Harden web/download pipeline and split handler modules
Replace shell-based downloader execution with validated arguments, enforce request hardening and safer defaults, and refactor handlers/router/state so job control is safer and easier to maintain.
This commit is contained in:
109
src/integration_test.go
Normal file
109
src/integration_test.go
Normal file
@@ -0,0 +1,109 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func resetStateForTest() {
|
||||
jobsMutex.Lock()
|
||||
jobs = make(map[string]*JobInfo)
|
||||
jobsMutex.Unlock()
|
||||
|
||||
progressMutex.Lock()
|
||||
progress = make(map[string]*ProgressInfo)
|
||||
progressMutex.Unlock()
|
||||
|
||||
setGlobalSpeedLimit("")
|
||||
config = Config{}
|
||||
setDefaultConfigValues()
|
||||
}
|
||||
|
||||
func TestAuthTokenProtection(t *testing.T) {
|
||||
resetStateForTest()
|
||||
config.Security.AuthToken = "secret"
|
||||
|
||||
handler := newRouter()
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/clear-completed", nil)
|
||||
rr := httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
|
||||
if rr.Code != http.StatusUnauthorized {
|
||||
t.Fatalf("expected status %d, got %d", http.StatusUnauthorized, rr.Code)
|
||||
}
|
||||
|
||||
req = httptest.NewRequest(http.MethodPost, "/clear-completed?token=secret", nil)
|
||||
rr = httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("expected status %d, got %d", http.StatusOK, rr.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPauseResumeAbortFlow(t *testing.T) {
|
||||
resetStateForTest()
|
||||
handler := newRouter()
|
||||
|
||||
filename := "job.drmd"
|
||||
setJob(filename, NewJobInfo())
|
||||
updateProgress(filename, 10, "episode1", "running")
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/pause?filename="+filename, nil)
|
||||
rr := httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("pause expected %d got %d", http.StatusOK, rr.Code)
|
||||
}
|
||||
|
||||
job, ok := getJob(filename)
|
||||
if !ok || !job.IsPaused() {
|
||||
t.Fatalf("expected paused job state")
|
||||
}
|
||||
|
||||
progressInfo := getProgress(filename)
|
||||
if progressInfo == nil || progressInfo.Status != "paused" {
|
||||
t.Fatalf("expected paused progress state")
|
||||
}
|
||||
|
||||
req = httptest.NewRequest(http.MethodPost, "/resume?filename="+filename, nil)
|
||||
rr = httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("resume expected %d got %d", http.StatusOK, rr.Code)
|
||||
}
|
||||
|
||||
if job.IsPaused() {
|
||||
t.Fatalf("expected resumed job state")
|
||||
}
|
||||
|
||||
progressInfo = getProgress(filename)
|
||||
if progressInfo == nil || progressInfo.Status != "running" {
|
||||
t.Fatalf("expected running progress state")
|
||||
}
|
||||
|
||||
req = httptest.NewRequest(http.MethodPost, "/abort?filename="+filename, nil)
|
||||
rr = httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("abort expected %d got %d", http.StatusOK, rr.Code)
|
||||
}
|
||||
|
||||
if !job.IsAborted() {
|
||||
t.Fatalf("expected aborted job state")
|
||||
}
|
||||
|
||||
progressInfo = getProgress(filename)
|
||||
if progressInfo == nil || progressInfo.Status != "aborted" {
|
||||
t.Fatalf("expected aborted progress state")
|
||||
}
|
||||
|
||||
req = httptest.NewRequest(http.MethodPost, "/abort?filename="+filename, nil)
|
||||
rr = httptest.NewRecorder()
|
||||
handler.ServeHTTP(rr, req)
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("second abort expected %d got %d", http.StatusOK, rr.Code)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user