From e398cf05402c010d594cea4e2dea307ca1a36dbe Mon Sep 17 00:00:00 2001
From: Elizabeth <elizabeth@simponic.xyz>
Date: Wed, 3 Apr 2024 16:22:19 -0600
Subject: [PATCH] checkpoint to save work; had to get on the bus

---
 api/auth_test.go | 37 ++++++++++++++++++++++++++++++++
 api/dns.go       | 17 ++++++---------
 api/dns_test.go  | 56 ++++++++++++++++++++++++++++++++++++++++++++++++
 api/serve.go     |  4 ++++
 4 files changed, 103 insertions(+), 11 deletions(-)
 create mode 100644 api/auth_test.go
 create mode 100644 api/dns_test.go

diff --git a/api/auth_test.go b/api/auth_test.go
new file mode 100644
index 0000000..45ca12e
--- /dev/null
+++ b/api/auth_test.go
@@ -0,0 +1,37 @@
+package api_test
+
+import (
+	"database/sql"
+	"os"
+	"testing"
+
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/api"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/args"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/database"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/utils"
+)
+
+func setup() (*sql.DB, *api.RequestContext, func()) {
+	randomDb := utils.RandomId()
+
+	testDb := database.MakeConn(&randomDb)
+	database.Migrate(testDb)
+
+	context := &api.RequestContext{
+		DBConn:       testDb,
+		Args:         &args.Arguments{},
+		TemplateData: &(map[string]interface{}{}),
+	}
+
+	return testDb, context, func() {
+		testDb.Close()
+		os.Remove(randomDb)
+	}
+}
+
+/*
+todo: test api key creation
++ api key attached to user
++ user session is unique
++ goLogin goes to page in cookie
+*/
diff --git a/api/dns.go b/api/dns.go
index 6f0e1fd..7ade6e4 100644
--- a/api/dns.go
+++ b/api/dns.go
@@ -15,23 +15,18 @@ import (
 
 const MAX_USER_RECORDS = 65
 
-type FormError struct {
-	Errors []string
-}
+var USER_OWNED_INTERNAL_FMT_DOMAINS = []string{"%s", "%s.endpoints"}
 
-func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool {
+func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord, ownedInternalDomainFormats []string) bool {
 	ownedByUser := (user.ID == record.UserID)
 	if !ownedByUser {
 		return false
 	}
 
 	if !record.Internal {
-		userOwnedDomains := []string{
-			fmt.Sprintf("%s", user.Username),
-			fmt.Sprintf("%s.endpoints", user.Username),
-		}
+		for _, format := range ownedInternalDomainFormats {
+			domain := fmt.Sprintf(format, user.Username)
 
-		for _, domain := range userOwnedDomains {
 			isInSubDomain := strings.HasSuffix(record.Name, "."+domain)
 			if domain == record.Name || isInSubDomain {
 				return true
@@ -106,7 +101,7 @@ func CreateDNSRecordContinuation(dnsAdapter external_dns.ExternalDNSAdapter) fun
 				Internal: internal,
 			}
 
-			if !userCanFuckWithDNSRecord(context.DBConn, context.User, dnsRecord) {
+			if !userCanFuckWithDNSRecord(context.DBConn, context.User, dnsRecord, USER_OWNED_INTERNAL_FMT_DOMAINS) {
 				formErrors.Errors = append(formErrors.Errors, "'name' must end with "+context.User.Username+" or you must be a domain owner for internal domains")
 			}
 
@@ -155,7 +150,7 @@ func DeleteDNSRecordContinuation(dnsAdapter external_dns.ExternalDNSAdapter) fun
 				return failure(context, req, resp)
 			}
 
-			if !userCanFuckWithDNSRecord(context.DBConn, context.User, record) {
+			if !userCanFuckWithDNSRecord(context.DBConn, context.User, record, USER_OWNED_INTERNAL_FMT_DOMAINS) {
 				resp.WriteHeader(http.StatusUnauthorized)
 				return failure(context, req, resp)
 			}
diff --git a/api/dns_test.go b/api/dns_test.go
new file mode 100644
index 0000000..59dd85b
--- /dev/null
+++ b/api/dns_test.go
@@ -0,0 +1,56 @@
+package api_test
+
+import (
+	"database/sql"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/api"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/args"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/database"
+	"git.hatecomputers.club/hatecomputers/hatecomputers.club/utils"
+)
+
+func setup() (*sql.DB, *api.RequestContext, func()) {
+	randomDb := utils.RandomId()
+
+	testDb := database.MakeConn(&randomDb)
+	database.Migrate(testDb)
+
+	context := &api.RequestContext{
+		DBConn:       testDb,
+		Args:         &args.Arguments{},
+		TemplateData: &(map[string]interface{}{}),
+	}
+
+	return testDb, context, func() {
+		testDb.Close()
+		os.Remove(randomDb)
+	}
+}
+
+func TestThatOwnerCanPutRecordInDomain(t *testing.T) {
+	db, context, cleanup := setup()
+	defer cleanup()
+
+	testUser := &database.User{
+		ID:       "test",
+		Username: "test",
+	}
+
+	records, err := database.GetUserDNSRecords(db, context.User.ID)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(records) > 0 {
+		t.Errorf("expected no records, got records")
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		api.PutDNSRecordContinuation(context, r, w)(api.IdContinuation, api.IdContinuation)
+	}))
+	defer ts.Close()
+
+}
diff --git a/api/serve.go b/api/serve.go
index 9547ee0..1536f65 100644
--- a/api/serve.go
+++ b/api/serve.go
@@ -24,6 +24,10 @@ type RequestContext struct {
 	User         *database.User
 }
 
+type FormError struct {
+	Errors []string
+}
+
 type Continuation func(*RequestContext, *http.Request, http.ResponseWriter) ContinuationChain
 type ContinuationChain func(Continuation, Continuation) ContinuationChain