test: add handler and config tests (auth, tasks, habits, savings, profile, interest, freeze)

internal/config/config_test.go

@@ -0,0 +1,79 @@
+package config
+
+import (
+	"os"
+	"testing"
+)
+
+func TestLoad_Defaults(t *testing.T) {
+	// Clear env to test defaults
+	envKeys := []string{"DATABASE_URL", "JWT_SECRET", "PORT", "RESEND_API_KEY", "FROM_EMAIL", "FROM_NAME", "APP_URL", "TELEGRAM_BOT_TOKEN"}
+	originals := make(map[string]string)
+	for _, k := range envKeys {
+		originals[k] = os.Getenv(k)
+		os.Unsetenv(k)
+	}
+	defer func() {
+		for k, v := range originals {
+			if v != "" {
+				os.Setenv(k, v)
+			}
+		}
+	}()
+
+	cfg := Load()
+
+	if cfg.Port != "8080" {
+		t.Errorf("expected default port 8080, got %s", cfg.Port)
+	}
+	if cfg.JWTSecret != "change-me-in-production" {
+		t.Errorf("expected default JWT secret, got %s", cfg.JWTSecret)
+	}
+	if cfg.FromEmail != "noreply@digital-home.site" {
+		t.Errorf("expected default from email, got %s", cfg.FromEmail)
+	}
+}
+
+func TestLoad_FromEnv(t *testing.T) {
+	os.Setenv("PORT", "9090")
+	os.Setenv("JWT_SECRET", "my-secret")
+	defer func() {
+		os.Unsetenv("PORT")
+		os.Unsetenv("JWT_SECRET")
+	}()
+
+	cfg := Load()
+
+	if cfg.Port != "9090" {
+		t.Errorf("expected port 9090, got %s", cfg.Port)
+	}
+	if cfg.JWTSecret != "my-secret" {
+		t.Errorf("expected JWT secret my-secret, got %s", cfg.JWTSecret)
+	}
+}
+
+func TestGetEnv(t *testing.T) {
+	tests := []struct {
+		name     string
+		key      string
+		envValue string
+		def      string
+		want     string
+	}{
+		{"returns env value", "TEST_KEY_1", "env_val", "default", "env_val"},
+		{"returns default when empty", "TEST_KEY_2", "", "default", "default"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.envValue != "" {
+				os.Setenv(tt.key, tt.envValue)
+				defer os.Unsetenv(tt.key)
+			}
+			got := getEnv(tt.key, tt.def)
+			if got != tt.want {
+				t.Errorf("getEnv(%s) = %s, want %s", tt.key, got, tt.want)
+			}
+		})
+	}
+}

