VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/handler/formhandler_test.go
ZDDC e6d9966593 refactor(tables): in-dir convention + unified table+form HTML bundle 
Two intertwined refactors that share too many files to split cleanly.
Both are described separately below.

PART 1 — in-dir convention for table+form spec files

Old layout had the spec at the parent and rows in a child:

    archive/<party>/
      mdl.table.yaml         spec
      mdl.form.yaml          row-edit form
      mdl/                   rows-dir
        row-001.yaml ...

URLs were /<dir>/mdl.table.html and /<dir>/mdl.form.html. Copying
mdl/ elsewhere lost the spec and form because they lived next door.

New layout collapses everything into the rows-dir:

    archive/<party>/mdl/      self-contained
      table.yaml              spec
      form.yaml               row-edit form
      row-001.yaml ...        rows

URLs become /<dir>/mdl/table.html and /<dir>/mdl/form.html. The
"copying-the-folder-takes-everything" property the user asked for
falls out by construction; the row-edit URL /<dir>/<id>.yaml.html
keeps the same shape (spec is now in the same dir, not the
grandparent).

Server changes:

- internal/handler/tablehandler.go RecognizeTableRequest fires on
  /<dir>/table.html when <dir>/table.yaml exists. The .zddc.tables
  alias map is gone — pure presence-based discovery now matches
  the form system's existing convention. Default-MDL fallback at
  archive/<party>/mdl/ stays for the virgin-archive case (the
  rows-dir need not exist on disk; the URL renders fully virtually).

- internal/handler/formhandler.go RecognizeFormRequest fires on
  /<dir>/form.html and /<dir>/<id>.yaml.html with spec at
  <dir>/form.yaml. specEligible accepts on-disk files OR the
  default-MDL virtual path so an empty mdl/ dir still surfaces the
  add-row form.

- internal/handler/tablehandler.go IsDefaultMdlSpec moves to
  serving archive/<party>/mdl/{table,form}.yaml (5 segments after
  ZDDC_ROOT). New isAtArchivePartyMdlLevel predicate; new
  isAtArchivePartyMdlDir for directory-based recognition. New
  IsDefaultMdlSpecAbs accessor for callers that hold an abs path
  rather than a URL (formhandler).

- internal/handler/formhandler.go loadFormSpec(fsRoot, path) falls
  back to embedded default-MDL bytes when os.ReadFile returns
  NotExist AND the path matches the archive-party-mdl shape. Three
  call sites updated to pass cfg.Root.

- internal/handler/formhandler.go serveFormCreate writes
  submissions to filepath.Dir(req.SpecPath) — the spec, the form,
  and rows all live in one directory. The submissionsDir creation
  is idempotent (MkdirAll); cascade falls back one level for ACL
  evaluation when the dir hasn't been materialized yet.

- internal/handler/tablehandler.go tableRowsRedirect now points at
  /<dir>/table.html (was /<dir>.table.html) when the directory
  request maps to a recognized table.

- cmd/zddc-server/main.go dispatch synth flips from
  urlPath + ".table.html" to urlPath + "/table.html" for the
  no-trailing-slash → tables-app routing.

- internal/apps/availability.go DefaultAppAt comment clarified
  that the dir at archive/<party>/mdl/ IS the table (not a child).

Client changes:

- tables/js/context.js walkServer fetches <currentdir>/table.yaml
  directly — no .zddc walk for table declarations. Rows are every
  *.yaml in current dir EXCLUDING table.yaml and form.yaml. The
  .zddc fetch-for-aliases is gated on file:// (online mode 404s
  on .zddc reads via the dispatcher's reserve guard, so skipping
  the request avoids browser console noise).

- tables/js/main.js add-row button links to relative form.html
  (same dir).

- tables/js/render.js + filters.js: every column's autofilter is
  uniformly a text-contains input, even enum columns — keeps the
  filter row visually consistent and doesn't constrain users to
  the enum vocabulary.

