Files
q792602257 a00f5a9efd refactor(mcp): apply Part 1 review I1+I3+I4+I5
- Rename MCPToken -> Token (mcp.Token reads cleaner; zero external callers yet)
- IssueSystemToken: guard against nil ACPSessionID / UserID (early input validation)
- TokenService: inject now func for clock injection (parity with RateLimiter)
- Repository CHECK constraint tests: assert wrapped CodeInternal

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-08 10:28:49 +08:00

103 lines
2.6 KiB
Go

package mcp_test
import (
"context"
"io"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/yan1h/agent-coding-workflow/internal/mcp"
)
func TestAuthMiddleware_BearerHeader(t *testing.T) {
t.Parallel()
repo := newFakeRepo()
svc := mcp.NewTokenService(repo, &fakeAudit{}, nil)
res, err := svc.IssueAdmin(context.Background(), mcp.IssueAdminInput{
UserID: uuid.New(),
Name: "x",
ExpiresAt: time.Now().Add(time.Hour),
CreatedBy: uuid.New(),
})
require.NoError(t, err)
mw := mcp.NewAuthMiddleware(svc)
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s, ok := mcp.FromContext(r.Context())
require.True(t, ok)
require.NotNil(t, s)
_, _ = w.Write([]byte(s.TokenID))
}))
req := httptest.NewRequest("GET", "/mcp", nil)
req.Header.Set("Authorization", "Bearer "+res.Plaintext)
rec := httptest.NewRecorder()
h.ServeHTTP(rec, req)
assert.Equal(t, http.StatusOK, rec.Code)
body, _ := io.ReadAll(rec.Body)
assert.Equal(t, res.ID.String(), string(body))
}
func TestAuthMiddleware_QueryFallback(t *testing.T) {
t.Parallel()
repo := newFakeRepo()
svc := mcp.NewTokenService(repo, &fakeAudit{}, nil)
res, _ := svc.IssueAdmin(context.Background(), mcp.IssueAdminInput{
UserID: uuid.New(),
Name: "x",
ExpiresAt: time.Now().Add(time.Hour),
CreatedBy: uuid.New(),
})
mw := mcp.NewAuthMiddleware(svc)
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}))
req := httptest.NewRequest("GET", "/mcp?token="+res.Plaintext, nil)
rec := httptest.NewRecorder()
h.ServeHTTP(rec, req)
assert.Equal(t, http.StatusOK, rec.Code)
}
func TestAuthMiddleware_MissingToken(t *testing.T) {
t.Parallel()
svc := mcp.NewTokenService(newFakeRepo(), &fakeAudit{}, nil)
mw := mcp.NewAuthMiddleware(svc)
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Fatal("should not call inner handler")
}))
req := httptest.NewRequest("GET", "/mcp", nil)
rec := httptest.NewRecorder()
h.ServeHTTP(rec, req)
assert.Equal(t, http.StatusUnauthorized, rec.Code)
}
func TestAuthMiddleware_InvalidToken(t *testing.T) {
t.Parallel()
svc := mcp.NewTokenService(newFakeRepo(), &fakeAudit{}, nil)
mw := mcp.NewAuthMiddleware(svc)
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Fatal("should not call")
}))
req := httptest.NewRequest("GET", "/mcp", nil)
req.Header.Set("Authorization", "Bearer mcpt_invalid")
rec := httptest.NewRecorder()
h.ServeHTTP(rec, req)
assert.Equal(t, http.StatusUnauthorized, rec.Code)
}