package handler import ( "context" "encoding/json" "net/http" "net/http/httptest" "os" "path/filepath" "testing" "codeberg.org/VARASYS/ZDDC/zddc/internal/config" "codeberg.org/VARASYS/ZDDC/zddc/internal/zddc" ) // TestServeDirectoryRootIsPublic asserts that the landing page (the root // directory listing) is reachable by anyone, including anonymous callers // whose email is empty AND whose access would be denied by a restrictive // root .zddc. Per-project filtering inside fs.ListDirectory still hides // directories the caller can't reach (separately verified below). // // The behavior was changed when "Everyone needs to have access to the // landing page" became the explicit requirement; this test is the // regression guard. func TestServeDirectoryRootIsPublic(t *testing.T) { root := t.TempDir() // Restrictive root .zddc — only admin@example.com is allowed by ACL, // nothing else. A user without that email would have been 403'd before // the bypass. if err := os.WriteFile(filepath.Join(root, ".zddc"), []byte("admins:\n - admin@example.com\nacl:\n permissions:\n admin@example.com: rwcd\n"), 0o644); err != nil { t.Fatalf("write root .zddc: %v", err) } // One project visible to everyone, one only to admin. for _, name := range []string{"PublicProj", "PrivateProj"} { if err := os.MkdirAll(filepath.Join(root, name), 0o755); err != nil { t.Fatalf("mkdir %s: %v", name, err) } } if err := os.WriteFile(filepath.Join(root, "PublicProj", ".zddc"), []byte("acl:\n permissions:\n \"*\": rwcd\n"), 0o644); err != nil { t.Fatalf("write PublicProj .zddc: %v", err) } if err := os.WriteFile(filepath.Join(root, "PrivateProj", ".zddc"), []byte("acl:\n permissions:\n admin@example.com: rwcd\n"), 0o644); err != nil { t.Fatalf("write PrivateProj .zddc: %v", err) } cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"} t.Run("anonymous JSON GET / does not 403", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) req.Header.Set("Accept", "application/json") // Anonymous: empty email in context. req = req.WithContext(context.WithValue(req.Context(), EmailKey, "")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusOK { t.Fatalf("status = %d, want 200 (root is public); body = %s", rec.Code, rec.Body.String()) } }) t.Run("anonymous JSON GET / hides private projects", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) req.Header.Set("Accept", "application/json") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusOK { t.Fatalf("status = %d, want 200; body = %s", rec.Code, rec.Body.String()) } var entries []map[string]any if err := json.Unmarshal(rec.Body.Bytes(), &entries); err != nil { t.Fatalf("invalid JSON: %v\n%s", err, rec.Body.String()) } names := map[string]bool{} for _, e := range entries { if n, ok := e["name"].(string); ok { names[n] = true } } if !names["PublicProj/"] { t.Errorf("PublicProj missing from anonymous listing: %v", names) } if names["PrivateProj/"] { t.Errorf("PrivateProj leaked to anonymous listing: %v", names) } }) t.Run("admin JSON GET / sees both projects", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) req.Header.Set("Accept", "application/json") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "admin@example.com")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusOK { t.Fatalf("admin status = %d, want 200", rec.Code) } var entries []map[string]any if err := json.Unmarshal(rec.Body.Bytes(), &entries); err != nil { t.Fatalf("invalid JSON: %v", err) } if len(entries) != 2 { t.Errorf("admin should see both projects; got %d", len(entries)) } }) t.Run("anonymous still gets 403 on private subdirectory", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/PrivateProj/", nil) req.Header.Set("Accept", "application/json") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusForbidden { t.Errorf("private subdir for anonymous: status = %d, want 403", rec.Code) } }) } // TestServeDirectoryRedirectsTableRowsDir asserts that an HTML GET on a // directory containing a table.yaml bounces to that dir's table.html URL // (in-dir convention: //table.html serves the table view, the row // YAMLs are siblings of table.yaml). JSON GETs fall through to the // listing so the table client can still enumerate row files. func TestServeDirectoryRedirectsTableRowsDir(t *testing.T) { root := t.TempDir() mdlDir := filepath.Join(root, "Working", "MDL") if err := os.MkdirAll(mdlDir, 0o755); err != nil { t.Fatal(err) } if err := os.WriteFile(filepath.Join(mdlDir, "table.yaml"), []byte(sampleTableSpec), 0o644); err != nil { t.Fatal(err) } if err := os.WriteFile(filepath.Join(mdlDir, "form.yaml"), []byte(sampleRowFormSpec), 0o644); err != nil { t.Fatal(err) } if err := os.WriteFile(filepath.Join(root, "Working", ".zddc"), []byte(`acl: permissions: "*@example.com": rwcda `), 0o644); err != nil { t.Fatal(err) } zddc.InvalidateCache(root) cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"} t.Run("HTML GET on dir with table.yaml redirects to table.html", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/Working/MDL/", nil) req.Header.Set("Accept", "text/html") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusFound { t.Fatalf("status = %d, want 302; body = %s", rec.Code, rec.Body.String()) } if got, want := rec.Header().Get("Location"), "/Working/MDL/table.html"; got != want { t.Errorf("Location = %q, want %q", got, want) } }) t.Run("JSON GET on dir with table.yaml falls through to listing", func(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/Working/MDL/", nil) req.Header.Set("Accept", "application/json") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code != http.StatusOK { t.Fatalf("status = %d, want 200; body = %s", rec.Code, rec.Body.String()) } if ct := rec.Header().Get("Content-Type"); ct != "application/json" { t.Errorf("Content-Type = %q, want application/json", ct) } }) t.Run("HTML GET on plain dir is not redirected", func(t *testing.T) { // Sibling dir without a table.yaml — no redirect. if err := os.MkdirAll(filepath.Join(root, "Working", "Other"), 0o755); err != nil { t.Fatal(err) } req := httptest.NewRequest(http.MethodGet, "/Working/Other/", nil) req.Header.Set("Accept", "text/html") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) if rec.Code == http.StatusFound { t.Fatalf("got 302 to %q for non-table dir", rec.Header().Get("Location")) } }) } // TestServeDirectoryDefaultMdlNoRedirect covers the default-MDL case: // when no on-disk table.yaml exists, archive//mdl/ (slash form) // no longer redirects to mdl/table.html. Per the slash/no-slash // convention, the slash form is the browse view; the no-slash form // /Project/archive/Acme/mdl serves the tables app via the dispatcher. // User-declared tables with a real table.yaml on disk DO still // redirect (see TestServeDirectoryRedirectsRealTable). func TestServeDirectoryDefaultMdlNoRedirect(t *testing.T) { root := t.TempDir() if err := os.WriteFile(filepath.Join(root, ".zddc"), []byte("acl:\n permissions:\n \"*@example.com\": rwcda\n"), 0o644); err != nil { t.Fatal(err) } mdlDir := filepath.Join(root, "Project", "archive", "Acme", "mdl") if err := os.MkdirAll(mdlDir, 0o755); err != nil { t.Fatal(err) } zddc.InvalidateCache(root) cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"} req := httptest.NewRequest(http.MethodGet, "/Project/archive/Acme/mdl/", nil) req.Header.Set("Accept", "text/html") req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com")) rec := httptest.NewRecorder() ServeDirectory(cfg, nil, rec, req) // Should NOT redirect to /table.html — slash form is browse, not tables. if rec.Code == http.StatusFound { t.Fatalf("got 302 redirect to %q, want browse view (200)", rec.Header().Get("Location")) } }