package handlers import ( "encoding/json" "fmt" "net/http" "testing" "github.com/labstack/echo/v4" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/treytartt/honeydue-api/internal/models" "github.com/treytartt/honeydue-api/internal/repositories" "github.com/treytartt/honeydue-api/internal/services" "github.com/treytartt/honeydue-api/internal/testutil" "gorm.io/gorm" ) func setupDocumentHandler(t *testing.T) (*DocumentHandler, *echo.Echo, *gorm.DB) { db := testutil.SetupTestDB(t) documentRepo := repositories.NewDocumentRepository(db) residenceRepo := repositories.NewResidenceRepository(db) documentService := services.NewDocumentService(documentRepo, residenceRepo) handler := NewDocumentHandler(documentService, nil) // nil storage for JSON-only tests e := testutil.SetupTestRouter() return handler, e, db } func TestDocumentHandler_ListDocuments(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") activeDoc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") inactiveDoc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Old Doc") require.NoError(t, db.Model(&inactiveDoc).Update("is_active", false).Error) authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.GET("/", handler.ListDocuments) t.Run("successful list", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response []map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Len(t, response, 1) assert.Equal(t, activeDoc.Title, response[0]["title"]) }) t.Run("can list inactive documents when requested", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/?is_active=false", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response []map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Len(t, response, 1) assert.Equal(t, inactiveDoc.Title, response[0]["title"]) }) } func TestDocumentHandler_CreateDocument(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.POST("/", handler.CreateDocument) t.Run("successful creation via JSON", func(t *testing.T) { body := map[string]interface{}{ "title": "Warranty Doc", "residence_id": residence.ID, } w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token") testutil.AssertStatusCode(t, w, http.StatusCreated) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, "Warranty Doc", response["title"]) }) t.Run("creation without residence access", func(t *testing.T) { otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "password") otherResidence := testutil.CreateTestResidence(t, db, otherUser.ID, "Other House") body := map[string]interface{}{ "title": "Unauthorized Doc", "residence_id": otherResidence.ID, } w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token") testutil.AssertStatusCode(t, w, http.StatusForbidden) }) } func TestDocumentHandler_GetDocument(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.GET("/:id/", handler.GetDocument) t.Run("successful get", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, "Test Doc", response["title"]) }) t.Run("document not found", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/99999/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) } func TestDocumentHandler_DeleteDocumentImage(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") // Create a document image directly img := &models.DocumentImage{ DocumentID: doc.ID, ImageURL: "https://example.com/img.jpg", Caption: "Test image", } require.NoError(t, db.Create(img).Error) authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.DELETE("/:id/images/:imageId/", handler.DeleteDocumentImage) t.Run("successful delete", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/%d/", doc.ID, img.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, "Test Doc", response["title"]) // Verify image is deleted images := response["images"].([]interface{}) assert.Len(t, images, 0) }) t.Run("image not found", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/99999/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) t.Run("document not found", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", "/api/documents/99999/images/1/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) t.Run("access denied", func(t *testing.T) { otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "password") otherResidence := testutil.CreateTestResidence(t, db, otherUser.ID, "Other House") otherDoc := testutil.CreateTestDocument(t, db, otherResidence.ID, otherUser.ID, "Other Doc") otherImg := &models.DocumentImage{ DocumentID: otherDoc.ID, ImageURL: "https://example.com/other.jpg", } require.NoError(t, db.Create(otherImg).Error) w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/%d/", otherDoc.ID, otherImg.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusForbidden) }) } func TestDocumentHandler_UploadDocumentImage_NoStorage(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.POST("/:id/images/", handler.UploadDocumentImage) t.Run("document not found", func(t *testing.T) { // Send a plain request (no multipart) - will fail at parse w := testutil.MakeRequest(e, "POST", "/api/documents/99999/images/", nil, "test-token") // Should get 400 because no multipart form assert.True(t, w.Code == http.StatusBadRequest || w.Code == http.StatusNotFound, "expected 400 or 404, got %d", w.Code) }) _ = doc // used to set up test data } func TestDocumentHandler_DeleteDocument(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.DELETE("/:id/", handler.DeleteDocument) t.Run("successful delete", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) }) t.Run("document not found after delete", func(t *testing.T) { // Already soft-deleted above w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) } func TestDocumentHandler_UpdateDocument(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Original Title") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.PUT("/:id/", handler.UpdateDocument) t.Run("successful update", func(t *testing.T) { newTitle := "Updated Title" req := map[string]interface{}{ "title": newTitle, } w := testutil.MakeRequest(e, "PUT", fmt.Sprintf("/api/documents/%d/", doc.ID), req, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, "Updated