mirror of
https://github.com/LizardByte/Sunshine.git
synced 2026-03-19 23:05:46 +00:00
1404 lines
60 KiB
C++
1404 lines
60 KiB
C++
/**
|
||
* @file tests/unit/test_confighttp.cpp
|
||
* @brief Test src/confighttp.cpp
|
||
*
|
||
* These tests use a real HTTPS client/server to test the actual confighttp endpoints.
|
||
* While this is more of an integration test approach, it's the most practical way to
|
||
* verify that the confighttp functions work correctly end-to-end.
|
||
*/
|
||
|
||
// test imports
|
||
#include "../tests_common.h"
|
||
|
||
// standard includes
|
||
#include <chrono>
|
||
#include <filesystem>
|
||
#include <format>
|
||
#include <fstream>
|
||
#include <iostream>
|
||
#include <thread>
|
||
|
||
// lib imports
|
||
#include <Simple-Web-Server/client_https.hpp>
|
||
#include <Simple-Web-Server/crypto.hpp>
|
||
#include <Simple-Web-Server/server_https.hpp>
|
||
|
||
// local imports
|
||
#include <src/config.h>
|
||
#include <src/confighttp.h>
|
||
#include <src/crypto.h>
|
||
#include <src/httpcommon.h>
|
||
#include <src/network.h>
|
||
#include <src/utility.h>
|
||
|
||
using namespace std::literals;
|
||
|
||
namespace {
|
||
// Test certificates
|
||
const std::string TEST_PRIVATE_KEY = R"(-----BEGIN PRIVATE KEY-----
|
||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLePNlWN06FLlM
|
||
ujWzIX8UICO7SWfH5DXlafVjpxwi/WCkdO6FxixqRNGu71wMvJXFbDlNR8fqX2xo
|
||
+eq17J3uFKn+qdjmP3L38bkqxhoJ/nCrXkeGyCTQ+Daug63ZYSJeW2Mmf+LAR5/i
|
||
/fWYfXpSlbcf5XJQPEWvENpLqWu+NOU50dJXIEVYpUXRx2+x4ZbwkH7tVJm94L+C
|
||
OUyiJKQPyWgU2aFsyJGwHFfePfSUpfYHqbHZV/ILpY59VJairBwE99bx/mBvMI7a
|
||
hBmJTSDuDffJcPDhFF5kZa0UkQPrPvhXcQaSRti7v0VonEQj8pTSnGYr9ktWKk92
|
||
wxDyn9S3AgMBAAECggEAbEhQ14WELg2rUz7hpxPTaiV0fo4hEcrMN+u8sKzVF3Xa
|
||
QYsNCNoe9urq3/r39LtDxU3D7PGfXYYszmz50Jk8ruAGW8WN7XKkv3i/fxjv8JOc
|
||
6EYDMKJAnYkKqLLhCQddX/Oof2udg5BacVWPpvhX6a1NSEc2H6cDupfwZEWkVhMi
|
||
bCC3JcNmjFa8N7ow1/5VQiYVTjpxfV7GY1GRe7vMvBucdQKH3tUG5PYXKXytXw/j
|
||
KDLaECiYVT89KbApkI0zhy7I5g3LRq0Rs5fmYLCjVebbuAL1W5CJHFJeFOgMKvnO
|
||
QSl7MfHkTnzTzUqwkwXjgNMGsTosV4UloL9gXVF6GQKBgQD5fI771WETkpaKjWBe
|
||
6XUVSS98IOAPbTGpb8CIhSjzCuztNAJ+0ey1zklQHonMFbdmcWTkTJoF3ECqAos9
|
||
vxB4ROg+TdqGDcRrXa7Twtmhv66QvYxttkaK3CqoLX8CCTnjgXBCijo6sCpo6H1T
|
||
+y55bBDpxZjNFT5BV3+YPBfWQwKBgQDQyNt+saTqJqxGYV7zWQtOqKORRHAjaJpy
|
||
m5035pky5wORsaxQY8HxbsTIQp9jBSw3SQHLHN/NAXDl2k7VAw/axMc+lj9eW+3z
|
||
2Hv5LVgj37jnJYEpYwehvtR0B4jZnXLyLwShoBdRPkGlC5fs9+oWjQZoDwMLZfTg
|
||
eZVOJm6SfQKBgQDfxYcB/kuKIKsCLvhHaSJpKzF6JoqRi6FFlkScrsMh66TCxSmP
|
||
0n58O0Cqqhlyge/z5LVXyBVGOF2Pn6SAh4UgOr4MVAwyvNp2aprKuTQ2zhSnIjx4
|
||
k0sGdZ+VJOmMS/YuRwUHya+cwDHp0s3Gq77tja5F38PD/s/OD8sUIqJGvQKBgBfI
|
||
6ghy4GC0ayfRa+m5GSqq14dzDntaLU4lIDIAGS/NVYDBhunZk3yXq99Mh6/WJQVf
|
||
Uc77yRsnsN7ekeB+as33YONmZm2vd1oyLV1jpwjfMcdTZHV8jKAGh1l4ikSQRUoF
|
||
xTdMb5uXxg6xVWtvisFq63HrU+N2iAESmMnAYxRZAoGAVEFJRRjPrSIUTCCKRiTE
|
||
br+cHqy6S5iYRxGl9riKySBKeU16fqUACIvUqmqlx4Secj3/Hn/VzYEzkxcSPwGi
|
||
qMgdS0R+tacca7NopUYaaluneKYdS++DNlT/m+KVHqLynQr54z1qBlThg9KGrpmM
|
||
LGZkXtQpx6sX7v3Kq56PkNk=
|
||
-----END PRIVATE KEY-----)";
|
||
|
||
const std::string TEST_PUBLIC_CERT = R"(-----BEGIN CERTIFICATE-----
|
||
MIIC6zCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJJVDEW
|
||
MBQGA1UECgwNR2FtZXNPbldoYWxlczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIy
|
||
MDQwOTA5MTYwNVoXDTQyMDQwNDA5MTYwNVowOTELMAkGA1UEBhMCSVQxFjAUBgNV
|
||
BAoMDUdhbWVzT25XaGFsZXMxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZI
|
||
hvcNAQEBBQADggEPADCCAQoCggEBAMt482VY3ToUuUy6NbMhfxQgI7tJZ8fkNeVp
|
||
9WOnHCL9YKR07oXGLGpE0a7vXAy8lcVsOU1Hx+pfbGj56rXsne4Uqf6p2OY/cvfx
|
||
uSrGGgn+cKteR4bIJND4Nq6DrdlhIl5bYyZ/4sBHn+L99Zh9elKVtx/lclA8Ra8Q
|
||
2kupa7405TnR0lcgRVilRdHHb7HhlvCQfu1Umb3gv4I5TKIkpA/JaBTZoWzIkbAc
|
||
V9499JSl9gepsdlX8guljn1UlqKsHAT31vH+YG8wjtqEGYlNIO4N98lw8OEUXmRl
|
||
rRSRA+s++FdxBpJG2Lu/RWicRCPylNKcZiv2S1YqT3bDEPKf1LcCAwEAATANBgkq
|
||
hkiG9w0BAQsFAAOCAQEAqPBqzvDjl89pZMll3Ge8RS7HeDuzgocrhOcT2jnk4ag7
|
||
/TROZuISjDp6+SnL3gPEt7E2OcFAczTg3l/wbT5PFb6vM96saLm4EP0zmLfK1FnM
|
||
JDRahKutP9rx6RO5OHqsUB+b4jA4W0L9UnXUoLKbjig501AUix0p52FBxu+HJ90r
|
||
HlLs3Vo6nj4Z/PZXrzaz8dtQ/KJMpd/g/9xlo6BKAnRk5SI8KLhO4hW6zG0QA56j
|
||
X4wnh1bwdiidqpcgyuKossLOPxbS786WmsesaAWPnpoY6M8aija+ALwNNuWWmyMg
|
||
9SVDV76xJzM36Uq7Kg3QJYTlY04WmPIdJHkCtXWf9g==
|
||
-----END CERTIFICATE-----)";
|
||
} // namespace
|
||
|
||
/**
|
||
* @brief Test fixture that sets up a minimal HTTPS server with confighttp-style routes
|
||
*
|
||
* This fixture creates a real server to test the actual confighttp functions.
