Snider
2fe92e3709
test(api): add comprehensive OpenAPI documentation tests (P2-009)
...
Covers schema generation, attribute parsing, and extension system:
- OpenApiBuilder controller scanning and path generation
- ApiParameter attribute parsing with all parameter types
- ApiResponse attribute rendering with status code descriptions
- ApiSecurity authentication requirements
- ApiHidden endpoint filtering
- Extension system (WorkspaceHeader, RateLimit, ApiKeyAuth)
- Error response documentation (401, 403, 429)
- Request/response examples validation
- Caching behaviour and route exclusion
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 19:46:49 +00:00
Snider
97d0b32ed5
test(scopes): add comprehensive API scope enforcement tests (P2-008)
...
- Implement wildcard scope matching in ApiKey::hasScope():
- Resource wildcards (posts:*) grant all actions on resource
- Action wildcards (*:read) grant action on all resources
- Full wildcard (*) grants universal access
- Add hasAnyScope() method for OR-style scope checking
- Add extensive tests for:
- EnforceApiScope middleware validation
- CheckApiScope middleware with explicit requirements
- Wildcard scope matching (posts:*, *:read, *)
- Scope inheritance and hierarchy
- Error response formatting with required/provided scopes
- Edge cases (null scopes, case sensitivity, nested colons)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 19:34:40 +00:00
