API authorization and Testing WIP

app/Http/Middleware/ApiAuthToken.php

@@ -17,8 +17,11 @@ class ApiAuthToken
      */
     public function handle(Request $request, Closure $next)
     {
+        if (empty($request->bearerToken())) return response()->json(['message' => 'Missing Authorization header'], 403);
+
         $token = ApplicationApi::find($request->bearerToken());
         if (is_null($token)) return response()->json(['message' => 'Invalid Authorization token'], 401);
+
         $token->updateLastUsed();
         return $next($request);
     }

database/factories/ApplicationApiFactory.php

@@ -22,7 +22,7 @@ class ApplicationApiFactory extends Factory
     public function definition()
     {
         return [
-            //
+            'memo' => $this->faker->word()
         ];
     }
 }

phpunit.xml

@@ -8,6 +8,9 @@
         <testsuite name="Unit">
             <directory suffix=".php">tests/Unit</directory>
         </testsuite>
+        <testsuite name="Feature">
+            <directory suffix=".php">tests/Feature</directory>
+        </testsuite>
     </testsuites>
     <coverage processUncoveredFiles="true">
         <include>

tests/Feature/TestApiAuthorization.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\ApplicationApi;
+
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+use Illuminate\Support\Str;
+use Tests\TestCase;
+
+class TestApiAuthorization extends TestCase
+{
+    use DatabaseTransactions;
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     * @test
+     */
+    public function test_api_route_without_auth_headers(string $method, string $route)
+    {
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+        ])->{$method}($route);
+
+        $response->assertStatus(403);
+        $response->assertJson(['message' => 'Missing Authorization header']);
+    }
+
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     */
+    public function test_api_route_with_auth_headers_but_invalid_token(string $method, string $route)
+    {
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+            'Authorization' => 'Bearer ' . Str::random(48)
+        ])->{$method}($route);
+
+        $response->assertStatus(401);
+        $response->assertJson(['message' => 'Invalid Authorization token']);
+    }
+
+    /**
+     * A basic feature test example.
+     * @dataProvider ApiRoutesThatRequireAuthorization
+     * @return void
+     */
+    public function test_api_route_with_valid_auth_headers(string $method, string $route)
+    {
+        $applicationApi = ApplicationApi::factory()->create();
+
+        $response = $this->withHeaders([
+            'Accept' => 'application/json',
+            'Authorization' => 'Bearer ' . $applicationApi->token
+        ])->{$method}($route);
+
+        $response->assertStatus(200);
+    }
+
+    public function ApiRoutesThatRequireAuthorization(): array
+    {
+        return [
+            'List Users' => [
+                'method' => 'get',
+                'route' => '/api/users',
+            ],
+            'List Servers' => [
+                'method' => 'get',
+                'route' => '/api/servers',
+            ]
+        ];
+    }
+}

tests/Unit/testUserCommand.php

@@ -3,9 +3,7 @@
 namespace Tests\Unit;
 
 use App\Classes\Pterodactyl;
-use Illuminate\Foundation\Auth\User;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
-use Illuminate\Support\Facades\DB;
 use Tests\TestCase;
 
 class testUserCommand extends TestCase