You've already forked agentic-coding-workflow
a00f5a9efd
- Rename MCPToken -> Token (mcp.Token reads cleaner; zero external callers yet) - IssueSystemToken: guard against nil ACPSessionID / UserID (early input validation) - TokenService: inject now func for clock injection (parity with RateLimiter) - Repository CHECK constraint tests: assert wrapped CodeInternal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
103 lines
2.6 KiB
Go
103 lines
2.6 KiB
Go
package mcp_test
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/yan1h/agent-coding-workflow/internal/mcp"
|
|
)
|
|
|
|
func TestAuthMiddleware_BearerHeader(t *testing.T) {
|
|
t.Parallel()
|
|
repo := newFakeRepo()
|
|
svc := mcp.NewTokenService(repo, &fakeAudit{}, nil)
|
|
|
|
res, err := svc.IssueAdmin(context.Background(), mcp.IssueAdminInput{
|
|
UserID: uuid.New(),
|
|
Name: "x",
|
|
ExpiresAt: time.Now().Add(time.Hour),
|
|
CreatedBy: uuid.New(),
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
mw := mcp.NewAuthMiddleware(svc)
|
|
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
s, ok := mcp.FromContext(r.Context())
|
|
require.True(t, ok)
|
|
require.NotNil(t, s)
|
|
_, _ = w.Write([]byte(s.TokenID))
|
|
}))
|
|
|
|
req := httptest.NewRequest("GET", "/mcp", nil)
|
|
req.Header.Set("Authorization", "Bearer "+res.Plaintext)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
body, _ := io.ReadAll(rec.Body)
|
|
assert.Equal(t, res.ID.String(), string(body))
|
|
}
|
|
|
|
func TestAuthMiddleware_QueryFallback(t *testing.T) {
|
|
t.Parallel()
|
|
repo := newFakeRepo()
|
|
svc := mcp.NewTokenService(repo, &fakeAudit{}, nil)
|
|
|
|
res, _ := svc.IssueAdmin(context.Background(), mcp.IssueAdminInput{
|
|
UserID: uuid.New(),
|
|
Name: "x",
|
|
ExpiresAt: time.Now().Add(time.Hour),
|
|
CreatedBy: uuid.New(),
|
|
})
|
|
|
|
mw := mcp.NewAuthMiddleware(svc)
|
|
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest("GET", "/mcp?token="+res.Plaintext, nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
}
|
|
|
|
func TestAuthMiddleware_MissingToken(t *testing.T) {
|
|
t.Parallel()
|
|
svc := mcp.NewTokenService(newFakeRepo(), &fakeAudit{}, nil)
|
|
|
|
mw := mcp.NewAuthMiddleware(svc)
|
|
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("should not call inner handler")
|
|
}))
|
|
|
|
req := httptest.NewRequest("GET", "/mcp", nil)
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
}
|
|
|
|
func TestAuthMiddleware_InvalidToken(t *testing.T) {
|
|
t.Parallel()
|
|
svc := mcp.NewTokenService(newFakeRepo(), &fakeAudit{}, nil)
|
|
|
|
mw := mcp.NewAuthMiddleware(svc)
|
|
h := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
t.Fatal("should not call")
|
|
}))
|
|
|
|
req := httptest.NewRequest("GET", "/mcp", nil)
|
|
req.Header.Set("Authorization", "Bearer mcpt_invalid")
|
|
rec := httptest.NewRecorder()
|
|
h.ServeHTTP(rec, req)
|
|
assert.Equal(t, http.StatusUnauthorized, rec.Code)
|
|
}
|