Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

2026-04-27 15:54:48 +03:00
parent 62bc62f990
commit 4ed6a961ab
40 changed files with 3573 additions and 800 deletions
--- a/test/unit/admin_handler_users_tests.erl
+++ b/test/unit/admin_handler_users_tests.erl
@@ -1,45 +1,65 @@
 -module(admin_handler_users_tests).
 -include_lib("eunit/include/eunit.hrl").
-include("records.hrl").

 setup() ->
-  mnesia:start(),
-  mnesia:create_table(user, [{attributes, record_info(fields, user)}, {ram_copies, [node()]}]),
+  ok = meck:new(cowboy_req, [non_strict]),
+  ok = meck:new(handler_auth, [non_strict]),   % вместо auth
+  ok = meck:new(core_user, [non_strict]),
  ok.

 cleanup(_) ->
-  mnesia:delete_table(user),
-  mnesia:stop(),
-  ok.
+  meck:unload(core_user),
+  meck:unload(handler_auth),
+  meck:unload(cowboy_req).

 admin_users_test_() ->
-  {foreach,
-    fun setup/0,
-    fun cleanup/1,
-    [
-      {"User to JSON conversion", fun test_user_to_json/0},
-      {"Is admin check", fun test_is_admin/0}
-    ]}.
+  {setup, fun setup/0, fun cleanup/1, [
+    {"GET /admin/users with valid admin token returns 200 and list of users", fun test_list_users/0},
+    {"GET /admin/users with non-admin token returns 403", fun test_list_users_forbidden/0},
+    {"POST /admin/users returns 405", fun test_wrong_method/0}
+  ]}.

-create_test_user(Role) ->
-  UserId = base64:encode(crypto:strong_rand_bytes(16), #{mode => urlsafe, padding => false}),
-  User = #user{id = UserId, email = <<UserId/binary, "@test.com">>, password_hash = <<"hash">>,
-    role = Role, status = active, created_at = calendar:universal_time(), updated_at = calendar:universal_time()},
-  mnesia:dirty_write(User),
-  UserId.
+test_list_users() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"admin1">>, Req} end),
+  User = #{
+    id => <<"user1">>,
+    email => <<"user@test.com">>,
+    role => <<"user">>,
+    status => <<"active">>,
+    created_at => {{2025,4,27},{12,0,0}},
+    updated_at => {{2025,4,27},{12,30,0}}
+  },
+  ok = meck:expect(core_user, list_users, fun() -> {ok, [User]} end),
+  ok = meck:expect(cowboy_req, reply, fun(Code, Headers, Body, Req) ->
+    put(test_reply, {Code, Headers, Body, Req})
+                                      end),
+  {ok, _, _} = admin_handler_users:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  Users = jsx:decode(RespBody, [return_maps]),
+  ?assertEqual(1, length(Users)),
+  ?assertEqual(<<"user1">>, maps:get(<<"id">>, hd(Users))).

-test_user_to_json() ->
-  UserId = create_test_user(user),
-  {ok, User} = core_user:get_by_id(UserId),
-  Json = admin_handler_user_by_id:user_to_json(User),
-  ?assert(is_map(Json)),
-  ?assertEqual(UserId, maps:get(id, Json)),
-  ?assertEqual(user, maps:get(role, Json)),
-  ?assertEqual(active, maps:get(status, Json)).
+test_list_users_forbidden() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
+  ok = meck:expect(cowboy_req, reply, fun(Code, Headers, Body, Req) ->
+    put(test_reply, {Code, Headers, Body, Req})
+                                      end),
+  {ok, _, _} = admin_handler_users:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(403, Status),
+  ?assertEqual(#{<<"error">> => <<"Admin access required">>}, jsx:decode(RespBody, [return_maps])).

-test_is_admin() ->
-  AdminId = create_test_user(admin),
-  UserId = create_test_user(user),
-  ?assert(admin_handler_stats:is_admin(AdminId)),
-  ?assertNot(admin_handler_stats:is_admin(UserId)),
-  ?assertNot(admin_handler_stats:is_admin(<<"nonexistent">>)).
+test_wrong_method() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"POST">> end),
+  ok = meck:expect(cowboy_req, reply, fun(Code, Headers, Body, Req) ->
+    put(test_reply, {Code, Headers, Body, Req})
+                                      end),
+  {ok, _, _} = admin_handler_users:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(405, Status),
+  ?assertEqual(#{<<"error">> => <<"Method not allowed">>}, jsx:decode(RespBody, [return_maps])).