|
|
package xyz.driver.core.rest
import akka.http.scaladsl.model.{HttpMethod, StatusCodes}
import akka.http.scaladsl.model.headers._
import akka.http.scaladsl.server.Directives.{complete => akkaComplete}
import akka.http.scaladsl.server.{Directives, Route}
import akka.http.scaladsl.testkit.ScalatestRouteTest
import com.typesafe.config.{Config, ConfigFactory}
import com.typesafe.scalalogging.Logger
import org.scalatest.{AsyncFlatSpec, Matchers}
import xyz.driver.core.logging.NoLogger
import xyz.driver.core.rest.errors._
import scala.concurrent.Future
class DriverRouteTest extends AsyncFlatSpec with ScalatestRouteTest with Matchers with Directives {
class TestRoute(override val route: Route) extends DriverRoute {
override def log: Logger = NoLogger
override def config: Config =
ConfigFactory.parseString("""
|application {
| cors {
| allowedMethods: ["GET", "PUT", "POST", "PATCH", "DELETE", "OPTIONS"]
| allowedOrigins: [{scheme: https, hostSuffix: example.com}]
| }
|}
""".stripMargin)
}
val allowedOrigins = Set(HttpOrigin("https", Host("example.com")))
val allowedMethods: collection.immutable.Seq[HttpMethod] = {
import akka.http.scaladsl.model.HttpMethods._
collection.immutable.Seq(GET, PUT, POST, PATCH, DELETE, OPTIONS)
}
"DriverRoute" should "respond with 200 OK for a basic route" in {
val route = new TestRoute(akkaComplete(StatusCodes.OK))
Get("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.OK
}
}
it should "respond with a 401 for an InvalidInputException" in {
val route = new TestRoute(akkaComplete(Future.failed[String](InvalidInputException())))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.BadRequest
responseAs[String] shouldBe "Invalid input"
}
}
it should "respond with a 403 for InvalidActionException" in {
val route = new TestRoute(akkaComplete(Future.failed[String](InvalidActionException())))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.Forbidden
responseAs[String] shouldBe "This action is not allowed"
}
}
it should "respond with a 404 for ResourceNotFoundException" in {
val route = new TestRoute(akkaComplete(Future.failed[String](ResourceNotFoundException())))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.NotFound
responseAs[String] shouldBe "Resource not found"
}
}
it should "respond with a 500 for ExternalServiceException" in {
val error = ExternalServiceException("GET /api/v1/users/", "Permission denied")
val route = new TestRoute(akkaComplete(Future.failed[String](error)))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.InternalServerError
responseAs[String] shouldBe "Error while calling 'GET /api/v1/users/': Permission denied"
}
}
it should "respond with a 503 for ExternalServiceTimeoutException" in {
val error = ExternalServiceTimeoutException("GET /api/v1/users/")
val route = new TestRoute(akkaComplete(Future.failed[String](error)))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.GatewayTimeout
responseAs[String] shouldBe "GET /api/v1/users/ took too long to respond"
}
}
it should "respond with a 500 for DatabaseException" in {
val route = new TestRoute(akkaComplete(Future.failed[String](DatabaseException())))
Post("/api/v1/foo/bar") ~> route.routeWithDefaults ~> check {
handled shouldBe true
status shouldBe StatusCodes.InternalServerError
responseAs[String] shouldBe "Database access error"
}
}
it should "respond with the correct CORS headers for the swagger OPTIONS route" in {
val route = new TestRoute(get(akkaComplete(StatusCodes.OK)))
Options(s"/api-docs/swagger.json") ~> route.routeWithDefaults ~> check {
status shouldBe StatusCodes.OK
headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigins.toSeq: _*)))
header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
}
}
it should "respond with the correct CORS headers for the test route" in {
val route = new TestRoute(get(akkaComplete(StatusCodes.OK)))
Options(s"/api/v1/test") ~> route.routeWithDefaults ~> check {
status shouldBe StatusCodes.OK
headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigins.toSeq: _*)))
header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
}
}
it should "allow subdomains of allowed origin suffixes" in {
val route = new TestRoute(get(akkaComplete(StatusCodes.OK)))
Options(s"/api/v1/test")
.withHeaders(Origin(HttpOrigin("https", Host("foo.example.com")))) ~> route.routeWithDefaults ~> check {
status shouldBe StatusCodes.OK
headers should contain(`Access-Control-Allow-Origin`(HttpOrigin("https", Host("foo.example.com"))))
header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
}
}
it should "respond with default domains for invalid origins" in {
val route = new TestRoute(get(akkaComplete(StatusCodes.OK)))
Options(s"/api/v1/test")
.withHeaders(Origin(HttpOrigin("https", Host("invalid.foo.bar.com")))) ~> route.routeWithDefaults ~> check {
status shouldBe StatusCodes.OK
headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigins.toSeq: _*)))
header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
}
}
}
|