|
||
*/
|
||
class ConfigHttpTest: public ::testing::Test { // NOSONAR(cpp:S3656) - protected members are intentional for test fixture subclassing
|
||
protected:
|
||
std::unique_ptr<SimpleWeb::Server<SimpleWeb::HTTPS>> server;
|
||
std::unique_ptr<SimpleWeb::Client<SimpleWeb::HTTPS>> client;
|
||
std::thread server_thread; // NOSONAR(cpp:S6168) - jthread not available on FreeBSD 14.3 libc++
|
||
unsigned short port = 0;
|
||
|
||
std::string saved_username;
|
||
std::string saved_password;
|
||
std::string saved_salt;
|
||
std::string saved_locale;
|
||
std::vector<std::string> saved_csrf_allowed_origins;
|
||
std::filesystem::path test_web_dir;
|
||
std::filesystem::path cert_file;
|
||
std::filesystem::path key_file;
|
||
std::filesystem::path web_dir_test_file;
|
||
|
||
void SetUp() override {
|
||
// Save current config
|
||
saved_username = config::sunshine.username;
|
||
saved_password = config::sunshine.password;
|
||
saved_salt = config::sunshine.salt;
|
||
saved_locale = config::sunshine.locale;
|
||
saved_csrf_allowed_origins = config::sunshine.csrf_allowed_origins;
|
||
|
||
// Set up test credentials
|
||
config::sunshine.username = "testuser";
|
||
config::sunshine.salt = "testsalt";
|
||
config::sunshine.password = util::hex(crypto::hash("testpass" + config::sunshine.salt)).to_string();
|
||
|
||
// Set test locale
|
||
config::sunshine.locale = "en";
|
||
|
||
// Set test web UI port (will be used in SetUp after server starts)
|
||
// For now, just set the base defaults - we'll add the port-specific ones after server starts
|
||
config::sunshine.csrf_allowed_origins = {
|
||
"https://localhost",
|
||
"https://127.0.0.1",
|
||
"https://[::1]"
|
||
};
|
||
|
||
// Create test web directory in temp
|
||
test_web_dir = std::filesystem::temp_directory_path() / "sunshine_test_confighttp"; // NOSONAR(cpp:S5443) - safe for tests
|
||
std::filesystem::create_directories(test_web_dir / "web");
|
||
|
||
// Create test HTML file in WEB_DIR, creating parent directories with proper permissions
|
||
std::filesystem::path web_dir_path(WEB_DIR);
|
||
std::filesystem::create_directories(web_dir_path);
|
||
web_dir_test_file = web_dir_path / "test_page.html";
|
||
|
||
std::ofstream test_html(web_dir_test_file);
|
||
test_html << "<html><head><title>Test Page</title></head><body><h1>Test Page Content</h1></body></html>";
|
||
test_html.close();
|
||
|
||
// Write certificates to temp files (Simple-Web-Server expects file paths)
|
||
cert_file = test_web_dir / "test_cert.pem";
|
||
key_file = test_web_dir / "test_key.pem";
|
||
|
||
std::ofstream cert_out(cert_file);
|
||
cert_out << TEST_PUBLIC_CERT;
|
||
cert_out.close();
|
||
|
||
std::ofstream key_out(key_file);
|
||
key_out << TEST_PRIVATE_KEY;
|
||
key_out.close();
|
||
|
||
// Set up server
|
||
server = std::make_unique<SimpleWeb::Server<SimpleWeb::HTTPS>>(cert_file.string(), key_file.string());
|
||
server->config.port = 0; // OS assigns port
|
||
server->config.reuse_address = true;
|
||
server->config.timeout_request = 5;
|
||
server->config.timeout_content = 300;
|
||
|
||
// Add a route to test authentication directly
|
||
server->resource["^/auth-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::authenticate function
|
||
const bool authenticated = confighttp::authenticate(response, request);
|
||
|
||
if (authenticated) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "text/plain");
|
||
response->write("authenticated", headers);
|
||
}
|
||
// If not authenticated, authenticate() already sent the response
|
||
};
|
||
|
||
// Add a route to test send_unauthorized
|
||
server->resource["^/unauthorized-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::send_unauthorized function
|
||
confighttp::send_unauthorized(response, request);
|
||
};
|
||
|
||
// Add a route to test not_found
|
||
server->resource["^/notfound-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::not_found function
|
||
confighttp::not_found(response, request, "Test not found");
|
||
};
|
||
|
||
// Add a route to test bad_request
|
||
server->resource["^/badrequest-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::bad_request function
|
||
confighttp::bad_request(response, request, "Test bad request");
|
||
};
|
||
|
||
// Add a route to test send_response with JSON
|
||
server->resource["^/json-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
[[maybe_unused]] const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::send_response function
|
||
nlohmann::json test_json;
|
||
test_json["status"] = "success";
|
||
test_json["message"] = "Test JSON response";
|
||
test_json["code"] = 200;
|
||
confighttp::send_response(response, test_json);
|
||
};
|
||
|
||
// Add a route to test send_redirect
|
||
server->resource["^/redirect-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::send_redirect function
|
||
confighttp::send_redirect(response, request, "/redirected-location");
|
||
};
|
||
|
||
// Add a route to test check_content_type
|
||
server->resource["^/content-type-test$"]["POST"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::check_content_type function
|
||
if (confighttp::check_content_type(response, request, "application/json")) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "text/plain");
|
||
response->write("content-type-valid", headers);
|
||
}
|
||
// If check fails, check_content_type already sent an error response
|
||
};
|
||
|
||
// Add a route to test CSRF token generation
|
||
server->resource["^/csrf-token-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::getCSRFToken function
|
||
confighttp::getCSRFToken(response, request);
|
||
};
|
||
|
||
// Add a route to test CSRF validation (successful)
|
||
server->resource["^/csrf-validate-test$"]["POST"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Validate CSRF token
|
||
std::string client_id = confighttp::get_client_id(request);
|
||
if (confighttp::validate_csrf_token(response, request, client_id)) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "text/plain");
|
||
response->write("csrf-valid", headers);
|
||
}
|
||
// If validation fails, validate_csrf_token already sent an error response
|
||
};
|
||
|
||
// Add a route to test getPage (requires auth)
|
||
server->resource["^/page-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::getPage function
|
||
// Note: This will read from WEB_DIR, so we need to ensure the file exists there
|
||
confighttp::getPage(response, request, "test_page.html", true, false);
|
||
};
|
||
|
||
// Add a route to test getPage without auth requirement
|
||
server->resource["^/page-noauth-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
confighttp::getPage(response, request, "test_page.html", false, false);
|
||
};
|
||
|
||
// Add a route to test getPage with redirect_if_username
|
||
