From e7abb22c5ed34746eb61da2f29a5fcc2c1b61b7f Mon Sep 17 00:00:00 2001
From: Eric Phillips <eric@ewpt3ch.com>
Date: Wed, 6 May 2026 14:12:04 -0600
Subject: [PATCH] handler tests complete

---
 handler_test.go | 132 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 126 insertions(+), 6 deletions(-)

diff --git a/handler_test.go b/handler_test.go
index 7ab693e..9f98081 100644
--- a/handler_test.go
+++ b/handler_test.go
@@ -6,17 +6,23 @@ import (
 	"log/slog"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 
 	"github.com/ewpt3ch/pkgstash/internal/cache"
 )
 
-func newTestServer(t *testing.T) (*httptest.Server, *Server) {
+var (
+	mirrorOK  = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { fmt.Fprint(w, "fake pkg data") })
+	mirror404 = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusNotFound) })
+)
+
+const testUrlBase = "/core/os/x86_64"
+
+func newTestServer(t *testing.T, mirrorHandler http.HandlerFunc) (*httptest.Server, *Server) {
 	t.Helper()
 
-	mirror := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fmt.Fprint(w, "fake pkg data")
-	}))
+	mirror := httptest.NewServer(mirrorHandler)
 	t.Cleanup(func() { mirror.Close() })
 
 	c := cache.NewCache(t.TempDir(), []string{mirror.URL + "/"}, []string{"core"})
@@ -45,9 +51,12 @@ func TestHandlerPkgsExist(t *testing.T) {
 	const expected = "fake pkg data"
 	const expectedFile = "attachment; filename=somepkg.tar.zst"
 
-	ts, _ := newTestServer(t)
+	ts, _ := newTestServer(t, mirrorOK)
 
-	resp, err := http.Get(ts.URL + "/core/os/x86_64/somepkg.tar.zst")
+	resp, err := http.Get(ts.URL + testUrlBase + "/somepkg.tar.zst")
+	if err != nil {
+		t.Fatalf("GET failed: %v", err)
+	}
 
 	respFile := resp.Header.Get("Content-Disposition")
 
@@ -66,3 +75,114 @@ func TestHandlerPkgsExist(t *testing.T) {
 		t.Errorf("expected %s got %s", expected, string(data))
 	}
 }
+
+func TestHandlerPkgsMiss(t *testing.T) {
+
+	ts, _ := newTestServer(t, mirror404)
+
+	resp, err := http.Get(ts.URL + testUrlBase + "/somepkg.tar.zst")
+	if err != nil {
+		t.Fatalf("GET failed %v", err)
+	}
+	if resp.StatusCode != http.StatusNotFound {
+		t.Errorf("expected 404 got %d", resp.StatusCode)
+	}
+}
+
+func TestHandlerPkgsDBSig(t *testing.T) {
+
+	ts, _ := newTestServer(t, mirrorOK)
+
+	resp, err := http.Get(ts.URL + testUrlBase + "/core.db.sig")
+	if err != nil {
+		t.Fatalf("GET failed %v", err)
+	}
+	if resp.StatusCode != http.StatusNotFound {
+		t.Errorf("expected 404 got %d", resp.StatusCode)
+	}
+}
+
+func TestHandlerRefreshUnauthorized(t *testing.T) {
+
+	ts, _ := newTestServer(t, mirrorOK)
+
+	req, err := http.NewRequest("POST", ts.URL+"/api/refresh", nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	req.Header.Set("Authorization", "Bearer badtoken")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("POST failed: %v", err)
+	}
+	if resp.StatusCode != http.StatusUnauthorized {
+		t.Errorf("expected %d got %d", http.StatusUnauthorized, resp.StatusCode)
+	}
+}
+
+func TestHandlerRefreshOK(t *testing.T) {
+
+	ts, _ := newTestServer(t, mirrorOK)
+
+	req, err := http.NewRequest("POST", ts.URL+"/api/refresh", nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	req.Header.Set("Authorization", "Bearer testtoken")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("POST failed: %v", err)
+	}
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("expected %d got %d", http.StatusNoContent, resp.StatusCode)
+	}
+}
+
+func TestHandlerLogLevelValid(t *testing.T) {
+
+	ts, srv := newTestServer(t, mirrorOK)
+
+	body := strings.NewReader(`{"loglevel": "debug"}`)
+	req, err := http.NewRequest("POST", ts.URL+"/api/loglevel", body)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer testtoken")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("POST failed: %v", err)
+	}
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("expected %d got %d", http.StatusNoContent, resp.StatusCode)
+	}
+	got := srv.logLevel.Level()
+	if got != slog.LevelDebug {
+		t.Errorf("expected DEBUG got %s", got)
+	}
+}
+
+func TestHandlerLogLevelInvalid(t *testing.T) {
+
+	ts, srv := newTestServer(t, mirrorOK)
+
+	body := strings.NewReader(`{"loglevel": "what"}`)
+	req, err := http.NewRequest("POST", ts.URL+"/api/loglevel", body)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer testtoken")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("POST failed: %v", err)
+	}
+	if resp.StatusCode != http.StatusBadRequest {
+		t.Errorf("expected %d got %d", http.StatusBadRequest, resp.StatusCode)
+	}
+	got := srv.logLevel.Level()
+	if got != slog.LevelInfo {
+		t.Errorf("expected INFO got %s", got)
+	}
+
+}