ad0284585b
Goon — self-hosted aggregator for adult-content scene metadata. Indexes scenes from TPDB, StashDB, and 30+ public adult tube sites. Cross-source deduplication via perceptual hash + Levenshtein distance. FastAPI backend + APScheduler worker + React Native (Expo) mobile client. FOSS, ad-free, donation-funded. See README for details.
66 lines
2.3 KiB
Python
66 lines
2.3 KiB
Python
"""Auth dependency — sprawdza że bez API_KEYS przepuszcza, a z API_KEYS wymaga klucza.
|
|
|
|
Endpointy /healthz i /readyz są poza auth (sprawdzane wprost), reszta przez dependency.
|
|
Testujemy bezpośrednio na funkcji `require_api_key`, niezależnie od DB.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
from app.auth import require_api_key
|
|
from app.config import get_settings
|
|
|
|
|
|
def _reset_settings_cache() -> None:
|
|
get_settings.cache_clear()
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _restore_env(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
# Każdy test startuje z czystą wartością API_KEYS i wyczyszczonym cache.
|
|
# setenv("") nadpisuje też wartość z .env (delenv tylko usuwa z os.environ).
|
|
monkeypatch.setenv("API_KEYS", "")
|
|
_reset_settings_cache()
|
|
yield
|
|
_reset_settings_cache()
|
|
|
|
|
|
def test_disabled_when_api_keys_empty() -> None:
|
|
# Z pustym API_KEYS auth jest disabled — przepuszcza nawet bez headera.
|
|
require_api_key(x_api_key=None, authorization=None)
|
|
|
|
|
|
def test_accepts_x_api_key_header(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
monkeypatch.setenv("API_KEYS", "alice-secret,bob-secret")
|
|
_reset_settings_cache()
|
|
require_api_key(x_api_key="alice-secret", authorization=None)
|
|
|
|
|
|
def test_accepts_bearer_authorization(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
monkeypatch.setenv("API_KEYS", "alice-secret")
|
|
_reset_settings_cache()
|
|
require_api_key(x_api_key=None, authorization="Bearer alice-secret")
|
|
|
|
|
|
def test_rejects_unknown_key(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
monkeypatch.setenv("API_KEYS", "alice-secret")
|
|
_reset_settings_cache()
|
|
with pytest.raises(HTTPException) as exc:
|
|
require_api_key(x_api_key="hacker", authorization=None)
|
|
assert exc.value.status_code == 401
|
|
|
|
|
|
def test_rejects_missing_when_enabled(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
monkeypatch.setenv("API_KEYS", "alice-secret")
|
|
_reset_settings_cache()
|
|
with pytest.raises(HTTPException) as exc:
|
|
require_api_key(x_api_key=None, authorization=None)
|
|
assert exc.value.status_code == 401
|
|
|
|
|
|
def test_settings_parses_csv_keys_with_whitespace(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
monkeypatch.setenv("API_KEYS", " alice , bob ,, charlie ")
|
|
_reset_settings_cache()
|
|
keys = get_settings().api_keys
|
|
assert keys == {"alice", "bob", "charlie"}
|