improved tests

2026-03-15 13:01:53 +02:00
parent 8ade39ae2d
commit 780e8b1c43
6 changed files with 396 additions and 0 deletions
--- a/data_api/src/handlers.rs
+++ b/data_api/src/handlers.rs
@@ -914,3 +914,58 @@ pub async fn rpc(
 fn is_valid_identifier(s: &str) -> bool {
    s.chars().all(|c| c.is_alphanumeric() || c == '_') && !s.is_empty()
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_validate_role_allows_anon() {
+        assert!(validate_role("anon").is_ok());
+    }
+
+    #[test]
+    fn test_validate_role_allows_authenticated() {
+        assert!(validate_role("authenticated").is_ok());
+    }
+
+    #[test]
+    fn test_validate_role_allows_service_role() {
+        assert!(validate_role("service_role").is_ok());
+    }
+
+    #[test]
+    fn test_validate_role_rejects_arbitrary() {
+        let result = validate_role("admin");
+        assert!(result.is_err());
+        let (status, _) = result.unwrap_err();
+        assert_eq!(status, StatusCode::FORBIDDEN);
+    }
+
+    #[test]
+    fn test_validate_role_rejects_sql_injection() {
+        let result = validate_role("anon'; DROP TABLE users; --");
+        assert!(result.is_err());
+        let (status, _) = result.unwrap_err();
+        assert_eq!(status, StatusCode::FORBIDDEN);
+    }
+
+    #[test]
+    fn test_validate_role_rejects_empty() {
+        let result = validate_role("");
+        assert!(result.is_err());
+    }
+
+    #[test]
+    fn test_is_valid_identifier_good() {
+        assert!(is_valid_identifier("users"));
+        assert!(is_valid_identifier("my_table_1"));
+    }
+
+    #[test]
+    fn test_is_valid_identifier_rejects_injection() {
+        assert!(!is_valid_identifier("users; DROP TABLE"));
+        assert!(!is_valid_identifier(""));
+        assert!(!is_valid_identifier("table.name"));
+    }
+}