diff --git a/internal/core/bridge/bridge_integration_test.go b/internal/core/bridge/bridge_integration_test.go index 5289dc8..96b617e 100644 --- a/internal/core/bridge/bridge_integration_test.go +++ b/internal/core/bridge/bridge_integration_test.go @@ -10,10 +10,9 @@ import ( "time" ) -// TestServer_Events_FullFlow simulates exact browser extension behavior: -// starts server with empty secret, sends ping, then sends events with various header configurations +// TestServer_Events_FullFlow simulates exact browser extension behavior func TestServer_Events_FullFlow(t *testing.T) { - received := make(chan []Event, 1) + received := make(chan []Event, 10) s := NewServer("", func(evts []Event) { received <- evts }) @@ -39,20 +38,16 @@ func TestServer_Events_FullFlow(t *testing.T) { t.Fatalf("ping returned %d", pingResp.StatusCode) } - // Test 2: Events WITHOUT any secret header (extension sends nothing when secret is empty) + eventsURL := fmt.Sprintf("http://127.0.0.1:%d/api/events", port) + + // Test 2: Events WITHOUT any secret header events := []Event{ {ID: "evt_test_1", Type: "page_visit", URL: "https://example.com", Domain: "example.com", ActiveSeconds: 120}, } batch := EventBatch{Version: 1, DeviceID: "firefox-test", Events: events} b, _ := json.Marshal(batch) - - eventsURL := fmt.Sprintf("http://127.0.0.1:%d/api/events", port) req, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req.Header.Set("Content-Type", "application/json") - // No X-Verstak-Secret header at all — empty secret on server should allow this - - t.Logf("Sending %d events to %s (no auth header)", len(events), eventsURL) - t.Logf("Payload: %s", string(b)) resp, err := http.DefaultClient.Do(req) if err != nil { @@ -61,23 +56,22 @@ func TestServer_Events_FullFlow(t *testing.T) { respBody, _ := io.ReadAll(resp.Body) resp.Body.Close() - t.Logf("Events response: status=%d body=%s", resp.StatusCode, string(respBody)) - + t.Logf("Events (no auth header): status=%d body=%s", resp.StatusCode, string(respBody)) if resp.StatusCode != 200 { - t.Errorf("expected 200, got %d. Body: %s", resp.StatusCode, string(respBody)) + t.Errorf("expected 200, got %d", resp.StatusCode) } select { case evts := <-received: - t.Logf("SUCCESS: handler received %d events", len(evts)) + t.Logf("Handler received %d events (no auth)", len(evts)) case <-time.After(2 * time.Second): - t.Fatal("TIMEOUT: handler did not receive events") + t.Fatal("timeout waiting for events (no auth)") } - // Test 3: Events WITH undefined secret header (simulating JS undefined) + // Test 3: Events WITH "undefined" JS string as secret req2, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req2.Header.Set("Content-Type", "application/json") - req2.Header.Set("X-Verstak-Secret", "undefined") // JS: header when secret is undefined + req2.Header.Set("X-Verstak-Secret", "undefined") resp2, err := http.DefaultClient.Do(req2) if err != nil { @@ -86,12 +80,18 @@ func TestServer_Events_FullFlow(t *testing.T) { respBody2, _ := io.ReadAll(resp2.Body) resp2.Body.Close() - t.Logf("Events with 'undefined' secret: status=%d body=%s", resp2.StatusCode, string(respBody2)) - + t.Logf("Events ('undefined' secret): status=%d body=%s", resp2.StatusCode, string(respBody2)) if resp2.StatusCode != 200 { t.Errorf("expected 200 with 'undefined' secret, got %d", resp2.StatusCode) } + select { + case evts := <-received: + t.Logf("Handler received %d events (undefined auth)", len(evts)) + case <-time.After(2 * time.Second): + t.Fatal("timeout waiting for events (undefined auth)") + } + // Test 4: Events WITH empty string secret header req3, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req3.Header.Set("Content-Type", "application/json") @@ -104,8 +104,7 @@ func TestServer_Events_FullFlow(t *testing.T) { respBody3, _ := io.ReadAll(resp3.Body) resp3.Body.Close() - t.Logf("Events with empty secret: status=%d body=%s", resp3.StatusCode, string(respBody3)) - + t.Logf("Events (empty secret header): status=%d body=%s", resp3.StatusCode, string(respBody3)) if resp3.StatusCode != 200 { t.Errorf("expected 200 with empty secret, got %d", resp3.StatusCode) }