| package admin |
|
|
| import ( |
| "bytes" |
| "encoding/json" |
| "net/http" |
| "net/http/httptest" |
| "testing" |
|
|
| authn "ds2api/internal/auth" |
| ) |
|
|
| func TestGetSettingsDefaultPasswordWarning(t *testing.T) { |
| t.Setenv("DS2API_ADMIN_KEY", "") |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| req := httptest.NewRequest(http.MethodGet, "/admin/settings", nil) |
| rec := httptest.NewRecorder() |
| h.getSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| var body map[string]any |
| _ = json.Unmarshal(rec.Body.Bytes(), &body) |
| admin, _ := body["admin"].(map[string]any) |
| warn, _ := admin["default_password_warning"].(bool) |
| if !warn { |
| t.Fatalf("expected default password warning true, body=%v", body) |
| } |
| } |
|
|
| func TestGetSettingsIncludesTokenRefreshInterval(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "runtime":{"token_refresh_interval_hours":9} |
| }`) |
| req := httptest.NewRequest(http.MethodGet, "/admin/settings", nil) |
| rec := httptest.NewRecorder() |
| h.getSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| var body map[string]any |
| _ = json.Unmarshal(rec.Body.Bytes(), &body) |
| runtime, _ := body["runtime"].(map[string]any) |
| if got := intFrom(runtime["token_refresh_interval_hours"]); got != 9 { |
| t.Fatalf("expected token_refresh_interval_hours=9, got %d body=%v", got, body) |
| } |
| } |
|
|
| func TestGetSettingsIncludesCurrentInputFileDefaults(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| req := httptest.NewRequest(http.MethodGet, "/admin/settings", nil) |
| rec := httptest.NewRecorder() |
| h.getSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| var body map[string]any |
| _ = json.Unmarshal(rec.Body.Bytes(), &body) |
| currentInputFile, _ := body["current_input_file"].(map[string]any) |
| if got := boolFrom(currentInputFile["enabled"]); !got { |
| t.Fatalf("expected current_input_file.enabled=true, body=%v", body) |
| } |
| if got := intFrom(currentInputFile["min_chars"]); got != 0 { |
| t.Fatalf("expected current_input_file.min_chars=0, got %d body=%v", got, body) |
| } |
| thinkingInjection, _ := body["thinking_injection"].(map[string]any) |
| if got := boolFrom(thinkingInjection["enabled"]); !got { |
| t.Fatalf("expected thinking_injection.enabled=true, body=%v", body) |
| } |
| if got, _ := thinkingInjection["prompt"].(string); got != "" { |
| t.Fatalf("expected empty custom thinking prompt, got %q body=%v", got, body) |
| } |
| if got, _ := thinkingInjection["default_prompt"].(string); got == "" { |
| t.Fatalf("expected default thinking prompt, body=%v", body) |
| } |
| } |
|
|
| func TestUpdateSettingsValidation(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "runtime": map[string]any{ |
| "account_max_inflight": 0, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusBadRequest { |
| t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| } |
|
|
| func TestUpdateSettingsValidationRejectsTokenRefreshInterval(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "runtime": map[string]any{ |
| "token_refresh_interval_hours": 0, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusBadRequest { |
| t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if !bytes.Contains(rec.Body.Bytes(), []byte("runtime.token_refresh_interval_hours")) { |
| t.Fatalf("expected token refresh validation detail, got %s", rec.Body.String()) |
| } |
| } |
|
|
| func TestUpdateSettingsAllowsEmptyEmbeddingsProvider(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "responses": map[string]any{ |
| "store_ttl_seconds": 600, |
| }, |
| "embeddings": map[string]any{ |
