"])

            response = client.post(
                "/api/v1/subtitles/extract",
                json={"url": "https://www.youtube.com/watch?v=dQw4w9WgXcQ", "lang": "en"},
                headers={"x-api-key": api_key}
            )
            assert response.status_code == 200