molecule-ai/molecule-core
36
0
Fork 2
Code Issues 4 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
408e308ce5
molecule-core/workspace-server/internal/handlers/webhooks_test.go
Hongming Wang b4cd78729d
fix(platform-go-ci): align test mocks with schema drift + org_id context contract (#1755) 
* fix(platform-go-ci): align test mocks with schema drift + org_id context contract

Reduces Platform (Go) CI failures from 12 to 2 (both remaining are pre-existing
on origin/main and unrelated to this PR's scope).

Schema drift fixes (sqlmock column counts misaligned with current prod Scans):
- `orgtoken/tokens_test.go`: Validate query gained `org_id` column post-migration
  036 — updated 3 TestValidate_* tests from 2-col to 3-col ExpectQuery.
- `handlers/handlers_test.go` + `_additional_test.go`: `scanWorkspaceRow` now
  has 21 cols (`max_concurrent_tasks` inserted between `active_tasks` and
  `last_error_rate`). Updated TestWorkspaceList, TestWorkspaceList_WithData,
  and TestWorkspaceGet_CurrentTask mocks.
- `handlers/handlers_test.go`: activity scan now has 14 cols (`tool_trace`
  between `response_body` and `duration_ms`). Updated 5 TestActivityHandler_*
  tests (List, ListByType, ListEmpty, ListCustomLimit, ListMaxLimit).

Middleware org_id contract (7 failing tests → passing, zero prod callers):
- `middleware/wsauth_middleware.go`: WorkspaceAuth and AdminAuth now set the
  `org_id` context key only when the token has a non-NULL org_id. This lets
  downstream handlers use `c.Get("org_id")` existence to distinguish anchored
  tokens from pre-migration/ADMIN_TOKEN bootstrap tokens. Grep confirmed no
  current prod callers read this key — tests were the sole spec.
- `middleware/wsauth_middleware_test.go` + `_org_id_test.go`: consolidated
  separate primary+secondary ExpectQuery blocks into a single 3-col mock
  per test, and dropped the now-unused `orgTokenOrgIDQuery` constant.

Other:
- `handlers/github_token_test.go`: TestGitHubToken_NoTokenProvider now asserts
  500 + "token refresh failed" (env-based fallback path added in #960/#1101).
  Added missing `strings` import.
- `handlers/handlers_additional_test.go`: TestRegister_ProvisionerURLPreserved
  URL changed from `http://agent:8000` to `http://localhost:8000` — `agent` is
  not DNS-resolvable in CI and is rejected by validateAgentURL's SSRF check;
  `localhost` is name-exempt. The contract under test is provisioner-URL
  precedence, not URL validation.

Methodology (per quality mandate):
- Baselined 12 failing tests on clean origin/main before any edit.
- For each fix: grep'd prod for semantic contract, made minimal edits,
  verified full-suite delta = zero regressions.
- Discovered +5 pre-existing failures previously masked by TestWorkspaceList
  panic (which killed the test binary on origin/main before downstream tests
  ran). 3 of these are in this PR's bug class and were fixed; 2 are unrelated
  (a panicking test with a missing Request and a missing template file) —
  deferred to a follow-up issue.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: trigger CI after base retarget to main

* fix(platform-go-ci): stop TestRequireCallerOwnsOrg_NotOrgTokenCaller panic + skip yaml-includes test

Reduces Platform (Go) CI failures from 2 to 1 on this branch.

- `TestRequireCallerOwnsOrg_NotOrgTokenCaller`: the test's comment says
  "set to a non-string type" but the code stored the string "something",
  which passed the `tokenID.(string)` assertion in requireCallerOwnsOrg
  and triggered a DB lookup on a bare gin test context (no Request) →
  nil-deref in c.Request.Context(). Fixed by storing an int (12345), which
  matches the stated intent of exercising the non-string-assertion branch.

