func TestGzip(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
// Skip if no Accept-Encoding header
h := Gzip()(func(c vodka.Context) error {
c.Response().Write([]byte("test")) // For Content-Type sniffing
return nil
})
h(c)
assert.Equal(t, "test", rec.Body.String())
req = test.NewRequest(vodka.GET, "/", nil)
req.Header().Set(vodka.HeaderAcceptEncoding, "gzip")
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
// Gzip
h(c)
assert.Equal(t, "gzip", rec.Header().Get(vodka.HeaderContentEncoding))
assert.Contains(t, rec.Header().Get(vodka.HeaderContentType), vodka.MIMETextPlain)
r, err := gzip.NewReader(rec.Body)
defer r.Close()
if assert.NoError(t, err) {
buf := new(bytes.Buffer)
buf.ReadFrom(r)
assert.Equal(t, "test", buf.String())
}
}
func TestSecure(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
}
// Default
Secure()(h)(c)
assert.Equal(t, "1; mode=block", rec.Header().Get(vodka.HeaderXXSSProtection))
assert.Equal(t, "nosniff", rec.Header().Get(vodka.HeaderXContentTypeOptions))
assert.Equal(t, "SAMEORIGIN", rec.Header().Get(vodka.HeaderXFrameOptions))
assert.Equal(t, "", rec.Header().Get(vodka.HeaderStrictTransportSecurity))
assert.Equal(t, "", rec.Header().Get(vodka.HeaderContentSecurityPolicy))
// Custom
req.Header().Set(vodka.HeaderXForwardedProto, "https")
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
SecureWithConfig(SecureConfig{
XSSProtection: "",
ContentTypeNosniff: "",
XFrameOptions: "",
HSTSMaxAge: 3600,
ContentSecurityPolicy: "default-src 'self'",
})(h)(c)
assert.Equal(t, "", rec.Header().Get(vodka.HeaderXXSSProtection))
assert.Equal(t, "", rec.Header().Get(vodka.HeaderXContentTypeOptions))
assert.Equal(t, "", rec.Header().Get(vodka.HeaderXFrameOptions))
assert.Equal(t, "max-age=3600; includeSubdomains", rec.Header().Get(vodka.HeaderStrictTransportSecurity))
assert.Equal(t, "default-src 'self'", rec.Header().Get(vodka.HeaderContentSecurityPolicy))
}
func TestContextServeContent(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
fs := http.Dir("_fixture/images")
f, err := fs.Open("walle.png")
if assert.NoError(t, err) {
fi, err := f.Stat()
if assert.NoError(t, err) {
// Not cached
if assert.NoError(t, c.ServeContent(f, fi.Name(), fi.ModTime())) {
assert.Equal(t, http.StatusOK, rec.Status())
}
// Cached
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(HeaderIfModifiedSince, fi.ModTime().UTC().Format(http.TimeFormat))
if assert.NoError(t, c.ServeContent(f, fi.Name(), fi.ModTime())) {
assert.Equal(t, http.StatusNotModified, rec.Status())
}
}
}
}
func TestCORS(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
cors := CORSWithConfig(CORSConfig{
AllowCredentials: true,
})
h := cors(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
// No origin header
h(c)
assert.Equal(t, "", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
// Empty origin header
req = test.NewRequest(vodka.GET, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(vodka.HeaderOrigin, "")
h(c)
assert.Equal(t, "*", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
// Wildcard origin
req = test.NewRequest(vodka.GET, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(vodka.HeaderOrigin, "localhost")
h(c)
assert.Equal(t, "*", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
// Simple request
req = test.NewRequest(vodka.GET, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(vodka.HeaderOrigin, "localhost")
cors = CORSWithConfig(CORSConfig{
AllowOrigins: []string{"localhost"},
AllowCredentials: true,
MaxAge: 3600,
})
h = cors(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
h(c)
assert.Equal(t, "localhost", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