PART 2 — unified table+form HTML bundle

The form-render and table-render code paths share field schemas,
the cell editor for excel-mode IS a form widget, and the form
system's POST-back / validation already exists. Combining the two
HTMLs eliminates duplicating jsyaml/jsonschema/theme/source-
detection/.zddc-parsing across two single-file tools.

- tables/template.html grows two top-level mode containers:
  #table-mode (toolbar + sortable table) and #form-mode (form +
  submit button). Both hidden at parse time; the dispatcher
  unhides one. The shared #form-context placeholder was added
  here so the server's existing injectFormContext target
  resolves.

- tables/js/mode.js (new) sets window.zddcMode synchronously
  based on URL pattern: /form.html or /<id>.yaml.html → form,
  /table.html → table, else inline-context fallback for
  file:// (whichever context blob is non-empty wins). Unhides
  the matching container at DOMContentLoaded.

- tables/js/main.js init() and form/js/main.js boot() each guard
  early when mode isn't theirs. Both apps live on different
  globals (window.tablesApp vs window.formApp) so module
  registration doesn't collide.

- form/js/main.js title write falls back from #form-title to
  #table-title (the unified bundle's shared header element)
  when the dedicated id isn't present.

- tables/build.sh concatenates form modules (widgets, render,
  object, array, errors, post, serialize, util) and form CSS.
  No new external deps. Bundle grows from ~95KB to ~120KB.

- internal/handler/formhandler.go drops the //go:embed form.html
  directive; serveFormRender now writes embeddedTablesHTML via
  a small formRenderHTML() accessor (var declared in
  tablehandler.go, same package). The embedded form.html file
  is removed.

- build script: cp form/dist/form.html → internal/handler/form.html
  step is gone (file no longer exists in the source tree). cp
  tables/dist/tables.html → internal/handler/tables.html now
  runs unconditionally rather than only on beta/stable cuts —
  the renderer is a fixed binary component and dev iteration
  needs the embedded copy refreshed every build. Channel-cascaded
  apps (internal/apps/embedded/) stay channel-gated as before.

- form/dist/form.html still builds for standalone offline-only
  use (downloadable from /releases/), but no longer goes into
  the binary.

Tests:

- internal/handler/tablehandler_test.go and formhandler_test.go
  rewritten for the in-dir layout. New test
  TestRecognizeFormRequest_DefaultMdlAtArchiveParty covers
  empty-form, create POST, re-edit row, and the negative cases
  (Working/, non-mdl name) where the fallback must NOT fire.

- internal/handler/directory_test.go updated for the new
  /<dir>/table.html redirect target.

- cmd/zddc-server/main_test.go TestDispatchSlashRouting Location
  expectation updated.

- tests/form-safety.spec.js loads tables/dist/tables.html
  (named form.html in the temp dir to trigger form-mode in the
  dispatcher) so it tests the same bytes the server returns.
  Title-element selector switches to #table-title.

- tests/tables.spec.js updates the status-filter test for the
  uniform text-input filter.

Docs:

- AGENTS.md form-data system rewrites the URL conventions and
  storage layout for in-dir; gains a Tables system section
  parallel to forms describing the self-contained-directory
  property; subfolder rules ("one table per folder by
  construction; subfolders allowed and silently ignored as rows
  — legitimate uses: nested sub-tables, per-row attachments,
  drafts, future history sidecars") so we don't re-derive this.