| "provider": "", |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if got := h.Store.Snapshot().Responses.StoreTTLSeconds; got != 600 { |
| t.Fatalf("store_ttl_seconds=%d want=600", got) |
| } |
| } |
|
|
| func TestUpdateSettingsValidationWithMergedRuntimeSnapshot(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "runtime":{ |
| "account_max_inflight":8, |
| "global_max_inflight":8 |
| } |
| }`) |
| payload := map[string]any{ |
| "runtime": map[string]any{ |
| "account_max_inflight": 16, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusBadRequest { |
| t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if !bytes.Contains(rec.Body.Bytes(), []byte("runtime.global_max_inflight")) { |
| t.Fatalf("expected merged runtime validation detail, got %s", rec.Body.String()) |
| } |
| } |
|
|
| func TestUpdateSettingsWithoutRuntimeSkipsMergedRuntimeValidation(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "runtime":{ |
| "account_max_inflight":8, |
| "global_max_inflight":4 |
| } |
| }`) |
| payload := map[string]any{ |
| "responses": map[string]any{ |
| "store_ttl_seconds": 600, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if got := h.Store.Snapshot().Responses.StoreTTLSeconds; got != 600 { |
| t.Fatalf("store_ttl_seconds=%d want=600", got) |
| } |
| } |
|
|
| func TestUpdateSettingsCurrentInputFile(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"history_split":{"enabled":true,"trigger_after_turns":2}}`) |
| payload := map[string]any{ |
| "current_input_file": map[string]any{ |
| "enabled": true, |
| "min_chars": 12345, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.CurrentInputFile.Enabled == nil || !*snap.CurrentInputFile.Enabled { |
| t.Fatalf("expected current_input_file.enabled=true, got %#v", snap.CurrentInputFile) |
| } |
| if snap.CurrentInputFile.MinChars != 12345 { |
| t.Fatalf("expected current_input_file.min_chars=12345, got %#v", snap.CurrentInputFile) |
| } |
| if !h.Store.CurrentInputFileEnabled() { |
| t.Fatal("expected current input file accessor to stay enabled") |
| } |
| } |
|
|
| func TestUpdateSettingsCurrentInputFilePartialUpdatePreservesEnabled(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"current_input_file":{"enabled":false,"min_chars":777}}`) |
| payload := map[string]any{ |
| "current_input_file": map[string]any{ |
| "min_chars": 5000, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.CurrentInputFile.Enabled == nil || *snap.CurrentInputFile.Enabled { |
| t.Fatalf("expected current_input_file.enabled to remain false, got %#v", snap.CurrentInputFile.Enabled) |
| } |
| if snap.CurrentInputFile.MinChars != 5000 { |
| t.Fatalf("expected current_input_file.min_chars=5000, got %#v", snap.CurrentInputFile) |
| } |
| } |
|
|
| func TestUpdateSettingsCurrentInputFilePartialUpdatePreservesMinChars(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"current_input_file":{"enabled":false,"min_chars":777}}`) |
| payload := map[string]any{ |
| "current_input_file": map[string]any{ |
| "enabled": true, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.CurrentInputFile.Enabled == nil || !*snap.CurrentInputFile.Enabled { |
| t.Fatalf("expected current_input_file.enabled=true, got %#v", snap.CurrentInputFile.Enabled) |
| } |
| if snap.CurrentInputFile.MinChars != 777 { |
| t.Fatalf("expected current_input_file.min_chars to remain 777, got %#v", snap.CurrentInputFile) |
| } |
| } |
|
|
| func TestUpdateSettingsIgnoresHistorySplitPayload(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "history_split": map[string]any{ |
| "enabled": true, |
| "trigger_after_turns": 3, |
| }, |
| "current_input_file": map[string]any{ |
| "enabled": true, |
