mirror of
https://github.com/navidrome/navidrome.git
synced 2026-06-19 07:37:15 +00:00
Deluan Quintão
a84f092d00
* fix: require admin for radio mutations Subsonic internet radio station mutation endpoints are admin-only in the Subsonic and OpenSubsonic specs, but the router only required an authenticated player. Add a reusable Subsonic admin middleware and apply it to create, update, and delete radio routes while leaving the list endpoint available to authenticated users. Cover the middleware and router behavior with unit and e2e tests. * fix: streamline admin-only routes for internet radio station management Signed-off-by: Deluan <deluan@navidrome.org> * fix: use admin-only middleware for starting scans Signed-off-by: Deluan <deluan@navidrome.org> * test: align start scan authorization coverage StartScan authorization now lives in the shared Subsonic admin middleware instead of the handler. Remove the obsolete direct handler unit assertion so the package tests reflect the route-level guard covered by middleware and e2e tests. * fix: require admin for getUsers The Subsonic getUsers endpoint exposes user-list semantics and should use the same shared admin middleware as other admin-only management endpoints. Apply the route-level guard while leaving getUser unchanged, and update the multi-user e2e coverage to expect regular users to receive an authorization failure. * test: cover admin-only Subsonic access Add e2e coverage that admins can still call getUsers after the route-level guard and that regular authenticated users can still list internet radio stations. These cases capture the access boundaries raised during PR review. --------- Signed-off-by: Deluan <deluan@navidrome.org>
134 lines
4.6 KiB
Go
134 lines
4.6 KiB
Go
package e2e
|
|
|
|
import (
|
|
"github.com/navidrome/navidrome/server/subsonic/responses"
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
var _ = Describe("Internet Radio Endpoints", Ordered, func() {
|
|
var radioID string
|
|
|
|
BeforeAll(func() {
|
|
setupTestDB()
|
|
})
|
|
|
|
It("getInternetRadioStations returns empty initially", func() {
|
|
resp := doReq("getInternetRadioStations")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.InternetRadioStations).ToNot(BeNil())
|
|
Expect(resp.InternetRadioStations.Radios).To(BeEmpty())
|
|
})
|
|
|
|
It("createInternetRadioStation adds a station", func() {
|
|
resp := doReq("createInternetRadioStation",
|
|
"streamUrl", "https://stream.example.com/radio",
|
|
"name", "Test Radio",
|
|
"homepageUrl", "https://example.com",
|
|
)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
})
|
|
|
|
It("getInternetRadioStations returns the created station", func() {
|
|
resp := doReq("getInternetRadioStations")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.InternetRadioStations).ToNot(BeNil())
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
|
|
radio := resp.InternetRadioStations.Radios[0]
|
|
Expect(radio.Name).To(Equal("Test Radio"))
|
|
Expect(radio.StreamUrl).To(Equal("https://stream.example.com/radio"))
|
|
Expect(radio.HomepageUrl).To(Equal("https://example.com"))
|
|
radioID = radio.ID
|
|
Expect(radioID).ToNot(BeEmpty())
|
|
})
|
|
|
|
It("getInternetRadioStations remains available to regular users", func() {
|
|
resp := doReqWithUser(regularUser, "getInternetRadioStations")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.InternetRadioStations).ToNot(BeNil())
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
Expect(resp.InternetRadioStations.Radios[0].Name).To(Equal("Test Radio"))
|
|
})
|
|
|
|
It("createInternetRadioStation requires admin user", func() {
|
|
resp := doReqWithUser(regularUser, "createInternetRadioStation",
|
|
"streamUrl", "https://stream.example.com/hacked",
|
|
"name", "Hacked Radio",
|
|
)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusFailed))
|
|
Expect(resp.Error).ToNot(BeNil())
|
|
Expect(resp.Error.Code).To(Equal(responses.ErrorAuthorizationFail))
|
|
|
|
resp = doReq("getInternetRadioStations")
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
Expect(resp.InternetRadioStations.Radios[0].Name).To(Equal("Test Radio"))
|
|
})
|
|
|
|
It("updateInternetRadioStation modifies the station", func() {
|
|
resp := doReq("updateInternetRadioStation",
|
|
"id", radioID,
|
|
"streamUrl", "https://stream.example.com/radio-v2",
|
|
"name", "Updated Radio",
|
|
"homepageUrl", "https://updated.example.com",
|
|
)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
|
|
// Verify update
|
|
resp = doReq("getInternetRadioStations")
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
Expect(resp.InternetRadioStations.Radios[0].Name).To(Equal("Updated Radio"))
|
|
Expect(resp.InternetRadioStations.Radios[0].StreamUrl).To(Equal("https://stream.example.com/radio-v2"))
|
|
Expect(resp.InternetRadioStations.Radios[0].HomepageUrl).To(Equal("https://updated.example.com"))
|
|
})
|
|
|
|
It("updateInternetRadioStation requires admin user", func() {
|
|
resp := doReqWithUser(regularUser, "updateInternetRadioStation",
|
|
"id", radioID,
|
|
"streamUrl", "https://stream.example.com/hacked",
|
|
"name", "Hacked Radio",
|
|
)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusFailed))
|
|
Expect(resp.Error).ToNot(BeNil())
|
|
Expect(resp.Error.Code).To(Equal(responses.ErrorAuthorizationFail))
|
|
|
|
resp = doReq("getInternetRadioStations")
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
Expect(resp.InternetRadioStations.Radios[0].Name).To(Equal("Updated Radio"))
|
|
Expect(resp.InternetRadioStations.Radios[0].StreamUrl).To(Equal("https://stream.example.com/radio-v2"))
|
|
})
|
|
|
|
It("deleteInternetRadioStation requires admin user", func() {
|
|
resp := doReqWithUser(regularUser, "deleteInternetRadioStation", "id", radioID)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusFailed))
|
|
Expect(resp.Error).ToNot(BeNil())
|
|
Expect(resp.Error.Code).To(Equal(responses.ErrorAuthorizationFail))
|
|
|
|
resp = doReq("getInternetRadioStations")
|
|
Expect(resp.InternetRadioStations.Radios).To(HaveLen(1))
|
|
Expect(resp.InternetRadioStations.Radios[0].ID).To(Equal(radioID))
|
|
})
|
|
|
|
It("deleteInternetRadioStation removes it", func() {
|
|
resp := doReq("deleteInternetRadioStation", "id", radioID)
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
})
|
|
|
|
It("getInternetRadioStations returns empty after deletion", func() {
|
|
resp := doReq("getInternetRadioStations")
|
|
|
|
Expect(resp.Status).To(Equal(responses.StatusOK))
|
|
Expect(resp.InternetRadioStations).ToNot(BeNil())
|
|
Expect(resp.InternetRadioStations.Radios).To(BeEmpty())
|
|
})
|
|
})
|