ZDDC
0ad47561ed
When an HTML GET hits a directory that's the rows-dir of a registered
table — i.e. parent declares `tables: { <name>: ... }` with a valid
spec, OR the default-MDL fallback applies at archive/<party>/mdl/ —
ServeDirectory now 302s to <parent>/<name>.table.html so users land
on the table view instead of a bare browse listing of the row-yaml
files. JSON GETs on the same URL fall through unchanged so the table
client can still enumerate row files.
Detection reuses RecognizeTableRequest: synthesize the equivalent
.table.html URL from the directory request and let the existing
recognizer apply its operator-vs-default-vs-missing-spec rules. No
duplicated validation.
Updates main_test.go's TestDispatchSlashRouting to expect the new
behavior on archive/<party>/mdl/.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
239 lines
8.4 KiB
Go
239 lines
8.4 KiB
Go
package handler
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
|
|
"codeberg.org/VARASYS/ZDDC/zddc/internal/zddc"
|
|
)
|
|
|
|
// TestServeDirectoryRootIsPublic asserts that the landing page (the root
|
|
// directory listing) is reachable by anyone, including anonymous callers
|
|
// whose email is empty AND whose access would be denied by a restrictive
|
|
// root .zddc. Per-project filtering inside fs.ListDirectory still hides
|
|
// directories the caller can't reach (separately verified below).
|
|
//
|
|
// The behavior was changed when "Everyone needs to have access to the
|
|
// landing page" became the explicit requirement; this test is the
|
|
// regression guard.
|
|
func TestServeDirectoryRootIsPublic(t *testing.T) {
|
|
root := t.TempDir()
|
|
|
|
// Restrictive root .zddc — only admin@example.com is allowed by ACL,
|
|
// nothing else. A user without that email would have been 403'd before
|
|
// the bypass.
|
|
if err := os.WriteFile(filepath.Join(root, ".zddc"),
|
|
[]byte("admins:\n - admin@example.com\nacl:\n allow:\n - admin@example.com\n"),
|
|
0o644); err != nil {
|
|
t.Fatalf("write root .zddc: %v", err)
|
|
}
|
|
|
|
// One project visible to everyone, one only to admin.
|
|
for _, name := range []string{"PublicProj", "PrivateProj"} {
|
|
if err := os.MkdirAll(filepath.Join(root, name), 0o755); err != nil {
|
|
t.Fatalf("mkdir %s: %v", name, err)
|
|
}
|
|
}
|
|
if err := os.WriteFile(filepath.Join(root, "PublicProj", ".zddc"),
|
|
[]byte("acl:\n allow: [\"*\"]\n"), 0o644); err != nil {
|
|
t.Fatalf("write PublicProj .zddc: %v", err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(root, "PrivateProj", ".zddc"),
|
|
[]byte("acl:\n allow: [admin@example.com]\n"), 0o644); err != nil {
|
|
t.Fatalf("write PrivateProj .zddc: %v", err)
|
|
}
|
|
|
|
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
|
|
|
|
t.Run("anonymous JSON GET / does not 403", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req.Header.Set("Accept", "application/json")
|
|
// Anonymous: empty email in context.
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, ""))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200 (root is public); body = %s",
|
|
rec.Code, rec.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("anonymous JSON GET / hides private projects", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req.Header.Set("Accept", "application/json")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, ""))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
|
|
var entries []map[string]any
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &entries); err != nil {
|
|
t.Fatalf("invalid JSON: %v\n%s", err, rec.Body.String())
|
|
}
|
|
|
|
names := map[string]bool{}
|
|
for _, e := range entries {
|
|
if n, ok := e["name"].(string); ok {
|
|
names[n] = true
|
|
}
|
|
}
|
|
if !names["PublicProj/"] {
|
|
t.Errorf("PublicProj missing from anonymous listing: %v", names)
|
|
}
|
|
if names["PrivateProj/"] {
|
|
t.Errorf("PrivateProj leaked to anonymous listing: %v", names)
|
|
}
|
|
})
|
|
|
|
t.Run("admin JSON GET / sees both projects", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req.Header.Set("Accept", "application/json")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "admin@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("admin status = %d, want 200", rec.Code)
|
|
}
|
|
|
|
var entries []map[string]any
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &entries); err != nil {
|
|
t.Fatalf("invalid JSON: %v", err)
|
|
}
|
|
if len(entries) != 2 {
|
|
t.Errorf("admin should see both projects; got %d", len(entries))
|
|
}
|
|
})
|
|
|
|
t.Run("anonymous still gets 403 on private subdirectory", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/PrivateProj/", nil)
|
|
req.Header.Set("Accept", "application/json")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, ""))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusForbidden {
|
|
t.Errorf("private subdir for anonymous: status = %d, want 403", rec.Code)
|
|
}
|
|
})
|
|
}
|
|
|
|
// TestServeDirectoryRedirectsTableRowsDir asserts that an HTML GET on a
|
|
// directory that is the rows-dir of a registered table bounces to the
|
|
// canonical <parent>/<name>.table.html URL. JSON GETs on the same URL
|
|
// fall through to the listing so the table client can still enumerate
|
|
// row files.