| "min_chars": 0, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.CurrentInputFile.Enabled == nil || !*snap.CurrentInputFile.Enabled { |
| t.Fatalf("expected current_input_file to remain enabled, got %#v", snap.CurrentInputFile.Enabled) |
| } |
| } |
|
|
| func TestUpdateSettingsThinkingInjection(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "thinking_injection": map[string]any{ |
| "enabled": false, |
| "prompt": " custom thinking prompt ", |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.ThinkingInjection.Enabled == nil || *snap.ThinkingInjection.Enabled { |
| t.Fatalf("expected thinking_injection.enabled=false, got %#v", snap.ThinkingInjection.Enabled) |
| } |
| if h.Store.ThinkingInjectionEnabled() { |
| t.Fatal("expected thinking injection accessor to reflect disabled config") |
| } |
| if got := h.Store.ThinkingInjectionPrompt(); got != "custom thinking prompt" { |
| t.Fatalf("expected custom thinking prompt, got %q", got) |
| } |
| } |
|
|
| func TestUpdateSettingsThinkingInjectionPartialPromptPreservesEnabled(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"thinking_injection":{"enabled":false,"prompt":"original prompt"}}`) |
| payload := map[string]any{ |
| "thinking_injection": map[string]any{ |
| "prompt": " updated prompt ", |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.ThinkingInjection.Enabled == nil || *snap.ThinkingInjection.Enabled { |
| t.Fatalf("expected thinking_injection.enabled to remain false, got %#v", snap.ThinkingInjection.Enabled) |
| } |
| if got := h.Store.ThinkingInjectionPrompt(); got != "updated prompt" { |
| t.Fatalf("expected updated prompt, got %q", got) |
| } |
| } |
|
|
| func TestUpdateSettingsThinkingInjectionPartialEnabledPreservesPrompt(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"thinking_injection":{"enabled":false,"prompt":"original prompt"}}`) |
| payload := map[string]any{ |
| "thinking_injection": map[string]any{ |
| "enabled": true, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("expected 200, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.ThinkingInjection.Enabled == nil || !*snap.ThinkingInjection.Enabled { |
| t.Fatalf("expected thinking_injection.enabled=true, got %#v", snap.ThinkingInjection.Enabled) |
| } |
| if got := h.Store.ThinkingInjectionPrompt(); got != "original prompt" { |
| t.Fatalf("expected original prompt to be preserved, got %q", got) |
| } |
| } |
|
|
| func TestUpdateSettingsAutoDeleteMode(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"],"auto_delete":{"sessions":true}}`) |
|
|
| payload := map[string]any{ |
| "auto_delete": map[string]any{ |
| "mode": "single", |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if got := snap.AutoDelete.Mode; got != "single" { |
| t.Fatalf("auto_delete.mode=%q want=single", got) |
| } |
| if got := h.Store.AutoDeleteMode(); got != "single" { |
| t.Fatalf("AutoDeleteMode()=%q want=single", got) |
| } |
| } |
|
|
| func TestUpdateSettingsHotReloadRuntime(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "accounts":[{"email":"a@test.com","token":"t1"},{"email":"b@test.com","token":"t2"}] |
| }`) |
|
|
| payload := map[string]any{ |
| "runtime": map[string]any{ |
| "account_max_inflight": 3, |
| "account_max_queue": 20, |
| "global_max_inflight": 5, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| status := h.Pool.Status() |
| if got := intFrom(status["max_inflight_per_account"]); got != 3 { |
| t.Fatalf("max_inflight_per_account=%d want=3", got) |
| } |
| if got := intFrom(status["max_queue_size"]); got != 20 { |
| t.Fatalf("max_queue_size=%d want=20", got) |
| } |
| if got := intFrom(status["global_max_inflight"]); got != 5 { |