Not included (deferred):

- ACL gating on cell-level writes — not relevant until Phase 3.
- Editable cells UI — separate commit (Phase 1).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 09:15:26 -05:00

557 lines
18 KiB
Go
Raw Blame History

package handler
import (
"bytes"
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"strings"
"testing"
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
"codeberg.org/VARASYS/ZDDC/zddc/internal/zddc"
)
const sampleFormSpec = `title: Daily Safety Check-In
schema:
type: object
required: [date, location]
additionalProperties: false
properties:
date:
type: string
format: date
location:
type: string
enum: [Site A, Site B]
severity:
type: integer
minimum: 1
maximum: 5
notes:
type: string
ui:
notes:
ui:widget: textarea
`
// formTestSetup writes a directory tree under a temp root including a
// safety.form.yaml at /Working/safety.form.yaml plus optional .zddc files.
// Returns (config, do) where do dispatches a request through ServeForm via
// the same recognize → serve path the production catch-all uses.
func formTestSetup(t *testing.T, zddcFiles map[string]string) (config.Config, func(method, target, email, body string) *httptest.ResponseRecorder) {
t.Helper()
root := t.TempDir()
// Always seed the form spec at /Working/safety/form.yaml — in-dir
// convention puts the spec inside the rows-dir alongside row YAMLs.
safetyDir := filepath.Join(root, "Working", "safety")
if err := os.MkdirAll(safetyDir, 0o755); err != nil {
t.Fatalf("mkdir: %v", err)
}
specPath := filepath.Join(safetyDir, "form.yaml")
if err := os.WriteFile(specPath, []byte(sampleFormSpec), 0o644); err != nil {
t.Fatalf("write spec: %v", err)
}
for rel, body := range zddcFiles {
dir := filepath.Join(root, rel)
if err := os.MkdirAll(dir, 0o755); err != nil {
t.Fatalf("mkdir %s: %v", dir, err)
}
zddc.InvalidateCache(dir)
if body == "" {
continue
}
if err := os.WriteFile(filepath.Join(dir, ".zddc"), []byte(body), 0o644); err != nil {
t.Fatalf("write .zddc: %v", err)
}
}
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
do := func(method, target, email, body string) *httptest.ResponseRecorder {
var req *http.Request
if body != "" {
req = httptest.NewRequest(method, target, bytes.NewReader([]byte(body)))
req.Header.Set("Content-Type", "application/json")
} else {
req = httptest.NewRequest(method, target, nil)
}
ctx := context.WithValue(req.Context(), EmailKey, email)
req = req.WithContext(ctx)
rec := httptest.NewRecorder()
formReq := RecognizeFormRequest(cfg.Root, method, target)
if formReq == nil {
rec.WriteHeader(http.StatusNotFound)
return rec
}
ServeForm(cfg, formReq, rec, req)
return rec
}
return cfg, do
}
func TestRecognizeFormRequest(t *testing.T) {
root := t.TempDir()
if err := os.MkdirAll(filepath.Join(root, "Working", "safety"), 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(root, "Working", "safety", "form.yaml"), []byte("schema:\n type: object\n"), 0o644); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(root, "Working", "safety", "2026-05-01-casey.yaml"), []byte("date: 2026-05-01\n"), 0o644); err != nil {
t.Fatal(err)
}
cases := []struct {
method, url string
wantKind string // "" means expect nil
wantSpec string
wantData string
}{
{"GET", "/Working/safety/form.html", "render-empty", "Working/safety/form.yaml", ""},
{"POST", "/Working/safety/form.html", "create", "Working/safety/form.yaml", ""},
{"GET", "/Working/safety/2026-05-01-casey.yaml.html", "render-edit", "Working/safety/form.yaml", "Working/safety/2026-05-01-casey.yaml"},
