Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

2026-04-27 15:54:48 +03:00
parent 62bc62f990
commit 4ed6a961ab
40 changed files with 3573 additions and 800 deletions
--- a/test/unit/admin_handler_reports_tests.erl
+++ b/test/unit/admin_handler_reports_tests.erl
@@ -0,0 +1,121 @@
+-module(admin_handler_reports_tests).
+-include_lib("eunit/include/eunit.hrl").
+-include("records.hrl").
+
+setup() ->
+  ok = meck:new(cowboy_req, [non_strict]),
+  ok = meck:new(handler_auth, [non_strict]),
+  ok = meck:new(core_user, [non_strict]),
+  ok = meck:new(core_report, [non_strict]),
+  ok = meck:expect(cowboy_req, reply,
+    fun(Code, Headers, Body, Req) ->
+      put(test_reply, {Code, Headers, Body, Req})
+    end),
+  ok.
+
+cleanup(_) ->
+  meck:unload(core_report),
+  meck:unload(core_user),
+  meck:unload(handler_auth),
+  meck:unload(cowboy_req).
+
+admin_reports_test_() ->
+  {setup, fun setup/0, fun cleanup/1, [
+    {"GET /admin/reports – success",             fun test_list_reports/0},
+    {"GET /admin/reports – forbidden",           fun test_list_reports_forbidden/0},
+    {"PUT /admin/reports/:id – success",         fun test_update_report/0},
+    {"PUT /admin/reports/:id – missing status",  fun test_update_report_bad_json/0},
+    {"PUT /admin/reports/:id – not found",       fun test_update_report_not_found/0},
+    {"POST /admin/reports – method not allowed", fun test_wrong_method/0}
+  ]}.
+
+test_list_reports() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  Report = #report{
+    id = <<"r1">>,
+    reporter_id = <<"u1">>,
+    target_type = <<"event">>,
+    target_id = <<"e1">>,
+    reason = <<"spam">>,
+    status = <<"new">>,
+    created_at = {{2026,4,26},{12,0,0}},
+    resolved_at = undefined
+  },
+  ok = meck:expect(core_report, list_reports, fun() -> [Report] end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  [#{<<"id">> := <<"r1">>, <<"target_type">> := <<"event">>, <<"status">> := <<"new">>}]
+    = jsx:decode(RespBody, [return_maps]).
+
+test_list_reports_forbidden() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(403, Status),
+  #{<<"error">> := <<"Admin access required">>} = jsx:decode(RespBody, [return_maps]).
+
+test_update_report() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"reviewed">>}), Req} end),
+  Updated = #report{id = <<"r1">>, status = <<"reviewed">>},
+  ok = meck:expect(core_report, update_status,
+    fun(<<"r1">>, <<"reviewed">>) -> {ok, Updated} end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"status">> := <<"reviewed">>} = jsx:decode(RespBody, [return_maps]).
+
+test_update_report_bad_json() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, <<"bad json">>, Req} end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, _, _} = erase(test_reply),   %% исправлено: четыре элемента
+  ?assertEqual(400, Status).
+
+test_update_report_not_found() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r99">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"reviewed">>}), Req} end),
+  ok = meck:expect(core_report, update_status,
+    fun(_, _) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, _, _} = erase(test_reply),   %% исправлено: четыре элемента
+  ?assertEqual(404, Status).
+
+test_wrong_method() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"POST">> end),
+  {ok, _, _} = admin_handler_reports:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(405, Status),
+  #{<<"error">> := <<"Method not allowed">>} = jsx:decode(RespBody, [return_maps]).