// Preflight request
req = test.NewRequest(vodka.OPTIONS, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(vodka.HeaderOrigin, "localhost")
req.Header().Set(vodka.HeaderContentType, vodka.MIMEApplicationJSON)
h(c)
assert.Equal(t, "localhost", rec.Header().Get(vodka.HeaderAccessControlAllowOrigin))
assert.NotEmpty(t, rec.Header().Get(vodka.HeaderAccessControlAllowMethods))
assert.Equal(t, "true", rec.Header().Get(vodka.HeaderAccessControlAllowCredentials))
assert.Equal(t, "3600", rec.Header().Get(vodka.HeaderAccessControlMaxAge))
}
func TestRemoveTrailingSlash(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/remove-slash/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := RemoveTrailingSlash()(func(c vodka.Context) error {
return nil
})
h(c)
assert.Equal(t, "/remove-slash", req.URL().Path())
assert.Equal(t, "/remove-slash", req.URI())
// With config
req = test.NewRequest(vodka.GET, "/remove-slash/?key=value", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
h = RemoveTrailingSlashWithConfig(TrailingSlashConfig{
RedirectCode: http.StatusMovedPermanently,
})(func(c vodka.Context) error {
return nil
})
h(c)
assert.Equal(t, http.StatusMovedPermanently, rec.Status())
assert.Equal(t, "/remove-slash?key=value", rec.Header().Get(vodka.HeaderLocation))
// With bare URL
req = test.NewRequest(vodka.GET, "http://localhost", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
h = RemoveTrailingSlash()(func(c vodka.Context) error {
return nil
})
h(c)
assert.Equal(t, "", req.URL().Path())
}
func TestStatic(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := Static("../_fixture")(func(c vodka.Context) error {
return vodka.ErrNotFound
})
// Directory
if assert.NoError(t, h(c)) {
assert.Contains(t, rec.Body.String(), "Vodka")
}
// HTML5 mode
req = test.NewRequest(vodka.GET, "/client", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
static := StaticWithConfig(StaticConfig{
Root: "../_fixture",
HTML5: true,
})
h = static(func(c vodka.Context) error {
return vodka.ErrNotFound
})
if assert.NoError(t, h(c)) {
assert.Equal(t, http.StatusOK, rec.Status())
}
// Browse
req = test.NewRequest(vodka.GET, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
static = StaticWithConfig(StaticConfig{
Root: "../_fixture/images",
Browse: true,
})
h = static(func(c vodka.Context) error {
return vodka.ErrNotFound
})
if assert.NoError(t, h(c)) {
assert.Contains(t, rec.Body.String(), "walle")
}
// Not found
req = test.NewRequest(vodka.GET, "/not-found", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
static = StaticWithConfig(StaticConfig{
Root: "../_fixture/images",
})
h = static(func(c vodka.Context) error {
return vodka.ErrNotFound
})
assert.Error(t, h(c))
}
func TestVodkaNotFound(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/files", nil)
rec := test.NewResponseRecorder()
e.ServeHTTP(req, rec)
assert.Equal(t, http.StatusNotFound, rec.Status())
}
func TestLoggerIPAddress(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
buf := new(bytes.Buffer)
e.Logger().SetOutput(buf)
ip := "127.0.0.1"
h := Logger()(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
// With X-Real-IP
req.Header().Add(vodka.HeaderXRealIP, ip)
h(c)
assert.Contains(t, ip, buf.String())
// With X-Forwarded-For
buf.Reset()
req.Header().Del(vodka.HeaderXRealIP)
req.Header().Add(vodka.HeaderXForwardedFor, ip)
h(c)
assert.Contains(t, ip, buf.String())
buf.Reset()
h(c)
assert.Contains(t, ip, buf.String())
}
func TestVodkaMethodNotAllowed(t *testing.T) {
e := New()
e.GET("/", func(c Context) error {
return c.String(http.StatusOK, "Vodka!")
