GeoShare/test/server_test.dart

import 'dart:convert';
import 'dart:io';

import 'package:dotenv/dotenv.dart';
import 'package:http/http.dart' as http;
import 'package:test/test.dart';

void main() {
  final port = '9090';
  final host = 'http://localhost:$port';
  late Process p;
  String? authToken;
  late String registrationSecretKey;

  Future<String?> getAuthToken() async {
    if (authToken != null) return authToken;

    await Future.delayed(Duration(seconds: 11));

    await http.post(
      Uri.parse('$host/reg'),
      headers: {'Content-Type': 'application/json'},
      body: jsonEncode({'login': 'testuser', 'password': 'testpassword', 'secret_key': registrationSecretKey}),
    );

    await Future.delayed(Duration(seconds: 11));

    final loginResponse = await http.post(
      Uri.parse('$host/login'),
      headers: {'Content-Type': 'application/json'},
      body: jsonEncode({'login': 'testuser', 'password': 'testpassword'}),
    );

    if (loginResponse.statusCode == 200) {
      final data = jsonDecode(loginResponse.body) as Map<String, dynamic>;
      authToken = data['token'];
    }
    return authToken;
  }

  setUpAll(() async {
    final env = DotEnv();
    env.load(['bin/.env']);
    registrationSecretKey = env['REGISTRATION_SECRET_KEY'] ?? 'FtracKer*1405.';

    stdout.writeln("Starting server...");
    p = await Process.start(
      'dart',
      ['run', 'bin/server.dart'],
      environment: {'PORT': port},
    );

    // Wait for server to be ready
    for (int i = 0; i < 30; i++) {
      try {
        final response = await http.get(Uri.parse('$host/'));
        if (response.statusCode == 200) break;
      } catch (e) {
        // Server not ready yet
      }
      await Future.delayed(Duration(seconds: 1));
    }
    stdout.writeln("Server ready");
  });

  tearDownAll(() {
    p.kill();
  });

  group('Root endpoint', () {
    test('GET / - Root endpoint', () async {
      final response = await http.get(Uri.parse('$host/'));
      expect(response.statusCode, 200);
      expect(response.body, contains('Family Safety Tracker API'));
    });

    test('GET /nonexistent - 404', () async {
      final response = await http.get(Uri.parse('$host/nonexistent'));
      expect(response.statusCode, 404);
    });
  });

  group('User registration', () {
    test('POST /reg - Register new user', () async {
      final response = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'newuser', 'password': 'newpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response.statusCode, 201);
      final data = jsonDecode(response.body);
      expect(data['message'], 'User registered');
    });

    test('POST /reg - Invalid secret key', () async {
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'baduser', 'password': 'badpassword', 'secret_key': 'wrong_key'}),
      );
      expect(response.statusCode, 403);
    });

    test('POST /reg - Login too short', () async {
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'abc', 'password': 'longpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response.statusCode, 400);
    });

    test('POST /reg - Password too short', () async {
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'validuser', 'password': 'short', 'secret_key': registrationSecretKey}),
      );
      expect(response.statusCode, 400);
    });

    test('POST /reg - Duplicate user', () async {
      await Future.delayed(Duration(seconds: 11));
      final response1 = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'dupuser', 'password': 'longpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response1.statusCode, 201);

      await Future.delayed(Duration(seconds: 11));
      final response2 = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'dupuser', 'password': 'longpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response2.statusCode, 400);
    });
  });

  group('Authentication', () {
    test('POST /login - Valid credentials', () async {
      await getAuthToken();
      expect(authToken, isNotEmpty);
    });

    test('POST /login - Invalid credentials', () async {
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/login'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'testuser', 'password': 'wrongpass'}),
      );
      expect(response.statusCode, 401);
    });
  });

  group('Rate limiting', () {
    test('POST /reg - Too many requests', () async {
      await Future.delayed(Duration(seconds: 11));
      final response1 = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'ratetest1', 'password': 'longpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response1.statusCode, 201);

      final response2 = await http.post(
        Uri.parse('$host/reg'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'login': 'ratetest2', 'password': 'longpassword', 'secret_key': registrationSecretKey}),
      );
      expect(response2.statusCode, 429);
    });
  });

  group('Geo operations', () {
    test('POST /share - Create share link', () async {
      await getAuthToken();
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/share'),
        headers: {
          'Content-Type': 'application/json',
          'Authorization': 'Bearer $authToken',
        },
        body: jsonEncode({'x': 40.7128, 'y': -74.006}),
      );
      expect(response.statusCode, 201);
      final data = jsonDecode(response.body);
      expect(data['share_id'], isA<String>());
    });

    test('POST /share - No auth token', () async {
      await Future.delayed(Duration(seconds: 11));
      final response = await http.post(
        Uri.parse('$host/share'),
        headers: {'Content-Type': 'application/json'},
        body: jsonEncode({'x': 40.7128, 'y': -74.006}),
      );
      expect(response.statusCode, 401);
    });
  });

  group('Watch endpoint', () {
    test('GET /watch - Invalid share link', () async {
      final response = await http.get(
        Uri.parse('$host/watch?unique_id=invalid-uuid'),
      );
      expect(response.statusCode, 404);
    });
  });
}