add: auth_test cases & null attack test

internal/middlewares/auth_test.go

@@ -1,9 +1,14 @@
 package middlewares
 
 import (
+	"GoMembership/internal/config"
+	"GoMembership/pkg/logger"
 	"encoding/json"
+	"log"
 	"net/http"
 	"net/http/httptest"
+	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -15,6 +20,26 @@ import (
 func TestAuthMiddleware(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 
+	cwd, err := os.Getwd()
+	if err != nil {
+		log.Fatalf("Failed to get current working directory: %v", err)
+	}
+	configFilePath := filepath.Join(cwd, "..", "..", "configs", "config.json")
+	templateHTMLPath := filepath.Join(cwd, "..", "..", "templates", "html")
+	templateMailPath := filepath.Join(cwd, "..", "..", "templates", "email")
+
+	if err := os.Setenv("TEMPLATE_MAIL_PATH", templateMailPath); err != nil {
+		log.Fatalf("Error setting environment variable: %v", err)
+	}
+	if err := os.Setenv("TEMPLATE_HTML_PATH", templateHTMLPath); err != nil {
+		log.Fatalf("Error setting environment variable: %v", err)
+	}
+	if err := os.Setenv("CONFIG_FILE_PATH", configFilePath); err != nil {
+		log.Fatalf("Error setting environment variable: %v", err)
+	}
+	config.LoadConfig()
+	logger.Info.Printf("Config: %#v", config.CFG)
+
 	tests := []struct {
 		name           string
 		setupAuth      func(r *http.Request)
@@ -31,15 +56,15 @@ func TestAuthMiddleware(t *testing.T) {
 			expectedUserID: 123,
 		},
 		{
-			name:           "Missing Auth Header",
+			name:           "Missing Cookie",
 			setupAuth:      func(r *http.Request) {},
 			expectedStatus: http.StatusUnauthorized,
 			expectedUserID: 0,
 		},
 		{
-			name: "Invalid Token Format",
+			name: "Invalid Token",
 			setupAuth: func(r *http.Request) {
-				r.Header.Set("Authorization", "InvalidFormat")
+				r.AddCookie(&http.Cookie{Name: "jwt", Value: "InvalidToken"})
 			},
 			expectedStatus: http.StatusUnauthorized,
 			expectedUserID: 0,
@@ -48,7 +73,7 @@ func TestAuthMiddleware(t *testing.T) {
 			name: "Expired Token",
 			setupAuth: func(r *http.Request) {
 				token := jwt.NewWithClaims(jwtSigningMethod, jwt.MapClaims{
-					"user_id": "user123",
+					"user_id": 123,
 					"exp":     time.Now().Add(-time.Hour).Unix(), // Expired 1 hour ago
 				})
 				tokenString, _ := token.SignedString(jwtKey)
@@ -61,7 +86,7 @@ func TestAuthMiddleware(t *testing.T) {
 			name: "Invalid Signature",
 			setupAuth: func(r *http.Request) {
 				token := jwt.NewWithClaims(jwtSigningMethod, jwt.MapClaims{
-					"user_id": "user123",
+					"user_id": 123,
 					"exp":     time.Now().Add(time.Hour).Unix(),
 				})
 				tokenString, _ := token.SignedString([]byte("wrong_secret"))
@@ -70,6 +95,19 @@ func TestAuthMiddleware(t *testing.T) {
 			expectedStatus: http.StatusUnauthorized,
 			expectedUserID: 0,
 		},
+		{
+			name: "Invalid Signing Method",
+			setupAuth: func(r *http.Request) {
+				token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
+					"user_id": 123,
+					"exp":     time.Now().Add(time.Hour).Unix(),
+				})
+				tokenString, _ := token.SignedString([]byte(config.Auth.JWTSecret))
+				r.AddCookie(&http.Cookie{Name: "jwt", Value: tokenString})
+			},
+			expectedStatus: http.StatusUnauthorized,
+			expectedUserID: 0,
+		},
 	}
 
 	for _, tt := range tests {