})
req := test.NewRequest(POST, "/", nil)
rec := test.NewResponseRecorder()
e.ServeHTTP(req, rec)
assert.Equal(t, http.StatusMethodNotAllowed, rec.Status())
}
func TestContextRedirect(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
assert.Equal(t, nil, c.Redirect(http.StatusMovedPermanently, "http://insionng.github.io/vodka"))
assert.Equal(t, http.StatusMovedPermanently, rec.Status())
assert.Equal(t, "http://insionng.github.io/vodka", rec.Header().Get(HeaderLocation))
assert.Error(t, c.Redirect(310, "http://insionng.github.io/vodka"))
}
func TestBinderQueryParams(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/?id=1&name=Jon Snow", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
u := new(user)
err := c.Bind(u)
if assert.NoError(t, err) {
assert.Equal(t, 1, u.ID)
assert.Equal(t, "Jon Snow", u.Name)
}
}
func TestBinderForm(t *testing.T) {
testBinderOkay(t, strings.NewReader(userForm), MIMEApplicationForm)
testBinderError(t, nil, MIMEApplicationForm)
e := New()
req := test.NewRequest(POST, "/", strings.NewReader(userForm))
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
req.Header().Set(HeaderContentType, MIMEApplicationForm)
var obj = make([]struct{ Field string }, 0)
err := c.Bind(&obj)
assert.Error(t, err)
}
func TestGzipErrorReturned(t *testing.T) {
e := vodka.New()
e.Use(Gzip())
e.GET("/", func(c vodka.Context) error {
return vodka.NewHTTPError(http.StatusInternalServerError, "error")
})
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
e.ServeHTTP(req, rec)
assert.Empty(t, rec.Header().Get(vodka.HeaderContentEncoding))
assert.Equal(t, "error", rec.Body.String())
}
func TestNonWWWRedirect(t *testing.T) {
e := vodka.New()
next := func(c vodka.Context) (err error) {
return c.NoContent(http.StatusOK)
}
req := test.NewRequest(vodka.GET, "http://www.insionng.com", nil)
res := test.NewResponseRecorder()
c := e.NewContext(req, res)
NonWWWRedirect()(next)(c)
assert.Equal(t, http.StatusMovedPermanently, res.Status())
assert.Equal(t, "http://insionng.com", res.Header().Get(vodka.HeaderLocation))
}
func TestBodyLimit(t *testing.T) {
e := vodka.New()
hw := []byte("Hello, World!")
req := test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := func(c vodka.Context) error {
body, err := ioutil.ReadAll(c.Request().Body())
if err != nil {
return err
}
return c.String(http.StatusOK, string(body))
}
// Based on content length (within limit)
if assert.NoError(t, BodyLimit("2M")(h)(c)) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, hw, rec.Body.Bytes())
}
// Based on content read (overlimit)
he := BodyLimit("2B")(h)(c).(*vodka.HTTPError)
assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
// Based on content read (within limit)
req = test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
if assert.NoError(t, BodyLimit("2M")(h)(c)) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, "Hello, World!", rec.Body.String())
}
// Based on content read (overlimit)
req = test.NewRequest(vodka.POST, "/", bytes.NewReader(hw))
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
he = BodyLimit("2B")(h)(c).(*vodka.HTTPError)
assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
}
func testBinderOkay(t *testing.T, r io.Reader, ctype string) {
e := New()
req := test.NewRequest(POST, "/", r)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
req.Header().Set(HeaderContentType, ctype)
u := new(user)
err := c.Bind(u)
if assert.NoError(t, err) {
assert.Equal(t, 1, u.ID)
assert.Equal(t, "Jon Snow", u.Name)
}
}
func TestLogger(t *testing.T) {
// Note: Just for the test coverage, not a real test.