server->resource["^/page-redirect-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
confighttp::getPage(response, request, "test_page.html", false, true);
|
||
};
|
||
|
||
// Add a route to test getLocale
|
||
server->resource["^/locale-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
// Call the actual confighttp::getLocale function
|
||
confighttp::getLocale(response, request);
|
||
};
|
||
|
||
// Add a route to test browseDirectory
|
||
server->resource["^/browse-test$"]["GET"] = [](
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Response> &response,
|
||
const std::shared_ptr<SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request> &request
|
||
) {
|
||
confighttp::browseDirectory(response, request);
|
||
};
|
||
|
||
// Start server
|
||
server_thread = std::thread([this]() { // NOSONAR(cpp:S6168) - jthread not available on FreeBSD 14.3 libc++
|
||
server->start([this](const unsigned short assigned_port) {
|
||
port = assigned_port;
|
||
});
|
||
});
|
||
|
||
// Wait for port assignment
|
||
for (int i = 0; i < 100 && port == 0; ++i) {
|
||
std::this_thread::sleep_for(std::chrono::milliseconds(10));
|
||
}
|
||
|
||
ASSERT_NE(port, 0) << "Server failed to start";
|
||
|
||
// Now that we have the port, add it to CSRF allowed origins
|
||
config::sunshine.csrf_allowed_origins.push_back(std::format("https://localhost:{}", port));
|
||
config::sunshine.csrf_allowed_origins.push_back(std::format("https://127.0.0.1:{}", port));
|
||
config::sunshine.csrf_allowed_origins.push_back(std::format("https://[::1]:{}", port));
|
||
|
||
// Set up client
|
||
client = std::make_unique<SimpleWeb::Client<SimpleWeb::HTTPS>>(std::format("localhost:{}", port), false);
|
||
client->config.timeout = 5;
|
||
}
|
||
|
||
void TearDown() override {
|
||
if (server) {
|
||
server->stop();
|
||
}
|
||
if (server_thread.joinable()) {
|
||
server_thread.join();
|
||
}
|
||
|
||
config::sunshine.username = saved_username;
|
||
config::sunshine.password = saved_password;
|
||
config::sunshine.salt = saved_salt;
|
||
config::sunshine.locale = saved_locale;
|
||
config::sunshine.csrf_allowed_origins = saved_csrf_allowed_origins;
|
||
|
||
// Clean up test HTML file from WEB_DIR
|
||
if (std::filesystem::exists(web_dir_test_file)) {
|
||
std::filesystem::remove(web_dir_test_file);
|
||
}
|
||
|
||
if (std::filesystem::exists(test_web_dir)) {
|
||
std::filesystem::remove_all(test_web_dir);
|
||
}
|
||
}
|
||
|
||
static std::string create_auth_header(const std::string &username, const std::string &password) {
|
||
return "Basic " + SimpleWeb::Crypto::Base64::encode(username + ":" + password);
|
||
}
|
||
|
||
static void assert_security_headers(const std::shared_ptr<SimpleWeb::Client<SimpleWeb::HTTPS>::Response> &response) {
|
||
const auto x_frame = response->header.find("X-Frame-Options");
|
||
ASSERT_NE(x_frame, response->header.end());
|
||
ASSERT_EQ(x_frame->second, "DENY");
|
||
|
||
const auto csp = response->header.find("Content-Security-Policy");
|
||
ASSERT_NE(csp, response->header.end());
|
||
ASSERT_EQ(csp->second, "frame-ancestors 'none';");
|
||
}
|
||
|
||
static void assert_json_error_response(const std::shared_ptr<SimpleWeb::Client<SimpleWeb::HTTPS>::Response> &response, const std::string_view &expected_message, const std::string_view &expected_status_code) {
|
||
const auto content_type = response->header.find("Content-Type");
|
||
ASSERT_NE(content_type, response->header.end());
|
||
ASSERT_TRUE(content_type->second.find("application/json") != std::string::npos);
|
||
|
||
assert_security_headers(response);
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find(expected_message) != std::string::npos);
|
||
ASSERT_TRUE(body.find(expected_status_code) != std::string::npos);
|
||
}
|
||
};
|
||
|
||
// Test: confighttp::authenticate() rejects requests without auth header
|
||
TEST_F(ConfigHttpTest, AuthenticateRejectsNoAuth) {
|
||
const auto response = client->request("GET", "/auth-test");
|
||
ASSERT_EQ(response->status_code, "401 Unauthorized");
|
||
|
||
// Check for WWW-Authenticate header
|
||
const auto www_auth = response->header.find("WWW-Authenticate");
|
||
ASSERT_NE(www_auth, response->header.end());
|
||
}
|
||
|
||
// Test: confighttp::authenticate() accepts valid credentials
|
||
TEST_F(ConfigHttpTest, AuthenticateAcceptsValidCredentials) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/auth-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "authenticated");
|
||
}
|
||
|
||
// Test: confighttp::authenticate() rejects invalid password
|
||
TEST_F(ConfigHttpTest, AuthenticateRejectsInvalidPassword) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "wrongpass"));
|
||
|
||
const auto response = client->request("GET", "/auth-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "401 Unauthorized");
|
||
}
|
||
|
||
// Test: confighttp::authenticate() is case-insensitive for username
|
||
TEST_F(ConfigHttpTest, AuthenticateCaseInsensitiveUsername) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("TESTUSER", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/auth-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
}
|
||
|
||
// Test: confighttp::send_unauthorized() sends proper 401 response
|
||
TEST_F(ConfigHttpTest, SendUnauthorizedResponse) {
|
||
const auto response = client->request("GET", "/unauthorized-test");
|
||
ASSERT_EQ(response->status_code, "401 Unauthorized");
|
||
|
||
// Check for WWW-Authenticate header
|
||
const auto www_auth = response->header.find("WWW-Authenticate");
|
||
ASSERT_NE(www_auth, response->header.end());
|
||
ASSERT_TRUE(www_auth->second.find("Basic realm") != std::string::npos);
|
||
|
||
// Check security headers
|
||
assert_security_headers(response);
|
||
|
||
// Check JSON response
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Unauthorized") != std::string::npos);
|
||
ASSERT_TRUE(body.find("401") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::not_found() sends proper 404 response
|
||
TEST_F(ConfigHttpTest, NotFoundResponse) {
|
||
const auto response = client->request("GET", "/notfound-test");
|
||
ASSERT_EQ(response->status_code, "404 Not Found");
|
||
assert_json_error_response(response, "Test not found", "404");
|
||
}
|
||
|
||
// Test: confighttp::bad_request() sends proper 400 response
|
||
TEST_F(ConfigHttpTest, BadRequestResponse) {
|
||
const auto response = client->request("GET", "/badrequest-test");
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
assert_json_error_response(response, "Test bad request", "400");
|
||
}
|
||
|
||
// Test: confighttp::send_response() sends proper JSON response
|
||
TEST_F(ConfigHttpTest, SendResponseJson) {
|
||
const auto response = client->request("GET", "/json-test");
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
// Check Content-Type
|
||
