mirivlad
/
verstak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(bridge): add integration tests for empty/undefined secret, full flow

This commit is contained in:
mirivlad 2026-06-09 01:11:51 +08:00
parent b002005a42
commit e1505e1334
1 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
internal/core/bridge/bridge_integration_test.go
View File

@ -10,10 +10,9 @@ import (
"time" "time"
) )
// TestServer_Events_FullFlow simulates exact browser extension behavior: // TestServer_Events_FullFlow simulates exact browser extension behavior
// starts server with empty secret, sends ping, then sends events with various header configurations
func TestServer_Events_FullFlow(t *testing.T) { func TestServer_Events_FullFlow(t *testing.T) {
received := make(chan []Event, 1) received := make(chan []Event, 10)
s := NewServer("", func(evts []Event) { s := NewServer("", func(evts []Event) {
received <- evts received <- evts
}) })
@ -39,20 +38,16 @@ func TestServer_Events_FullFlow(t *testing.T) {
t.Fatalf("ping returned %d", pingResp.StatusCode) t.Fatalf("ping returned %d", pingResp.StatusCode)
} }
// Test 2: Events WITHOUT any secret header (extension sends nothing when secret is empty) eventsURL := fmt.Sprintf("http://127.0.0.1:%d/api/events", port)
// Test 2: Events WITHOUT any secret header
events := []Event{ events := []Event{
{ID: "evt_test_1", Type: "page_visit", URL: "https://example.com", Domain: "example.com", ActiveSeconds: 120}, {ID: "evt_test_1", Type: "page_visit", URL: "https://example.com", Domain: "example.com", ActiveSeconds: 120},
} }
batch := EventBatch{Version: 1, DeviceID: "firefox-test", Events: events} batch := EventBatch{Version: 1, DeviceID: "firefox-test", Events: events}
b, _ := json.Marshal(batch) b, _ := json.Marshal(batch)
eventsURL := fmt.Sprintf("http://127.0.0.1:%d/api/events", port)
req, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
// No X-Verstak-Secret header at all — empty secret on server should allow this
t.Logf("Sending %d events to %s (no auth header)", len(events), eventsURL)
t.Logf("Payload: %s", string(b))
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
@ -61,23 +56,22 @@ func TestServer_Events_FullFlow(t *testing.T) {
respBody, _ := io.ReadAll(resp.Body) respBody, _ := io.ReadAll(resp.Body)
resp.Body.Close() resp.Body.Close()
t.Logf("Events response: status=%d body=%s", resp.StatusCode, string(respBody)) t.Logf("Events (no auth header): status=%d body=%s", resp.StatusCode, string(respBody))
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
t.Errorf("expected 200, got %d. Body: %s", resp.StatusCode, string(respBody)) t.Errorf("expected 200, got %d", resp.StatusCode)
} }
select { select {
case evts := <-received: case evts := <-received:
t.Logf("SUCCESS: handler received %d events", len(evts)) t.Logf("Handler received %d events (no auth)", len(evts))
case <-time.After(2 * time.Second): case <-time.After(2 * time.Second):
t.Fatal("TIMEOUT: handler did not receive events") t.Fatal("timeout waiting for events (no auth)")
} }
// Test 3: Events WITH undefined secret header (simulating JS undefined) // Test 3: Events WITH "undefined" JS string as secret
req2, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req2, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b))
req2.Header.Set("Content-Type", "application/json") req2.Header.Set("Content-Type", "application/json")
req2.Header.Set("X-Verstak-Secret", "undefined") // JS: header when secret is undefined req2.Header.Set("X-Verstak-Secret", "undefined")
resp2, err := http.DefaultClient.Do(req2) resp2, err := http.DefaultClient.Do(req2)
if err != nil { if err != nil {
@ -86,12 +80,18 @@ func TestServer_Events_FullFlow(t *testing.T) {
respBody2, _ := io.ReadAll(resp2.Body) respBody2, _ := io.ReadAll(resp2.Body)
resp2.Body.Close() resp2.Body.Close()
t.Logf("Events with 'undefined' secret: status=%d body=%s", resp2.StatusCode, string(respBody2)) t.Logf("Events ('undefined' secret): status=%d body=%s", resp2.StatusCode, string(respBody2))
if resp2.StatusCode != 200 { if resp2.StatusCode != 200 {
t.Errorf("expected 200 with 'undefined' secret, got %d", resp2.StatusCode) t.Errorf("expected 200 with 'undefined' secret, got %d", resp2.StatusCode)
} }
select {
case evts := <-received:
t.Logf("Handler received %d events (undefined auth)", len(evts))
case <-time.After(2 * time.Second):
t.Fatal("timeout waiting for events (undefined auth)")
}
// Test 4: Events WITH empty string secret header // Test 4: Events WITH empty string secret header
req3, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req3, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b))
req3.Header.Set("Content-Type", "application/json") req3.Header.Set("Content-Type", "application/json")
@ -104,8 +104,7 @@ func TestServer_Events_FullFlow(t *testing.T) {
respBody3, _ := io.ReadAll(resp3.Body) respBody3, _ := io.ReadAll(resp3.Body)
resp3.Body.Close() resp3.Body.Close()
t.Logf("Events with empty secret: status=%d body=%s", resp3.StatusCode, string(respBody3)) t.Logf("Events (empty secret header): status=%d body=%s", resp3.StatusCode, string(respBody3))
if resp3.StatusCode != 200 { if resp3.StatusCode != 200 {
t.Errorf("expected 200 with empty secret, got %d", resp3.StatusCode) t.Errorf("expected 200 with empty secret, got %d", resp3.StatusCode)
} }