package bridge import ( "bytes" "encoding/json" "fmt" "io" "net/http" "testing" "time" ) // TestServer_Events_FullFlow simulates exact browser extension behavior: // starts server with empty secret, sends ping, then sends events with various header configurations func TestServer_Events_FullFlow(t *testing.T) { received := make(chan []Event, 1) s := NewServer("", func(evts []Event) { received <- evts }) port, err := s.Start(Config{}) if err != nil { t.Fatal(err) } defer s.Stop() t.Logf("Server started on port %d (secret='%s')", port, s.Secret()) // Test 1: Ping pingURL := fmt.Sprintf("http://127.0.0.1:%d/api/ping", port) pingResp, err := http.Get(pingURL) if err != nil { t.Fatalf("ping failed: %v", err) } pingBody, _ := io.ReadAll(pingResp.Body) pingResp.Body.Close() t.Logf("Ping: status=%d body=%s", pingResp.StatusCode, string(pingBody)) if pingResp.StatusCode != 200 { t.Fatalf("ping returned %d", pingResp.StatusCode) } // Test 2: Events WITHOUT any secret header (extension sends nothing when secret is empty) events := []Event{ {ID: "evt_test_1", Type: "page_visit", URL: "https://example.com", Domain: "example.com", ActiveSeconds: 120}, } batch := EventBatch{Version: 1, DeviceID: "firefox-test", Events: events} b, _ := json.Marshal(batch) eventsURL := fmt.Sprintf("http://127.0.0.1:%d/api/events", port) req, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req.Header.Set("Content-Type", "application/json") // No X-Verstak-Secret header at all — empty secret on server should allow this t.Logf("Sending %d events to %s (no auth header)", len(events), eventsURL) t.Logf("Payload: %s", string(b)) resp, err := http.DefaultClient.Do(req) if err != nil { t.Fatalf("events request failed: %v", err) } respBody, _ := io.ReadAll(resp.Body) resp.Body.Close() t.Logf("Events response: status=%d body=%s", resp.StatusCode, string(respBody)) if resp.StatusCode != 200 { t.Errorf("expected 200, got %d. Body: %s", resp.StatusCode, string(respBody)) } select { case evts := <-received: t.Logf("SUCCESS: handler received %d events", len(evts)) case <-time.After(2 * time.Second): t.Fatal("TIMEOUT: handler did not receive events") } // Test 3: Events WITH undefined secret header (simulating JS undefined) req2, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req2.Header.Set("Content-Type", "application/json") req2.Header.Set("X-Verstak-Secret", "undefined") // JS: header when secret is undefined resp2, err := http.DefaultClient.Do(req2) if err != nil { t.Fatalf("events request 2 failed: %v", err) } respBody2, _ := io.ReadAll(resp2.Body) resp2.Body.Close() t.Logf("Events with 'undefined' secret: status=%d body=%s", resp2.StatusCode, string(respBody2)) if resp2.StatusCode != 200 { t.Errorf("expected 200 with 'undefined' secret, got %d", resp2.StatusCode) } // Test 4: Events WITH empty string secret header req3, _ := http.NewRequest("POST", eventsURL, bytes.NewReader(b)) req3.Header.Set("Content-Type", "application/json") req3.Header.Set("X-Verstak-Secret", "") resp3, err := http.DefaultClient.Do(req3) if err != nil { t.Fatalf("events request 3 failed: %v", err) } respBody3, _ := io.ReadAll(resp3.Body) resp3.Body.Close() t.Logf("Events with empty secret: status=%d body=%s", resp3.StatusCode, string(respBody3)) if resp3.StatusCode != 200 { t.Errorf("expected 200 with empty secret, got %d", resp3.StatusCode) } } // TestServer_Events_WithTimeout tests that the server responds within timeout func TestServer_Events_WithTimeout(t *testing.T) { s := NewServer("", func(evts []Event) {}) port, err := s.Start(Config{}) if err != nil { t.Fatal(err) } defer s.Stop() batch := EventBatch{Version: 1, DeviceID: "test", Events: []Event{{ID: "1", Type: "page_visit"}}} b, _ := json.Marshal(batch) client := &http.Client{Timeout: 3 * time.Second} req, _ := http.NewRequest("POST", fmt.Sprintf("http://127.0.0.1:%d/api/events", port), bytes.NewReader(b)) req.Header.Set("Content-Type", "application/json") start := time.Now() resp, err := client.Do(req) elapsed := time.Since(start) if err != nil { t.Fatalf("request timed out after %v: %v", elapsed, err) } resp.Body.Close() t.Logf("Response: %d in %v", resp.StatusCode, elapsed) if resp.StatusCode != 200 { t.Errorf("expected 200, got %d", resp.StatusCode) } }