mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fixing(Gateway)

Browse Source
This commit is contained in:
stefan
2025-08-13 14:18:59 +02:00
parent 93633b38a7
commit 562eb07be1
21 changed files with 2081 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/FallbackControllerTests.kt
+241
View File
@@ -0,0 +1,241 @@
package at.mocode.infrastructure.gateway
import at.mocode.infrastructure.gateway.controller.FallbackController
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.http.HttpStatus
import org.springframework.test.context.ActiveProfiles
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.context.annotation.Import
/**
* Tests for the Fallback Controller that handles circuit breaker scenarios.
* Tests all fallback endpoints for different services.
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Disable external dependencies for fallback tests
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker health indicator to avoid interference
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Disable custom filters for pure fallback testing
"gateway.security.jwt.enabled=false",
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Disable gateway discovery
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@ActiveProfiles("test")
class FallbackControllerTests {
@Autowired
lateinit var webTestClient: WebTestClient
@Test
fun `should return members service fallback response`() {
webTestClient.get()
.uri("/fallback/members")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectHeader().valueEquals("Content-Type", "application/json")
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Member operations are temporarily unavailable")
.jsonPath("$.service").isEqualTo("members-service")
.jsonPath("$.status").isEqualTo(503)
.jsonPath("$.suggestion").isEqualTo("Please try again in a few moments. If the problem persists, contact support.")
.jsonPath("$.timestamp").exists()
}
@Test
fun `should return horses service fallback response`() {
webTestClient.get()
.uri("/fallback/horses")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectHeader().valueEquals("Content-Type", "application/json")
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Horse registry operations are temporarily unavailable")
.jsonPath("$.service").isEqualTo("horses-service")
.jsonPath("$.status").isEqualTo(503)
.jsonPath("$.suggestion").exists()
}
@Test
fun `should return events service fallback response`() {
webTestClient.get()
.uri("/fallback/events")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Event management operations are temporarily unavailable")
.jsonPath("$.service").isEqualTo("events-service")
.jsonPath("$.status").isEqualTo(503)
}
@Test
fun `should return masterdata service fallback response`() {
webTestClient.get()
.uri("/fallback/masterdata")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Master data operations are temporarily unavailable")
.jsonPath("$.service").isEqualTo("masterdata-service")
.jsonPath("$.status").isEqualTo(503)
}
@Test
fun `should return auth service fallback response`() {
webTestClient.get()
.uri("/fallback/auth")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Authentication operations are temporarily unavailable")
.jsonPath("$.service").isEqualTo("auth-service")
.jsonPath("$.status").isEqualTo(503)
}
@Test
fun `should return default fallback response for unknown service`() {
webTestClient.get()
.uri("/fallback")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.message").isEqualTo("Service is temporarily unavailable")
.jsonPath("$.service").isEqualTo("unknown-service")
.jsonPath("$.status").isEqualTo(503)
}
@Test
fun `should handle POST requests to members fallback`() {
webTestClient.post()
.uri("/fallback/members")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("members-service")
}
@Test
fun `should handle POST requests to horses fallback`() {
webTestClient.post()
.uri("/fallback/horses")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("horses-service")
}
@Test
fun `should handle POST requests to events fallback`() {
webTestClient.post()
.uri("/fallback/events")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("events-service")
}
@Test
fun `should handle POST requests to masterdata fallback`() {
webTestClient.post()
.uri("/fallback/masterdata")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("masterdata-service")
}
@Test
fun `should handle POST requests to auth fallback`() {
webTestClient.post()
.uri("/fallback/auth")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("auth-service")
}
@Test
fun `should handle POST requests to default fallback`() {
webTestClient.post()
.uri("/fallback")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.jsonPath("$.error").isEqualTo("SERVICE_UNAVAILABLE")