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := Logger()(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
// Status 2xx
h(c)
// Status 3xx
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
h = Logger()(func(c vodka.Context) error {
return c.String(http.StatusTemporaryRedirect, "test")
})
h(c)
// Status 4xx
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
h = Logger()(func(c vodka.Context) error {
return c.String(http.StatusNotFound, "test")
})
h(c)
// Status 5xx with empty path
req = test.NewRequest(vodka.GET, "", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
h = Logger()(func(c vodka.Context) error {
return errors.New("error")
})
h(c)
}
func TestGzipNoContent(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := Gzip()(func(c vodka.Context) error {
return c.NoContent(http.StatusOK)
})
if assert.NoError(t, h(c)) {
assert.Empty(t, rec.Header().Get(vodka.HeaderContentEncoding))
assert.Empty(t, rec.Header().Get(vodka.HeaderContentType))
assert.Equal(t, 0, len(rec.Body.Bytes()))
}
}
func TestRecover(t *testing.T) {
e := vodka.New()
buf := new(bytes.Buffer)
e.SetLogOutput(buf)
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
h := Recover()(vodka.HandlerFunc(func(c vodka.Context) error {
panic("test")
}))
h(c)
assert.Equal(t, http.StatusInternalServerError, rec.Status())
assert.Contains(t, buf.String(), "PANIC RECOVER")
}
func TestMethodOverride(t *testing.T) {
e := vodka.New()
m := MethodOverride()
h := func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
}
// Override with http header
req := test.NewRequest(vodka.POST, "/", nil)
rec := test.NewResponseRecorder()
req.Header().Set(vodka.HeaderXHTTPMethodOverride, vodka.DELETE)
c := e.NewContext(req, rec)
m(h)(c)
assert.Equal(t, vodka.DELETE, req.Method())
// Override with form parameter
m = MethodOverrideWithConfig(MethodOverrideConfig{Getter: MethodFromForm("_method")})
req = test.NewRequest(vodka.POST, "/", bytes.NewReader([]byte("_method="+vodka.DELETE)))
rec = test.NewResponseRecorder()
req.Header().Set(vodka.HeaderContentType, vodka.MIMEApplicationForm)
c = e.NewContext(req, rec)
m(h)(c)
assert.Equal(t, vodka.DELETE, req.Method())
// Override with query paramter
m = MethodOverrideWithConfig(MethodOverrideConfig{Getter: MethodFromQuery("_method")})
req = test.NewRequest(vodka.POST, "/?_method="+vodka.DELETE, nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
m(h)(c)
assert.Equal(t, vodka.DELETE, req.Method())
// Ignore `GET`
req = test.NewRequest(vodka.GET, "/", nil)
req.Header().Set(vodka.HeaderXHTTPMethodOverride, vodka.DELETE)
assert.Equal(t, vodka.GET, req.Method())
}
func TestCSRF(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
csrf := CSRFWithConfig(CSRFConfig{
TokenLength: 16,
})
h := csrf(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
// Generate CSRF token
h(c)
assert.Contains(t, rec.Header().Get(vodka.HeaderSetCookie), "_csrf")
// Without CSRF cookie
req = test.NewRequest(vodka.POST, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
assert.Error(t, h(c))
// Empty/invalid CSRF token
req = test.NewRequest(vodka.POST, "/", nil)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec)
req.Header().Set(vodka.HeaderXCSRFToken, "")
assert.Error(t, h(c))
// Valid CSRF token
token := random.String(16)
req.Header().Set(vodka.HeaderCookie, "_csrf="+token)
req.Header().Set(vodka.HeaderXCSRFToken, token)
if assert.NoError(t, h(c)) {
assert.Equal(t, http.StatusOK, rec.Status())
}
}
func TestContextMultipartForm(t *testing.T) {
e := New()
buf := new(bytes.Buffer)
mw := multipart.NewWriter(buf)
mw.WriteField("name", "Jon Snow")
mw.Close()
req := test.NewRequest(POST, "/", buf)
req.Header().Set(HeaderContentType, mw.FormDataContentType())
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
f, err := c.MultipartForm()
