mirror of
https://github.com/wanderer-industries/wanderer
synced 2026-05-04 08:20:37 +00:00
Guarzo
43 lines
1.5 KiB
Elixir
43 lines
1.5 KiB
Elixir
defmodule WandererAppWeb.Api.EventsControllerTest do
|
|
use WandererAppWeb.ConnCase, async: true
|
|
|
|
import WandererAppWeb.Factory
|
|
import WandererApp.EnvHelper
|
|
|
|
describe "GET /api/maps/:map_identifier/events/stream - SSE access control" do
|
|
setup do
|
|
user = insert(:user)
|
|
character = insert(:character, %{user_id: user.id})
|
|
|
|
# Create map (factory sets public_api_key)
|
|
map = insert(:map, %{owner_id: character.id})
|
|
|
|
# Enable SSE for the map
|
|
{:ok, map} = Ash.update(map, %{sse_enabled: true})
|
|
|
|
%{map: map, character: character}
|
|
end
|
|
|
|
# Note: Most error scenarios are difficult to test in isolation because:
|
|
# 1. 401/404 errors are handled by CheckMapApiKey plug (before controller)
|
|
# 2. 402/503 errors pass access control and require SseStreamManager to be running
|
|
# We test the 403 error which demonstrates the JSON error format works correctly.
|
|
|
|
test "returns 403 JSON error with code when SSE disabled for map", %{conn: conn, map: map} do
|
|
# Disable SSE for this map
|
|
{:ok, updated_map} = Ash.update(map, %{sse_enabled: false})
|
|
|
|
conn =
|
|
conn
|
|
|> put_req_header("authorization", "Bearer #{updated_map.public_api_key}")
|
|
|> get("/api/maps/#{updated_map.slug}/events/stream")
|
|
|
|
# Verify JSON error response with structured format (Task 5 requirement)
|
|
response = json_response(conn, 403)
|
|
assert response["error"] =~ "disabled for this map"
|
|
assert response["code"] == "SSE_DISABLED_FOR_MAP"
|
|
assert response["status"] == 403
|
|
end
|
|
end
|
|
end
|