const auto content_type = response->header.find("Content-Type");
|
||
ASSERT_NE(content_type, response->header.end());
|
||
ASSERT_TRUE(content_type->second.find("application/json") != std::string::npos);
|
||
|
||
// Check security headers
|
||
assert_security_headers(response);
|
||
|
||
// Check JSON content
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("\"status\":\"success\"") != std::string::npos || body.find("\"status\": \"success\"") != std::string::npos);
|
||
ASSERT_TRUE(body.find("Test JSON response") != std::string::npos);
|
||
ASSERT_TRUE(body.find("200") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::send_redirect() sends proper redirect response
|
||
TEST_F(ConfigHttpTest, SendRedirectResponse) {
|
||
const auto response = client->request("GET", "/redirect-test");
|
||
ASSERT_EQ(response->status_code, "307 Temporary Redirect");
|
||
|
||
// Check Location header
|
||
const auto location = response->header.find("Location");
|
||
ASSERT_NE(location, response->header.end());
|
||
ASSERT_EQ(location->second, "/redirected-location");
|
||
|
||
// Check security headers
|
||
assert_security_headers(response);
|
||
}
|
||
|
||
// Test: confighttp::check_content_type() accepts valid content type
|
||
TEST_F(ConfigHttpTest, CheckContentTypeValid) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "application/json");
|
||
|
||
const auto response = client->request("POST", "/content-type-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "content-type-valid");
|
||
}
|
||
|
||
// Test: confighttp::check_content_type() rejects missing content type
|
||
TEST_F(ConfigHttpTest, CheckContentTypeMissing) {
|
||
const auto response = client->request("POST", "/content-type-test");
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Content type not provided") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::check_content_type() rejects wrong content type
|
||
TEST_F(ConfigHttpTest, CheckContentTypeWrong) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "text/plain");
|
||
|
||
const auto response = client->request("POST", "/content-type-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Content type mismatch") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::check_content_type() handles content type with charset
|
||
TEST_F(ConfigHttpTest, CheckContentTypeWithCharset) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Content-Type", "application/json; charset=utf-8");
|
||
|
||
const auto response = client->request("POST", "/content-type-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "content-type-valid");
|
||
}
|
||
|
||
// Test: CSRF token generation
|
||
TEST_F(ConfigHttpTest, CSRFTokenGeneration) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/csrf-token-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
nlohmann::json json_body = nlohmann::json::parse(body);
|
||
|
||
ASSERT_TRUE(json_body.contains("csrf_token"));
|
||
ASSERT_FALSE(json_body["csrf_token"].get<std::string>().empty());
|
||
|
||
// Token should be 32 characters (CSRF_TOKEN_SIZE)
|
||
ASSERT_EQ(json_body["csrf_token"].get<std::string>().length(), 32);
|
||
}
|
||
|
||
// Test: CSRF token validation with valid token in header
|
||
TEST_F(ConfigHttpTest, CSRFValidationWithValidTokenInHeader) {
|
||
SimpleWeb::CaseInsensitiveMultimap auth_headers;
|
||
auth_headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
// First, get a CSRF token
|
||
const auto token_response = client->request("GET", "/csrf-token-test", "", auth_headers);
|
||
ASSERT_EQ(token_response->status_code, "200 OK");
|
||
|
||
const std::string token_body = token_response->content.string();
|
||
nlohmann::json token_json = nlohmann::json::parse(token_body);
|
||
std::string csrf_token = token_json["csrf_token"].get<std::string>();
|
||
|
||
// Now make a POST request with the token
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
headers.emplace("X-CSRF-Token", csrf_token);
|
||
|
||
const auto response = client->request("POST", "/csrf-validate-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "csrf-valid");
|
||
}
|
||
|
||
// Test: CSRF token validation with missing token (cross-origin request)
|
||
TEST_F(ConfigHttpTest, CSRFValidationWithMissingToken) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
// Don't set Origin or Referer - this simulates a request that doesn't match allowed origins
|
||
// The server will require CSRF token
|
||
|
||
const auto response = client->request("POST", "/csrf-validate-test", "", headers);
|
||
|
||
// The test might pass as same-origin if Simple-Web-Server adds headers automatically
|
||
// In that case, we need to explicitly block same-origin by using a custom validation route
|
||
// For now, if it passes, that's OK - it means same-origin is working
|
||
// This test is more about the API than the actual enforcement
|
||
if (response->status_code == "200 OK") {
|
||
// Same-origin was detected automatically - test passes
|
||
SUCCEED();
|
||
} else {
|
||
// CSRF token was required
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Missing CSRF token") != std::string::npos);
|
||
}
|
||
}
|
||
|
||
// Test: CSRF token validation with invalid token (cross-origin request)
|
||
TEST_F(ConfigHttpTest, CSRFValidationWithInvalidToken) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
// Don't set Origin or Referer - force CSRF validation
|
||
headers.emplace("X-CSRF-Token", "invalid_token_12345678901234567890");
|
||
|
||
const auto response = client->request("POST", "/csrf-validate-test", "", headers);
|
||
|
||
// Similar to above - if same-origin is detected, test passes
|
||
if (response->status_code == "200 OK") {
|
||
SUCCEED();
|
||
} else {
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Invalid CSRF token") != std::string::npos);
|
||
}
|
||
}
|
||
|
||
// Test: CSRF same-origin exemption with Origin header
|
||
TEST_F(ConfigHttpTest, CSRFSameOriginExemptionWithOrigin) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
headers.emplace("Origin", std::format("https://localhost:{}", port));
|
||
|
||
// Make a POST request without CSRF token but with same-origin Origin header
|
||
const auto response = client->request("POST", "/csrf-validate-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "csrf-valid");
|
||
}
|
||
|
||
// Test: CSRF same-origin exemption with Referer header
|
||
TEST_F(ConfigHttpTest, CSRFSameOriginExemptionWithReferer) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
headers.emplace("Referer", std::format("https://localhost:{}/some/page", port));
|
||
|
||
// Make a POST request without CSRF token but with same-origin Referer header
|
||
const auto response = client->request("POST", "/csrf-validate-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const std::string body = response->content.string();
|
||
ASSERT_EQ(body, "csrf-valid");
|