if assert.NoError(t, err) {
assert.NotNil(t, f)
}
}
func TestVodka(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/", nil)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
// Router
assert.NotNil(t, e.Router())
// Debug
e.SetDebug(true)
assert.True(t, e.debug)
// DefaultHTTPErrorHandler
e.DefaultHTTPErrorHandler(errors.New("error"), c)
assert.Equal(t, http.StatusInternalServerError, rec.Status())
}
func TestContextFormFile(t *testing.T) {
e := New()
buf := new(bytes.Buffer)
mr := multipart.NewWriter(buf)
w, err := mr.CreateFormFile("file", "test")
if assert.NoError(t, err) {
w.Write([]byte("test"))
}
mr.Close()
req := test.NewRequest(POST, "/", buf)
req.Header().Set(HeaderContentType, mr.FormDataContentType())
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
f, err := c.FormFile("file")
if assert.NoError(t, err) {
assert.Equal(t, "test", f.Filename)
}
}
func TestContextCookie(t *testing.T) {
e := New()
req := test.NewRequest(GET, "/", nil)
theme := "theme=light"
user := "******"
req.Header().Add(HeaderCookie, theme)
req.Header().Add(HeaderCookie, user)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec).(*context)
// Read single
cookie, err := c.Cookie("theme")
if assert.NoError(t, err) {
assert.Equal(t, "theme", cookie.Name())
assert.Equal(t, "light", cookie.Value())
}
// Read multiple
for _, cookie := range c.Cookies() {
switch cookie.Name() {
case "theme":
assert.Equal(t, "light", cookie.Value())
case "user":
assert.Equal(t, "Jon Snow", cookie.Value())
}
}
// Write
cookie = &test.Cookie{Cookie: &http.Cookie{
Name: "SSID",
Value: "Ap4PGTEq",
Domain: "insionng.com",
Path: "/",
Expires: time.Now(),
Secure: true,
HttpOnly: true,
}}
c.SetCookie(cookie)
assert.Contains(t, rec.Header().Get(HeaderSetCookie), "SSID")
assert.Contains(t, rec.Header().Get(HeaderSetCookie), "Ap4PGTEq")
assert.Contains(t, rec.Header().Get(HeaderSetCookie), "insionng.com")
assert.Contains(t, rec.Header().Get(HeaderSetCookie), "Secure")
assert.Contains(t, rec.Header().Get(HeaderSetCookie), "HttpOnly")
}
func testBinderError(t *testing.T, r io.Reader, ctype string) {
e := New()
req := test.NewRequest(POST, "/", r)
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec)
req.Header().Set(HeaderContentType, ctype)
u := new(user)
err := c.Bind(u)
switch {
case strings.HasPrefix(ctype, MIMEApplicationJSON), strings.HasPrefix(ctype, MIMEApplicationXML),
strings.HasPrefix(ctype, MIMEApplicationForm), strings.HasPrefix(ctype, MIMEMultipartForm):
if assert.IsType(t, new(HTTPError), err) {
assert.Equal(t, http.StatusBadRequest, err.(*HTTPError).Code)
}
default:
if assert.IsType(t, new(HTTPError), err) {
assert.Equal(t, ErrUnsupportedMediaType, err)
}
}
}
func TestBasicAuth(t *testing.T) {
e := vodka.New()
req := test.NewRequest(vodka.GET, "/", nil)
res := test.NewResponseRecorder()
c := e.NewContext(req, res)
f := func(u, p string) bool {
if u == "joe" && p == "secret" {
return true
}
return false
}
h := BasicAuth(f)(func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
})
// Valid credentials
auth := basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
req.Header().Set(vodka.HeaderAuthorization, auth)
assert.NoError(t, h(c))
// Incorrect password
auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:password"))
req.Header().Set(vodka.HeaderAuthorization, auth)
he := h(c).(*vodka.HTTPError)
assert.Equal(t, http.StatusUnauthorized, he.Code)
assert.Equal(t, basic+" realm=Restricted", res.Header().Get(vodka.HeaderWWWAuthenticate))
// Empty Authorization header
req.Header().Set(vodka.HeaderAuthorization, "")
he = h(c).(*vodka.HTTPError)
assert.Equal(t, http.StatusUnauthorized, he.Code)
// Invalid Authorization header
auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
req.Header().Set(vodka.HeaderAuthorization, auth)
