fabi/Mangalord
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e92c581c7b4322ca565a404f53188dc067b8b5a6
Mangalord/backend/tests/api_mangas.rs
MechaCat02 a92f6f70e2 feat: multipart manga + chapter uploads with magic-byte MIME sniff 
POST /api/v1/mangas and POST /api/v1/mangas/{id}/chapters now accept
multipart/form-data, gated by CurrentUser:

- /mangas: required `metadata` part (NewManga JSON) + optional `cover`
  image part.
- /mangas/{id}/chapters: required `metadata` (NewChapter JSON) + one or
  more `page` parts ordered by arrival. Returns 404 if the parent manga
  doesn't exist, 409 on duplicate (manga_id, number).

MIME is sniffed via the `infer` crate (magic bytes), not the
client-supplied filename or Content-Type. Whitelist:
jpeg / png / webp / gif / avif. Anything else → 415
unsupported_media_type. The stored key's extension is derived from the
sniffed type so a "page1.png" that's actually a JPEG lands as `.jpg`.

Size cap is two-layer:
- Request body cap (config.max_request_bytes, default 200 MiB) enforced
  by axum's DefaultBodyLimit before the handler sees the request.
- Per-image-part cap (config.max_file_bytes, default 20 MiB) enforced
  after reading the part, so a single oversized image can't pass even
  if the total request fits.

Storage keys follow the layout documented in CLAUDE.md:
- mangas/{manga_id}/cover.{ext}
- mangas/{manga_id}/chapters/{chapter_id}/pages/{nnnn}.{ext} (1-indexed).

AppError grows PayloadTooLarge/UnsupportedMediaType/ValidationFailed
(413 / 415 / 422). ValidationFailed carries a `details` JSON object the
client can use to highlight bad fields (e.g. {"title":"required"}).
Top-level matching in code() stays exhaustive.

Backend coverage in tests/api_uploads.rs (10 cases):
- create_manga_with_cover_stores_image — file is reachable via
  /api/v1/files/{key} with the right Content-Type.
- create_manga_without_cover_leaves_path_null.
- create_manga_rejects_non_image_cover_with_415 — PDF claimed as png.
- create_manga_rejects_oversized_cover_with_413.
- create_chapter_with_pages_stores_each — extension derived from
  sniffed MIME, files reachable in arrival order.
- create_chapter_rejects_when_no_pages_with_422 — details.page set.
- create_chapter_rejects_renamed_non_image_page → 415.
- create_chapter_returns_409_on_duplicate_number.
- create_chapter_requires_authentication → 401.
- create_chapter_under_unknown_manga_is_404.

Existing tests/api_mangas.rs is migrated to multipart; the create
response is now 201 Created. tests/common::MultipartBuilder builds the
body by hand so the test crate stays free of HTTP-client deps.

Frontend lib/api/mangas.ts: createManga now sends FormData (metadata +
optional cover Blob). Browser fills in the boundary header automatically.
Vitest asserts the FormData structure via FileReader (jsdom doesn't
implement Blob.text()).

E2E tests wait for the post-hydration nav-login link before
interacting with the login form, fixing a flake where pre-hydration
clicks would submit via the browser default and bypass our handler.

Lockstep version bump to 0.5.0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 22:21:10 +02:00