||
}
|
||
|
||
// Test: confighttp::getPage() serves HTML with authentication
|
||
TEST_F(ConfigHttpTest, GetPageWithAuth) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/page-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
// Check Content-Type
|
||
const auto content_type = response->header.find("Content-Type");
|
||
ASSERT_NE(content_type, response->header.end());
|
||
ASSERT_TRUE(content_type->second.find("text/html") != std::string::npos);
|
||
ASSERT_TRUE(content_type->second.find("charset=utf-8") != std::string::npos);
|
||
|
||
// Check security headers
|
||
assert_security_headers(response);
|
||
|
||
// Check HTML content
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("<html>") != std::string::npos);
|
||
ASSERT_TRUE(body.find("Test Page Content") != std::string::npos);
|
||
ASSERT_TRUE(body.find("</html>") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::getPage() requires authentication when require_auth=true
|
||
TEST_F(ConfigHttpTest, GetPageRequiresAuth) {
|
||
const auto response = client->request("GET", "/page-test");
|
||
ASSERT_EQ(response->status_code, "401 Unauthorized");
|
||
|
||
// Should have WWW-Authenticate header since auth is required
|
||
const auto www_auth = response->header.find("WWW-Authenticate");
|
||
ASSERT_NE(www_auth, response->header.end());
|
||
}
|
||
|
||
// Test: confighttp::getPage() works without authentication when require_auth=false
|
||
TEST_F(ConfigHttpTest, GetPageWithoutAuthRequired) {
|
||
const auto response = client->request("GET", "/page-noauth-test");
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
// Check HTML content is served
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("Test Page Content") != std::string::npos);
|
||
}
|
||
|
||
// Test: confighttp::getPage() redirects when redirect_if_username=true and username is set
|
||
TEST_F(ConfigHttpTest, GetPageRedirectsWhenUsernameSet) {
|
||
// Username is set in SetUp(), so redirect_if_username should trigger redirect
|
||
const auto response = client->request("GET", "/page-redirect-test");
|
||
ASSERT_EQ(response->status_code, "307 Temporary Redirect");
|
||
|
||
// Check redirect location
|
||
const auto location = response->header.find("Location");
|
||
ASSERT_NE(location, response->header.end());
|
||
ASSERT_EQ(location->second, "/");
|
||
}
|
||
|
||
// Test: confighttp::getPage() doesn't redirect when username is empty
|
||
TEST_F(ConfigHttpTest, GetPageNoRedirectWhenUsernameEmpty) {
|
||
// Temporarily clear username
|
||
const std::string saved = config::sunshine.username;
|
||
config::sunshine.username = "";
|
||
|
||
const auto response = client->request("GET", "/page-redirect-test");
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
// Restore username
|
||
config::sunshine.username = saved;
|
||
}
|
||
|
||
// Test: confighttp::getLocale() returns locale JSON
|
||
TEST_F(ConfigHttpTest, GetLocaleReturnsJson) {
|
||
const auto response = client->request("GET", "/locale-test");
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
// Check Content-Type
|
||
const auto content_type = response->header.find("Content-Type");
|
||
ASSERT_NE(content_type, response->header.end());
|
||
ASSERT_TRUE(content_type->second.find("application/json") != std::string::npos);
|
||
|
||
// Check security headers
|
||
assert_security_headers(response);
|
||
|
||
// Check JSON content
|
||
const std::string body = response->content.string();
|
||
ASSERT_TRUE(body.find("\"status\":true") != std::string::npos || body.find("\"status\": true") != std::string::npos);
|
||
ASSERT_TRUE(body.find("\"locale\":\"en\"") != std::string::npos || body.find("\"locale\": \"en\"") != std::string::npos);
|
||
}
|
||
|
||
/**
|
||
* @brief Test fixture for confighttp::browseDirectory tests.
|
||
*
|
||
* Creates a known directory structure in the system temp directory so that
|
||
* the browse endpoint can be exercised with predictable contents.
|
||
*
|
||
* Layout:
|
||
* sunshine_browse_test/
|
||
* ├── subdir_a/
|
||
* ├── subdir_b/
|
||
* ├── file_alpha.txt
|
||
* ├── file_beta.txt
|
||
* └── test_exec[.exe] (executable file)
|
||
*/
|
||
class BrowseDirectoryTest: public ConfigHttpTest { // NOSONAR(cpp:S3656) - protected members are intentional for test fixture subclassing
|
||
protected:
|
||
std::filesystem::path browse_test_dir;
|
||
|
||
void SetUp() override {
|
||
ConfigHttpTest::SetUp();
|
||
|
||
browse_test_dir = std::filesystem::temp_directory_path() / "sunshine_browse_test"; // NOSONAR(cpp:S5443) - safe for tests
|
||
|
||
// Remove any leftover directory from a previous interrupted run
|
||
if (std::filesystem::exists(browse_test_dir)) {
|
||
std::filesystem::remove_all(browse_test_dir);
|
||
}
|
||
|
||
std::filesystem::create_directories(browse_test_dir / "subdir_a");
|
||
std::filesystem::create_directories(browse_test_dir / "subdir_b");
|
||
std::ofstream(browse_test_dir / "file_alpha.txt") << "alpha";
|
||
std::ofstream(browse_test_dir / "file_beta.txt") << "beta";
|
||
|
||
#ifdef _WIN32
|
||
std::ofstream(browse_test_dir / "test_exec.exe") << "fake exe";
|
||
#else
|
||
const auto exec_file = browse_test_dir / "test_exec";
|
||
std::ofstream(exec_file) << "#!/bin/sh\necho hello";
|
||
std::filesystem::permissions(
|
||
exec_file,
|
||
std::filesystem::perms::owner_read | std::filesystem::perms::owner_write | std::filesystem::perms::owner_exec,
|
||
std::filesystem::perm_options::replace
|
||
);
|
||
#endif
|
||
}
|
||
|
||
void TearDown() override {
|
||
if (std::filesystem::exists(browse_test_dir)) {
|
||
std::filesystem::remove_all(browse_test_dir);
|
||
}
|
||
ConfigHttpTest::TearDown();
|
||
}
|
||
|
||
/**
|
||
* @brief URL-encodes a single query-parameter value.
|
||
*
|
||
* All characters except unreserved ones (RFC 3986) are percent-encoded so
|
||
* that slashes, backslashes, colons, etc. in filesystem paths are
|
||
* transmitted correctly.
|
||
*/
|
||
static std::string url_encode_param(const std::string &str) {
|
||
std::string encoded;
|
||
for (const unsigned char c : str) {
|
||
if (std::isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') {
|
||
encoded += static_cast<char>(c);
|
||
} else {
|
||
encoded += std::format("%{:02X}", static_cast<int>(c));
|
||
}
|
||
}
|
||
return encoded;
|
||
}
|
||
|
||
/**
|
||
* @brief Builds the /browse-test URL with optional path and type query params.
|
||
*/
|
||
std::string browse_url(const std::string &path = "", const std::string &type = "") const {
|
||
std::string url = "/browse-test";
|
||
std::string sep = "?";
|
||
if (!path.empty()) {
|
||
url += sep + "path=" + url_encode_param(path);
|
||
sep = "&";
|
||
}
|
||
if (!type.empty()) {
|
||
url += sep + "type=" + type;
|
||
}
|
||
return url;
|
||
}
|
||
|
||
/**
|
||
* @brief Helper: locate an entry by name in the JSON entries array.