internal/handler/auth_test.go

@@ -0,0 +1,268 @@
+package handler
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestAuthHandler_Register_EmptyBody(t *testing.T) {
+	// Test that invalid JSON returns 400
+	req := httptest.NewRequest("POST", "/auth/register", bytes.NewBufferString("{invalid"))
+	rr := httptest.NewRecorder()
+
+	// We can't easily mock authService since it's a concrete type,
+	// but we can test request parsing logic
+	h := &AuthHandler{authService: nil}
+	h.Register(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+
+	var resp map[string]string
+	json.NewDecoder(rr.Body).Decode(&resp)
+	if resp["error"] != "invalid request body" {
+		t.Errorf("expected 'invalid request body', got '%s'", resp["error"])
+	}
+}
+
+func TestAuthHandler_Register_MissingFields(t *testing.T) {
+	tests := []struct {
+		name string
+		body map[string]string
+	}{
+		{"missing email", map[string]string{"username": "test", "password": "123456"}},
+		{"missing username", map[string]string{"email": "test@test.com", "password": "123456"}},
+		{"missing password", map[string]string{"email": "test@test.com", "username": "test"}},
+		{"all empty", map[string]string{}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			body, _ := json.Marshal(tt.body)
+			req := httptest.NewRequest("POST", "/auth/register", bytes.NewBuffer(body))
+			rr := httptest.NewRecorder()
+
+			h := &AuthHandler{authService: nil}
+			h.Register(rr, req)
+
+			if rr.Code != http.StatusBadRequest {
+				t.Errorf("expected 400, got %d", rr.Code)
+			}
+		})
+	}
+}
+
+func TestAuthHandler_Login_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/login", bytes.NewBufferString("not json"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.Login(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_Login_MissingFields(t *testing.T) {
+	tests := []struct {
+		name string
+		body map[string]string
+	}{
+		{"missing email", map[string]string{"password": "123456"}},
+		{"missing password", map[string]string{"email": "test@test.com"}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			body, _ := json.Marshal(tt.body)
+			req := httptest.NewRequest("POST", "/auth/login", bytes.NewBuffer(body))
+			rr := httptest.NewRecorder()
+
+			h := &AuthHandler{authService: nil}
+			h.Login(rr, req)
+
+			if rr.Code != http.StatusBadRequest {
+				t.Errorf("expected 400, got %d", rr.Code)
+			}
+		})
+	}
+}
+
+func TestAuthHandler_Refresh_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/refresh", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.Refresh(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_Refresh_EmptyToken(t *testing.T) {
+	body, _ := json.Marshal(map[string]string{"refresh_token": ""})
+	req := httptest.NewRequest("POST", "/auth/refresh", bytes.NewBuffer(body))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.Refresh(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_VerifyEmail_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/verify", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.VerifyEmail(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_VerifyEmail_EmptyToken(t *testing.T) {
+	body, _ := json.Marshal(map[string]string{"token": ""})
+	req := httptest.NewRequest("POST", "/auth/verify", bytes.NewBuffer(body))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.VerifyEmail(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ResendVerification_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/resend", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ResendVerification(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ResendVerification_EmptyEmail(t *testing.T) {
+	body, _ := json.Marshal(map[string]string{"email": ""})
+	req := httptest.NewRequest("POST", "/auth/resend", bytes.NewBuffer(body))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ResendVerification(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ForgotPassword_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/forgot", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ForgotPassword(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ForgotPassword_EmptyEmail(t *testing.T) {
+	body, _ := json.Marshal(map[string]string{"email": ""})
+	req := httptest.NewRequest("POST", "/auth/forgot", bytes.NewBuffer(body))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ForgotPassword(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ResetPassword_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/reset", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ResetPassword(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ResetPassword_MissingFields(t *testing.T) {
+	tests := []struct {
+		name string
+		body map[string]string
+	}{
+		{"missing token", map[string]string{"new_password": "123456"}},
+		{"missing password", map[string]string{"token": "abc"}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			body, _ := json.Marshal(tt.body)
+			req := httptest.NewRequest("POST", "/auth/reset", bytes.NewBuffer(body))
+			rr := httptest.NewRecorder()
+
+			h := &AuthHandler{authService: nil}
+			h.ResetPassword(rr, req)
+
+			if rr.Code != http.StatusBadRequest {
+				t.Errorf("expected 400, got %d", rr.Code)
+			}
+		})
+	}
+}
+
+func TestAuthHandler_ChangePassword_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/auth/change-password", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &AuthHandler{authService: nil}
+	h.ChangePassword(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestAuthHandler_ChangePassword_MissingFields(t *testing.T) {
+	tests := []struct {
+		name string
+		body map[string]string
+	}{
+		{"missing old password", map[string]string{"new_password": "123456"}},
+		{"missing new password", map[string]string{"old_password": "abc"}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			body, _ := json.Marshal(tt.body)
+			req := httptest.NewRequest("POST", "/auth/change-password", bytes.NewBuffer(body))
+			rr := httptest.NewRecorder()
+
+			h := &AuthHandler{authService: nil}
+			h.ChangePassword(rr, req)
+
+			if rr.Code != http.StatusBadRequest {
+				t.Errorf("expected 400, got %d", rr.Code)
+			}
+		})
+	}
+}

internal/handler/habit_freeze_test.go

@@ -0,0 +1,21 @@
+package handler
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestHabitFreezeHandler_Create_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/habits/1/freeze", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &HabitFreezeHandler{freezeRepo: nil, habitRepo: nil}
+	h.Create(rr, req)
+
+	// No chi URL param → bad request
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}

internal/handler/habits_test.go

@@ -0,0 +1,33 @@
+package handler
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestHabitHandler_Create_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/habits", bytes.NewBufferString("not json"))
+	rr := httptest.NewRecorder()
+
+	h := &HabitHandler{habitService: nil}
+	h.Create(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestHabitHandler_Create_EmptyName(t *testing.T) {
+	body := `{"name":""}`
+	req := httptest.NewRequest("POST", "/habits", bytes.NewBufferString(body))
+	rr := httptest.NewRecorder()
+
+	h := &HabitHandler{habitService: nil}
+	h.Create(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}