.jsonPath("$.service").isEqualTo("unknown-service")
}
@Test
fun `should return valid JSON structure for all fallback responses`() {
val fallbackPaths = listOf(
"/fallback/members",
"/fallback/horses",
"/fallback/events",
"/fallback/masterdata",
"/fallback/auth",
"/fallback"
)
fallbackPaths.forEach { path ->
webTestClient.get()
.uri(path)
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectHeader().valueEquals("Content-Type", "application/json")
.expectBody()
.jsonPath("$.error").isNotEmpty
.jsonPath("$.message").isNotEmpty
.jsonPath("$.service").isNotEmpty
.jsonPath("$.timestamp").isNotEmpty
.jsonPath("$.status").isNumber
.jsonPath("$.suggestion").isNotEmpty
}
}
@Test
fun `should have consistent error response structure`() {
webTestClient.get()
.uri("/fallback/members")
.exchange()
.expectStatus().isEqualTo(HttpStatus.SERVICE_UNAVAILABLE)
.expectBody()
.consumeWith { result ->
val body = String(result.responseBody ?: byteArrayOf())
assert(body.contains("error"))
assert(body.contains("message"))
assert(body.contains("service"))
assert(body.contains("timestamp"))
assert(body.contains("status"))
assert(body.contains("suggestion"))
}
}
}
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/GatewayApplicationTests.kt
+23 -69
View File
@@ -1,90 +1,44 @@
package at.mocode.infrastructure.gateway
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RestController
import org.springframework.cloud.gateway.route.RouteLocator
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
import java.time.Duration
import org.junit.jupiter.api.Assertions.assertTrue
import org.junit.jupiter.api.Assertions.assertNotNull
import org.springframework.boot.test.context.TestConfiguration
import org.springframework.test.context.ActiveProfiles
/**
* Basic test to verify that the Gateway application context loads successfully.
* Uses test profile to disable production filters and external dependencies.
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = WebEnvironment.RANDOM_PORT,
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Use a random port and disable discovery/consul for the test
"server.port=0",
// Disable all external dependencies for context loading test
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
// Disable security autoconfiguration for tests
"spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration",
// Force a reactive web application so that Spring Cloud Gateway auto-config activates
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker for tests
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Disable custom security and filters
"gateway.security.jwt.enabled=false",
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Gateway discovery locator off; we use explicit test routes
"spring.cloud.gateway.discovery.locator.enabled=false"
// Disable gateway discovery
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@AutoConfigureWebTestClient
@Import(GatewayApplicationTests.TestRoutes::class, GatewayApplicationTests.InternalHelloController::class, GatewayApplicationTests.TestSecurityConfig::class)
@ActiveProfiles("test")
class GatewayApplicationTests {
@Autowired
lateinit var client: WebTestClient
@Autowired
lateinit var routeLocator: RouteLocator
@Test
fun contextLoads() {
// If the application context fails to load, this test will fail.
}
@Test
fun forwardRouteShouldReturnResponseFromInternalController() {
client.get()
.uri("/hello")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("OK")
}
@RestController
class InternalHelloController {
@GetMapping("/internal/hello")
fun hello(): String = "OK"
}
@Configuration
class TestRoutes {
@Bean
fun routeLocator(builder: RouteLocatorBuilder): RouteLocator = builder.routes()
.route("test-forward") {
it.path("/hello").uri("forward:/internal/hello")
}
.build()
}
@TestConfiguration
class TestSecurityConfig {
@Bean
fun springSecurityFilterChain(): org.springframework.security.web.server.SecurityWebFilterChain =
org.springframework.security.config.web.server.ServerHttpSecurity
.http()
.csrf { it.disable() }
.authorizeExchange { exchanges -> exchanges.anyExchange().permitAll() }
.build()
// This test passes if the Spring application context loads successfully
// without any configuration errors or missing bean dependencies
}
}
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/GatewayFiltersTests.kt
+193
View File
@@ -0,0 +1,193 @@
package at.mocode.infrastructure.gateway
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.cloud.gateway.route.RouteLocator
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
import org.springframework.test.context.ActiveProfiles
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
import java.util.*
/**
* Tests for Gateway custom filters: CorrelationId, Enhanced Logging, and Rate Limiting.