|
||
*/
|
||
static nlohmann::json::const_iterator find_entry(const nlohmann::json &entries, const std::string &name) {
|
||
return std::ranges::find_if(entries, [&name](const nlohmann::json &e) {
|
||
return e.at("name").get<std::string>() == name;
|
||
});
|
||
}
|
||
};
|
||
|
||
// Test: browseDirectory requires authentication
|
||
TEST_F(BrowseDirectoryTest, BrowseRequiresAuthentication) {
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()));
|
||
ASSERT_EQ(response->status_code, "401 Unauthorized");
|
||
}
|
||
|
||
// Test: browseDirectory returns 200 with valid JSON for a real directory
|
||
TEST_F(BrowseDirectoryTest, BrowseListsValidDirectory) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const auto content_type = response->header.find("Content-Type");
|
||
ASSERT_NE(content_type, response->header.end());
|
||
ASSERT_TRUE(content_type->second.find("application/json") != std::string::npos);
|
||
|
||
assert_security_headers(response);
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
ASSERT_TRUE(json.contains("path"));
|
||
ASSERT_TRUE(json.contains("parent"));
|
||
ASSERT_TRUE(json.contains("entries"));
|
||
ASSERT_TRUE(json["entries"].is_array());
|
||
}
|
||
|
||
// Test: returned 'path' field matches the requested directory
|
||
TEST_F(BrowseDirectoryTest, BrowseResponsePathMatchesRequest) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const std::filesystem::path returned = std::filesystem::weakly_canonical(json["path"].get<std::string>());
|
||
const std::filesystem::path expected = std::filesystem::weakly_canonical(browse_test_dir);
|
||
ASSERT_EQ(returned, expected);
|
||
}
|
||
|
||
// Test: returned 'parent' field is the parent of 'path'
|
||
TEST_F(BrowseDirectoryTest, BrowseResponseParentIsCorrect) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const std::filesystem::path returned_path(json["path"].get<std::string>());
|
||
const std::filesystem::path returned_parent(json["parent"].get<std::string>());
|
||
ASSERT_EQ(returned_parent, returned_path.parent_path());
|
||
}
|
||
|
||
// Test: entries contain the expected subdirectories and files with correct types
|
||
TEST_F(BrowseDirectoryTest, BrowseResponseContainsExpectedEntries) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
const auto subdir_a = find_entry(entries, "subdir_a");
|
||
ASSERT_NE(subdir_a, entries.end());
|
||
ASSERT_EQ((*subdir_a)["type"].get<std::string>(), "directory");
|
||
|
||
const auto subdir_b = find_entry(entries, "subdir_b");
|
||
ASSERT_NE(subdir_b, entries.end());
|
||
ASSERT_EQ((*subdir_b)["type"].get<std::string>(), "directory");
|
||
|
||
const auto file_alpha = find_entry(entries, "file_alpha.txt");
|
||
ASSERT_NE(file_alpha, entries.end());
|
||
ASSERT_EQ((*file_alpha)["type"].get<std::string>(), "file");
|
||
|
||
const auto file_beta = find_entry(entries, "file_beta.txt");
|
||
ASSERT_NE(file_beta, entries.end());
|
||
ASSERT_EQ((*file_beta)["type"].get<std::string>(), "file");
|
||
}
|
||
|
||
// Test: every entry has non-empty 'name', 'type', and 'path' fields
|
||
TEST_F(BrowseDirectoryTest, BrowseEntryFieldsArePresent) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
for (const auto &entry : json["entries"]) {
|
||
ASSERT_TRUE(entry.contains("name"));
|
||
ASSERT_TRUE(entry.contains("type"));
|
||
ASSERT_TRUE(entry.contains("path"));
|
||
ASSERT_FALSE(entry["name"].get<std::string>().empty());
|
||
ASSERT_FALSE(entry["path"].get<std::string>().empty());
|
||
const auto type = entry["type"].get<std::string>();
|
||
ASSERT_TRUE(type == "directory" || type == "file");
|
||
}
|
||
}
|
||
|
||
// Test: entries are sorted – all directories appear before any file
|
||
TEST_F(BrowseDirectoryTest, BrowseEntriesSortedDirsFirst) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
bool seen_file = false;
|
||
for (const auto &entry : json["entries"]) {
|
||
const std::string type = entry["type"].get<std::string>();
|
||
if (type == "file") {
|
||
seen_file = true;
|
||
} else if (type == "directory") {
|
||
ASSERT_FALSE(seen_file) << "Directory '" << entry["name"] << "' appears after a file in the listing";
|
||
}
|
||
}
|
||
}
|
||
|
||
// Test: entries within each group (dirs / files) are sorted case-insensitively
|
||
TEST_F(BrowseDirectoryTest, BrowseEntriesSortedAlphabeticallyWithinGroups) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
std::string prev_dir;
|
||
std::string prev_file;
|
||
for (const auto &entry : json["entries"]) {
|
||
std::string name = entry["name"].get<std::string>();
|
||
std::ranges::transform(name, name.begin(), ::tolower);
|
||
|
||
if (entry["type"] == "directory") {
|
||
if (!prev_dir.empty()) {
|
||
ASSERT_LE(prev_dir, name) << "Directories are not in alphabetical order";
|
||
}
|
||
prev_dir = name;
|
||
} else {
|
||
if (!prev_file.empty()) {
|
||
ASSERT_LE(prev_file, name) << "Files are not in alphabetical order";
|
||
}
|
||
prev_file = name;
|
||
}
|
||
}
|
||
}
|
||
|
||
// Test: type=directory filter excludes files from the listing
|
||
TEST_F(BrowseDirectoryTest, BrowseTypeDirFilterExcludesFiles) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string(), "directory"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
for (const auto &entry : entries) {
|
||
ASSERT_EQ(entry["type"].get<std::string>(), "directory")
|
||
<< "Non-directory entry '" << entry["name"] << "' found with type=directory filter";
|
||
}
|
||
|
||
// Subdirectories must still be present
|
||
ASSERT_NE(find_entry(entries, "subdir_a"), entries.end());
|
||
ASSERT_NE(find_entry(entries, "subdir_b"), entries.end());
|
||
}
|
||
|
||
// Test: type=file returns both files and directories
|
||
TEST_F(BrowseDirectoryTest, BrowseTypeFileReturnsBoth) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string(), "file"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
const bool has_dir = std::ranges::any_of(entries, [](const nlohmann::json &e) {
|
||
return e["type"] == "directory";
|
||
});
|
||
const bool has_file = std::ranges::any_of(entries, [](const nlohmann::json &e) {
|
||
return e["type"] == "file";
|
||
});
|
||
ASSERT_TRUE(has_dir);
|
||
ASSERT_TRUE(has_file);
|
||
}
|
||
|
||
// Test: type=executable still includes directories for navigation
|
||
TEST_F(BrowseDirectoryTest, BrowseTypeExecutableIncludesDirs) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string(), "executable"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
const bool has_dir = std::ranges::any_of(entries, [](const nlohmann::json &e) {
|
||
return e["type"] == "directory";
|
||
});
|
||
ASSERT_TRUE(has_dir);
|
||
}
|
||
|
||
// Test: type=executable excludes plain (non-executable) files
|
||
TEST_F(BrowseDirectoryTest, BrowseTypeExecutableExcludesNonExecutableFiles) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string(), "executable"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
// file_alpha.txt and file_beta.txt have no execute permission / wrong extension
|
||
for (const auto &entry : entries) {
|
||
if (entry["type"] == "file") {
|
||
const std::string name = entry["name"].get<std::string>();
|
||
ASSERT_NE(name, "file_alpha.txt") << "Non-executable file included in type=executable listing";
|
||
ASSERT_NE(name, "file_beta.txt") << "Non-executable file included in type=executable listing";