{"POST", "/Working/safety/2026-05-01-casey.yaml.html", "update", "Working/safety/form.yaml", "Working/safety/2026-05-01-casey.yaml"},
// No spec → not a form request.
{"GET", "/Working/missing/form.html", "", "", ""},
// Bare .yaml (not .yaml.html) → not a form request, falls through to static.
{"GET", "/Working/safety/2026-05-01-casey.yaml", "", "", ""},
// Random .html → falls through.
{"GET", "/index.html", "", "", ""},
// Wrong method.
{"DELETE", "/Working/safety/form.html", "", "", ""},
// Path traversal attempt.
{"GET", "/../etc/passwd/form.html", "", "", ""},
}
for _, tc := range cases {
t.Run(tc.method+" "+tc.url, func(t *testing.T) {
got := RecognizeFormRequest(root, tc.method, tc.url)
if tc.wantKind == "" {
if got != nil {
t.Errorf("got %+v, want nil", got)
}
return
}
if got == nil {
t.Fatalf("got nil, want kind=%q", tc.wantKind)
}
if got.Kind != tc.wantKind {
t.Errorf("Kind = %q want %q", got.Kind, tc.wantKind)
}
wantSpec := filepath.Join(root, tc.wantSpec)
if got.SpecPath != wantSpec {
t.Errorf("SpecPath = %q want %q", got.SpecPath, wantSpec)
}
if tc.wantData != "" {
wantData := filepath.Join(root, tc.wantData)
if got.DataPath != wantData {
t.Errorf("DataPath = %q want %q", got.DataPath, wantData)
}
} else if got.DataPath != "" {
t.Errorf("DataPath = %q want empty", got.DataPath)
}
})
}
}
// TestRecognizeFormRequest_DefaultMdlAtArchiveParty: archive/<party>/mdl/
// is the one place a form can be served fully virtually — the embedded
// default form.yaml fills in for a missing on-disk spec so the
// "+ Add row" link from the default-MDL table view resolves on a fresh
// archive. Outside archive/<party>/mdl/ the recognizer still requires
// a real spec on disk.
func TestRecognizeFormRequest_DefaultMdlAtArchiveParty(t *testing.T) {
root := t.TempDir()
mustMkdir(t, filepath.Join(root, "Project", "archive", "PartyA"))
// Empty form / create at archive/<party>/mdl/form.html — no spec
// on disk, no mdl/ dir on disk, default-MDL fallback applies.
got := RecognizeFormRequest(root, "GET", "/Project/archive/PartyA/mdl/form.html")
if got == nil || got.Kind != "render-empty" {
t.Fatalf("GET mdl/form.html: got %+v want render-empty via default-MDL fallback", got)
}
if got.SpecPath != filepath.Join(root, "Project", "archive", "PartyA", "mdl", "form.yaml") {
t.Errorf("SpecPath = %q", got.SpecPath)
}
// POST → create.
got = RecognizeFormRequest(root, "POST", "/Project/archive/PartyA/mdl/form.html")
if got == nil || got.Kind != "create" {
t.Fatalf("POST mdl/form.html: got %+v want create", got)
}
// Re-edit (<id>.yaml.html) at archive/<party>/mdl/ — same default
// spec applies. The data file itself must exist on disk; the spec
// is the embedded default in the same directory.
mustMkdir(t, filepath.Join(root, "Project", "archive", "PartyA", "mdl"))
mustWrite(t, filepath.Join(root, "Project", "archive", "PartyA", "mdl", "row-001.yaml"), "trackingNumber: TR-001\n")
got = RecognizeFormRequest(root, "GET", "/Project/archive/PartyA/mdl/row-001.yaml.html")
if got == nil || got.Kind != "render-edit" {
t.Fatalf("GET row-001.yaml.html: got %+v want render-edit", got)
}
// NOT at archive/<party>/mdl/ — default doesn't apply, still 404.
got = RecognizeFormRequest(root, "GET", "/Project/Working/mdl/form.html")
if got != nil {
t.Errorf("Working/mdl/form.html: got %+v want nil (no default outside archive-party-mdl)", got)
}
// Non-mdl directory at archive/<party>/ — no default for arbitrary names.
got = RecognizeFormRequest(root, "GET", "/Project/archive/PartyA/safety/form.html")
if got != nil {
