mAi
968b0bc2da
Slice 1 served dist/projects-chart.html unconditionally, leaking a 200 for any well-formed UUID guesser. Slice 2 resolves the project via ProjectService.GetByID before serving — ErrNotVisible (and any other visibility error) collapses to 404 + the standard notfound chrome, matching the JSON-API contract that already lives in writeServiceError. A genuine DB error logs through writeServiceError's existing path but still renders 404 chrome to the user (httpDevNullJSON wrapper discards the JSON body writeServiceError would otherwise emit, keeping the log side-effect intact). Test pins serveChartNotFound: 404 + non-empty body, degrading gracefully when dist/notfound.html is absent (test env). Closes Slice 1 edge case #2 flagged at m/paliad#35 issuecomment-7710. Design ref: docs/design-project-chart-2026-05-09.md §8.2.
31 lines
1005 B
Go
31 lines
1005 B
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
)
|
|
|
|
// t-paliad-177 Slice 2 — visibility leak fix.
|
|
//
|
|
// The end-to-end "GET /chart returns 404 for invisible projects" check
|
|
// would need a mocked ProjectService + auth.Client; the handler package
|
|
// has no harness for that today (all existing _test.go files unit-test
|
|
// pure helpers). Until that harness exists, we pin the contract from
|
|
// the helper layer: serveChartNotFound writes a 404 + an HTML
|
|
// Content-Type. The dist/notfound.html lookup falls back to a plain
|
|
// 404 string in test environments without a built frontend, which is
|
|
// the documented degraded path.
|
|
|
|
func TestServeChartNotFound_Returns404HTML(t *testing.T) {
|
|
w := httptest.NewRecorder()
|
|
serveChartNotFound(w)
|
|
if w.Code != http.StatusNotFound {
|
|
t.Fatalf("status = %d, want %d", w.Code, http.StatusNotFound)
|
|
}
|
|
body := w.Body.String()
|
|
if body == "" {
|
|
t.Error("body is empty — should be either the notfound chrome or the plain-text fallback")
|
|
}
|
|
}
|