internal/handler/interest_test.go

@@ -0,0 +1,33 @@
+package handler
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestInterestHandler_CalculateInterest_Unauthorized(t *testing.T) {
+	h := &InterestHandler{
+		service:   nil,
+		secretKey: "test-secret",
+	}
+
+	// No header
+	req := httptest.NewRequest("POST", "/internal/calculate-interest", nil)
+	rr := httptest.NewRecorder()
+	h.CalculateInterest(rr, req)
+
+	if rr.Code != http.StatusUnauthorized {
+		t.Errorf("expected 401, got %d", rr.Code)
+	}
+
+	// Wrong header
+	req2 := httptest.NewRequest("POST", "/internal/calculate-interest", nil)
+	req2.Header.Set("X-Internal-Key", "wrong-key")
+	rr2 := httptest.NewRecorder()
+	h.CalculateInterest(rr2, req2)
+
+	if rr2.Code != http.StatusUnauthorized {
+		t.Errorf("expected 401, got %d", rr2.Code)
+	}
+}

internal/handler/profile_test.go

@@ -0,0 +1,20 @@
+package handler
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestProfileHandler_Update_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("PUT", "/profile", bytes.NewBufferString("not json"))
+	rr := httptest.NewRecorder()
+
+	h := &ProfileHandler{userRepo: nil}
+	h.Update(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}

internal/handler/savings_test.go

@@ -0,0 +1,97 @@
+package handler
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestSavingsHandler_CreateCategory_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/savings/categories", bytes.NewBufferString("not json"))
+	rr := httptest.NewRecorder()
+
+	h := &SavingsHandler{repo: nil}
+	h.CreateCategory(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestSavingsHandler_CreateCategory_EmptyName(t *testing.T) {
+	body := `{"name":""}`
+	req := httptest.NewRequest("POST", "/savings/categories", bytes.NewBufferString(body))
+	rr := httptest.NewRecorder()
+
+	h := &SavingsHandler{repo: nil}
+	h.CreateCategory(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestSavingsHandler_CreateTransaction_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/savings/transactions", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &SavingsHandler{repo: nil}
+	h.CreateTransaction(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestSavingsHandler_CreateTransaction_Validation(t *testing.T) {
+	tests := []struct {
+		name string
+		body string
+	}{
+		{"missing category_id", `{"amount": 100, "type": "deposit", "date": "2026-01-01"}`},
+		{"zero amount", `{"category_id": 1, "amount": 0, "type": "deposit", "date": "2026-01-01"}`},
+		{"negative amount", `{"category_id": 1, "amount": -10, "type": "deposit", "date": "2026-01-01"}`},
+		{"invalid type", `{"category_id": 1, "amount": 100, "type": "invalid", "date": "2026-01-01"}`},
+		{"missing date", `{"category_id": 1, "amount": 100, "type": "deposit", "date": ""}`},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := httptest.NewRequest("POST", "/savings/transactions", bytes.NewBufferString(tt.body))
+			rr := httptest.NewRecorder()
+
+			h := &SavingsHandler{repo: nil}
+			h.CreateTransaction(rr, req)
+
+			if rr.Code != http.StatusBadRequest {
+				t.Errorf("expected 400, got %d", rr.Code)
+			}
+		})
+	}
+}
+
+func TestSavingsHandler_UpdateCategory_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("PUT", "/savings/categories/1", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &SavingsHandler{repo: nil}
+	h.UpdateCategory(rr, req)
+
+	// No chi route params → will fail on ParseInt → 400
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestSavingsHandler_CreateRecurringPlan_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/savings/categories/1/plans", bytes.NewBufferString("bad"))
+	rr := httptest.NewRecorder()
+
+	h := &SavingsHandler{repo: nil}
+	h.CreateRecurringPlan(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}

internal/handler/tasks_test.go

@@ -0,0 +1,33 @@
+package handler
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestTaskHandler_Create_InvalidBody(t *testing.T) {
+	req := httptest.NewRequest("POST", "/tasks", bytes.NewBufferString("not json"))
+	rr := httptest.NewRecorder()
+
+	h := &TaskHandler{taskService: nil}
+	h.Create(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}
+
+func TestTaskHandler_Create_EmptyTitle(t *testing.T) {
+	body := `{"title":""}`
+	req := httptest.NewRequest("POST", "/tasks", bytes.NewBufferString(body))
+	rr := httptest.NewRecorder()
+
+	h := &TaskHandler{taskService: nil}
+	h.Create(rr, req)
+
+	if rr.Code != http.StatusBadRequest {
+		t.Errorf("expected 400, got %d", rr.Code)
+	}
+}