Add tests for main package, manager, and various components

- Introduced unit tests for the main package to ensure compilation.
- Added tests for the manager, including validation of upload sessions and handling of Blender binary paths.
- Implemented tests for job token generation and validation, ensuring security and integrity.
- Created tests for configuration management and database schema to verify functionality.
- Added tests for logger and runner components to enhance overall test coverage and reliability.

internal/auth/auth_test.go

@@ -0,0 +1,56 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+)
+
+func TestContextHelpers(t *testing.T) {
+	ctx := context.Background()
+	ctx = context.WithValue(ctx, contextKeyUserID, int64(123))
+	ctx = context.WithValue(ctx, contextKeyIsAdmin, true)
+
+	id, ok := GetUserID(ctx)
+	if !ok || id != 123 {
+		t.Fatalf("GetUserID() = (%d,%v), want (123,true)", id, ok)
+	}
+	if !IsAdmin(ctx) {
+		t.Fatal("expected IsAdmin to be true")
+	}
+}
+
+func TestIsProductionMode_UsesEnv(t *testing.T) {
+	t.Setenv("PRODUCTION", "true")
+	if !IsProductionMode() {
+		t.Fatal("expected production mode true when env is set")
+	}
+}
+
+func TestWriteUnauthorized_BehaviorByRequestType(t *testing.T) {
+	a := &Auth{}
+
+	reqAPI := httptest.NewRequest(http.MethodGet, "/api/jobs", nil)
+	rrAPI := httptest.NewRecorder()
+	a.writeUnauthorized(rrAPI, reqAPI)
+	if rrAPI.Code != http.StatusUnauthorized {
+		t.Fatalf("api code = %d", rrAPI.Code)
+	}
+
+	reqPage := httptest.NewRequest(http.MethodGet, "/dashboard", nil)
+	rrPage := httptest.NewRecorder()
+	a.writeUnauthorized(rrPage, reqPage)
+	if rrPage.Code != http.StatusFound {
+		t.Fatalf("page code = %d", rrPage.Code)
+	}
+}
+
+func TestIsProductionMode_DefaultFalse(t *testing.T) {
+	_ = os.Unsetenv("PRODUCTION")
+	if IsProductionMode() {
+		t.Fatal("expected false when PRODUCTION is unset")
+	}
+}
+

internal/auth/jobtoken_test.go

@@ -0,0 +1,84 @@
+package auth
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestGenerateAndValidateJobToken_RoundTrip(t *testing.T) {
+	token, err := GenerateJobToken(10, 20, 30)
+	if err != nil {
+		t.Fatalf("GenerateJobToken failed: %v", err)
+	}
+	claims, err := ValidateJobToken(token)
+	if err != nil {
+		t.Fatalf("ValidateJobToken failed: %v", err)
+	}
+	if claims.JobID != 10 || claims.RunnerID != 20 || claims.TaskID != 30 {
+		t.Fatalf("unexpected claims: %+v", claims)
+	}
+}
+
+func TestValidateJobToken_RejectsTampering(t *testing.T) {
+	token, err := GenerateJobToken(1, 2, 3)
+	if err != nil {
+		t.Fatalf("GenerateJobToken failed: %v", err)
+	}
+	parts := strings.Split(token, ".")
+	if len(parts) != 2 {
+		t.Fatalf("unexpected token format: %q", token)
+	}
+
+	rawClaims, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		t.Fatalf("decode claims failed: %v", err)
+	}
+	var claims JobTokenClaims
+	if err := json.Unmarshal(rawClaims, &claims); err != nil {
+		t.Fatalf("unmarshal claims failed: %v", err)
+	}
+	claims.JobID = 999
+	tamperedClaims, _ := json.Marshal(claims)
+	tampered := base64.RawURLEncoding.EncodeToString(tamperedClaims) + "." + parts[1]
+
+	if _, err := ValidateJobToken(tampered); err == nil {
+		t.Fatal("expected signature validation error for tampered token")
+	}
+}
+
+func TestValidateJobToken_RejectsExpired(t *testing.T) {
+	expiredClaims := JobTokenClaims{
+		JobID:    1,
+		RunnerID: 2,
+		TaskID:   3,
+		Exp:      time.Now().Add(-time.Minute).Unix(),
+	}
+	claimsJSON, _ := json.Marshal(expiredClaims)
+	sigToken, err := GenerateJobToken(1, 2, 3)
+	if err != nil {
+		t.Fatalf("GenerateJobToken failed: %v", err)
+	}
+	parts := strings.Split(sigToken, ".")
+	if len(parts) != 2 {
+		t.Fatalf("unexpected token format: %q", sigToken)
+	}
+	// Re-sign expired payload with package secret.
+	h := signClaimsForTest(claimsJSON)
+	expiredToken := base64.RawURLEncoding.EncodeToString(claimsJSON) + "." + base64.RawURLEncoding.EncodeToString(h)
+
+	if _, err := ValidateJobToken(expiredToken); err == nil {
+		t.Fatal("expected token expiration error")
+	}
+}
+
+func signClaimsForTest(claims []byte) []byte {
+	h := hmac.New(sha256.New, jobTokenSecret)
+	_, _ = h.Write(claims)
+	return h.Sum(nil)
+}
+

internal/auth/secrets_test.go

@@ -0,0 +1,32 @@
+package auth
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestGenerateSecret_Length(t *testing.T) {
+	secret, err := generateSecret(8)
+	if err != nil {
+		t.Fatalf("generateSecret failed: %v", err)
+	}
+	// hex encoding doubles length
+	if len(secret) != 16 {
+		t.Fatalf("unexpected secret length: %d", len(secret))
+	}
+}
+
+func TestGenerateAPIKey_Format(t *testing.T) {
+	s := &Secrets{}
+	key, err := s.generateAPIKey()
+	if err != nil {
+		t.Fatalf("generateAPIKey failed: %v", err)
+	}
+	if !strings.HasPrefix(key, "jk_r") {
+		t.Fatalf("unexpected key prefix: %q", key)
+	}
+	if !strings.Contains(key, "_") {
+		t.Fatalf("unexpected key format: %q", key)
+	}
+}
+