Merge pull request #134 from getAlby/unauthorized-invoice-endpoint

Unauthorized invoice endpoint

integration_tests/invoice_test.go

@@ -0,0 +1,69 @@
+package integration_tests
+
+import (
+	"context"
+	"log"
+	"testing"
+
+	"github.com/getAlby/lndhub.go/common"
+	"github.com/getAlby/lndhub.go/controllers"
+	"github.com/getAlby/lndhub.go/lib"
+	"github.com/getAlby/lndhub.go/lib/responses"
+	"github.com/getAlby/lndhub.go/lib/service"
+	"github.com/go-playground/validator/v10"
+	"github.com/labstack/echo/v4"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type InvoiceTestSuite struct {
+	TestSuite
+	service    *service.LndhubService
+	aliceLogin controllers.CreateUserResponseBody
+}
+
+func (suite *InvoiceTestSuite) SetupSuite() {
+	svc, err := LndHubTestServiceInit(nil)
+	if err != nil {
+		log.Fatalf("Error initializing test service: %v", err)
+	}
+	suite.service = svc
+	users, userTokens, err := createUsers(svc, 1)
+	if err != nil {
+		log.Fatalf("Error creating test users: %v", err)
+	}
+	e := echo.New()
+
+	e.HTTPErrorHandler = responses.HTTPErrorHandler
+	e.Validator = &lib.CustomValidator{Validator: validator.New()}
+	suite.echo = e
+	assert.Equal(suite.T(), 1, len(users))
+	assert.Equal(suite.T(), 1, len(userTokens))
+	suite.aliceLogin = users[0]
+	suite.echo.POST("/invoice/:user_login", controllers.NewInvoiceController(svc).Invoice)
+}
+
+func (suite *InvoiceTestSuite) TearDownTest() {
+	clearTable(suite.service, "invoices")
+}
+
+func (suite *InvoiceTestSuite) TestAddInvoiceWithoutToken() {
+	user, _ := suite.service.FindUserByLogin(context.Background(), suite.aliceLogin.Login)
+	invoicesBefore, _ := suite.service.InvoicesFor(context.Background(), user.ID, common.InvoiceTypeIncoming)
+	assert.Equal(suite.T(), 0, len(invoicesBefore))
+
+	suite.createInvoiceReq(10, "test invoice without token", suite.aliceLogin.Login)
+
+	// check if invoice is added
+	invoicesAfter, _ := suite.service.InvoicesFor(context.Background(), user.ID, common.InvoiceTypeIncoming)
+	assert.Equal(suite.T(), 1, len(invoicesAfter))
+}
+
+func (suite *InvoiceTestSuite) TestAddInvoiceForNonExistingUser() {
+	nonExistingLogin := suite.aliceLogin.Login + "abc"
+	suite.createInvoiceReqError(10, "test invoice without token", nonExistingLogin)
+}
+
+func TestInvoiceSuite(t *testing.T) {
+	suite.Run(t, new(InvoiceTestSuite))
+}

integration_tests/util.go

@@ -140,12 +140,19 @@ type TestSuite struct {
 	echo *echo.Echo
 }
 
+func checkErrResponse(suite *TestSuite, rec *httptest.ResponseRecorder) *responses.ErrorResponse {
+	errorResponse := &responses.ErrorResponse{}
+	assert.Equal(suite.T(), http.StatusBadRequest, rec.Code)
+	assert.NoError(suite.T(), json.NewDecoder(rec.Body).Decode(errorResponse))
+	return errorResponse
+}
+
 func (suite *TestSuite) createAddInvoiceReq(amt int, memo, token string) *controllers.AddInvoiceResponseBody {
 	rec := httptest.NewRecorder()
 	var buf bytes.Buffer
 	assert.NoError(suite.T(), json.NewEncoder(&buf).Encode(&controllers.AddInvoiceRequestBody{
 		Amount: amt,
-		Memo:   "integration test IncomingPaymentTestSuite",
+		Memo:   memo,
 	}))
 	req := httptest.NewRequest(http.MethodPost, "/addinvoice", &buf)
 	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
@@ -157,6 +164,35 @@ func (suite *TestSuite) createAddInvoiceReq(amt int, memo, token string) *contro
 	return invoiceResponse
 }
 
+func (suite *TestSuite) createInvoiceReq(amt int, memo, userLogin string) *controllers.AddInvoiceResponseBody {
+	rec := httptest.NewRecorder()
+	var buf bytes.Buffer
+	assert.NoError(suite.T(), json.NewEncoder(&buf).Encode(&controllers.AddInvoiceRequestBody{
+		Amount: amt,
+		Memo:   memo,
+	}))
+	req := httptest.NewRequest(http.MethodPost, "/invoice/"+userLogin, &buf)
+	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+	suite.echo.ServeHTTP(rec, req)
+	invoiceResponse := &controllers.AddInvoiceResponseBody{}
+	assert.Equal(suite.T(), http.StatusOK, rec.Code)
+	assert.NoError(suite.T(), json.NewDecoder(rec.Body).Decode(invoiceResponse))
+	return invoiceResponse
+}
+
+func (suite *TestSuite) createInvoiceReqError(amt int, memo, userLogin string) *responses.ErrorResponse {
+	rec := httptest.NewRecorder()
+	var buf bytes.Buffer
+	assert.NoError(suite.T(), json.NewEncoder(&buf).Encode(&controllers.AddInvoiceRequestBody{
+		Amount: amt,
+		Memo:   memo,
+	}))
+	req := httptest.NewRequest(http.MethodPost, "/invoice/"+userLogin, &buf)
+	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+	suite.echo.ServeHTTP(rec, req)
+	return checkErrResponse(suite, rec)
+}
+
 func (suite *TestSuite) createKeySendReq(amount int64, memo, destination, token string) *controllers.KeySendResponseBody {
 	rec := httptest.NewRecorder()
 	var buf bytes.Buffer
@@ -190,11 +226,7 @@ func (suite *TestSuite) createKeySendReqError(amount int64, memo, destination, t
 	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
 	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
 	suite.echo.ServeHTTP(rec, req)
-
-	errorResponse := &responses.ErrorResponse{}
-	assert.Equal(suite.T(), http.StatusBadRequest, rec.Code)
-	assert.NoError(suite.T(), json.NewDecoder(rec.Body).Decode(errorResponse))
-	return errorResponse
+	return checkErrResponse(suite, rec)
 }
 
 func (suite *TestSuite) createPayInvoiceReq(payReq string, token string) *controllers.PayInvoiceResponseBody {
@@ -224,11 +256,7 @@ func (suite *TestSuite) createPayInvoiceReqError(payReq string, token string) *r
 	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
 	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
 	suite.echo.ServeHTTP(rec, req)
-
-	errorResponse := &responses.ErrorResponse{}
-	assert.Equal(suite.T(), http.StatusBadRequest, rec.Code)
-	assert.NoError(suite.T(), json.NewDecoder(rec.Body).Decode(errorResponse))
-	return errorResponse
+	return checkErrResponse(suite, rec)
 }
 
 func (suite *TestSuite) createPayInvoiceReqWithCancel(payReq string, token string) {