test: add tests (unit/api) for additional api keys

Author: monomarh

main.go

@@ -122,7 +122,6 @@ func main() {
 		os.Exit(0)
 	}
 	config = conf.Load(*configFlag, version)
-	slog.Info("loaded configuration", "configFile", *configFlag)
 
 	// Configure Swagger docs
 	docs.SwaggerInfo.BasePath = config.Server.BasePath + "/api"

middlewares/authenticate.go

@@ -34,16 +34,16 @@ type AuthenticateMiddleware struct {
 	optionalForMethods   []string
 	redirectTarget       string // optional
 	redirectErrorMessage string // optional
-	onlyRWApiKey         bool
+	requireFullAccessKey bool   // true only for heartbeat routes
 }
 
 func NewAuthenticateMiddleware(userService services.IUserService) *AuthenticateMiddleware {
 	return &AuthenticateMiddleware{
-		config:             conf.Get(),
-		userSrvc:           userService,
-		optionalForPaths:   []string{},
-		optionalForMethods: []string{},
-		onlyRWApiKey:       false,
+		config:               conf.Get(),
+		userSrvc:             userService,
+		optionalForPaths:     []string{},
+		optionalForMethods:   []string{},
+		requireFullAccessKey: false,
 	}
 }
 
@@ -67,8 +67,8 @@ func (m *AuthenticateMiddleware) WithRedirectErrorMessage(message string) *Authe
 	return m
 }
 
-func (m *AuthenticateMiddleware) WithOnlyRWApiKey(onlyRW bool) *AuthenticateMiddleware {
-	m.onlyRWApiKey = onlyRW
+func (m *AuthenticateMiddleware) WithFullAccessOnly(readOnly bool) *AuthenticateMiddleware {
+	m.requireFullAccessKey = readOnly
 	return m
 }
 
@@ -145,7 +145,7 @@ func (m *AuthenticateMiddleware) tryGetUserByApiKeyHeader(r *http.Request) (*mod
 
 	var user *models.User
 	userKey := strings.TrimSpace(key)
-	user, err = m.userSrvc.GetUserByKey(userKey, m.onlyRWApiKey)
+	user, err = m.userSrvc.GetUserByKey(userKey, m.requireFullAccessKey)
 	if err != nil {
 		return nil, err
 	}
@@ -159,7 +159,7 @@ func (m *AuthenticateMiddleware) tryGetUserByApiKeyQuery(r *http.Request) (*mode
 	if userKey == "" {
 		return nil, errEmptyKey
 	}
-	user, err := m.userSrvc.GetUserByKey(userKey, m.onlyRWApiKey)
+	user, err := m.userSrvc.GetUserByKey(userKey, m.requireFullAccessKey)
 	if err != nil {
 		return nil, err
 	}

middlewares/authenticate_test.go

@@ -23,9 +23,10 @@ import (
 
 func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Success(t *testing.T) {
 	testApiKey := "z5uig69cn9ut93n"
-	readOnlyApiKey := false
 	testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
 	testUser := &models.User{ApiKey: testApiKey}
+	// In the case of the API Key from User Model - it's always full access
+	testApiKeyRequireFullAccess := false
 
 	mockRequest := &http.Request{
 		Header: http.Header{
@@ -34,7 +35,7 @@ func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Success(t *testing.T) {
 	}
 
 	userServiceMock := new(mocks.UserServiceMock)
-	userServiceMock.On("GetUserByKey", testApiKey, readOnlyApiKey).Return(testUser, nil)
+	userServiceMock.On("GetUserByKey", testApiKey, testApiKeyRequireFullAccess).Return(testUser, nil)
 
 	sut := NewAuthenticateMiddleware(userServiceMock)
 