he = h(c).(*vodka.HTTPError)
assert.Equal(t, http.StatusUnauthorized, he.Code)
}
func TestContext(t *testing.T) {
e := New()
req := test.NewRequest(POST, "/", strings.NewReader(userJSON))
rec := test.NewResponseRecorder()
c := e.NewContext(req, rec).(*context)
// Vodka
assert.Equal(t, e, c.Vodka())
// Request
assert.Equal(t, req, c.Request())
// Response
assert.Equal(t, rec, c.Response())
// Logger
assert.Equal(t, e.logger, c.Logger())
//--------
// Render
//--------
tpl := &Template{
templates: template.Must(template.New("hello").Parse("Hello, {{.name}}!")),
}
c.vodka.SetRenderer(tpl)
c.Set("name", "Jon Snow")
err := c.Render(http.StatusOK, "hello")
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, "Hello, Jon Snow!", rec.Body.String())
}
c.vodka.renderer = nil
c.Set("name", "Jon Snow")
err = c.Render(http.StatusOK, "hello")
assert.Error(t, err)
// JSON
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.JSON(http.StatusOK, user{1, "Jon Snow"})
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, MIMEApplicationJSONCharsetUTF8, rec.Header().Get(HeaderContentType))
assert.Equal(t, userJSON, rec.Body.String())
}
// JSON (error)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.JSON(http.StatusOK, make(chan bool))
assert.Error(t, err)
// JSONP
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
callback := "callback"
err = c.JSONP(http.StatusOK, callback, user{1, "Jon Snow"})
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, MIMEApplicationJavaScriptCharsetUTF8, rec.Header().Get(HeaderContentType))
assert.Equal(t, callback+"("+userJSON+");", rec.Body.String())
}
// XML
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.XML(http.StatusCreated, user{1, "Jon Snow"})
if assert.NoError(t, err) {
assert.Equal(t, http.StatusCreated, rec.Status())
assert.Equal(t, MIMEApplicationXMLCharsetUTF8, rec.Header().Get(HeaderContentType))
assert.Equal(t, xml.Header+userXML, rec.Body.String())
}
// XML (error)
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.XML(http.StatusOK, make(chan bool))
assert.Error(t, err)
// String
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.String(http.StatusOK, "Hello, World!")
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, MIMETextPlainCharsetUTF8, rec.Header().Get(HeaderContentType))
assert.Equal(t, "Hello, World!", rec.Body.String())
}
// HTML
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
err = c.HTML(http.StatusOK, "Hello, <strong>World!</strong>")
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, MIMETextHTMLCharsetUTF8, rec.Header().Get(HeaderContentType))
assert.Equal(t, "Hello, <strong>World!</strong>", rec.Body.String())
}
// Stream
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
r := strings.NewReader("response from a stream")
err = c.Stream(http.StatusOK, "application/octet-stream", r)
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, "application/octet-stream", rec.Header().Get(HeaderContentType))
assert.Equal(t, "response from a stream", rec.Body.String())
}
// Attachment
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
file, err := os.Open("_fixture/images/walle.png")
if assert.NoError(t, err) {
err = c.Attachment(file, "walle.png")
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, "attachment; filename=walle.png", rec.Header().Get(HeaderContentDisposition))
assert.Equal(t, 219885, rec.Body.Len())
}
}
// Inline
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
file, err = os.Open("_fixture/images/walle.png")
if assert.NoError(t, err) {
err = c.Inline(file, "walle.png")
if assert.NoError(t, err) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, "inline; filename=walle.png", rec.Header().Get(HeaderContentDisposition))
assert.Equal(t, 219885, rec.Body.Len())
}
}
// NoContent
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