- `TestResolveYAMLIncludes_RealMoleculeDev`: the in-tree copy at
  /org-templates/molecule-dev/ is being extracted to the standalone
  Molecule-AI/molecule-ai-org-template-molecule-dev repo. Until that
  extraction lands the in-tree copy is stale (teams/dev.yaml !include's
  core-platform.yaml etc. that don't exist). Skipped with a pointer to
  the extraction so this doesn't rot.

Remaining failure: `TestRequireCallerOwnsOrg_TokenHasMatchingOrgID` panics
with the same root cause (bare gin context + string org_token_id → DB
lookup → nil-deref). Fixing it by adding a Request would unmask ~25 other
pre-existing hidden failures (schema drift, DNS-dependent tests, mock
drift) that were being masked by the earlier panic killing the test
binary. Those belong to a dedicated cleanup PR; the panic-chain triage
is tracked separately.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(platform-go-ci): eliminate remaining 25 cascade failures + harden auth

Takes Platform (Go) CI from 1 remaining failure (post–first pass) to 0.
Fixing `TestRequireCallerOwnsOrg_NotOrgTokenCaller`'s panic unmasked ~25
pre-existing handler-package failures that were silently hidden because
the panic killed the test binary mid-run. All are now fixed.

## Prod change
`org_plugin_allowlist.go#requireOrgOwnership` now denies unanchored
org-tokens (org_id NULL in DB) instead of treating them as session/admin.
The stated contract in `requireCallerOwnsOrg`'s comment already said
"those callers get callerOrg="" and are denied"; the downstream check
was the gap. Distinguishes the two `callerOrg == ""` paths by reading
`c.Get("org_token_id")` — key present → unanchored token → deny;
absent → session/ADMIN_TOKEN → allow.

## Tests fixed by class

**Request-less test-context panic** (7 tests, `org_plugin_allowlist_test.go`):
added `httptest.NewRequest(...)` to each bare `gin.CreateTestContext` so
the DB path in `requireCallerOwnsOrg` can read `c.Request.Context()`
without nil-deref.

**Workspace scan drift — `max_concurrent_tasks` 21st column** (8 tests):
- `TestWorkspaceGet_Success`, `_FinancialFieldsStripped`, `_SensitiveFieldsStripped`
- `TestWorkspaceBudget_Get_NilLimit`, `_WithLimit` (+ shared `wsColumns`)
- `TestWorkspaceBudget_A2A_UnderLimitPassesThrough`, `_NilLimitPassesThrough`,
  `_DBErrorFailOpen` — each also needed `allowLoopbackForTest(t)` because
  the SSRF guard now blocks `httptest.NewServer`'s 127.0.0.1 URL.

**Org-token INSERT param drift — added `org_id` 5th param** (5 tests,
`org_tokens_test.go`): `TestOrgTokenHandler_Create_*` (4) get a 5th
`nil` `WithArgs` arg; `TestOrgTokenHandler_List_HappyPath` gets `org_id`
as the 4th column in its mock row.

**ReplaceFiles/WriteFile restart-cascade SELECT shape change** (3 tests,
`template_import_test.go` + `templates_test.go`): handler now selects
`name, instance_id, runtime` for the post-write restart cascade — tests
now pin the full 3-column shape instead of just `SELECT name`.

**GitHub webhook forwarding** (2 tests, `webhooks_test.go`): added
`allowLoopbackForTest(t)` — same SSRF-guard / loopback-server mismatch
as the budget A2A tests.

**DNS-dependent sentinel hostname** (2 tests): `TestIsSafeURL/public_*`
+ `TestValidateAgentURL/valid_public_*` used `agent.example.com` which
is NXDOMAIN on most resolvers; switched to `example.com` itself (RFC-2606,
resolves globally via Cloudflare Anycast).

**Register C18 hijack assertion** (`registry_test.go`): attacker URL
was `attacker.example.com` (NXDOMAIN) → `validateAgentURL` rejected
with 400 before the C18 auth gate could fire 401. Switched to
`example.com` so the test actually exercises the C18 gate.