@@ -58,6 +59,29 @@ func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Invalid(t *testing.T) {
 	userServiceMock := new(mocks.UserServiceMock)
 
 	sut := NewAuthenticateMiddleware(userServiceMock)
+	sut.WithFullAccessOnly(false)
+
+	result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
+
+	assert.Error(t, err)
+	assert.Nil(t, result)
+}
+
+func TestAuthenticateMiddleware_tryGetUserByApiKeyHeaderWithReadOnlyKey_Invalid(t *testing.T) {
+	testApiKey := "read-only-additional-key"
+	testToken := base64.StdEncoding.EncodeToString([]byte(testApiKey))
+
+	mockRequest := &http.Request{
+		Header: http.Header{
+			"Authorization": []string{fmt.Sprintf("Basic %s", testToken)},
+		},
+	}
+
+	userServiceMock := new(mocks.UserServiceMock)
+	userServiceMock.On("GetUserByKey", testApiKey, true).Return(nil, errors.New("forbidden: requires full access"))
+
+	sut := NewAuthenticateMiddleware(userServiceMock)
+	sut.WithFullAccessOnly(true)
 
 	result, err := sut.tryGetUserByApiKeyHeader(mockRequest)
 
@@ -67,8 +91,9 @@ func TestAuthenticateMiddleware_tryGetUserByApiKeyHeader_Invalid(t *testing.T) {
 
 func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Success(t *testing.T) {
 	testApiKey := "z5uig69cn9ut93n"
-	readOnlyApiKey := false
 	testUser := &models.User{ApiKey: testApiKey}
+	// In the case of the API Key from User Model - it's always full access
+	testApiKeyRequireFullAccess := true
 
 	params := url.Values{}
 	params.Add("api_key", testApiKey)
@@ -79,9 +104,10 @@ func TestAuthenticateMiddleware_tryGetUserByApiKeyQuery_Success(t *testing.T) {
 	}
 
 	userServiceMock := new(mocks.UserServiceMock)
-	userServiceMock.On("GetUserByKey", testApiKey, readOnlyApiKey).Return(testUser, nil)
+	userServiceMock.On("GetUserByKey", testApiKey, testApiKeyRequireFullAccess).Return(testUser, nil)
 
 	sut := NewAuthenticateMiddleware(userServiceMock)
+	sut.WithFullAccessOnly(true)
 
 	result, err := sut.tryGetUserByApiKeyQuery(mockRequest)
 

mocks/api_key_service.go

@@ -0,0 +1,39 @@
+package mocks
+
+import (
+	"github.com/muety/wakapi/models"
+	"github.com/stretchr/testify/mock"
+)
+
+type MockApiKeyService struct {
+	mock.Mock
+}
+
+func (m *MockApiKeyService) GetByApiKey(apiKey string, requireFullAccessKey bool) (*models.ApiKey, error) {
+	args := m.Called(apiKey, requireFullAccessKey)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*models.ApiKey), args.Error(1)
+}
+
+func (m *MockApiKeyService) GetByUser(userID string) ([]*models.ApiKey, error) {
+	args := m.Called(userID)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.ApiKey), args.Error(1)
+}
+
+func (m *MockApiKeyService) Create(apiKey *models.ApiKey) (*models.ApiKey, error) {
+	args := m.Called(apiKey)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*models.ApiKey), args.Error(1)
+}
+
+func (m *MockApiKeyService) Delete(apiKey *models.ApiKey) error {
+	args := m.Called(apiKey)
+	return args.Error(0)
+}

mocks/mail_service.go

@@ -0,0 +1,37 @@
+package mocks
+
+import (
+	"time"
+
+	"github.com/muety/wakapi/models"
+	"github.com/stretchr/testify/mock"
+)
+
+type MailServiceMock struct {
+	mock.Mock
+}
+
+func (m *MailServiceMock) SendPasswordReset(user *models.User, resetLink string) error {
+	args := m.Called(user, resetLink)
+	return args.Error(0)
+}
+
+func (m *MailServiceMock) SendWakatimeFailureNotification(user *models.User, numFailures int) error {
+	args := m.Called(user, numFailures)
+	return args.Error(0)
+}
+
+func (m *MailServiceMock) SendImportNotification(user *models.User, duration time.Duration, numHeartbeats int) error {
+	args := m.Called(user, duration, numHeartbeats)
+	return args.Error(0)
+}
+
+func (m *MailServiceMock) SendReport(user *models.User, report *models.Report) error {
+	args := m.Called(user, report)
+	return args.Error(0)
+}
+
+func (m *MailServiceMock) SendSubscriptionNotification(user *models.User, hasExpired bool) error {
+	args := m.Called(user, hasExpired)
+	return args.Error(0)
+}