| t.Fatalf("global_max_inflight=%d want=5", got) |
| } |
| } |
|
|
| func TestUpdateSettingsHotReloadTokenRefreshInterval(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "runtime":{"token_refresh_interval_hours":6} |
| }`) |
|
|
| payload := map[string]any{ |
| "runtime": map[string]any{ |
| "token_refresh_interval_hours": 12, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPut, "/admin/settings", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettings(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| if got := h.Store.RuntimeTokenRefreshIntervalHours(); got != 12 { |
| t.Fatalf("token_refresh_interval_hours=%d want=12", got) |
| } |
| } |
|
|
| func TestUpdateConfigPreservesStructuredAPIKeysWhenBothFieldsPresent(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["legacy"], |
| "api_keys":[{"key":"legacy","name":"primary","remark":"prod"}], |
| "accounts":[] |
| }`) |
|
|
| payload := map[string]any{ |
| "keys": []any{"legacy", "new-key"}, |
| "api_keys": []any{ |
| map[string]any{"key": "legacy", "name": "primary-updated", "remark": "prod-updated"}, |
| map[string]any{"key": "new-key", "name": "secondary", "remark": "staging"}, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateConfig(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.Keys) != 2 || snap.Keys[0] != "legacy" || snap.Keys[1] != "new-key" { |
| t.Fatalf("unexpected keys after config update: %#v", snap.Keys) |
| } |
| if len(snap.APIKeys) != 2 { |
| t.Fatalf("unexpected api keys after config update: %#v", snap.APIKeys) |
| } |
| if snap.APIKeys[0].Name != "primary-updated" || snap.APIKeys[0].Remark != "prod-updated" { |
| t.Fatalf("structured metadata for existing key was not preserved: %#v", snap.APIKeys[0]) |
| } |
| if snap.APIKeys[1].Name != "secondary" || snap.APIKeys[1].Remark != "staging" { |
| t.Fatalf("structured metadata for new key was not preserved: %#v", snap.APIKeys[1]) |
| } |
| } |
|
|
| func TestUpdateConfigLegacyKeysPreserveStructuredMetadata(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "api_keys":[{"key":"legacy","name":"primary","remark":"prod"}], |
| "accounts":[] |
| }`) |
|
|
| payload := map[string]any{ |
| "keys": []any{"legacy", "new-key"}, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateConfig(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.Keys) != 2 || snap.Keys[0] != "legacy" || snap.Keys[1] != "new-key" { |
| t.Fatalf("unexpected keys after legacy config update: %#v", snap.Keys) |
| } |
| if len(snap.APIKeys) != 2 { |
| t.Fatalf("unexpected api keys after legacy config update: %#v", snap.APIKeys) |
| } |
| if snap.APIKeys[0].Name != "primary" || snap.APIKeys[0].Remark != "prod" { |
| t.Fatalf("existing structured metadata was lost: %#v", snap.APIKeys[0]) |
| } |
| if snap.APIKeys[1].Key != "new-key" || snap.APIKeys[1].Name != "" || snap.APIKeys[1].Remark != "" { |
| t.Fatalf("new legacy key should remain metadata-free: %#v", snap.APIKeys[1]) |
| } |
| } |
|
|
| func TestUpdateConfigReplacesModelAliases(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "model_aliases":{"claude-sonnet-4-6":"deepseek-v4-flash"} |
| }`) |
|
|
| payload := map[string]any{ |
| "model_aliases": map[string]any{ |
| "gpt-5.5": "deepseek-v4-pro", |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateConfig(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.ModelAliases) != 1 { |
| t.Fatalf("expected aliases to be replaced, got %#v", snap.ModelAliases) |
| } |
| if snap.ModelAliases["gpt-5.5"] != "deepseek-v4-pro" { |
| t.Fatalf("expected updated alias, got %#v", snap.ModelAliases) |
| } |
| } |
|
|