Title", response["title"]) }) t.Run("invalid id returns 400", func(t *testing.T) { req := map[string]interface{}{"title": "Updated"} w := testutil.MakeRequest(e, "PUT", "/api/documents/invalid/", req, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) t.Run("not found returns 404", func(t *testing.T) { req := map[string]interface{}{"title": "Updated"} w := testutil.MakeRequest(e, "PUT", "/api/documents/99999/", req, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) t.Run("access denied for other user", func(t *testing.T) { otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "Password123") e2 := testutil.SetupTestRouter() otherGroup := e2.Group("/api/documents") otherGroup.Use(testutil.MockAuthMiddleware(otherUser)) otherGroup.PUT("/:id/", handler.UpdateDocument) req := map[string]interface{}{"title": "Hacked"} w := testutil.MakeRequest(e2, "PUT", fmt.Sprintf("/api/documents/%d/", doc.ID), req, "test-token") testutil.AssertStatusCode(t, w, http.StatusForbidden) }) } func TestDocumentHandler_ListDocuments_Filters(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Active Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.GET("/", handler.ListDocuments) t.Run("filter by residence", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", fmt.Sprintf("/api/documents/?residence=%d", residence.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response []map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Len(t, response, 1) }) t.Run("filter by search", func(t *testing.T) { t.Skip("ILIKE is not supported in SQLite; search filter requires PostgreSQL") }) t.Run("expiring_soon out of range returns 400", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/?expiring_soon=5000", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) } func TestDocumentHandler_ListWarranties(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") // Create a warranty document doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Warranty Doc") require.NoError(t, db.Model(doc).Update("document_type", "warranty").Error) authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.GET("/warranties/", handler.ListWarranties) t.Run("successful list warranties", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/warranties/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) }) } func TestDocumentHandler_ActivateDeactivateDocument(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Toggle Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.POST("/:id/deactivate/", handler.DeactivateDocument) authGroup.POST("/:id/activate/", handler.ActivateDocument) t.Run("deactivate document", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", fmt.Sprintf("/api/documents/%d/deactivate/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, false, response["is_active"]) }) t.Run("activate document", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", fmt.Sprintf("/api/documents/%d/activate/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusOK) var response map[string]interface{} err := json.Unmarshal(w.Body.Bytes(), &response) require.NoError(t, err) assert.Equal(t, true, response["is_active"]) }) t.Run("activate invalid id returns 400", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", "/api/documents/invalid/activate/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) t.Run("deactivate invalid id returns 400", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", "/api/documents/invalid/deactivate/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) t.Run("activate not found returns 404", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", "/api/documents/99999/activate/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) t.Run("deactivate not found returns 404", func(t *testing.T) { w := testutil.MakeRequest(e, "POST", "/api/documents/99999/deactivate/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusNotFound) }) } func TestDocumentHandler_CreateDocument_ValidationErrors(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.POST("/", handler.CreateDocument) t.Run("missing title returns 400", func(t *testing.T) { body := map[string]interface{}{ "residence_id": residence.ID, } w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) t.Run("missing residence_id returns 400", func(t *testing.T) { body := map[string]interface{}{ "title": "Test Doc", } w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) t.Run("invalid document_type returns 400", func(t *testing.T) { body := map[string]interface{}{ "title": "Test Doc", "residence_id": residence.ID, "document_type": "invalid_type", } w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) } func TestDocumentHandler_GetDocument_InvalidID(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.GET("/:id/", handler.GetDocument) t.Run("invalid id returns 400", func(t *testing.T) { w := testutil.MakeRequest(e, "GET", "/api/documents/invalid/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) } func TestDocumentHandler_DeleteDocument_InvalidID(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(user)) authGroup.DELETE("/:id/", handler.DeleteDocument) t.Run("invalid id returns 400", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", "/api/documents/invalid/", nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusBadRequest) }) } func TestDocumentHandler_DeleteDocument_AccessDenied(t *testing.T) { handler, e, db := setupDocumentHandler(t) user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123") otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "Password123") residence := testutil.CreateTestResidence(t, db, user.ID, "Test House") doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc") authGroup := e.Group("/api/documents") authGroup.Use(testutil.MockAuthMiddleware(otherUser)) authGroup.DELETE("/:id/", handler.DeleteDocument) t.Run("access denied for other user", func(t *testing.T) { w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token") testutil.AssertStatusCode(t, w, http.StatusForbidden) }) }