180 lines
5.6 KiB
Rust
Raw Blame History

mod common;
use axum::http::StatusCode;
use serde_json::json;
use sqlx::PgPool;
use tower::ServiceExt;
use common::MultipartBuilder;
fn metadata(title: &str) -> serde_json::Value {
json!({ "title": title })
}
#[sqlx::test(migrations = "./migrations")]
async fn list_is_empty_initially(pool: PgPool) {
let h = common::harness(pool);
let resp = h.app.oneshot(common::get("/api/v1/mangas")).await.unwrap();
assert_eq!(resp.status(), StatusCode::OK);
let body = common::body_json(resp).await;
assert_eq!(body["items"], json!([]));
assert_eq!(body["page"]["limit"], 50);
assert_eq!(body["page"]["offset"], 0);
assert!(body["page"]["total"].is_null());
}
#[sqlx::test(migrations = "./migrations")]
async fn create_then_list_roundtrip(pool: PgPool) {
let h = common::harness(pool);
let (_, cookie) = common::register_user(&h.app).await;
let created = h
.app
.clone()
.oneshot(common::post_multipart_with_cookie(
"/api/v1/mangas",
MultipartBuilder::new().add_json(
"metadata",
json!({ "title": "Berserk", "author": "Kentaro Miura", "description": null }),
),
&cookie,
))
.await
.unwrap();
assert_eq!(created.status(), StatusCode::CREATED);
let body = common::body_json(created).await;
assert_eq!(body["title"], "Berserk");
assert_eq!(body["author"], "Kentaro Miura");
assert!(body["id"].as_str().is_some());
let listed = h.app.oneshot(common::get("/api/v1/mangas")).await.unwrap();
let listed_body = common::body_json(listed).await;
let items = listed_body["items"].as_array().unwrap();
assert_eq!(items.len(), 1);
assert_eq!(items[0]["title"], "Berserk");
}
#[sqlx::test(migrations = "./migrations")]
async fn search_filters_by_title_and_author(pool: PgPool) {
let h = common::harness(pool);
let (_, cookie) = common::register_user(&h.app).await;
for (title, author) in [
("One Piece", "Eiichiro Oda"),
("Berserk", "Kentaro Miura"),
("Vinland Saga", "Makoto Yukimura"),
] {
let _ = h
.app
.clone()
.oneshot(common::post_multipart_with_cookie(
"/api/v1/mangas",
MultipartBuilder::new()
.add_json("metadata", json!({ "title": title, "author": author })),
&cookie,
))
.await
.unwrap();
}
let resp = h
.app
.clone()
.oneshot(common::get("/api/v1/mangas?search=miura"))
.await
.unwrap();
let body = common::body_json(resp).await;
let titles: Vec<&str> = body["items"]
.as_array()
.unwrap()
.iter()
.map(|m| m["title"].as_str().unwrap())
.collect();
assert_eq!(titles, vec!["Berserk"]);
let resp = h
.app
.oneshot(common::get("/api/v1/mangas?search=saga"))
.await
.unwrap();
let body = common::body_json(resp).await;
let titles: Vec<&str> = body["items"]
.as_array()
.unwrap()
.iter()
.map(|m| m["title"].as_str().unwrap())
.collect();
assert_eq!(titles, vec!["Vinland Saga"]);
}
#[sqlx::test(migrations = "./migrations")]
async fn create_rejects_empty_title_with_validation_failed(pool: PgPool) {
let h = common::harness(pool);
let (_, cookie) = common::register_user(&h.app).await;
let resp = h
.app
.oneshot(common::post_multipart_with_cookie(
"/api/v1/mangas",
MultipartBuilder::new().add_json("metadata", metadata(" ")),
&cookie,
))
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY);
let body = common::body_json(resp).await;
assert_eq!(body["error"]["code"], "validation_failed");
assert!(body["error"]["details"]["title"].is_string());
}
#[sqlx::test(migrations = "./migrations")]
async fn create_rejects_missing_metadata_part(pool: PgPool) {
let h = common::harness(pool);
let (_, cookie) = common::register_user(&h.app).await;
let resp = h
.app
.oneshot(common::post_multipart_with_cookie(
"/api/v1/mangas",
MultipartBuilder::new(), // no metadata part
&cookie,
))
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY);
let body = common::body_json(resp).await;
assert_eq!(body["error"]["code"], "validation_failed");
assert_eq!(body["error"]["details"]["metadata"], "required");
}
#[sqlx::test(migrations = "./migrations")]
async fn create_requires_authentication(pool: PgPool) {
let h = common::harness(pool);
let resp = h
.app
.oneshot(common::post_multipart(
"/api/v1/mangas",
MultipartBuilder::new().add_json("metadata", metadata("Berserk")),
))
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
let body = common::body_json(resp).await;
assert_eq!(body["error"]["code"], "unauthenticated");
}
#[sqlx::test(migrations = "./migrations")]
async fn get_unknown_id_is_404_with_envelope(pool: PgPool) {
let h = common::harness(pool);
let resp = h
.app
.oneshot(common::get(
"/api/v1/mangas/00000000-0000-0000-0000-000000000000",
))
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
let body = common::body_json(resp).await;
assert_eq!(body["error"]["code"], "not_found");
let msg = body["error"]["message"].as_str().expect("message is string");
assert!(!msg.is_empty(), "message should be non-empty");
}
Reference in New Issue View Git Blame Copy Permalink