| func TestUpdateSettingsPasswordInvalidatesOldJWT(t *testing.T) { |
| hash := authn.HashAdminPassword("old-password") |
| h := newAdminTestHandler(t, `{"admin":{"password_hash":"`+hash+`"}}`) |
|
|
| token, err := authn.CreateJWTWithStore(1, h.Store) |
| if err != nil { |
| t.Fatalf("create jwt failed: %v", err) |
| } |
| if _, err := authn.VerifyJWTWithStore(token, h.Store); err != nil { |
| t.Fatalf("verify before update failed: %v", err) |
| } |
|
|
| body := map[string]any{"new_password": "new-password"} |
| b, _ := json.Marshal(body) |
| req := httptest.NewRequest(http.MethodPost, "/admin/settings/password", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateSettingsPassword(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| if _, err := authn.VerifyJWTWithStore(token, h.Store); err == nil { |
| t.Fatal("expected old token to be invalid after password update") |
| } |
| if !authn.VerifyAdminCredential("new-password", h.Store) { |
| t.Fatal("expected new password credential to be accepted") |
| } |
| } |
|
|
| func TestConfigImportMergeAndReplace(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "accounts":[{"email":"a@test.com","password":"p1"}] |
| }`) |
|
|
| merge := map[string]any{ |
| "mode": "merge", |
| "config": map[string]any{ |
| "keys": []any{"k1", "k2"}, |
| "accounts": []any{ |
| map[string]any{"email": "a@test.com", "password": "p1"}, |
| map[string]any{"email": "b@test.com", "password": "p2"}, |
| }, |
| }, |
| } |
| mergeBytes, _ := json.Marshal(merge) |
| mergeReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=merge", bytes.NewReader(mergeBytes)) |
| mergeRec := httptest.NewRecorder() |
| h.configImport(mergeRec, mergeReq) |
| if mergeRec.Code != http.StatusOK { |
| t.Fatalf("merge status=%d body=%s", mergeRec.Code, mergeRec.Body.String()) |
| } |
| if got := len(h.Store.Keys()); got != 2 { |
| t.Fatalf("keys after merge=%d want=2", got) |
| } |
| if got := len(h.Store.Accounts()); got != 2 { |
| t.Fatalf("accounts after merge=%d want=2", got) |
| } |
|
|
| replace := map[string]any{ |
| "mode": "replace", |
| "config": map[string]any{ |
| "keys": []any{"k9"}, |
| }, |
| } |
| replaceBytes, _ := json.Marshal(replace) |
| replaceReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=replace", bytes.NewReader(replaceBytes)) |
| replaceRec := httptest.NewRecorder() |
| h.configImport(replaceRec, replaceReq) |
| if replaceRec.Code != http.StatusOK { |
| t.Fatalf("replace status=%d body=%s", replaceRec.Code, replaceRec.Body.String()) |
| } |
| keys := h.Store.Keys() |
| if len(keys) != 1 || keys[0] != "k9" { |
| t.Fatalf("unexpected keys after replace: %#v", keys) |
| } |
| if got := len(h.Store.Accounts()); got != 0 { |
| t.Fatalf("accounts after replace=%d want=0", got) |
| } |
| } |
|
|
| func TestConfigImportMergePreservesStructuredAPIKeys(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "api_keys":[{"key":"k1","name":"primary","remark":"prod"}] |
| }`) |
|
|
| merge := map[string]any{ |
| "mode": "merge", |
| "config": map[string]any{ |
| "api_keys": []any{ |
| map[string]any{"key": "k1", "name": "should-not-overwrite", "remark": "ignored"}, |
| map[string]any{"key": "k2", "name": "secondary", "remark": "staging"}, |
| }, |
| }, |
| } |
| mergeBytes, _ := json.Marshal(merge) |
| mergeReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=merge", bytes.NewReader(mergeBytes)) |
| mergeRec := httptest.NewRecorder() |
| h.configImport(mergeRec, mergeReq) |
| if mergeRec.Code != http.StatusOK { |
| t.Fatalf("merge status=%d body=%s", mergeRec.Code, mergeRec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.APIKeys) != 2 { |