c.NoContent(http.StatusOK)
assert.Equal(t, http.StatusOK, rec.Status())
// Error
rec = test.NewResponseRecorder()
c = e.NewContext(req, rec).(*context)
c.Error(errors.New("error"))
assert.Equal(t, http.StatusInternalServerError, rec.Status())
// Reset
c.Reset(req, test.NewResponseRecorder())
}
func TestJWT(t *testing.T) {
e := vodka.New()
handler := func(c vodka.Context) error {
return c.String(http.StatusOK, "test")
}
token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
validKey := []byte("secret")
invalidKey := []byte("invalid-key")
validAuth := bearer + " " + token
for _, tc := range []struct {
expPanic bool
expErrCode int // 0 for Success
config JWTConfig
reqURL string // "/" if empty
hdrAuth string
hdrCookie string // test.Request doesn't provide SetCookie(); use name=val
info string
}{
{
expPanic: true,
info: "No signing key provided",
},
{
expErrCode: http.StatusBadRequest,
config: JWTConfig{
SigningKey: validKey,
SigningMethod: "RS256",
},
info: "Unexpected signing method",
},
{
expErrCode: http.StatusUnauthorized,
hdrAuth: validAuth,
config: JWTConfig{SigningKey: invalidKey},
info: "Invalid key",
},
{
hdrAuth: validAuth,
config: JWTConfig{SigningKey: validKey},
info: "Valid JWT",
},
{
hdrAuth: validAuth,
config: JWTConfig{
Claims: &jwtCustomClaims{},
SigningKey: []byte("secret"),
},
info: "Valid JWT with custom claims",
},
{
hdrAuth: "invalid-auth",
expErrCode: http.StatusBadRequest,
config: JWTConfig{SigningKey: validKey},
info: "Invalid Authorization header",
},
{
config: JWTConfig{SigningKey: validKey},
expErrCode: http.StatusBadRequest,
info: "Empty header auth field",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "query:jwt",
},
reqURL: "/?a=b&jwt=" + token,
info: "Valid query method",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "query:jwt",
},
reqURL: "/?a=b&jwtxyz=" + token,
expErrCode: http.StatusBadRequest,
info: "Invalid query param name",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "query:jwt",
},
reqURL: "/?a=b&jwt=invalid-token",
expErrCode: http.StatusUnauthorized,
info: "Invalid query param value",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "query:jwt",
},
reqURL: "/?a=b",
expErrCode: http.StatusBadRequest,
info: "Empty query",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "cookie:jwt",
},
hdrCookie: "jwt=" + token,
info: "Valid cookie method",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "cookie:jwt",
},
expErrCode: http.StatusUnauthorized,
hdrCookie: "jwt=invalid",
info: "Invalid token with cookie method",
},
{
config: JWTConfig{
SigningKey: validKey,
TokenLookup: "cookie:jwt",
},
expErrCode: http.StatusBadRequest,
info: "Empty cookie",
},
} {
if tc.reqURL == "" {
tc.reqURL = "/"
}
req := test.NewRequest(vodka.GET, tc.reqURL, nil)
res := test.NewResponseRecorder()
req.Header().Set(vodka.HeaderAuthorization, tc.hdrAuth)
req.Header().Set(vodka.HeaderCookie, tc.hdrCookie)
c := e.NewContext(req, res)
if tc.expPanic {
assert.Panics(t, func() {
JWTWithConfig(tc.config)
}, tc.info)
continue
}
if tc.expErrCode != 0 {
h := JWTWithConfig(tc.config)(handler)
he := h(c).(*vodka.HTTPError)
assert.Equal(t, tc.expErrCode, he.Code, tc.info)
continue
}
h := JWTWithConfig(tc.config)(handler)
if assert.NoError(t, h(c), tc.info) {
user := c.Get("user").(*jwt.Token)
switch claims := user.Claims.(type) {
case jwt.MapClaims:
assert.Equal(t, claims["name"], "John Doe", tc.info)
case *jwtCustomClaims:
assert.Equal(t, claims.Name, "John Doe", tc.info)
assert.Equal(t, claims.Admin, true, tc.info)
default:
panic("unexpected type of claims")
}
}
}
}
func request(method, path string, e *Vodka) (int, string) {
req := test.NewRequest(method, path, nil)
rec := test.NewResponseRecorder()
e.ServeHTTP(req, rec)
return rec.Status(), rec.Body.String()
}