t.Errorf("safety/form.html: got %+v want nil (only mdl has a default)", got)
}
}
// mustMkdir / mustWrite — local copies (the cmd/zddc-server package
// has them but they're test-internal there).
func mustMkdir(t *testing.T, path string) {
t.Helper()
if err := os.MkdirAll(path, 0o755); err != nil {
t.Fatalf("mkdir %s: %v", path, err)
}
}
func mustWrite(t *testing.T, path, body string) {
t.Helper()
if err := os.WriteFile(path, []byte(body), 0o644); err != nil {
t.Fatalf("write %s: %v", path, err)
}
}
func TestRenderEmptyForm(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
rec := do(http.MethodGet, "/Working/safety/form.html", "casey@example.com", "")
if rec.Code != http.StatusOK {
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
}
body := rec.Body.String()
// The placeholder should be replaced with real context content.
if !strings.Contains(body, `<script id="form-context" type="application/json">`) {
t.Fatal("form-context script tag missing from rendered HTML")
}
if strings.Contains(body, `<script id="form-context" type="application/json">{}</script>`) {
t.Fatal("placeholder {} was not replaced")
}
// Title from the form spec should land in the rendered context.
if !strings.Contains(body, "Daily Safety Check-In") {
t.Errorf("expected title in body, got first 500 chars:\n%s", body[:min(500, len(body))])
}
}
func TestRenderEmptyForm_ACLDeny(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["root@example.com"]
`,
})
rec := do(http.MethodGet, "/Working/safety/form.html", "stranger@example.com", "")
if rec.Code != http.StatusForbidden {
t.Errorf("status = %d want 403; body = %s", rec.Code, rec.Body.String())
}
}
func TestCreateSubmission_Valid(t *testing.T) {
cfg, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
body := `{"date":"2026-05-01","location":"Site A","severity":3,"notes":"all clear"}`
rec := do(http.MethodPost, "/Working/safety/form.html", "casey@example.com", body)
if rec.Code != http.StatusCreated {
t.Fatalf("status = %d want 201; body = %s", rec.Code, rec.Body.String())
}
loc := rec.Header().Get("Location")
if loc == "" {
t.Fatal("Location header missing")
}
// Filename uses the server's UTC date (not the user-entered date), so just
// check the path prefix and email-sanitized component.
if !strings.HasPrefix(loc, "/Working/safety/") || !strings.Contains(loc, "casey-at-example-com") {
t.Errorf("Location = %q; expected /Working/safety/...casey-at-example-com...", loc)
}
// File should exist on disk with the submitted values reflected.
abs := filepath.Join(cfg.Root, filepath.FromSlash(strings.TrimPrefix(loc, "/")))
yamlBytes, err := os.ReadFile(abs)
if err != nil {
t.Fatalf("read submission: %v", err)
}
yamlStr := string(yamlBytes)
if !strings.Contains(yamlStr, "2026-05-01") {
t.Errorf("submission YAML missing user-entered date: %s", yamlStr)
}
if !strings.Contains(yamlStr, "Site A") {
t.Errorf("submission YAML missing location: %s", yamlStr)
}
if !strings.Contains(yamlStr, "all clear") {
t.Errorf("submission YAML missing notes: %s", yamlStr)
}
}
func TestCreateSubmission_Invalid_Returns422(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
// Missing required `location`, severity out of range.
body := `{"date":"2026-05-01","severity":99}`
rec := do(http.MethodPost, "/Working/safety/form.html", "casey@example.com", body)
if rec.Code != http.StatusUnprocessableEntity {
t.Fatalf("status = %d want 422; body = %s", rec.Code, rec.Body.String())
}
var resp struct {
Errors []struct {
Path string `json:"path"`
Message string `json:"message"`