| t.Fatalf("unexpected api keys after structured merge: %#v", snap.APIKeys) |
| } |
| if snap.APIKeys[0].Name != "primary" || snap.APIKeys[0].Remark != "prod" { |
| t.Fatalf("existing structured metadata was overwritten: %#v", snap.APIKeys[0]) |
| } |
| if snap.APIKeys[1].Name != "secondary" || snap.APIKeys[1].Remark != "staging" { |
| t.Fatalf("new structured metadata was lost: %#v", snap.APIKeys[1]) |
| } |
| } |
|
|
| func TestConfigImportMergeUpgradesLegacyAPIKeys(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["legacy"], |
| "accounts":[] |
| }`) |
|
|
| merge := map[string]any{ |
| "mode": "merge", |
| "config": map[string]any{ |
| "api_keys": []any{ |
| map[string]any{"key": "legacy", "name": "primary", "remark": "prod"}, |
| map[string]any{"key": "new-key", "name": "secondary", "remark": "staging"}, |
| }, |
| }, |
| } |
| mergeBytes, _ := json.Marshal(merge) |
| mergeReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=merge", bytes.NewReader(mergeBytes)) |
| mergeRec := httptest.NewRecorder() |
| h.configImport(mergeRec, mergeReq) |
| if mergeRec.Code != http.StatusOK { |
| t.Fatalf("merge status=%d body=%s", mergeRec.Code, mergeRec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.Keys) != 2 || snap.Keys[0] != "legacy" || snap.Keys[1] != "new-key" { |
| t.Fatalf("unexpected keys after legacy import merge: %#v", snap.Keys) |
| } |
| if len(snap.APIKeys) != 2 { |
| t.Fatalf("unexpected api keys after legacy import merge: %#v", snap.APIKeys) |
| } |
| if snap.APIKeys[0].Name != "primary" || snap.APIKeys[0].Remark != "prod" { |
| t.Fatalf("legacy key metadata was not upgraded: %#v", snap.APIKeys[0]) |
| } |
| if snap.APIKeys[1].Name != "secondary" || snap.APIKeys[1].Remark != "staging" { |
| t.Fatalf("new structured metadata was not preserved: %#v", snap.APIKeys[1]) |
| } |
| } |
|
|
| func TestBatchImportUpgradesLegacyAPIKeys(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["legacy"], |
| "accounts":[] |
| }`) |
|
|
| payload := map[string]any{ |
| "keys": []any{"legacy", "new-key"}, |
| "api_keys": []any{ |
| map[string]any{"key": "legacy", "name": "primary", "remark": "prod"}, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/import", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.batchImport(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
|
|
| snap := h.Store.Snapshot() |
| if len(snap.Keys) != 2 || snap.Keys[0] != "legacy" || snap.Keys[1] != "new-key" { |
| t.Fatalf("unexpected keys after batch import: %#v", snap.Keys) |
| } |
| if len(snap.APIKeys) != 2 { |
| t.Fatalf("unexpected api keys after batch import: %#v", snap.APIKeys) |
| } |
| if snap.APIKeys[0].Name != "primary" || snap.APIKeys[0].Remark != "prod" { |
| t.Fatalf("legacy key metadata was not upgraded: %#v", snap.APIKeys[0]) |
| } |
| if snap.APIKeys[1].Name != "" || snap.APIKeys[1].Remark != "" { |
| t.Fatalf("new batch-imported key should stay metadata-free: %#v", snap.APIKeys[1]) |
| } |
| } |
|
|
| func TestConfigImportAppliesTokenRefreshInterval(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
|
|
| replace := map[string]any{ |
| "mode": "replace", |
| "config": map[string]any{ |
| "keys": []any{"k9"}, |
| "runtime": map[string]any{ |
| "token_refresh_interval_hours": 11, |
| }, |
| }, |
| } |
| replaceBytes, _ := json.Marshal(replace) |
| replaceReq := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=replace", bytes.NewReader(replaceBytes)) |
| replaceRec := httptest.NewRecorder() |
| h.configImport(replaceRec, replaceReq) |
| if replaceRec.Code != http.StatusOK { |
| t.Fatalf("replace status=%d body=%s", replaceRec.Code, replaceRec.Body.String()) |
| } |
| if got := h.Store.RuntimeTokenRefreshIntervalHours(); got != 11 { |