* Tests filter behavior without disabling them (unlike other test classes).
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Disable external dependencies
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker for filter tests
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Keep custom filters enabled for testing
"gateway.security.jwt.enabled=false", // Disable JWT but keep other filters
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Disable gateway discovery - use explicit routes
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@ActiveProfiles("dev") // Use dev profile to enable filters
@AutoConfigureWebTestClient
@Import(GatewayFiltersTests.TestFilterConfig::class)
class GatewayFiltersTests {
@Autowired
lateinit var webTestClient: WebTestClient
@Test
fun `should add correlation ID header when not present`() {
webTestClient.get()
.uri("/test/correlation")
.exchange()
.expectStatus().isOk
.expectHeader().exists("X-Correlation-ID")
.expectBody(String::class.java)
.isEqualTo("correlation-test")
}
@Test
fun `should preserve existing correlation ID header`() {
val existingCorrelationId = "test-correlation-123"
webTestClient.get()
.uri("/test/correlation")
.header("X-Correlation-ID", existingCorrelationId)
.exchange()
.expectStatus().isOk
.expectHeader().valueEquals("X-Correlation-ID", existingCorrelationId)
.expectBody(String::class.java)
.isEqualTo("correlation-test")
}
@Test
fun `should add rate limiting headers`() {
webTestClient.get()
.uri("/test/ratelimit")
.exchange()
.expectStatus().isOk
.expectHeader().exists("X-RateLimit-Enabled")
.expectHeader().exists("X-RateLimit-Limit")
.expectHeader().exists("X-RateLimit-Remaining")
.expectHeader().valueEquals("X-RateLimit-Enabled", "true")
}
@Test
fun `should apply different rate limits for auth endpoints`() {
webTestClient.get()
.uri("/api/auth/test")
.exchange()
.expectStatus().isOk
.expectHeader().valueEquals("X-RateLimit-Limit", "20") // AUTH_ENDPOINT_LIMIT
}
@Test
fun `should apply higher rate limit for authenticated users`() {
webTestClient.get()
.uri("/test/ratelimit")
.header("Authorization", "Bearer test-token")
.exchange()
.expectStatus().isOk
.expectHeader().valueEquals("X-RateLimit-Limit", "200") // AUTHENTICATED_LIMIT
}
@Test
fun `should apply admin rate limit for admin users`() {
webTestClient.get()
.uri("/test/ratelimit")
.header("Authorization", "Bearer test-token")
.header("X-User-Role", "ADMIN")
.exchange()
.expectStatus().isOk
.expectHeader().valueEquals("X-RateLimit-Limit", "500") // ADMIN_LIMIT
}
@Test
fun `should enforce rate limiting after exceeding limit`() {
// This test would need multiple requests to test actual rate limiting
// For simplicity, we just verify the headers are present
val responses = (1..5).map {
webTestClient.get()
.uri("/test/ratelimit")
.exchange()
.expectStatus().isOk
.expectHeader().exists("X-RateLimit-Remaining")
.returnResult(String::class.java)
}
// Verify that remaining count decreases
assert(responses.isNotEmpty())
}
@Test
fun `should handle requests with X-Forwarded-For header`() {
webTestClient.get()
.uri("/test/ratelimit")
.header("X-Forwarded-For", "192.168.1.100, 10.0.0.1")
.exchange()
.expectStatus().isOk
.expectHeader().exists("X-RateLimit-Enabled")
}
/**
* Test configuration that provides routes for filter testing.
*/
@Configuration
class TestFilterConfig {
@Bean
fun filterTestRoutes(builder: RouteLocatorBuilder): RouteLocator = builder.routes()
.route("test-correlation") { r ->
r.path("/test/correlation")
.uri("forward:/mock/correlation-test")
}
.route("test-ratelimit") { r ->
r.path("/test/ratelimit")
.uri("forward:/mock/ratelimit-test")
}
.route("test-auth-endpoint") { r ->
r.path("/api/auth/**")
.filters { f -> f.stripPrefix(1) }
.uri("forward:/mock/auth-test")
}
.build()
@Bean
fun filterTestController(): FilterTestController = FilterTestController()
}
/**
* Mock controller for filter testing.