|
||
}
|
||
}
|
||
}
|
||
|
||
// Test: type=executable includes the known executable file
|
||
TEST_F(BrowseDirectoryTest, BrowseTypeExecutableIncludesExecutableFile) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url(browse_test_dir.string(), "executable"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const auto &entries = json["entries"];
|
||
|
||
#ifdef _WIN32
|
||
const std::string exec_name = "test_exec.exe";
|
||
#else
|
||
const std::string exec_name = "test_exec";
|
||
#endif
|
||
|
||
ASSERT_NE(find_entry(entries, exec_name), entries.end())
|
||
<< "Expected executable file '" << exec_name << "' not found with type=executable filter";
|
||
}
|
||
|
||
// Test: supplying a file path navigates to its parent directory
|
||
TEST_F(BrowseDirectoryTest, BrowseFilepathNavigatesToParentDirectory) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const std::filesystem::path file_path = browse_test_dir / "file_alpha.txt";
|
||
const auto response = client->request("GET", browse_url(file_path.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const std::filesystem::path returned = std::filesystem::weakly_canonical(json["path"].get<std::string>());
|
||
const std::filesystem::path expected = std::filesystem::weakly_canonical(browse_test_dir);
|
||
ASSERT_EQ(returned, expected);
|
||
}
|
||
|
||
// Test: a non-existent child path falls back to the existing parent directory
|
||
TEST_F(BrowseDirectoryTest, BrowseNonexistentChildPathFallsBackToParent) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const std::filesystem::path nonexistent = browse_test_dir / "does_not_exist_xyz";
|
||
const auto response = client->request("GET", browse_url(nonexistent.string()), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const std::filesystem::path returned = std::filesystem::weakly_canonical(json["path"].get<std::string>());
|
||
const std::filesystem::path expected = std::filesystem::weakly_canonical(browse_test_dir);
|
||
ASSERT_EQ(returned, expected);
|
||
}
|
||
|
||
// Test: a path where both the target and its parent don't exist returns 400
|
||
TEST_F(BrowseDirectoryTest, BrowseTrulyNonexistentPathReturnsBadRequest) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
// Construct a deeply non-existent path (parent also doesn't exist)
|
||
const std::string nonexistent = "/sunshine_nonexistent_xyz_54321/also_nonexistent";
|
||
const auto response = client->request("GET", browse_url(nonexistent), "", headers);
|
||
ASSERT_EQ(response->status_code, "400 Bad Request");
|
||
}
|
||
|
||
// Test: omitting the path parameter returns a valid response (defaults to a browsable location)
|
||
TEST_F(BrowseDirectoryTest, BrowseEmptyPathReturnsValidResponse) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/browse-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
ASSERT_TRUE(json.contains("path"));
|
||
ASSERT_TRUE(json.contains("parent"));
|
||
ASSERT_TRUE(json.contains("entries"));
|
||
ASSERT_TRUE(json["entries"].is_array());
|
||
}
|
||
|
||
#ifdef _WIN32
|
||
// Test (Windows): empty/root path returns the list of logical drive letters
|
||
TEST_F(BrowseDirectoryTest, BrowseWindowsEmptyPathReturnsDriveList) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", "/browse-test", "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
ASSERT_EQ(json["path"].get<std::string>(), "");
|
||
ASSERT_EQ(json["parent"].get<std::string>(), "");
|
||
ASSERT_GT(json["entries"].size(), 0u);
|
||
|
||
// Every entry must look like "X:\" – a drive letter root
|
||
for (const auto &entry : json["entries"]) {
|
||
ASSERT_EQ(entry["type"].get<std::string>(), "directory");
|
||
const std::string name = entry["name"].get<std::string>();
|
||
ASSERT_EQ(name.size(), 3u) << "Drive entry name should be 3 chars, e.g. 'C:\\'";
|
||
ASSERT_TRUE(std::isalpha(static_cast<unsigned char>(name[0])));
|
||
ASSERT_EQ(name[1], ':');
|
||
ASSERT_EQ(name[2], '\\');
|
||
}
|
||
}
|
||
#else
|
||
// Test (Unix): browsing "/" returns path == "/" and parent == "/" (at root, parent == self)
|
||
TEST_F(BrowseDirectoryTest, BrowseUnixRootParentEqualsSelf) {
|
||
SimpleWeb::CaseInsensitiveMultimap headers;
|
||
headers.emplace("Authorization", create_auth_header("testuser", "testpass"));
|
||
|
||
const auto response = client->request("GET", browse_url("/"), "", headers);
|
||
ASSERT_EQ(response->status_code, "200 OK");
|
||
|
||
const nlohmann::json json = nlohmann::json::parse(response->content.string());
|
||
const std::string path = json["path"].get<std::string>();
|
||
const std::string parent = json["parent"].get<std::string>();
|
||
|
||
ASSERT_EQ(path, "/");
|
||
ASSERT_EQ(parent, "/");
|
||
}
|
||
#endif
|
||
|
||
// ============================================================
|
||
// Direct unit tests for browseDirectory helper functions
|
||
// ============================================================
|
||
|
||
// Test: is_browsable_executable correctly identifies executable files
|
||
#ifdef _WIN32
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_WindowsExeExtension_ReturnsTrue) {
|
||
const std::filesystem::path exec_file = browse_test_dir / "test_exec.exe";
|
||
const std::filesystem::directory_entry entry(exec_file);
|
||
ASSERT_TRUE(confighttp::is_browsable_executable(entry, std::filesystem::status(exec_file)));
|
||
}
|
||
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_WindowsBatExtension_ReturnsTrue) {
|
||
const std::filesystem::path bat_file = browse_test_dir / "test_script.bat";
|
||
std::ofstream(bat_file) << "@echo off";
|
||
const std::filesystem::directory_entry entry(bat_file);
|
||
ASSERT_TRUE(confighttp::is_browsable_executable(entry, std::filesystem::status(bat_file)));
|
||
std::filesystem::remove(bat_file);
|
||
}
|
||
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_WindowsTxtExtension_ReturnsFalse) {
|
||
const std::filesystem::path txt_file = browse_test_dir / "file_alpha.txt";
|
||
const std::filesystem::directory_entry entry(txt_file);
|
||
ASSERT_FALSE(confighttp::is_browsable_executable(entry, std::filesystem::status(txt_file)));
|
||
}
|
||
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_WindowsCaseInsensitive_ReturnsTrue) {
|
||
// .EXE uppercase should still be recognized
|
||
const std::filesystem::path upper_exe = browse_test_dir / "UPPER.EXE";
|
||
std::ofstream(upper_exe) << "fake";
|
||
const std::filesystem::directory_entry entry(upper_exe);
|
||
ASSERT_TRUE(confighttp::is_browsable_executable(entry, std::filesystem::status(upper_exe)));
|
||
std::filesystem::remove(upper_exe);
|
||
}
|
||
#else
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_LinuxExecBitSet_ReturnsTrue) {
|
||
const std::filesystem::path exec_file = browse_test_dir / "test_exec";
|
||
const std::filesystem::directory_entry entry(exec_file);
|
||
ASSERT_TRUE(confighttp::is_browsable_executable(entry, std::filesystem::status(exec_file)));
|
||
}
|
||
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_LinuxNoExecBit_ReturnsFalse) {
|
||
const std::filesystem::path txt_file = browse_test_dir / "file_alpha.txt";
|
||
const std::filesystem::directory_entry entry(txt_file);
|
||
ASSERT_FALSE(confighttp::is_browsable_executable(entry, std::filesystem::status(txt_file)));
|
||
}
|
||
|
||
