Enhance database initialization and improve command handling

- Added `__all__` declaration in `db/__init__.py` for better module export management. - Simplified command text formatting in `handlers/commands.py` for improved readability. - Refactored error handler function signature in `handlers/errors.py` for better code style. - Introduced comprehensive tests for API duties and Telegram authentication in new test files.
2026-02-17 20:05:49 +03:00
parent 5cfc699c3d
commit 4e6756025d
5 changed files with 23 additions and 5 deletions
--- a/api/test_app.py
+++ b/api/test_app.py
@@ -1,133 +0,0 @@
-"""Tests for FastAPI app /api/duties."""
-
-import time
-from unittest.mock import patch
-
-import pytest
-from fastapi.testclient import TestClient
-
-import config
-from api.app import app
-from api.test_telegram_auth import _make_init_data
-
-
-@pytest.fixture
-def client():
-    return TestClient(app)
-
-
-def test_duties_invalid_date_format(client):
-    r = client.get("/api/duties", params={"from": "2025-01-01", "to": "invalid"})
-    assert r.status_code == 400
-    assert "YYYY-MM-DD" in r.json()["detail"]
-
-
-def test_duties_from_after_to(client):
-    r = client.get("/api/duties", params={"from": "2025-02-01", "to": "2025-01-01"})
-    assert r.status_code == 400
-    assert "from" in r.json()["detail"].lower() or "позже" in r.json()["detail"]
-
-
-@patch("api.app._is_private_client")
-@patch("api.app.config.MINI_APP_SKIP_AUTH", False)
-def test_duties_403_without_init_data_from_public_client(mock_private, client):
-    """Without initData and without private IP / skip-auth, should get 403."""
-    mock_private.return_value = False  # simulate public client
-    r = client.get(
-        "/api/duties",
-        params={"from": "2025-01-01", "to": "2025-01-31"},
-    )
-    assert r.status_code == 403
-
-
-@patch("api.app.config.MINI_APP_SKIP_AUTH", True)
-@patch("api.app._fetch_duties_response")
-def test_duties_200_when_skip_auth(mock_fetch, client):
-    mock_fetch.return_value = []
-    r = client.get(
-        "/api/duties",
-        params={"from": "2025-01-01", "to": "2025-01-31"},
-    )
-    assert r.status_code == 200
-    assert r.json() == []
-    mock_fetch.assert_called_once_with("2025-01-01", "2025-01-31")
-
-
-@patch("api.app.validate_init_data_with_reason")
-def test_duties_403_when_init_data_invalid(mock_validate, client):
-    mock_validate.return_value = (None, "hash_mismatch")
-    r = client.get(
-        "/api/duties",
-        params={"from": "2025-01-01", "to": "2025-01-31"},
-        headers={"X-Telegram-Init-Data": "some=data&hash=abc"},
-    )
-    assert r.status_code == 403
-    detail = r.json()["detail"]
-    assert "авторизации" in detail or "Неверные" in detail or "Неверная" in detail
-
-
-@patch("api.app.validate_init_data_with_reason")
-@patch("api.app.config.can_access_miniapp")
-def test_duties_403_when_username_not_allowed(mock_can_access, mock_validate, client):
-    mock_validate.return_value = ("someuser", "ok")
-    mock_can_access.return_value = False
-    with patch("api.app._fetch_duties_response") as mock_fetch:
-        r = client.get(
-            "/api/duties",
-            params={"from": "2025-01-01", "to": "2025-01-31"},
-            headers={"X-Telegram-Init-Data": "user=xxx&hash=yyy"},
-        )
-    assert r.status_code == 403
-    assert "Доступ запрещён" in r.json()["detail"]
-    mock_fetch.assert_not_called()
-
-
-@patch("api.app.validate_init_data_with_reason")
-@patch("api.app.config.can_access_miniapp")
-def test_duties_200_with_allowed_user(mock_can_access, mock_validate, client):
-    mock_validate.return_value = ("alloweduser", "ok")
-    mock_can_access.return_value = True
-    with patch("api.app._fetch_duties_response") as mock_fetch:
-        mock_fetch.return_value = [
-            {
-                "id": 1,
-                "user_id": 10,
-                "start_at": "2025-01-15T09:00:00",
-                "end_at": "2025-01-15T18:00:00",
-                "full_name": "Иван Иванов",
-            }
-        ]
-        r = client.get(
-            "/api/duties",
-            params={"from": "2025-01-01", "to": "2025-01-31"},
-            headers={"X-Telegram-Init-Data": "user=xxx&hash=yyy"},
-        )
-    assert r.status_code == 200
-    assert len(r.json()) == 1
-    assert r.json()[0]["full_name"] == "Иван Иванов"
-    mock_fetch.assert_called_once_with("2025-01-01", "2025-01-31")
-
-
-def test_duties_e2e_auth_real_validation(client, monkeypatch):
-    """E2E: valid initData + allowlist, no mocks on validate_init_data_with_reason; full auth path."""