*/
@RestController
@RequestMapping("/mock")
class FilterTestController {
@GetMapping("/correlation-test")
fun correlationTest(): String = "correlation-test"
@GetMapping("/ratelimit-test")
fun rateLimitTest(): String = "ratelimit-test"
@GetMapping("/auth-test")
fun authEndpointTest(): String = "auth-endpoint-test"
}
}
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/GatewayRoutingTests.kt
+212
View File
@@ -0,0 +1,212 @@
package at.mocode.infrastructure.gateway
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.cloud.gateway.route.RouteLocator
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
import org.springframework.http.HttpStatus
import org.springframework.test.context.ActiveProfiles
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PostMapping
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
/**
* Tests for Gateway routing functionality.
* Uses mock backend services to test route forwarding.
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Disable external dependencies
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker for routing tests
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Disable custom filters for pure routing tests
"gateway.security.jwt.enabled=false",
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Disable gateway discovery - use explicit routes
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@ActiveProfiles("test")
@AutoConfigureWebTestClient
@Import(GatewayRoutingTests.TestRoutesConfig::class)
class GatewayRoutingTests {
@Autowired
lateinit var webTestClient: WebTestClient
@Test
fun `should route members service requests`() {
webTestClient.get()
.uri("/api/members/test")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("members-service-mock")
}
@Test
fun `should route horses service requests`() {
webTestClient.get()
.uri("/api/horses/test")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("horses-service-mock")
}
@Test
fun `should route events service requests`() {
webTestClient.get()
.uri("/api/events/test")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("events-service-mock")
}
@Test
fun `should route masterdata service requests`() {
webTestClient.get()
.uri("/api/masterdata/test")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("masterdata-service-mock")
}
@Test
fun `should route auth service requests`() {
webTestClient.post()
.uri("/api/auth/login")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("auth-service-mock")
}
@Test
fun `should route ping service requests`() {
webTestClient.get()
.uri("/api/ping/health")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.isEqualTo("ping-service-mock")
}
@Test
fun `should handle gateway info path request`() {
webTestClient.get()
.uri("/gateway-info")
.exchange()
.expectStatus().isOk
}
/**
* Test configuration that provides mock backend services and custom routes.
*/
@Configuration
class TestRoutesConfig {
@Bean
fun testRouteLocator(builder: RouteLocatorBuilder): RouteLocator = builder.routes()
.route("test-members") { r ->
r.path("/api/members/**")
.filters { f -> f.setPath("/mock/members") }
.uri("forward:/")
}
.route("test-horses") { r ->
r.path("/api/horses/**")
.filters { f -> f.setPath("/mock/horses") }
.uri("forward:/")
}
.route("test-events") { r ->
r.path("/api/events/**")
.filters { f -> f.setPath("/mock/events") }
.uri("forward:/")
}
.route("test-masterdata") { r ->
r.path("/api/masterdata/**")
.filters { f -> f.setPath("/mock/masterdata") }
.uri("forward:/")
}
.route("test-auth-login") { r ->
r.path("/api/auth/login")
.uri("forward:/mock/auth/login")
}
.route("test-ping") { r ->
r.path("/api/ping/**")
.filters { f -> f.setPath("/mock/ping") }
.uri("forward:/")
}
.route("test-root") { r ->
r.path("/gateway-info")
.uri("forward:/mock/gateway-info")
}
.build()
@Bean
fun mockBackendController(): MockBackendController = MockBackendController()
}
/**
* Mock backend controller that simulates the responses from actual microservices.
