ZDDC
89c5ec064d
Listings now filter both '.' and '_' prefixes: - '.' entries: excluded from listings AND 404 on direct HTTP access (existing behavior). For invisible side-state like .devshell. - '_' entries: excluded from listings only — direct URL access still works. For operator scaffolding like install.zip's _template/ directory of bootstrap stubs that should be reachable but should not appear in the project picker. Filter applied at both listing entry points: ServeProjectList (the project picker JSON at GET / Accept: application/json) and the generic listing/FromDirEntries (used by ServeDirectory for sub-directory browse listings). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
68 lines
2 KiB
Go
68 lines
2 KiB
Go
package handler
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
|
|
)
|
|
|
|
// TestServeProjectListFiltersHiddenAndScaffolding asserts the project list
|
|
// excludes both '.'-prefixed entries (the long-standing rule, e.g. .devshell)
|
|
// AND '_'-prefixed entries (operator scaffolding like install.zip's
|
|
// _template/ that's reachable by direct URL but should not clutter the
|
|
// project picker).
|
|
func TestServeProjectListFiltersHiddenAndScaffolding(t *testing.T) {
|
|
root := t.TempDir()
|
|
|
|
for _, name := range []string{
|
|
"Project-A",
|
|
"Project-B",
|
|
".devshell", // dot-prefixed dir — must be excluded
|
|
"_template", // underscore scaffolding — must be excluded
|
|
"_archive",
|
|
} {
|
|
if err := os.MkdirAll(filepath.Join(root, name), 0o755); err != nil {
|
|
t.Fatalf("mkdir %s: %v", name, err)
|
|
}
|
|
}
|
|
|
|
// A loose .zddc that allows everyone, so ACL doesn't interfere with
|
|
// what we're actually testing (the prefix filter).
|
|
if err := os.WriteFile(filepath.Join(root, ".zddc"),
|
|
[]byte("acl:\n allow: [\"*\"]\n"), 0o644); err != nil {
|
|
t.Fatalf("write .zddc: %v", err)
|
|
}
|
|
|
|
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req = req.WithContext(context.WithValue(req.Context(), EmailKey, "alice@example.com"))
|
|
rec := httptest.NewRecorder()
|
|
|
|
ServeProjectList(cfg, rec, req)
|
|
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want 200; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
|
|
var got []map[string]string
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &got); err != nil {
|
|
t.Fatalf("invalid JSON: %v\n%s", err, rec.Body.String())
|
|
}
|
|
|
|
want := map[string]bool{"Project-A": true, "Project-B": true}
|
|
if len(got) != len(want) {
|
|
t.Fatalf("got %d projects (%+v), want %d (%v)", len(got), got, len(want), want)
|
|
}
|
|
for _, p := range got {
|
|
if !want[p["name"]] {
|
|
t.Errorf("unexpected project in list: %q", p["name"])
|
|
}
|
|
}
|
|
}
|