|
|
func TestServeDirectoryRedirectsTableRowsDir(t *testing.T) {
|
|
root := t.TempDir()
|
|
working := filepath.Join(root, "Working")
|
|
if err := os.MkdirAll(filepath.Join(working, "MDL"), 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.table.yaml"),
|
|
[]byte(sampleTableSpec), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.form.yaml"),
|
|
[]byte(sampleRowFormSpec), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, ".zddc"), []byte(`acl:
|
|
permissions:
|
|
"*@example.com": rwcda
|
|
tables:
|
|
MDL: ./MDL.table.yaml
|
|
`), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
zddc.InvalidateCache(root)
|
|
|
|
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
|
|
|
|
t.Run("HTML GET on rows-dir redirects to .table.html", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/Working/MDL/", nil)
|
|
req.Header.Set("Accept", "text/html")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusFound {
|
|
t.Fatalf("status = %d, want 302; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
if got, want := rec.Header().Get("Location"), "/Working/MDL.table.html"; got != want {
|
|
t.Errorf("Location = %q, want %q", got, want)
|
|
}
|
|
})
|
|
|
|
t.Run("JSON GET on rows-dir falls through to listing", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/Working/MDL/", nil)
|
|
req.Header.Set("Accept", "application/json")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
if ct := rec.Header().Get("Content-Type"); ct != "application/json" {
|
|
t.Errorf("Content-Type = %q, want application/json", ct)
|
|
}
|
|
})
|
|
|
|
t.Run("HTML GET on plain dir is not redirected", func(t *testing.T) {
|
|
// Sibling of the rows dir — same parent .zddc, but the dir name
|
|
// "Other" isn't declared as a table key.
|
|
if err := os.MkdirAll(filepath.Join(working, "Other"), 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
req := httptest.NewRequest(http.MethodGet, "/Working/Other/", nil)
|
|
req.Header.Set("Accept", "text/html")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code == http.StatusFound {
|
|
t.Fatalf("got 302 to %q for non-table dir", rec.Header().Get("Location"))
|
|
}
|
|
})
|
|
}
|
|
|
|
// TestServeDirectoryRedirectsDefaultMdl covers the default-MDL fallback:
|
|
// archive/<party>/mdl/ with no operator .zddc declaration still redirects
|
|
// to <party>/mdl.table.html (the table handler serves embedded defaults).
|
|
func TestServeDirectoryRedirectsDefaultMdl(t *testing.T) {
|
|
root := t.TempDir()
|
|
if err := os.WriteFile(filepath.Join(root, ".zddc"),
|
|
[]byte("acl:\n permissions:\n \"*@example.com\": rwcda\n"), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
mdlDir := filepath.Join(root, "Project", "archive", "Acme", "mdl")
|
|
if err := os.MkdirAll(mdlDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
zddc.InvalidateCache(root)
|
|
|
|
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/Project/archive/Acme/mdl/", nil)
|
|
req.Header.Set("Accept", "text/html")
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "casey@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
ServeDirectory(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusFound {
|
|
t.Fatalf("status = %d, want 302; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
if got, want := rec.Header().Get("Location"), "/Project/archive/Acme/mdl.table.html"; got != want {
|
|
t.Errorf("Location = %q, want %q", got, want)
|
|
}
|
|
}
|