**Plugin install error vocabulary** (`plugins_test.go`): handler now
returns generic "invalid plugin source" instead of leaking the internal
`ParseSource` "empty spec" string to the HTTP surface. Test assertion
updated; "empty spec" still covered at the unit level in `plugins/source_test.go`.

**seedInitialMemories tests tripping redactSecrets** (3 tests,
`workspace_provision_test.go`): content was `strings.Repeat("X", N)`
which matches the BASE64_BLOB redactor (33+ chars of `[A-Za-z0-9+/]`)
and got replaced with `[REDACTED:BASE64_BLOB]` before INSERT, making
the `WithArgs` assertion mismatch. Switched to a space-containing
`"hello world "` pattern that breaks the run. Also fixed an unrelated
pre-existing bug in `TestSeedInitialMemories_Truncation` where
`copy([]byte(largeContent), "X")` was a no-op (strings are immutable
in Go — the copy modified a throwaway slice).

Net: Platform (Go) handlers package is now fully green on `go test -race`.
Unblocks PRs #1738, #1743, and any future handlers-package work that was
inheriting the 12→25 baseline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Hongming Wang <hongmingwang.rabbit@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 07:14:33 +00:00

356 lines
11 KiB
Go
Raw Blame History

package handlers
import (
"bytes"
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
"net/http"
"net/http/httptest"
"strings"
"testing"
"time"
"github.com/DATA-DOG/go-sqlmock"
"github.com/gin-gonic/gin"
)
func githubSignature(secret string, body []byte) string {
mac := hmac.New(sha256.New, []byte(secret))
mac.Write(body)
return "sha256=" + hex.EncodeToString(mac.Sum(nil))
}
func newWebhookTestContext(t *testing.T, workspaceID string, body []byte) (*httptest.ResponseRecorder, *gin.Context) {
t.Helper()
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = httptest.NewRequest("POST", "/webhooks/github/"+workspaceID, bytes.NewReader(body))
c.Request.Header.Set("Content-Type", "application/json")
c.Params = gin.Params{{Key: "id", Value: workspaceID}}
return w, c
}
func TestGitHubWebhook_MissingSignature_Unauthorized(t *testing.T) {
setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
t.Setenv("GITHUB_WEBHOOK_SECRET", "test-secret")
body := []byte(`{"workspace_id":"ws-1","action":"created"}`)
w, c := newWebhookTestContext(t, "ws-1", body)
c.Request.Header.Set("X-GitHub-Event", "issue_comment")
handler.GitHub(c)
if w.Code != http.StatusUnauthorized {
t.Fatalf("expected status 401, got %d: %s", w.Code, w.Body.String())
}
}
func TestGitHubWebhook_BadSignature_Unauthorized(t *testing.T) {
setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
t.Setenv("GITHUB_WEBHOOK_SECRET", "test-secret")
body := []byte(`{"workspace_id":"ws-1","action":"created"}`)
w, c := newWebhookTestContext(t, "ws-1", body)
c.Request.Header.Set("X-GitHub-Event", "issue_comment")
c.Request.Header.Set("X-Hub-Signature-256", "sha256=deadbeef")
handler.GitHub(c)
if w.Code != http.StatusUnauthorized {
t.Fatalf("expected status 401, got %d: %s", w.Code, w.Body.String())
}
}
func TestGitHubWebhook_UnsupportedAction_Accepted(t *testing.T) {
setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"workspace_id":"ws-1",
"action":"edited",
"repository":{"full_name":"acme/repo"},
"comment":{"body":"ignore this"}
}`)
w, c := newWebhookTestContext(t, "ws-1", body)
c.Request.Header.Set("X-GitHub-Event", "issue_comment")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
// v1 behavior: unsupported actions are acknowledged but ignored.
if w.Code != http.StatusAccepted {
t.Fatalf("expected status 202, got %d: %s", w.Code, w.Body.String())
}
}
func TestGitHubWebhook_ValidIssueComment_ForwardsAndLogsActivity(t *testing.T) {
