ee070d8878
Adds a per-tick cover-backfill pass to the crawler daemon so mangas whose cover download failed on first attempt get retried — the metadata pass's early-stop optimisation otherwise prevents the walk from revisiting them. Adds admin-only POST /admin/mangas/:id/resync and POST /admin/chapters/:id/resync that refetch metadata + cover (or chapter content with force_refetch) from the crawler source synchronously and return the refreshed row. Surfaced in the UI as "Force resync" buttons on the manga detail and reader pages, admin-only via session.user.is_admin. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
259 lines
9.1 KiB
Rust
259 lines
9.1 KiB
Rust
//! PR 1 (feat/admin-role) integration tests.
|
|
//!
|
|
//! Covers: `bootstrap_admin` semantics, `is_admin` exposed on /auth/me,
|
|
//! and the `RequireAdmin` extractor's 401/403/200 matrix — including the
|
|
//! load-bearing decision that Bearer-authed callers can NEVER reach an
|
|
//! admin-guarded route, even when the underlying user IS admin.
|
|
|
|
mod common;
|
|
|
|
use std::sync::Arc;
|
|
|
|
use axum::http::StatusCode;
|
|
use axum::routing::get;
|
|
use axum::{Json, Router};
|
|
use serde_json::json;
|
|
use sqlx::PgPool;
|
|
use tempfile::TempDir;
|
|
use tower::ServiceExt;
|
|
|
|
use mangalord::api;
|
|
use mangalord::app::AppState;
|
|
use mangalord::auth::extractor::RequireAdmin;
|
|
use mangalord::auth::rate_limit::AuthRateLimiter;
|
|
use mangalord::config::{AuthConfig, UploadConfig};
|
|
use mangalord::repo;
|
|
use mangalord::storage::{LocalStorage, Storage};
|
|
|
|
/// Test-only handler guarded by `RequireAdmin`. Lets the test suite assert
|
|
/// the extractor's behaviour end-to-end without depending on an admin
|
|
/// endpoint existing yet (those land in PR 2+).
|
|
async fn admin_only_handler(RequireAdmin(user): RequireAdmin) -> Json<serde_json::Value> {
|
|
Json(json!({ "username": user.username, "is_admin": user.is_admin }))
|
|
}
|
|
|
|
/// Build a router that exposes the production /api/v1/* AND a test-only
|
|
/// `/_test/admin_only` route guarded by `RequireAdmin`. Pool is consumed;
|
|
/// callers that want to inspect the DB after a request should clone it.
|
|
fn admin_test_router(pool: PgPool) -> (Router, TempDir) {
|
|
let storage_dir = tempfile::tempdir().expect("tempdir");
|
|
let storage: Arc<dyn Storage> = Arc::new(LocalStorage::new(storage_dir.path()));
|
|
let auth = AuthConfig {
|
|
cookie_secure: false,
|
|
..AuthConfig::default()
|
|
};
|
|
let auth_limiter = Arc::new(AuthRateLimiter::new(auth.rate_limit));
|
|
let state = AppState {
|
|
db: pool,
|
|
storage,
|
|
auth,
|
|
upload: UploadConfig::default(),
|
|
auth_limiter,
|
|
resync: None,
|
|
};
|
|
let app = Router::new()
|
|
.nest("/api/v1", api::routes())
|
|
.route("/_test/admin_only", get(admin_only_handler))
|
|
.with_state(state);
|
|
(app, storage_dir)
|
|
}
|
|
|
|
// ---- bootstrap_admin -------------------------------------------------------
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn bootstrap_creates_admin_when_user_missing(pool: PgPool) {
|
|
repo::user::bootstrap_admin(&pool, "root", "hunter2hunter2")
|
|
.await
|
|
.expect("bootstrap on empty DB");
|
|
|
|
let user = repo::user::find_by_username(&pool, "root")
|
|
.await
|
|
.unwrap()
|
|
.expect("root user exists after bootstrap");
|
|
assert!(user.is_admin, "bootstrap must set is_admin = true on creation");
|
|
|
|
// Password hash must verify the env-supplied password (and not be empty).
|
|
assert!(
|
|
mangalord::auth::password::verify_password("hunter2hunter2", &user.password_hash),
|
|
"bootstrap-created user must accept the env-supplied password"
|
|
);
|
|
}
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn bootstrap_promotes_existing_user_without_touching_password(pool: PgPool) {
|
|
// Pre-existing user, not admin. Use the real register path so the
|
|
// hash format matches production exactly.
|
|
let (app, _td) = admin_test_router(pool.clone());
|
|
let resp = app
|
|
.oneshot(common::post_json(
|
|
"/api/v1/auth/register",
|
|
json!({ "username": "preexisting", "password": "originalpw1234" }),
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::CREATED);
|
|
|
|
let before = repo::user::find_by_username(&pool, "preexisting")
|
|
.await
|
|
.unwrap()
|
|
.unwrap();
|
|
assert!(!before.is_admin);
|
|
let original_hash = before.password_hash.clone();
|
|
|
|
// Bootstrap with a DIFFERENT password — must not overwrite the hash.