-    test_token = "123:ABC"
-    test_username = "e2euser"
-    monkeypatch.setattr(config, "BOT_TOKEN", test_token)
-    monkeypatch.setattr(config, "ALLOWED_USERNAMES", {test_username})
-    monkeypatch.setattr(config, "ADMIN_USERNAMES", set())
-    monkeypatch.setattr(config, "INIT_DATA_MAX_AGE_SECONDS", 0)
-    init_data = _make_init_data(
-        {"id": 1, "username": test_username},
-        test_token,
-        auth_date=int(time.time()),
-    )
-    with patch("api.app._fetch_duties_response") as mock_fetch:
-        mock_fetch.return_value = []
-        r = client.get(
-            "/api/duties",
-            params={"from": "2025-01-01", "to": "2025-01-31"},
-            headers={"X-Telegram-Init-Data": init_data},
-        )
-    assert r.status_code == 200
-    assert r.json() == []
-    mock_fetch.assert_called_once_with("2025-01-01", "2025-01-31")
--- a/api/test_telegram_auth.py
+++ b/api/test_telegram_auth.py
@@ -1,123 +0,0 @@
-"""Tests for api.telegram_auth.validate_init_data."""
-
-import hashlib
-import hmac
-import json
-from urllib.parse import quote, unquote
-
-
-from api.telegram_auth import validate_init_data
-
-
-def _make_init_data(
-    user: dict | None,
-    bot_token: str,
-    auth_date: int | None = None,
-) -> str:
-    """Build initData string with valid HMAC for testing."""
-    params = {}
-    if user is not None:
-        params["user"] = quote(json.dumps(user))
-    if auth_date is not None:
-        params["auth_date"] = str(auth_date)
-    pairs = sorted(params.items())
-    data_string = "\n".join(f"{k}={unquote(v)}" for k, v in pairs)
-    secret_key = hmac.new(
-        b"WebAppData",
-        msg=bot_token.encode(),
-        digestmod=hashlib.sha256,
-    ).digest()
-    computed = hmac.new(
-        secret_key,
-        msg=data_string.encode(),
-        digestmod=hashlib.sha256,
-    ).hexdigest()
-    params["hash"] = computed
-    return "&".join(f"{k}={v}" for k, v in sorted(params.items()))
-
-
-def test_valid_payload_returns_username():
-    bot_token = "123:ABC"
-    user = {"id": 123, "username": "testuser", "first_name": "Test"}
-    init_data = _make_init_data(user, bot_token)
-    assert validate_init_data(init_data, bot_token) == "testuser"
-
-
-def test_valid_payload_username_lowercase():
-    bot_token = "123:ABC"
-    user = {"id": 123, "username": "TestUser", "first_name": "Test"}
-    init_data = _make_init_data(user, bot_token)
-    assert validate_init_data(init_data, bot_token) == "testuser"
-
-
-def test_invalid_hash_returns_none():
-    bot_token = "123:ABC"
-    user = {"id": 123, "username": "testuser"}
-    init_data = _make_init_data(user, bot_token)
-    # Tamper with hash
-    init_data = init_data.replace("hash=", "hash=x")
-    assert validate_init_data(init_data, bot_token) is None
-
-
-def test_wrong_bot_token_returns_none():
-    bot_token = "123:ABC"
-    user = {"id": 123, "username": "testuser"}
-    init_data = _make_init_data(user, bot_token)
-    assert validate_init_data(init_data, "other:token") is None
-
-
-def test_missing_user_returns_none():
-    bot_token = "123:ABC"
-    init_data = _make_init_data(None, bot_token)  # no user key
-    assert validate_init_data(init_data, bot_token) is None
-
-
-def test_user_without_username_returns_none():
-    bot_token = "123:ABC"
-    user = {"id": 123, "first_name": "Test"}  # no username
-    init_data = _make_init_data(user, bot_token)
-    assert validate_init_data(init_data, bot_token) is None
-
-
-def test_empty_init_data_returns_none():
-    assert validate_init_data("", "token") is None
-    assert validate_init_data("   ", "token") is None
-
-
-def test_empty_bot_token_returns_none():
-    user = {"id": 1, "username": "u"}
-    init_data = _make_init_data(user, "token")
-    assert validate_init_data(init_data, "") is None
-
-
-def test_auth_date_expiry_rejects_old_init_data():
-    """When max_age_seconds is set, initData older than that is rejected."""
-    import time as t
-
-    bot_token = "123:ABC"
-    user = {"id": 1, "username": "testuser"}
-    # auth_date 100 seconds ago
-    old_ts = int(t.time()) - 100
-    init_data = _make_init_data(user, bot_token, auth_date=old_ts)
-    assert validate_init_data(init_data, bot_token, max_age_seconds=60) is None
-    assert validate_init_data(init_data, bot_token, max_age_seconds=200) == "testuser"
-
-
-def test_auth_date_expiry_accepts_fresh_init_data():
-    """Fresh auth_date within max_age_seconds is accepted."""
-    import time as t
-
-    bot_token = "123:ABC"
-    user = {"id": 1, "username": "testuser"}
-    fresh_ts = int(t.time()) - 10
-    init_data = _make_init_data(user, bot_token, auth_date=fresh_ts)
-    assert validate_init_data(init_data, bot_token, max_age_seconds=60) == "testuser"
-
-
-def test_auth_date_expiry_requires_auth_date_when_max_age_set():
-    """When max_age_seconds is set but auth_date is missing, return None."""
-    bot_token = "123:ABC"
-    user = {"id": 1, "username": "testuser"}
-    init_data = _make_init_data(user, bot_token)  # no auth_date
-    assert validate_init_data(init_data, bot_token, max_age_seconds=86400) is None
-    assert validate_init_data(init_data, bot_token) == "testuser"