-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcustom_serialization_test.go
More file actions
112 lines (92 loc) · 2.83 KB
/
custom_serialization_test.go
File metadata and controls
112 lines (92 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package example_test
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
"github.com/philiphil/restman/configuration"
"github.com/philiphil/restman/orm"
"github.com/philiphil/restman/orm/entity"
"github.com/philiphil/restman/orm/gormrepository"
"github.com/philiphil/restman/route"
"github.com/philiphil/restman/router"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"gorm.io/gorm/logger"
)
type User struct {
entity.BaseEntity
Email string `json:"email" groups:"read,write,public"`
Password string `json:"password" groups:"write"`
Token string `json:"token" groups:"admin"`
Name string `json:"name" groups:"read,write,public"`
InternalNotes string `json:"internal_notes" groups:"admin"`
}
func (u User) GetId() entity.ID { return u.Id }
func (u User) SetId(id any) entity.Entity {
u.Id = entity.CastId(id)
return u
}
func (u User) ToEntity() User { return u }
func (u User) FromEntity(e User) any { return e }
func getSerializationDB() *gorm.DB {
db, err := gorm.Open(sqlite.Open("file:serialization_test?mode=memory&cache=shared&_fk=1"), &gorm.Config{
Logger: logger.Default.LogMode(logger.Silent),
CreateBatchSize: 1000,
})
if err != nil {
panic(err)
}
return db
}
func TestCustomSerialization(t *testing.T) {
db := getSerializationDB()
db.AutoMigrate(&User{})
r := gin.New()
r.Use(gin.Recovery())
routes := route.DefaultApiRoutes()
userRouter := router.NewApiRouter(
*orm.NewORM(gormrepository.NewRepository[User](db)),
routes,
configuration.InputSerializationGroups("read", "public"),
)
userRouter.AllowRoutes(r)
user := User{
Email: "user@example.com",
Password: "secret123",
Token: "admin-token-xyz",
Name: "John Doe",
InternalNotes: "This is an internal note",
}
db.Create(&user)
w := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "/api/user/1", nil)
r.ServeHTTP(w, req)
if w.Code != http.StatusOK {
t.Errorf("Expected status 200, got %d", w.Code)
}
response := w.Body.String()
if contains(response, "password") || contains(response, "secret123") {
t.Error("Password should not be visible in GET response")
}
if contains(response, "token") || contains(response, "admin-token-xyz") {
t.Error("Token should not be visible with public groups")
}
if contains(response, "internal_notes") {
t.Error("Internal notes should not be visible with public groups")
}
if !contains(response, "email") || !contains(response, "name") {
t.Error("Email and name should be visible with public groups")
}
}
func contains(s, substr string) bool {
return len(s) >= len(substr) && (s == substr || len(s) > len(substr) && hasSubstring(s, substr))
}
func hasSubstring(s, substr string) bool {
for i := 0; i <= len(s)-len(substr); i++ {
if s[i:i+len(substr)] == substr {
return true
}
}
return false
}