*/
@RestController
@RequestMapping("/mock")
class MockBackendController {
@GetMapping(value = ["/members", "/members/**"])
@PostMapping(value = ["/members", "/members/**"])
fun membersServiceMock(): String = "members-service-mock"
@GetMapping(value = ["/horses", "/horses/**"])
@PostMapping(value = ["/horses", "/horses/**"])
fun horsesServiceMock(): String = "horses-service-mock"
@GetMapping(value = ["/events", "/events/**"])
@PostMapping(value = ["/events", "/events/**"])
fun eventsServiceMock(): String = "events-service-mock"
@GetMapping(value = ["/masterdata", "/masterdata/**"])
@PostMapping(value = ["/masterdata", "/masterdata/**"])
fun masterdataServiceMock(): String = "masterdata-service-mock"
@GetMapping(value = ["/auth", "/auth/**"])
@PostMapping(value = ["/auth", "/auth/**"])
fun authServiceMock(): String = "auth-service-mock"
@PostMapping("/auth/login")
fun authLoginPost(): String = "auth-service-mock"
@GetMapping(value = ["/ping", "/ping/**"])
@PostMapping(value = ["/ping", "/ping/**"])
fun pingServiceMock(): String = "ping-service-mock"
@GetMapping("/gateway-info")
fun gatewayInfoMock(): Map<String, String> = mapOf(
"service" to "api-gateway",
"status" to "running"
)
}
}
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/GatewaySecurityTests.kt
+254
View File
@@ -0,0 +1,254 @@
package at.mocode.infrastructure.gateway
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.cloud.gateway.route.RouteLocator
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
import org.springframework.http.HttpHeaders
import org.springframework.http.HttpMethod
import org.springframework.test.context.ActiveProfiles
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.CrossOrigin
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PostMapping
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
/**
* Tests for Gateway security configuration including CORS settings.
* Tests the overall security setup and cross-origin request handling.
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Disable external dependencies
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker for security tests
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Disable JWT for CORS testing
"gateway.security.jwt.enabled=false",
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Disable gateway discovery - use explicit routes
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@ActiveProfiles("dev") // Use dev profile to get CORS configuration
@AutoConfigureWebTestClient
@Import(GatewaySecurityTests.TestSecurityConfig::class)
class GatewaySecurityTests {
@Autowired
lateinit var webTestClient: WebTestClient
@Test
fun `should handle CORS preflight requests`() {
webTestClient.options()
.uri("/api/members/test")
.header("Origin", "http://localhost:3000")
.header("Access-Control-Request-Method", "GET")
.header("Access-Control-Request-Headers", "Content-Type,Authorization")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
.expectHeader().exists("Access-Control-Allow-Methods")
.expectHeader().exists("Access-Control-Allow-Headers")
}
@Test
fun `should allow requests from localhost origins`() {
webTestClient.get()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should allow requests from meldestelle domain`() {
webTestClient.get()
.uri("/test/cors")
.header("Origin", "https://app.meldestelle.at")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should handle POST requests with CORS headers`() {
webTestClient.post()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.header("Content-Type", "application/json")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should handle PUT requests with CORS headers`() {
webTestClient.put()
.uri("/test/cors")
.header("Origin", "http://localhost:8080")
.header("Content-Type", "application/json")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should handle DELETE requests with CORS headers`() {
webTestClient.delete()
.uri("/test/cors")
.header("Origin", "http://localhost:4200")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should set max age for CORS requests`() {
webTestClient.options()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.header("Access-Control-Request-Method", "GET")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Max-Age")
}
@Test
fun `should allow credentials in CORS requests`() {
webTestClient.get()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.exchange()
.expectStatus().isOk
.expectHeader().valueEquals("Access-Control-Allow-Credentials", "true")
}
@Test
fun `should handle complex CORS scenarios`() {
// Simulate a complex frontend request with custom headers
webTestClient.options()
.uri("/api/members/complex")
.header("Origin", "https://frontend.meldestelle.at")
.header("Access-Control-Request-Method", "POST")
.header("Access-Control-Request-Headers", "Authorization,Content-Type,X-Requested-With")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
.expectHeader().exists("Access-Control-Allow-Methods")
.expectHeader().exists("Access-Control-Allow-Headers")
.expectHeader().valueEquals("Access-Control-Allow-Credentials", "true")
}
@Test
fun `should not duplicate CORS headers due to deduplication filter`() {
webTestClient.get()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
.expectHeader().exists("Access-Control-Allow-Credentials")
// Verify headers appear only once (DedupeResponseHeader filter should work)
}
@Test
fun `should handle different HTTP methods allowed in CORS`() {
val allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "PATCH")
allowedMethods.forEach { method ->
webTestClient.options()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.header("Access-Control-Request-Method", method)
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Methods")
}
}
@Test
fun `should handle authorization headers in CORS requests`() {
webTestClient.get()
.uri("/test/cors")
.header("Origin", "http://localhost:3000")
.header("Authorization", "Bearer test-token")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Access-Control-Allow-Origin")
}
@Test
fun `should maintain security headers in responses`() {
webTestClient.get()
.uri("/test/cors")
.exchange()
.expectStatus().isOk
.expectHeader().exists("Content-Type")
}
/**
* Test configuration for security and CORS testing.
