Skip to content

Add router tests for /assets/ access control #679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
perber merged 3 commits into from
Feb 11, 2026
Merged

Add router tests for /assets/ access control #679

perber merged 3 commits into from
Feb 11, 2026

Conversation

Copy link
Contributor

Copilot AI commented Feb 11, 2026
edited
Loading

The new conditional /assets/ routing (public when PublicAccess/AuthDisabled, auth-required otherwise) lacked test coverage for the static file route itself.

Changes

  • Test helper: uploadTestAsset() creates page, uploads asset, handles auth/CSRF tokens
  • Test scenarios:
    • Private mode + no auth → 401
    • Private mode + auth → 200
    • Public access + no auth → 200
    • Auth disabled + no auth → 200

Each test verifies both status code and file content to ensure the routing logic in router.go:61-72 prevents unauthorized access regressions.

// Upload asset with auth, verify unauthenticated access fails
assetURL, _ := uploadTestAsset(t, router, w, "content", true)
req := httptest.NewRequest(http.MethodGet, assetURL, nil)
rec := httptest.NewRecorder()
router.ServeHTTP(rec, req)
assert.Equal(t, http.StatusUnauthorized, rec.Code)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Feb 11, 2026
Merged
Copilot AI and others added 2 commits February 11, 2026 17:04
@perber
Add comprehensive tests for asset access control
ac22bdb 
Co-authored-by: perber <6125824+perber@users.noreply.github.com>
@perber
Refactor tests to reduce code duplication using helper function
4ccd86d 
Co-authored-by: perber <6125824+perber@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix public access issue for /assets/ based on review Add router tests for /assets/ access control Feb 11, 2026
Copilot AI requested a review from perber February 11, 2026 17:10
@perber perber marked this pull request as ready for review February 11, 2026 17:10
@perber perber merged commit 024a66e into fix/assets-are-public-accessible Feb 11, 2026
perber added a commit that referenced this pull request Feb 11, 2026
@perber
fix: /assets/ is publicly accessible when when public access is dis… (
a70419e 
#678)

* fix: `/assets/` is publicly accessible when when public access is disabled

* Update internal/http/router.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Add router tests for `/assets/` access control (#679)

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@perber perber Awaiting requested review from perber

Assignees

@perber perber

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@perber