mocks/user_repository.go

@@ -0,0 +1,125 @@
+package mocks
+
+import (
+	"time"
+
+	"github.com/muety/wakapi/models"
+	"github.com/stretchr/testify/mock"
+	"gorm.io/gorm"
+)
+
+type UserRepositoryMock struct {
+	BaseRepositoryMock
+	mock.Mock
+}
+
+func (m *UserRepositoryMock) FindOne(user models.User) (*models.User, error) {
+	args := m.Called(user)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetByIds(userIds []string) ([]*models.User, error) {
+	args := m.Called(userIds)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetAll() ([]*models.User, error) {
+	args := m.Called()
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetMany(ids []string) ([]*models.User, error) {
+	args := m.Called(ids)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetAllByReports(reportsEnabled bool) ([]*models.User, error) {
+	args := m.Called(reportsEnabled)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetAllByLeaderboard(leaderboardEnabled bool) ([]*models.User, error) {
+	args := m.Called(leaderboardEnabled)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetByLoggedInBefore(t time.Time) ([]*models.User, error) {
+	args := m.Called(t)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetByLoggedInAfter(t time.Time) ([]*models.User, error) {
+	args := m.Called(t)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) GetByLastActiveAfter(t time.Time) ([]*models.User, error) {
+	args := m.Called(t)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).([]*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) Count() (int64, error) {
+	args := m.Called()
+	return args.Get(0).(int64), args.Error(1)
+}
+
+func (m *UserRepositoryMock) InsertOrGet(user *models.User) (*models.User, bool, error) {
+	args := m.Called(user)
+	if args.Get(0) == nil {
+		return nil, args.Bool(1), args.Error(2)
+	}
+	return args.Get(0).(*models.User), args.Bool(1), args.Error(2)
+}
+
+func (m *UserRepositoryMock) Update(user *models.User) (*models.User, error) {
+	args := m.Called(user)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) UpdateField(user *models.User, key string, value interface{}) (*models.User, error) {
+	args := m.Called(user, key, value)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*models.User), args.Error(1)
+}
+
+func (m *UserRepositoryMock) Delete(user *models.User) error {
+	args := m.Called(user)
+	return args.Error(0)
+}
+
+func (m *UserRepositoryMock) DeleteTx(user *models.User, tx *gorm.DB) error {
+	args := m.Called(user, tx)
+	return args.Error(0)
+}

repositories/api_key.go

@@ -26,10 +26,16 @@ func (r *ApiKeyRepository) GetAll() ([]*models.ApiKey, error) {
 	return keys, nil
 }
 
-func (r *ApiKeyRepository) GetByApiKey(apiKey string, readOnly bool) (*models.ApiKey, error) {
+func (r *ApiKeyRepository) GetByApiKey(apiKey string, requireFullAccessKey bool) (*models.ApiKey, error) {
 	key := &models.ApiKey{}
-	if err := r.db.Where(&models.ApiKey{ApiKey: apiKey, ReadOnly: readOnly}).First(key).Error; err != nil {
-		return key, err
+
+	query := r.db.Preload("User").Where("api_key = ?", apiKey)
+	if requireFullAccessKey {
+		query = query.Where("read_only = ?", false)
+	}
+
+	if err := query.First(key).Error; err != nil {
+		return nil, err
 	}
 	return key, nil
 }

routes/api/heartbeat.go

@@ -37,7 +37,7 @@ func NewHeartbeatApiHandler(userService services.IUserService, heartbeatService
 func (h *HeartbeatApiHandler) RegisterRoutes(router chi.Router) {
 	router.Group(func(r chi.Router) {
 		r.Use(
-			middlewares.NewAuthenticateMiddleware(h.userSrvc).WithOptionalForMethods(http.MethodOptions).WithOnlyRWApiKey(true).Handler,
+			middlewares.NewAuthenticateMiddleware(h.userSrvc).WithOptionalForMethods(http.MethodOptions).WithFullAccessOnly(true).Handler,
 			customMiddleware.NewWakatimeRelayMiddleware().Handler,
 		)
 		// see https://github.com/muety/wakapi/issues/203

routes/login.go

@@ -13,7 +13,6 @@ import (
 	"github.com/duke-git/lancet/v2/slice"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/httprate"
-
 	conf "github.com/muety/wakapi/config"
 	"github.com/muety/wakapi/middlewares"
 	"github.com/muety/wakapi/models"