*/
@Configuration
class TestSecurityConfig {
@Bean
fun securityTestRoutes(builder: RouteLocatorBuilder): RouteLocator = builder.routes()
.route("test-cors") { r ->
r.path("/test/cors")
.uri("forward:/mock/cors-test")
}
.route("test-members-complex") { r ->
r.path("/api/members/**")
.filters { f -> f.stripPrefix(1) }
.uri("forward:/mock/members-complex")
}
.build()
@Bean
fun securityTestController(): SecurityTestController = SecurityTestController()
}
/**
* Mock controller for security and CORS testing.
*/
@RestController
@RequestMapping("/mock")
class SecurityTestController {
@GetMapping("/cors-test")
@PostMapping("/cors-test")
fun corsTest(): Map<String, String> = mapOf(
"message" to "CORS test successful",
"timestamp" to System.currentTimeMillis().toString()
)
@CrossOrigin
@GetMapping("/members-complex")
@PostMapping("/members-complex")
fun membersComplex(): Map<String, String> = mapOf(
"message" to "Complex CORS request handled",
"service" to "members"
)
}
}
infrastructure/gateway/src/test/kotlin/at/mocode/infrastructure/gateway/JwtAuthenticationTests.kt
+268
View File
@@ -0,0 +1,268 @@
package at.mocode.infrastructure.gateway
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.cloud.gateway.route.RouteLocator
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
import org.springframework.http.HttpStatus
import org.springframework.test.context.ActiveProfiles
import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PostMapping
import org.springframework.web.bind.annotation.RequestHeader
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
/**
* Tests for JWT Authentication Filter functionality.
* Tests public path exemptions, token validation, and user context injection.