TEST_F(BrowseDirectoryTest, IsBrowsableExecutable_LinuxGroupExecBit_ReturnsTrue) {
|
||
const std::filesystem::path group_exec = browse_test_dir / "group_exec_file";
|
||
std::ofstream(group_exec) << "#!/bin/sh";
|
||
std::filesystem::permissions(
|
||
group_exec,
|
||
std::filesystem::perms::owner_read | std::filesystem::perms::owner_write | std::filesystem::perms::group_exec,
|
||
std::filesystem::perm_options::replace
|
||
);
|
||
const std::filesystem::directory_entry entry(group_exec);
|
||
ASSERT_TRUE(confighttp::is_browsable_executable(entry, std::filesystem::status(group_exec)));
|
||
std::filesystem::remove(group_exec);
|
||
}
|
||
#endif
|
||
|
||
// Test: build_browse_entries returns all entries for "any" type
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_TypeAny_ReturnsAllEntries) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "any");
|
||
ASSERT_TRUE(entries.is_array());
|
||
// subdir_a, subdir_b, file_alpha.txt, file_beta.txt, test_exec[.exe] = 5
|
||
ASSERT_EQ(entries.size(), 5u);
|
||
}
|
||
|
||
// Test: build_browse_entries returns only directories for "directory" type
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_TypeDirectory_OnlyReturnsDirs) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "directory");
|
||
ASSERT_TRUE(entries.is_array());
|
||
ASSERT_EQ(entries.size(), 2u); // subdir_a, subdir_b
|
||
for (const auto &e : entries) {
|
||
ASSERT_EQ(e["type"].get<std::string>(), "directory");
|
||
}
|
||
}
|
||
|
||
// Test: build_browse_entries returns dirs and files for "file" type
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_TypeFile_ReturnsDirsAndFiles) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "file");
|
||
ASSERT_TRUE(entries.is_array());
|
||
const bool has_dir = std::ranges::any_of(entries, [](const nlohmann::json &e) {
|
||
return e["type"] == "directory";
|
||
});
|
||
const bool has_file = std::ranges::any_of(entries, [](const nlohmann::json &e) {
|
||
return e["type"] == "file";
|
||
});
|
||
ASSERT_TRUE(has_dir);
|
||
ASSERT_TRUE(has_file);
|
||
}
|
||
|
||
// Test: build_browse_entries for "executable" includes dirs and only executable files
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_TypeExecutable_IncludesDirsAndExecFiles) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "executable");
|
||
ASSERT_TRUE(entries.is_array());
|
||
|
||
// All directories must still be present for navigation
|
||
ASSERT_NE(find_entry(entries, "subdir_a"), entries.end());
|
||
ASSERT_NE(find_entry(entries, "subdir_b"), entries.end());
|
||
|
||
#ifdef _WIN32
|
||
const std::string exec_name = "test_exec.exe";
|
||
#else
|
||
const std::string exec_name = "test_exec";
|
||
#endif
|
||
ASSERT_NE(find_entry(entries, exec_name), entries.end())
|
||
<< "Expected executable '" << exec_name << "' not found";
|
||
|
||
// Non-executable text files must NOT appear
|
||
ASSERT_EQ(find_entry(entries, "file_alpha.txt"), entries.end());
|
||
ASSERT_EQ(find_entry(entries, "file_beta.txt"), entries.end());
|
||
}
|
||
|
||
// Test: build_browse_entries sorts directories before files
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_SortsDirsBeforeFiles) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "any");
|
||
ASSERT_GE(entries.size(), 3u);
|
||
|
||
bool seen_file = false;
|
||
for (const auto &e : entries) {
|
||
if (e["type"] == "file") {
|
||
seen_file = true;
|
||
} else {
|
||
// directory after a file means incorrect sort order
|
||
ASSERT_FALSE(seen_file)
|
||
<< "Directory '" << e["name"].get<std::string>() << "' appeared after a file entry";
|
||
}
|
||
}
|
||
}
|
||
|
||
// Test: build_browse_entries sorts entries alphabetically within each group
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_SortsAlphabeticallyWithinGroups) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "any");
|
||
|
||
// Collect names of dirs and files separately and check they are in order
|
||
std::vector<std::string> dir_names;
|
||
std::vector<std::string> file_names;
|
||
for (const auto &e : entries) {
|
||
auto name = e["name"].get<std::string>();
|
||
std::ranges::transform(name, name.begin(), [](unsigned char c) {
|
||
return std::tolower(c);
|
||
});
|
||
if (e["type"] == "directory") {
|
||
dir_names.push_back(name);
|
||
} else {
|
||
file_names.push_back(name);
|
||
}
|
||
}
|
||
|
||
ASSERT_TRUE(std::ranges::is_sorted(dir_names))
|
||
<< "Directory names are not in alphabetical order";
|
||
ASSERT_TRUE(std::ranges::is_sorted(file_names))
|
||
<< "File names are not in alphabetical order";
|
||
}
|
||
|
||
// Test: every entry returned by build_browse_entries has the required fields
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_EachEntryHasRequiredFields) {
|
||
const auto entries = confighttp::build_browse_entries(browse_test_dir, "any");
|
||
ASSERT_FALSE(entries.empty());
|
||
for (const auto &e : entries) {
|
||
ASSERT_TRUE(e.contains("name")) << "Entry missing 'name' field";
|
||
ASSERT_TRUE(e.contains("type")) << "Entry missing 'type' field";
|
||
ASSERT_TRUE(e.contains("path")) << "Entry missing 'path' field";
|
||
const std::string type = e["type"].get<std::string>();
|
||
ASSERT_TRUE(type == "directory" || type == "file")
|
||
<< "Unexpected entry type: " << type;
|
||
}
|
||
}
|
||
|
||
// Test: build_browse_entries on an empty directory returns an empty array
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_EmptyDirectory_ReturnsEmptyArray) {
|
||
const std::filesystem::path empty_dir = browse_test_dir / "empty_subdir_for_test";
|
||
std::filesystem::create_directory(empty_dir);
|
||
|
||
const auto entries = confighttp::build_browse_entries(empty_dir, "any");
|
||
|
||
std::filesystem::remove(empty_dir);
|
||
|
||
ASSERT_TRUE(entries.is_array());
|
||
ASSERT_TRUE(entries.empty());
|
||
}
|
||
|
||
// Test: build_browse_entries on a non-existent path returns an empty array (does not throw)
|
||
TEST_F(BrowseDirectoryTest, BuildBrowseEntries_NonexistentDirectory_ReturnsEmptyArray) {
|
||
const auto entries = confighttp::build_browse_entries("/sunshine_nonexistent_dir_xyz_99999", "any");
|
||
ASSERT_TRUE(entries.is_array());
|
||
ASSERT_TRUE(entries.empty());
|
||
}
|
||
|
||
#ifdef _WIN32
|
||
// Test: get_windows_drives returns at least one drive
|
||
TEST_F(BrowseDirectoryTest, GetWindowsDrives_ReturnsAtLeastOneDrive) {
|
||
const auto drives = confighttp::get_windows_drives();
|
||
ASSERT_TRUE(drives.is_array());
|
||
ASSERT_GT(drives.size(), 0u);
|
||
}
|
||
|
||
// Test: get_windows_drives entries have correct name/type/path fields
|
||
TEST_F(BrowseDirectoryTest, GetWindowsDrives_EntriesHaveCorrectFormat) {
|
||
for (const auto drives = confighttp::get_windows_drives(); const auto &drive : drives) {
|
||
ASSERT_TRUE(drive.contains("name"));
|
||
ASSERT_TRUE(drive.contains("type"));
|
||
ASSERT_TRUE(drive.contains("path"));
|
||
ASSERT_EQ(drive["type"].get<std::string>(), "directory");
|
||
const std::string name = drive["name"].get<std::string>();
|
||
ASSERT_EQ(name.size(), 3u) << "Drive name should be 3 chars, e.g. 'C:\\'";
|
||
ASSERT_TRUE(std::isalpha(static_cast<unsigned char>(name[0])));
|
||
ASSERT_EQ(name[1], ':');
|
||
ASSERT_EQ(name[2], '\\');
|
||
ASSERT_EQ(drive["path"].get<std::string>(), name);
|
||
}
|
||
}
|
||
#endif
|