} `json:"errors"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &resp); err != nil {
t.Fatalf("decode response: %v; body = %s", err, rec.Body.String())
}
if len(resp.Errors) < 2 {
t.Errorf("expected at least 2 errors, got %d: %+v", len(resp.Errors), resp.Errors)
}
gotPaths := map[string]bool{}
for _, e := range resp.Errors {
gotPaths[e.Path] = true
}
if !gotPaths["/location"] {
t.Errorf("expected error at /location, got paths %v", gotPaths)
}
if !gotPaths["/severity"] {
t.Errorf("expected error at /severity, got paths %v", gotPaths)
}
}
func TestCreateSubmission_ACLDeny(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["root@example.com"]
`,
})
body := `{"date":"2026-05-01","location":"Site A"}`
rec := do(http.MethodPost, "/Working/safety/form.html", "stranger@example.com", body)
if rec.Code != http.StatusForbidden {
t.Errorf("status = %d want 403; body = %s", rec.Code, rec.Body.String())
}
}
func TestCreateSubmission_NoAuth_Returns401(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*"]
`,
})
body := `{"date":"2026-05-01","location":"Site A"}`
rec := do(http.MethodPost, "/Working/safety/form.html", "", body)
if rec.Code != http.StatusUnauthorized {
t.Errorf("status = %d want 401; body = %s", rec.Code, rec.Body.String())
}
}
func TestCreateSubmission_FilenameCollision(t *testing.T) {
cfg, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
body := `{"date":"2026-05-01","location":"Site A"}`
first := do(http.MethodPost, "/Working/safety/form.html", "casey@example.com", body)
if first.Code != http.StatusCreated {
t.Fatalf("first submit: status = %d; body = %s", first.Code, first.Body.String())
}
second := do(http.MethodPost, "/Working/safety/form.html", "casey@example.com", body)
if second.Code != http.StatusCreated {
t.Fatalf("second submit: status = %d; body = %s", second.Code, second.Body.String())
}
loc1 := first.Header().Get("Location")
loc2 := second.Header().Get("Location")
if loc1 == loc2 {
t.Errorf("collision suffix not applied: both submissions at %q", loc1)
}
if !strings.Contains(loc2, "-2.yaml") {
t.Errorf("second submission Location = %q; expected -2.yaml suffix", loc2)
}
// Both files exist on disk.
for _, l := range []string{loc1, loc2} {
abs := filepath.Join(cfg.Root, filepath.FromSlash(strings.TrimPrefix(l, "/")))
if _, err := os.Stat(abs); err != nil {
t.Errorf("expected submission at %s: %v", abs, err)
}
}
}
func TestRenderEdit_LoadsSubmission(t *testing.T) {
cfg, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
// Pre-populate a submission file.
subDir := filepath.Join(cfg.Root, "Working", "safety")
if err := os.MkdirAll(subDir, 0o755); err != nil {
t.Fatal(err)
}
subPath := filepath.Join(subDir, "2026-05-01-jamie-at-example-com.yaml")
if err := os.WriteFile(subPath, []byte("date: 2026-05-01\nlocation: Site B\nseverity: 4\n"), 0o644); err != nil {
t.Fatal(err)
}
rec := do(http.MethodGet, "/Working/safety/2026-05-01-jamie-at-example-com.yaml.html", "jamie@example.com", "")
if rec.Code != http.StatusOK {
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
}
body := rec.Body.String()
// The form-context JSON should now contain the loaded data.
if !strings.Contains(body, `"location":"Site B"`) {
t.Errorf("expected loaded location in form context; first 500 chars:\n%s", body[:min(500, len(body))])
}
}
func TestUpdateSubmission_OverwritesFile(t *testing.T) {
cfg, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
subDir := filepath.Join(cfg.Root, "Working", "safety")
if err := os.MkdirAll(subDir, 0o755); err != nil {
t.Fatal(err)
}
subPath := filepath.Join(subDir, "2026-05-01-jamie-at-example-com.yaml")