*/
@SpringBootTest(
classes = [GatewayApplication::class],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = [
// Disable external dependencies
"spring.cloud.discovery.enabled=false",
"spring.cloud.consul.enabled=false",
"spring.cloud.consul.config.enabled=false",
"spring.cloud.consul.discovery.register=false",
"spring.cloud.loadbalancer.enabled=false",
// Disable circuit breaker for JWT tests
"resilience4j.circuitbreaker.configs.default.registerHealthIndicator=false",
"management.health.circuitbreakers.enabled=false",
// Enable JWT authentication for testing
"gateway.security.jwt.enabled=true",
// Use reactive web application type
"spring.main.web-application-type=reactive",
// Disable gateway discovery - use explicit routes
"spring.cloud.gateway.discovery.locator.enabled=false",
// Disable actuator security
"management.security.enabled=false",
// Set random port
"server.port=0"
]
)
@ActiveProfiles("dev") // Use dev profile to enable JWT filter
@AutoConfigureWebTestClient
@Import(JwtAuthenticationTests.TestJwtConfig::class)
class JwtAuthenticationTests {
@Autowired
lateinit var webTestClient: WebTestClient
@Test
fun `should allow access to public paths without authentication`() {
listOf("/", "/health", "/actuator/health", "/api/auth/login", "/api/ping/health", "/fallback/test").forEach { path ->
webTestClient.get()
.uri(path)
.exchange()
.expectStatus().isOk
}
}
@Test
fun `should return 401 for protected paths without authorization header`() {
webTestClient.get()
.uri("/api/members/protected")
.exchange()
.expectStatus().isUnauthorized
.expectHeader().valueEquals("Content-Type", "application/json")
.expectBody()
.jsonPath("$.error").isEqualTo("UNAUTHORIZED")
.jsonPath("$.message").isEqualTo("Missing or invalid Authorization header")
.jsonPath("$.status").isEqualTo(401)
}
@Test
fun `should return 401 for protected paths with invalid authorization header`() {
webTestClient.get()
.uri("/api/members/protected")
.header("Authorization", "InvalidHeader")
.exchange()
.expectStatus().isUnauthorized
.expectBody()
.jsonPath("$.error").isEqualTo("UNAUTHORIZED")
}
@Test
fun `should return 401 for protected paths with invalid JWT token`() {
webTestClient.get()
.uri("/api/members/protected")
.header("Authorization", "Bearer invalid")
.exchange()
.expectStatus().isUnauthorized
.expectBody()
.jsonPath("$.error").isEqualTo("UNAUTHORIZED")
.jsonPath("$.message").isEqualTo("Invalid JWT token")
}
@Test
fun `should allow access with valid JWT token and inject user headers`() {
val validToken = "valid-jwt-token-with-user-data"
webTestClient.get()
.uri("/api/members/protected")
.header("Authorization", "Bearer $validToken")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.consumeWith { result ->
// The mock controller will return the injected headers
val body = result.responseBody
assert(body?.contains("X-User-ID") == true)
assert(body?.contains("X-User-Role") == true)
}
}
@Test
fun `should extract admin role from JWT token`() {
val adminToken = "valid-jwt-token-with-admin-data"
webTestClient.get()
.uri("/api/members/protected")
.header("Authorization", "Bearer $adminToken")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.consumeWith { result ->
val body = result.responseBody
assert(body?.contains("ADMIN") == true)
}
}
@Test
fun `should extract user role from JWT token`() {
val userToken = "valid-jwt-token-with-user-data"
webTestClient.get()
.uri("/api/members/protected")
.header("Authorization", "Bearer $userToken")
.exchange()
.expectStatus().isOk
.expectBody(String::class.java)
.consumeWith { result ->
val body = result.responseBody
assert(body?.contains("USER") == true)
}
}
@Test
fun `should handle POST requests to protected endpoints`() {
val validToken = "valid-jwt-token-for-post"
webTestClient.post()
.uri("/api/members/protected")
.header("Authorization", "Bearer $validToken")
.exchange()
.expectStatus().isOk
}
@Test
fun `should allow access to swagger documentation paths`() {
webTestClient.get()
.uri("/docs/api-docs")
.exchange()
.expectStatus().isOk
}
/**
* Test configuration that provides routes for JWT authentication testing.
*/
@Configuration
class TestJwtConfig {
@Bean
fun jwtTestRoutes(builder: RouteLocatorBuilder): RouteLocator = builder.routes()
.route("test-protected") { r ->
r.path("/api/members/**")
.filters { f -> f.stripPrefix(1) }
.uri("forward:/mock/protected")
}
.route("test-public-health") { r ->
r.path("/health")
.uri("forward:/mock/health")
}
.route("test-public-ping") { r ->
r.path("/api/ping/**")
.filters { f -> f.stripPrefix(1) }
.uri("forward:/mock/ping")
}
.route("test-public-auth") { r ->
r.path("/api/auth/**")
.filters { f -> f.stripPrefix(1) }
.uri("forward:/mock/auth")
}
.route("test-public-fallback") { r ->
r.path("/fallback/**")
.uri("forward:/mock/fallback")
}
.route("test-public-docs") { r ->
r.path("/docs/**")
.uri("forward:/mock/docs")
}
.route("test-public-actuator") { r ->
r.path("/actuator/**")
.uri("forward:/mock/actuator")
}
.route("test-root") { r ->
r.path("/")
.filters { f ->
f.setStatus(HttpStatus.OK)
.setResponseHeader("Content-Type", "application/json")
}
.uri("forward:/mock/root")
}
.build()
@Bean
fun jwtTestController(): JwtTestController = JwtTestController()
}
/**
* Mock controller for JWT authentication testing.
