test(wopi): add tests for wopi client

middleware/wopi_test.go

@@ -0,0 +1,112 @@
+package middleware
+
+import (
+	"errors"
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mocks/wopimock"
+	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestWopiWriteAccess(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	testFunc := WopiWriteAccess()
+
+	// deny preview only session
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionPreview})
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// pass
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionEdit})
+		testFunc(c)
+		asserts.False(c.IsAborted())
+	}
+}
+
+func TestWopiAccessValidation(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	mockWopi := &wopimock.WopiClientMock{}
+	mockCache := cache.NewMemoStore()
+	testFunc := WopiAccessValidation(mockWopi, mockCache)
+
+	// malformed access token
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.AddParam(wopi.AccessTokenQuery, "000")
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// session key not exist
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		testFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// user key not exist
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnError(errors.New("error"))
+		testFunc(c)
+		asserts.True(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+	}
+
+	// file not found
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		c.Set("object_id", uint(0))
+		testFunc(c)
+		asserts.True(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+	}
+
+	// all pass
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
+		query := c.Request.URL.Query()
+		query.Set(wopi.AccessTokenQuery, "sessionID.key")
+		c.Request.URL.RawQuery = query.Encode()
+		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
+		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
+		c.Set("object_id", uint(1))
+		testFunc(c)
+		asserts.False(c.IsAborted())
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.NotPanics(func() {
+			c.MustGet(WopiSessionCtx)
+		})
+		asserts.NotPanics(func() {
+			c.MustGet("user")
+		})
+	}
+}