| t.Fatalf("token_refresh_interval_hours=%d want=11", got) |
| } |
| } |
|
|
| func TestConfigImportRejectsInvalidRuntimeBounds(t *testing.T) { |
| h := newAdminTestHandler(t, `{"keys":["k1"]}`) |
| payload := map[string]any{ |
| "mode": "replace", |
| "config": map[string]any{ |
| "keys": []any{"k2"}, |
| "runtime": map[string]any{ |
| "account_max_inflight": 300, |
| }, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=replace", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.configImport(rec, req) |
| if rec.Code != http.StatusBadRequest { |
| t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if !bytes.Contains(rec.Body.Bytes(), []byte("runtime.account_max_inflight")) { |
| t.Fatalf("expected runtime bound detail, got %s", rec.Body.String()) |
| } |
| keys := h.Store.Keys() |
| if len(keys) != 1 || keys[0] != "k1" { |
| t.Fatalf("store should remain unchanged, keys=%v", keys) |
| } |
| } |
|
|
| func TestConfigImportRejectsMergedRuntimeConflict(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "runtime":{ |
| "account_max_inflight":8, |
| "global_max_inflight":8 |
| } |
| }`) |
| payload := map[string]any{ |
| "mode": "merge", |
| "config": map[string]any{ |
| "runtime": map[string]any{ |
| "account_max_inflight": 16, |
| }, |
| }, |
| } |
| b, _ := json.Marshal(payload) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=merge", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.configImport(rec, req) |
| if rec.Code != http.StatusBadRequest { |
| t.Fatalf("expected 400, got %d body=%s", rec.Code, rec.Body.String()) |
| } |
| if !bytes.Contains(rec.Body.Bytes(), []byte("runtime.global_max_inflight")) { |
| t.Fatalf("expected merged runtime validation detail, got %s", rec.Body.String()) |
| } |
| snap := h.Store.Snapshot() |
| if snap.Runtime.AccountMaxInflight != 8 || snap.Runtime.GlobalMaxInflight != 8 { |
| t.Fatalf("runtime should remain unchanged, runtime=%+v", snap.Runtime) |
| } |
| } |
|
|
| func TestConfigImportMergeDedupesMobileAliases(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "accounts":[{"mobile":"+8613800138000","password":"p1"}] |
| }`) |
|
|
| merge := map[string]any{ |
| "mode": "merge", |
| "config": map[string]any{ |
| "accounts": []any{ |
| map[string]any{"mobile": "13800138000", "password": "p2"}, |
| }, |
| }, |
| } |
| b, _ := json.Marshal(merge) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config/import?mode=merge", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.configImport(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| if got := len(h.Store.Accounts()); got != 1 { |
| t.Fatalf("expected merge dedupe by canonical mobile, got=%d", got) |
| } |
| } |
|
|
| func TestUpdateConfigDedupesMobileAliases(t *testing.T) { |
| h := newAdminTestHandler(t, `{ |
| "keys":["k1"], |
| "accounts":[{"mobile":"+8613800138000","password":"old"}] |
| }`) |
|
|
| reqBody := map[string]any{ |
| "accounts": []any{ |
| map[string]any{"mobile": "+8613800138000"}, |
| map[string]any{"mobile": "13800138000"}, |
| }, |
| } |
| b, _ := json.Marshal(reqBody) |
| req := httptest.NewRequest(http.MethodPost, "/admin/config", bytes.NewReader(b)) |
| rec := httptest.NewRecorder() |
| h.updateConfig(rec, req) |
| if rec.Code != http.StatusOK { |
| t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String()) |
| } |
| accounts := h.Store.Accounts() |
| if len(accounts) != 1 { |
| t.Fatalf("expected update dedupe by canonical mobile, got=%d", len(accounts)) |
| } |
| if accounts[0].Identifier() != "+8613800138000" { |
| t.Fatalf("unexpected identifier: %q", accounts[0].Identifier()) |
| } |
| } |
|
|