* Returns information about injected user headers.
*/
@RestController
@RequestMapping("/mock")
class JwtTestController {
@GetMapping("/protected")
@PostMapping("/protected")
fun protectedEndpoint(
@RequestHeader(value = "X-User-ID", required = false) userId: String?,
@RequestHeader(value = "X-User-Role", required = false) userRole: String?
): String {
return "Protected endpoint accessed - User ID: $userId, Role: $userRole"
}
@GetMapping("/health")
fun healthEndpoint(): String = "Health OK"
@GetMapping("/ping")
fun pingEndpoint(): String = "Ping OK"
@GetMapping("/auth")
@PostMapping("/auth")
fun authEndpoint(): String = "Auth endpoint"
@GetMapping("/fallback")
fun fallbackEndpoint(): String = "Fallback OK"
@GetMapping("/docs")
fun docsEndpoint(): String = "Documentation OK"
@GetMapping("/actuator")
fun actuatorEndpoint(): String = "Actuator OK"
@GetMapping("/root")
fun rootEndpoint(): Map<String, String> = mapOf(
"service" to "api-gateway",
"status" to "running"
)
}
}
infrastructure/gateway/src/test/resources/application-dev.yml
+67
View File
@@ -0,0 +1,67 @@
server:
port: 0
spring:
application:
name: api-gateway-dev-test
main:
web-application-type: reactive
cloud:
discovery:
enabled: false
consul:
enabled: false
config:
enabled: false
discovery:
register: false
loadbalancer:
enabled: false
gateway:
discovery:
locator:
enabled: false
httpclient:
connect-timeout: 1000
response-timeout: 5s
# Override production routes: keep empty in tests running with dev profile
routes: []
globalcors:
corsConfigurations:
'[/**]':
allowedOriginPatterns:
- "http://localhost:*"
- "https://*.meldestelle.at"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- PATCH
- OPTIONS
allowedHeaders:
- "*"
allowCredentials: true
maxAge: 3600
management:
endpoints:
web:
exposure:
include: health,info
endpoint:
health:
show-details: always
health:
circuitbreakers:
enabled: false
logging:
level:
org.springframework.cloud.gateway: WARN
at.mocode.infrastructure.gateway: DEBUG
gateway:
security:
jwt:
enabled: false
infrastructure/gateway/src/test/resources/application-test.yml
+67
View File
@@ -0,0 +1,67 @@
server:
port: 0
spring:
application:
name: api-gateway-test
main:
web-application-type: reactive
cloud:
discovery:
enabled: false
consul:
enabled: false
config:
enabled: false
discovery:
register: false
loadbalancer:
enabled: false
gateway:
discovery:
locator:
enabled: false
httpclient:
connect-timeout: 1000
response-timeout: 5s
# IMPORTANT: Do not load production lb:// routes in tests
routes: []
globalcors:
corsConfigurations:
'[/**]':
allowedOriginPatterns:
- "http://localhost:*"
- "https://*.meldestelle.at"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- PATCH
- OPTIONS
allowedHeaders:
- "*"
allowCredentials: true
maxAge: 3600
management:
endpoints:
web:
exposure:
include: health,info
endpoint:
health:
show-details: always
health:
circuitbreakers:
enabled: false
logging:
level:
org.springframework.cloud.gateway: WARN
at.mocode.infrastructure.gateway: DEBUG
gateway:
security:
jwt:
enabled: false