|
|
repo::user::bootstrap_admin(&pool, "preexisting", "envpw_should_be_ignored")
|
|
.await
|
|
.expect("bootstrap on existing user");
|
|
|
|
let after = repo::user::find_by_username(&pool, "preexisting")
|
|
.await
|
|
.unwrap()
|
|
.unwrap();
|
|
assert!(after.is_admin, "bootstrap must promote existing user");
|
|
assert_eq!(
|
|
after.password_hash, original_hash,
|
|
"bootstrap must NOT overwrite the existing password hash"
|
|
);
|
|
assert!(
|
|
mangalord::auth::password::verify_password("originalpw1234", &after.password_hash),
|
|
"original password must still verify after bootstrap"
|
|
);
|
|
}
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn bootstrap_is_idempotent(pool: PgPool) {
|
|
repo::user::bootstrap_admin(&pool, "root", "hunter2hunter2")
|
|
.await
|
|
.expect("first bootstrap");
|
|
repo::user::bootstrap_admin(&pool, "root", "hunter2hunter2")
|
|
.await
|
|
.expect("second bootstrap is no-op");
|
|
|
|
// Exactly one row, still admin.
|
|
let (count,): (i64,) = sqlx::query_as("SELECT COUNT(*) FROM users WHERE username = $1")
|
|
.bind("root")
|
|
.fetch_one(&pool)
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(count, 1);
|
|
}
|
|
|
|
// ---- /api/v1/auth/me exposes is_admin --------------------------------------
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn auth_me_response_includes_is_admin(pool: PgPool) {
|
|
let (app, _td) = admin_test_router(pool.clone());
|
|
let (_username, cookie) = common::register_user(&app).await;
|
|
let resp = app
|
|
.oneshot(common::get_with_cookie("/api/v1/auth/me", &cookie))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
let body = common::body_json(resp).await;
|
|
assert_eq!(
|
|
body["user"]["is_admin"], false,
|
|
"freshly-registered users default to is_admin=false"
|
|
);
|
|
}
|
|
|
|
// ---- RequireAdmin: 401 / 403 / 200 matrix ----------------------------------
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn require_admin_rejects_unauthenticated(pool: PgPool) {
|
|
let (app, _td) = admin_test_router(pool);
|
|
let resp = app
|
|
.oneshot(common::get("/_test/admin_only"))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
|
|
}
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn require_admin_rejects_non_admin_cookie(pool: PgPool) {
|
|
let (app, _td) = admin_test_router(pool);
|
|
let (_username, cookie) = common::register_user(&app).await;
|
|
let resp = app
|
|
.oneshot(common::get_with_cookie("/_test/admin_only", &cookie))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::FORBIDDEN);
|
|
let body = common::body_json(resp).await;
|
|
assert_eq!(body["error"]["code"], "forbidden");
|
|
}
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn require_admin_accepts_admin_cookie(pool: PgPool) {
|
|
let (app, _td) = admin_test_router(pool.clone());
|
|
let (username, cookie) = common::register_user(&app).await;
|
|
// Promote via the repo (the admin-users API doesn't exist yet).
|
|
let u = repo::user::find_by_username(&pool, &username)
|
|
.await
|
|
.unwrap()
|
|
.unwrap();
|
|
repo::user::set_is_admin_unchecked(&pool, u.id, true).await.unwrap();
|
|
|
|
let resp = app
|
|
.oneshot(common::get_with_cookie("/_test/admin_only", &cookie))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
let body = common::body_json(resp).await;
|
|
assert_eq!(body["username"], username);
|
|
assert_eq!(body["is_admin"], true);
|
|
}
|
|
|
|
#[sqlx::test(migrations = "./migrations")]
|
|
async fn require_admin_rejects_bearer_token_even_for_admin_user(pool: PgPool) {
|
|
// Key privilege-escalation test: an API token belonging to an admin user
|
|
// must NOT grant admin authority. Bot tokens are excluded from admin
|
|
// routes by design (the RequireAdmin extractor only accepts session
|
|
// cookies). See cross-cutting decision #1 in the PR plan.
|
|
let (app, _td) = admin_test_router(pool.clone());
|
|
let (username, cookie) = common::register_user(&app).await;
|
|
|
|
// Promote to admin and mint an API token (the existing /auth/tokens
|
|
// endpoint authenticates via the same cookie).
|
|
let u = repo::user::find_by_username(&pool, &username)
|
|
.await
|
|
.unwrap()
|
|
.unwrap();
|
|
repo::user::set_is_admin_unchecked(&pool, u.id, true).await.unwrap();
|
|
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(common::post_json_with_cookie(
|
|
"/api/v1/auth/tokens",
|
|
json!({ "name": "test-bot" }),
|
|
&cookie,
|
|
))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::CREATED);
|
|
let body = common::body_json(resp).await;
|
|
let token = body["bearer"]
|
|
.as_str()
|
|
.expect("raw bearer token in response")
|
|
.to_string();
|
|
|
|
// Sanity: the bearer DOES work on a non-admin endpoint (proves the
|
|
// token is valid, isolating the failure below to the admin guard).
|
|
let resp = app
|
|
.clone()
|
|
.oneshot(common::get_with_bearer("/api/v1/auth/me", &token))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
|
|
// Same token, same admin user, but on the admin-guarded route → 401
|
|
// (no session cookie present at all from the extractor's POV).
|
|
let resp = app
|
|
.oneshot(common::get_with_bearer("/_test/admin_only", &token))
|
|
.await
|
|
.unwrap();
|
|
assert_eq!(
|
|
resp.status(),
|
|
StatusCode::UNAUTHORIZED,
|
|
"Bearer-authed admin must NOT pass the RequireAdmin guard"
|
|
);
|
|
}
|