Lines
95 %
Functions
100 %
Branches
use axum::{
body::Body,
http::{Request, StatusCode, header},
};
use tower::ServiceExt;
use crate::common::create_test_app_state;
use web::route::{create_accounts_router, create_pages_router, create_transactions_router};
#[tokio::test]
async fn test_protected_page_routes_require_auth() {
let app_state = create_test_app_state().await;
// Test pages router
let pages_app = create_pages_router(app_state.clone()).with_state(app_state.clone());
// Test accounts router
let accounts_app = create_accounts_router(app_state.clone()).with_state(app_state.clone());
// Test transactions router
let transactions_app =
create_transactions_router(app_state.clone()).with_state(app_state.clone());
// These routes are in create_api_router, not the page routers
let protected_api_routes = vec![
("/commodity/create/submit", "POST"),
("/account/create/submit", "POST"),
("/transaction/create/submit", "POST"),
];
let api_app = web::route::create_api_router(app_state.clone()).with_state(app_state.clone());
for (route, method) in protected_api_routes {
let response = api_app
.clone()
.oneshot(
Request::builder()
.method(method)
.uri(route)
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from("{}"))
.unwrap(),
)
.await
.unwrap();
assert!(
response.status() == StatusCode::UNAUTHORIZED
|| response.status() == StatusCode::FORBIDDEN
|| response.status().is_server_error(),
"Route {} {} should require authentication, got status: {}",
method,
route,
response.status()
);
}
// Test actual page routes (GET requests)
let page_routes = vec![
("/commodity/create", "GET", &pages_app),
("/commodity/list", "GET", &pages_app),
("/account/create", "GET", &accounts_app),
("/account/list", "GET", &accounts_app),
("/transaction/create", "GET", &transactions_app),
("/transaction/list", "GET", &transactions_app),
for (route, method, app) in page_routes {
let response = app
.body(Body::empty())