allowLoopbackForTest(t)
mock := setupTestDB(t)
mr := setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
// Mock agent endpoint receives forwarded A2A payload.
var gotForward bool
agentServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gotForward = true
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, `{"jsonrpc":"2.0","id":"1","result":{"status":"ok"}}`)
}))
defer agentServer.Close()
workspaceID := "ws-123"
mr.Set(fmt.Sprintf("ws:%s:url", workspaceID), agentServer.URL)
// Proxy logging summary may resolve workspace name.
mock.ExpectQuery("SELECT name FROM workspaces WHERE id =").
WithArgs(workspaceID).
WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("Webhook Workspace"))
// Proxy logging path performs an activity INSERT asynchronously.
mock.ExpectExec("INSERT INTO activity_logs").
WillReturnResult(sqlmock.NewResult(0, 1))
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"workspace_id":"ws-123",
"action":"created",
"repository":{"full_name":"acme/repo"},
"issue":{"number":42},
"comment":{"body":"@agent summarize this PR and risks"}
}`)
w, c := newWebhookTestContext(t, workspaceID, body)
c.Request.Header.Set("X-GitHub-Event", "issue_comment")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
// Activity logging happens in a goroutine in the shared A2A proxy path.
time.Sleep(50 * time.Millisecond)
if w.Code != http.StatusOK && w.Code != http.StatusAccepted {
t.Fatalf("expected status 200 or 202, got %d: %s", w.Code, w.Body.String())
}
if !gotForward {
t.Fatal("expected webhook to forward a task to workspace A2A endpoint")
}
if err := mock.ExpectationsWereMet(); err != nil {
t.Fatalf("unmet sqlmock expectations: %v", err)
}
}
func TestGitHubWebhook_ValidPRReviewComment_Forwards(t *testing.T) {
allowLoopbackForTest(t)
mock := setupTestDB(t)
mr := setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
var gotForward bool
agentServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gotForward = true
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, `{"jsonrpc":"2.0","id":"1","result":{"status":"ok"}}`)
}))
defer agentServer.Close()
workspaceID := "ws-pr-1"
mr.Set(fmt.Sprintf("ws:%s:url", workspaceID), agentServer.URL)
mock.ExpectQuery("SELECT name FROM workspaces WHERE id =").
WithArgs(workspaceID).
WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("PR Workspace"))
mock.ExpectExec("INSERT INTO activity_logs").
WillReturnResult(sqlmock.NewResult(0, 1))
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"workspace_id":"ws-pr-1",
"action":"created",
"repository":{"full_name":"acme/repo"},
"pull_request":{"number":7},
"comment":{"body":"@agent list follow-up tasks"}
}`)
w, c := newWebhookTestContext(t, workspaceID, body)
c.Request.Header.Set("X-GitHub-Event", "pull_request_review_comment")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
time.Sleep(50 * time.Millisecond)
if w.Code != http.StatusOK && w.Code != http.StatusAccepted {
t.Fatalf("expected status 200 or 202, got %d: %s", w.Code, w.Body.String())
}
if !gotForward {
t.Fatal("expected pull_request_review_comment to forward to workspace")
}
if err := mock.ExpectationsWereMet(); err != nil {
t.Fatalf("unmet sqlmock expectations: %v", err)
}
}
// ---------------------------------------------------------------------------
// Event-driven cron trigger tests
// ---------------------------------------------------------------------------
func TestGitHubWebhook_IssuesOpened_TriggersCrons(t *testing.T) {
mock := setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"action": "opened",
"repository": {"full_name": "Molecule-AI/molecule-core"},
"sender": {"login": "alice"},