if err := os.WriteFile(subPath, []byte("date: 2026-05-01\nlocation: Site A\n"), 0o644); err != nil {
t.Fatal(err)
}
body := `{"date":"2026-05-01","location":"Site B","severity":2}`
rec := do(http.MethodPost, "/Working/safety/2026-05-01-jamie-at-example-com.yaml.html", "jamie@example.com", body)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
}
updated, err := os.ReadFile(subPath)
if err != nil {
t.Fatalf("read updated: %v", err)
}
if !strings.Contains(string(updated), "Site B") {
t.Errorf("update did not change location; got: %s", string(updated))
}
if !strings.Contains(string(updated), "severity: 2") {
t.Errorf("update did not include severity; got: %s", string(updated))
}
}
func TestUpdateSubmission_NotFound(t *testing.T) {
_, do := formTestSetup(t, map[string]string{
"": `acl:
allow: ["*@example.com"]
`,
})
body := `{"date":"2026-05-01","location":"Site A"}`
rec := do(http.MethodPost, "/Working/safety/missing.yaml.html", "jamie@example.com", body)
if rec.Code != http.StatusNotFound {
t.Errorf("status = %d want 404; body = %s", rec.Code, rec.Body.String())
}
}
func TestSanitizeEmail(t *testing.T) {
cases := map[string]string{
"casey@proton.me": "casey-at-proton-me",
"first.last@example.com": "first-last-at-example-com",
"casey+tag@example.io": "caseytag-at-example-io",
"": "anonymous",
"../etc/passwd@evil.com": "etcpasswd-at-evil-com",
}
for in, want := range cases {
got := sanitizeEmail(in)
if got != want {
t.Errorf("sanitizeEmail(%q) = %q want %q", in, got, want)
}
}
}
func TestPickAvailableFilename_Collision(t *testing.T) {
dir := t.TempDir()
if err := os.WriteFile(filepath.Join(dir, "a.yaml"), []byte("x"), 0o644); err != nil {
t.Fatal(err)
}
path, name, ok := pickAvailableFilename(dir, "a", ".yaml")
if !ok {
t.Fatal("ok=false on first collision step")
}
if name != "a-2.yaml" {
t.Errorf("name = %q want a-2.yaml", name)
}
if filepath.Base(path) != "a-2.yaml" {
t.Errorf("path basename = %q want a-2.yaml", filepath.Base(path))
}
}
func TestInjectFormContext_PlaceholderReplaced(t *testing.T) {
template := []byte(`<html><script id="form-context" type="application/json">{}</script></html>`)
out, err := injectFormContext(template, formContext{
Title: "X",
SubmitURL: "/x",
})
if err != nil {
t.Fatalf("inject: %v", err)
}
s := string(out)
if strings.Contains(s, `"application/json">{}</script>`) {
t.Error("placeholder still present")
}
if !strings.Contains(s, `"title":"X"`) {
t.Errorf("missing title in injected JSON; got: %s", s)
}
}
func TestInjectFormContext_EscapesScriptCloseInValue(t *testing.T) {
// A schema description containing "</script>" must not break out of the
// inline JSON. encoding/json's default escapes `<` → `<`, so the
// rendered output should still contain exactly one </script> (the actual
// closing tag) regardless of what the user-controlled value held.
template := []byte(`<html><script id="form-context" type="application/json">{}</script></html>`)
ctx := formContext{
Title: `legit </script><script>alert(1)</script>`,
SubmitURL: "/x",
}
out, err := injectFormContext(template, ctx)
if err != nil {
t.Fatalf("inject: %v", err)
}
s := string(out)
if n := strings.Count(s, "</script>"); n != 1 {
t.Errorf("expected exactly 1 </script> closing tag, got %d:\n%s", n, s)
}
// The user-controlled value should be present in escaped form.
if !strings.Contains(s, `</script>`) {
t.Errorf("expected escaped \\u003c/script\\u003e in output:\n%s", s)
}
}
func min(a, b int) int {
if a < b {
return a
}
return b
}
Reference in a new issue View git blame Copy permalink