Skip to content

Add router tests for /assets/ access control#679

Merged
perber merged 3 commits intofix/assets-are-public-accessiblefrom
copilot/sub-pr-678
Feb 11, 2026
Merged

Add router tests for /assets/ access control#679
perber merged 3 commits intofix/assets-are-public-accessiblefrom
copilot/sub-pr-678

Conversation

Copy link
Contributor

Copilot AI commented Feb 11, 2026
edited
Loading

The new conditional /assets/ routing (public when PublicAccess/AuthDisabled, auth-required otherwise) lacked test coverage for the static file route itself.

Changes

  • Test helper: uploadTestAsset() creates page, uploads asset, handles auth/CSRF tokens
  • Test scenarios:
    • Private mode + no auth → 401
    • Private mode + auth → 200
    • Public access + no auth → 200
    • Auth disabled + no auth → 200

Each test verifies both status code and file content to ensure the routing logic in router.go:61-72 prevents unauthorized access regressions.

// Upload asset with auth, verify unauthenticated access fails
assetURL, _ := uploadTestAsset(t, router, w, "content", true)
req := httptest.NewRequest(http.MethodGet, assetURL, nil)
rec := httptest.NewRecorder()
router.ServeHTTP(rec, req)
assert.Equal(t, http.StatusUnauthorized, rec.Code)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Feb 11, 2026
Merged
Copilot AI and others added 2 commits February 11, 2026 17:04
@perber
Add comprehensive tests for asset access control
ac22bdb 
Co-authored-by: perber <6125824+perber@users.noreply.github.com>
@perber
Refactor tests to reduce code duplication using helper function
4ccd86d 
Co-authored-by: perber <6125824+perber@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix public access issue for /assets/ based on review Add router tests for /assets/ access control Feb 11, 2026
Copilot AI requested a review from perber February 11, 2026 17:10
@perber perber marked this pull request as ready for review February 11, 2026 17:10
@perber perber merged commit 024a66e into fix/assets-are-public-accessible Feb 11, 2026
perber added a commit that referenced this pull request Feb 11, 2026
@perber
fix: /assets/ is publicly accessible when when public access is dis… (
a70419e 
#678)

* fix: `/assets/` is publicly accessible when when public access is disabled

* Update internal/http/router.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Add router tests for `/assets/` access control (#679)

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@perber perber Awaiting requested review from perber

Assignees

@perber perber

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@perber