veza/veza-backend-api/internal/integration/e2e_cloud_test.go

//go:build integration
// +build integration

package integration

import (
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestE2E_CloudUploadPreviewPublish(t *testing.T) {
	router, cleanup := setupE2ETestRouter(t)
	defer cleanup()
	ts := httptest.NewServer(router)
	defer ts.Close()

	t.Run("cloud quota endpoint requires auth", func(t *testing.T) {
		resp, err := http.Get(ts.URL + "/api/v1/cloud/quota")
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("cloud folders endpoint requires auth", func(t *testing.T) {
		resp, err := http.Get(ts.URL + "/api/v1/cloud/folders")
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("cloud files endpoint requires auth", func(t *testing.T) {
		resp, err := http.Get(ts.URL + "/api/v1/cloud/files")
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("cloud file upload requires auth", func(t *testing.T) {
		resp, err := http.Post(ts.URL+"/api/v1/cloud/files", "multipart/form-data", nil)
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("cloud stream endpoint requires auth", func(t *testing.T) {
		resp, err := http.Get(ts.URL + "/api/v1/cloud/files/00000000-0000-0000-0000-000000000000/stream")
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("cloud publish endpoint requires auth", func(t *testing.T) {
		resp, err := http.Post(ts.URL+"/api/v1/cloud/files/00000000-0000-0000-0000-000000000000/publish", "application/json", nil)
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusBadRequest)
	})

	t.Run("public gear endpoint works without auth", func(t *testing.T) {
		resp, err := http.Get(ts.URL + "/api/v1/users/testuser/gear")
		require.NoError(t, err)
		defer resp.Body.Close()
		assert.Equal(t, http.StatusOK, resp.StatusCode)

		var result map[string]interface{}
		json.NewDecoder(resp.Body).Decode(&result)
		assert.NotNil(t, result["items"])
	})
}
feat(v0.501): Sprint 5 -- integration, tests, and cleanup - INT-01: Add E2E streaming tests (upload -> HLS auth) - INT-02: Add E2E cloud tests (CRUD auth, public gear) - INT-03: Split track/handler.go into 4 focused sub-handlers - INT-04: Create migration squash script + MIGRATIONS.md - INT-05: Add Trivy container image scanning CI workflow - INT-06: Replace production console.log with structured logger 2026-02-22 17:40:07 +00:00			`//go:build integration`
			`// +build integration`

			`package integration`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestE2E_CloudUploadPreviewPublish(t *testing.T) {`
			`router, cleanup := setupE2ETestRouter(t)`
			`defer cleanup()`
			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

			`t.Run("cloud quota endpoint requires auth", func(t *testing.T) {`
			`resp, err := http.Get(ts.URL + "/api/v1/cloud/quota")`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("cloud folders endpoint requires auth", func(t *testing.T) {`
			`resp, err := http.Get(ts.URL + "/api/v1/cloud/folders")`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("cloud files endpoint requires auth", func(t *testing.T) {`
			`resp, err := http.Get(ts.URL + "/api/v1/cloud/files")`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("cloud file upload requires auth", func(t *testing.T) {`
			`resp, err := http.Post(ts.URL+"/api/v1/cloud/files", "multipart/form-data", nil)`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("cloud stream endpoint requires auth", func(t *testing.T) {`
			`resp, err := http.Get(ts.URL + "/api/v1/cloud/files/00000000-0000-0000-0000-000000000000/stream")`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("cloud publish endpoint requires auth", func(t *testing.T) {`
			`resp, err := http.Post(ts.URL+"/api/v1/cloud/files/00000000-0000-0000-0000-000000000000/publish", "application/json", nil)`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.True(t, resp.StatusCode == http.StatusUnauthorized \|\| resp.StatusCode == http.StatusBadRequest)`
			`})`

			`t.Run("public gear endpoint works without auth", func(t *testing.T) {`
			`resp, err := http.Get(ts.URL + "/api/v1/users/testuser/gear")`
			`require.NoError(t, err)`
			`defer resp.Body.Close()`
			`assert.Equal(t, http.StatusOK, resp.StatusCode)`

			`var result map[string]interface{}`
			`json.NewDecoder(resp.Body).Decode(&result)`
			`assert.NotNil(t, result["items"])`
			`})`
			`}`