"issue": {"number": 42, "title": "New feature request", "html_url": "https://github.com/Molecule-AI/molecule-core/issues/42"}
}`)
// Expect the UPDATE that sets next_run_at = now() on pick-up-work schedules.
mock.ExpectExec("UPDATE workspace_schedules").
WillReturnResult(sqlmock.NewResult(0, 3))
w, c := newWebhookTestContext(t, "", body)
c.Request.Header.Set("X-GitHub-Event", "issues")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
if w.Code != http.StatusOK {
t.Fatalf("expected status 200, got %d: %s", w.Code, w.Body.String())
}
// Verify response includes trigger metadata.
respBody := w.Body.String()
if !strings.Contains(respBody, `"triggered"`) {
t.Fatalf("expected 'triggered' in response, got: %s", respBody)
}
if !strings.Contains(respBody, `"schedules_affected"`) {
t.Fatalf("expected 'schedules_affected' in response, got: %s", respBody)
}
if err := mock.ExpectationsWereMet(); err != nil {
t.Fatalf("unmet sqlmock expectations: %v", err)
}
}
func TestGitHubWebhook_IssuesClosed_Ignored(t *testing.T) {
setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"action": "closed",
"repository": {"full_name": "Molecule-AI/molecule-core"},
"sender": {"login": "alice"},
"issue": {"number": 42, "title": "Old issue", "html_url": "https://github.com/Molecule-AI/molecule-core/issues/42"}
}`)
w, c := newWebhookTestContext(t, "", body)
c.Request.Header.Set("X-GitHub-Event", "issues")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
if w.Code != http.StatusAccepted {
t.Fatalf("expected status 202, got %d: %s", w.Code, w.Body.String())
}
}
func TestGitHubWebhook_PRReviewSubmitted_TriggersCrons(t *testing.T) {
mock := setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"action": "submitted",
"repository": {"full_name": "Molecule-AI/molecule-core"},
"sender": {"login": "bob"},
"review": {"state": "changes_requested", "html_url": "https://github.com/Molecule-AI/molecule-core/pull/7#pullrequestreview-1"},
"pull_request": {"number": 7, "title": "Fix scheduler bug", "html_url": "https://github.com/Molecule-AI/molecule-core/pull/7"}
}`)
// Expect the UPDATE that sets next_run_at = now() on review schedules.
mock.ExpectExec("UPDATE workspace_schedules").
WillReturnResult(sqlmock.NewResult(0, 2))
w, c := newWebhookTestContext(t, "", body)
c.Request.Header.Set("X-GitHub-Event", "pull_request_review")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
if w.Code != http.StatusOK {
t.Fatalf("expected status 200, got %d: %s", w.Code, w.Body.String())
}
respBody := w.Body.String()
if !strings.Contains(respBody, `"triggered"`) {
t.Fatalf("expected 'triggered' in response, got: %s", respBody)
}
if err := mock.ExpectationsWereMet(); err != nil {
t.Fatalf("unmet sqlmock expectations: %v", err)
}
}
func TestGitHubWebhook_PRReviewDismissed_Ignored(t *testing.T) {
setupTestDB(t)
setupTestRedis(t)
broadcaster := newTestBroadcaster()
handler := NewWebhookHandler(broadcaster)
secret := "test-secret"
t.Setenv("GITHUB_WEBHOOK_SECRET", secret)
body := []byte(`{
"action": "dismissed",
"repository": {"full_name": "Molecule-AI/molecule-core"},
"sender": {"login": "bob"},
"review": {"state": "dismissed", "html_url": "https://github.com/Molecule-AI/molecule-core/pull/7#pullrequestreview-1"},
"pull_request": {"number": 7, "title": "Fix scheduler bug", "html_url": "https://github.com/Molecule-AI/molecule-core/pull/7"}
}`)
w, c := newWebhookTestContext(t, "", body)
c.Request.Header.Set("X-GitHub-Event", "pull_request_review")
c.Request.Header.Set("X-Hub-Signature-256", githubSignature(secret, body))
handler.GitHub(c)
if w.Code != http.StatusAccepted {
t.Fatalf("expected status 202, got %d: %s", w.Code, w.Body.String())
}
}
Reference in New Issue View Git Blame Copy Permalink