Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

test/unit/admin_handler_subscriptions_tests.erl

@@ -0,0 +1,219 @@
+-module(admin_handler_subscriptions_tests).
+-include_lib("eunit/include/eunit.hrl").
+-include("records.hrl").
+
+setup() ->
+  ok = meck:new(cowboy_req, [non_strict]),
+  ok = meck:new(handler_auth, [non_strict]),
+  ok = meck:new(core_user, [non_strict]),
+  ok = meck:new(core_subscription, [non_strict]),
+  ok = meck:expect(cowboy_req, reply,
+    fun(Code, Headers, Body, Req) ->
+      put(test_reply, {Code, Headers, Body, Req})
+    end),
+  ok.
+
+cleanup(_) ->
+  meck:unload(core_subscription),
+  meck:unload(core_user),
+  meck:unload(handler_auth),
+  meck:unload(cowboy_req).
+
+admin_subscriptions_test_() ->
+  {setup, fun setup/0, fun cleanup/1, [
+    {"GET /admin/subscriptions – success", fun test_list/0},
+    {"GET /admin/subscriptions – forbidden", fun test_list_forbidden/0},
+    {"POST /admin/subscriptions – success", fun test_create/0},
+    {"POST /admin/subscriptions – missing user_id", fun test_create_missing/0},
+    {"GET /admin/subscriptions/:id – success", fun test_get/0},
+    {"GET /admin/subscriptions/:id – not found", fun test_get_not_found/0},
+    {"PUT /admin/subscriptions/:id – success", fun test_update/0},
+    {"PUT /admin/subscriptions/:id – not found", fun test_update_not_found/0},
+    {"DELETE /admin/subscriptions/:id – success", fun test_delete/0},
+    {"DELETE /admin/subscriptions/:id – not found", fun test_delete_not_found/0},
+    {"PATCH /admin/subscriptions – method not allowed", fun test_wrong_method/0}
+  ]}.
+
+%% GET список
+test_list() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> undefined end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  Sub1 = #subscription{
+    id = <<"s1">>,
+    user_id = <<"u1">>,
+    plan = monthly,
+    status = active,
+    trial_used = false,
+    started_at = {{2026,4,27},{12,0,0}},
+    expires_at = {{2026,5,27},{12,0,0}},
+    created_at = {{2026,4,27},{12,0,0}},
+    updated_at = {{2026,4,27},{12,0,0}}
+  },
+  ok = meck:expect(core_subscription, list_subscriptions, fun() -> [Sub1] end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  [#{<<"id">> := <<"s1">>, <<"plan">> := <<"monthly">>, <<"status">> := <<"active">>}] =
+    jsx:decode(RespBody, [return_maps]).
+
+test_list_forbidden() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> undefined end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(403, Status).
+
+%% POST создание
+test_create() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> undefined end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"POST">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  BodyMap = #{<<"user_id">> => <<"u1">>, <<"plan">> => <<"yearly">>},
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(BodyMap), Req} end),
+  Created = #subscription{
+    id = <<"s_new">>, user_id = <<"u1">>, plan = yearly, status = active,
+    trial_used = false,
+    started_at = {{2026,4,27},{14,0,0}}, expires_at = {{2027,4,27},{14,0,0}},
+    created_at = {{2026,4,27},{14,0,0}}, updated_at = {{2026,4,27},{14,0,0}}
+  },
+  ok = meck:expect(core_subscription, create_subscription, fun(_) -> {ok, Created} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(201, Status),
+  #{<<"plan">> := <<"yearly">>, <<"status">> := <<"active">>} = jsx:decode(RespBody, [return_maps]).
+
+test_create_missing() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> undefined end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"POST">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"plan">> => <<"monthly">>}), Req} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(400, Status).
+
+%% GET по ID
+test_get() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s1">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  Sub = #subscription{
+    id = <<"s1">>, user_id = <<"u1">>, plan = monthly, status = active,
+    trial_used = false,
+    started_at = {{2026,4,27},{12,0,0}}, expires_at = {{2026,5,27},{12,0,0}},
+    created_at = {{2026,4,27},{12,0,0}}, updated_at = {{2026,4,27},{12,0,0}}
+  },
+  ok = meck:expect(core_subscription, get_by_id,
+    fun(<<"s1">>) -> {ok, Sub} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"id">> := <<"s1">>, <<"plan">> := <<"monthly">>} = jsx:decode(RespBody, [return_maps]).
+
+test_get_not_found() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s99">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(core_subscription, get_by_id,
+    fun(_) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% PUT обновление
+test_update() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s1">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"cancelled">>}), Req} end),
+  Updated = #subscription{id = <<"s1">>, status = cancelled},
+  ok = meck:expect(core_subscription, update_subscription,
+    fun(<<"s1">>, _) -> {ok, Updated} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"status">> := <<"cancelled">>} = jsx:decode(RespBody, [return_maps]).
+
+test_update_not_found() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s99">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"cancelled">>}), Req} end),
+  ok = meck:expect(core_subscription, update_subscription,
+    fun(_, _) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% DELETE
+test_delete() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s1">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"DELETE">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(core_subscription, delete_subscription,
+    fun(<<"s1">>) -> {ok, deleted} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"status">> := <<"deleted">>} = jsx:decode(RespBody, [return_maps]).
+
+test_delete_not_found() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> <<"s99">> end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"DELETE">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(core_subscription, delete_subscription,
+    fun(_) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% Неверный метод
+test_wrong_method() ->
+  ok = meck:expect(cowboy_req, binding, fun(id, _) -> undefined end),
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PATCH">> end),
+  {ok, _, _} = admin_handler_subscriptions:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(405, Status),
+  #{<<"error">> := <<"Method not allowed">>} = jsx:decode(RespBody, [return_maps]).