first commit

This commit is contained in:
Justin Visser 2026-03-02 20:09:27 +01:00
commit b47f825d54
83 changed files with 10016 additions and 0 deletions

View file

@ -0,0 +1,119 @@
import os
from pathlib import Path
from fastapi.testclient import TestClient
from tests.conftest import TEST_ADMIN_TOKEN
BEARER_HEADERS = {"Authorization": f"Bearer {TEST_ADMIN_TOKEN}"}
def test_upload_asset(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
data = resp.json()
assert "filename" in data
assert data["filename"] != "test.pdf"
assert data["filename"].endswith(".pdf")
def test_upload_asset_file_exists_on_disk(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
from app.config import get_settings
assets_dir = Path(get_settings().data_dir) / "assets"
file_path = assets_dir / filename
assert file_path.exists()
assert file_path.read_bytes() == b"fake pdf content"
def test_upload_asset_disallowed_type(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("malware.exe", b"evil bytes", "application/octet-stream")},
)
assert resp.status_code == 415
def test_upload_asset_too_large(client: TestClient) -> None:
from app.config import get_settings
original = os.environ.get("HANDIN_MAX_UPLOAD_BYTES")
os.environ["HANDIN_MAX_UPLOAD_BYTES"] = "100"
get_settings.cache_clear()
try:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("big.pdf", b"x" * 200, "application/pdf")},
)
assert resp.status_code == 413
finally:
if original is None:
os.environ.pop("HANDIN_MAX_UPLOAD_BYTES", None)
else:
os.environ["HANDIN_MAX_UPLOAD_BYTES"] = original
get_settings.cache_clear()
def test_upload_asset_unauthorized(client: TestClient) -> None:
resp = client.post(
"/api/assets",
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 401
def test_delete_asset(client: TestClient) -> None:
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", b"fake pdf content", "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
from app.config import get_settings
assets_dir = Path(get_settings().data_dir) / "assets"
del_resp = client.delete(f"/api/assets/{filename}", headers=BEARER_HEADERS)
assert del_resp.status_code == 204
assert not (assets_dir / filename).exists()
def test_delete_asset_not_found(client: TestClient) -> None:
resp = client.delete("/api/assets/nonexistent.pdf", headers=BEARER_HEADERS)
assert resp.status_code == 404
def test_delete_asset_unauthorized(client: TestClient) -> None:
resp = client.delete("/api/assets/somefile.pdf")
assert resp.status_code == 401
def test_serve_asset(client: TestClient) -> None:
content = b"fake pdf content for serving"
resp = client.post(
"/api/assets",
headers=BEARER_HEADERS,
files={"file": ("test.pdf", content, "application/pdf")},
)
assert resp.status_code == 201
filename = resp.json()["filename"]
get_resp = client.get(f"/api/assets/{filename}")
assert get_resp.status_code == 200
assert get_resp.content == content