Add unit tests for middleware, models, services, handlers, and repository helpers

2026-03-01 02:32:59 +00:00
parent 2b4a6ce4c8
commit 8d9fe818f4
11 changed files with 800 additions and 0 deletions
--- a/internal/service/auth_test.go
+++ b/internal/service/auth_test.go
@@ -0,0 +1,97 @@
+package service
+
+import (
+	"testing"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func TestAuthService_GenerateAndValidateToken(t *testing.T) {
+	s := &AuthService{jwtSecret: "test-secret"}
+
+	t.Run("valid access token", func(t *testing.T) {
+		tokenStr, err := s.generateToken(1, "access", 15*time.Minute)
+		if err != nil {
+			t.Fatalf("generateToken error: %v", err)
+		}
+
+		claims, err := s.validateToken(tokenStr, "access")
+		if err != nil {
+			t.Fatalf("validateToken error: %v", err)
+		}
+
+		userID, ok := claims["user_id"].(float64)
+		if !ok || int64(userID) != 1 {
+			t.Errorf("expected user_id 1, got %v", claims["user_id"])
+		}
+	})
+
+	t.Run("wrong token type rejected", func(t *testing.T) {
+		tokenStr, _ := s.generateToken(1, "refresh", time.Hour)
+		_, err := s.validateToken(tokenStr, "access")
+		if err != ErrInvalidToken {
+			t.Errorf("expected ErrInvalidToken, got %v", err)
+		}
+	})
+
+	t.Run("expired token rejected", func(t *testing.T) {
+		tokenStr, _ := s.generateToken(1, "access", -time.Hour)
+		_, err := s.validateToken(tokenStr, "access")
+		if err != ErrInvalidToken {
+			t.Errorf("expected ErrInvalidToken, got %v", err)
+		}
+	})
+
+	t.Run("wrong secret rejected", func(t *testing.T) {
+		otherService := &AuthService{jwtSecret: "other-secret"}
+		tokenStr, _ := otherService.generateToken(1, "access", time.Hour)
+		_, err := s.validateToken(tokenStr, "access")
+		if err != ErrInvalidToken {
+			t.Errorf("expected ErrInvalidToken, got %v", err)
+		}
+	})
+
+	t.Run("tampered token rejected", func(t *testing.T) {
+		tokenStr, _ := s.generateToken(1, "access", time.Hour)
+		_, err := s.validateToken(tokenStr+"x", "access")
+		if err != ErrInvalidToken {
+			t.Errorf("expected ErrInvalidToken, got %v", err)
+		}
+	})
+
+	t.Run("HMAC signing method accepted", func(t *testing.T) {
+		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+			"user_id": float64(1),
+			"type":    "access",
+			"exp":     time.Now().Add(time.Hour).Unix(),
+		})
+		tokenStr, _ := token.SignedString([]byte("test-secret"))
+
+		claims, err := s.validateToken(tokenStr, "access")
+		if err != nil {
+			t.Fatalf("should accept HS256: %v", err)
+		}
+		if claims["type"] != "access" {
+			t.Error("claims type mismatch")
+		}
+	})
+}
+
+func TestErrWeakPassword(t *testing.T) {
+	if ErrWeakPassword.Error() != "password must be at least 8 characters" {
+		t.Errorf("unexpected error message: %s", ErrWeakPassword.Error())
+	}
+}
+
+func TestErrInvalidCredentials(t *testing.T) {
+	if ErrInvalidCredentials.Error() != "invalid credentials" {
+		t.Errorf("unexpected error message: %s", ErrInvalidCredentials.Error())
+	}
+}
+
+func TestErrEmailNotVerified(t *testing.T) {
+	if ErrEmailNotVerified.Error() != "email not verified" {
+		t.Errorf("unexpected error message: %s", ErrEmailNotVerified.Error())
+	}
+}