feat: rebuild rss-news backend, admin ui, and legal extraction pipeline

2026-02-18 09:46:44 +01:00 · 2026-02-18 09:46:44 +01:00 · 2c331d683b
commit 2c331d683b
parent d65c55d315
43 changed files with 3463 additions and 73 deletions
--- a/backend/tests/test_api_auth.py
+++ b/backend/tests/test_api_auth.py
@ -0,0 +1,77 @@
+import os
+import tempfile
+import unittest
+from pathlib import Path
+
+from fastapi.testclient import TestClient
+
+from backend.app import config as config_module
+from backend.app.db import init_db
+from backend.app.main import app
+
+
+class TestApiAuth(unittest.TestCase):
+    def setUp(self) -> None:
+        self.tmp_dir = tempfile.TemporaryDirectory()
+        os.environ["APP_DB_PATH"] = str(Path(self.tmp_dir.name) / "api.db")
+        os.environ["APP_ADMIN_USERNAME"] = "admin"
+        os.environ["APP_ADMIN_PASSWORD"] = "secret"
+        config_module.get_settings.cache_clear()
+        init_db()
+        self.client = TestClient(app)
+
+    def tearDown(self) -> None:
+        config_module.get_settings.cache_clear()
+        os.environ.pop("APP_DB_PATH", None)
+        os.environ.pop("APP_ADMIN_USERNAME", None)
+        os.environ.pop("APP_ADMIN_PASSWORD", None)
+        self.tmp_dir.cleanup()
+
+    def test_login_and_protected_endpoint(self) -> None:
+        r = self.client.post("/auth/login", json={"username": "admin", "password": "secret"})
+        self.assertEqual(r.status_code, 200)
+
+        p = self.client.get("/api/protected")
+        self.assertEqual(p.status_code, 200)
+        self.assertTrue(p.json().get("ok"))
+
+    def test_protected_requires_auth(self) -> None:
+        r = self.client.get("/api/protected")
+        self.assertEqual(r.status_code, 401)
+
+    def test_run_detail_endpoint(self) -> None:
+        login = self.client.post("/auth/login", json={"username": "admin", "password": "secret"})
+        self.assertEqual(login.status_code, 200)
+
+        created = self.client.post("/api/runs", json={"run_type": "ingestion", "status": "running"})
+        self.assertEqual(created.status_code, 200)
+        run_id = created.json()["id"]
+
+        detail = self.client.get(f"/api/runs/{run_id}")
+        self.assertEqual(detail.status_code, 200)
+        self.assertEqual(detail.json()["item"]["id"], run_id)
+
+    def test_source_policy_check_endpoint(self) -> None:
+        login = self.client.post("/auth/login", json={"username": "admin", "password": "secret"})
+        self.assertEqual(login.status_code, 200)
+
+        created = self.client.post(
+            "/api/sources",
+            json={
+                "name": "Policy Source",
+                "risk_level": "yellow",
+                "is_enabled": True,
+            },
+        )
+        self.assertEqual(created.status_code, 200)
+        source_id = created.json()["id"]
+
+        check = self.client.get(f"/api/sources/{source_id}/policy-check")
+        self.assertEqual(check.status_code, 200)
+        body = check.json()
+        self.assertFalse(body["allowed"])
+        self.assertGreaterEqual(len(body["issues"]), 1)
+
+
+if __name__ == "__main__":
+    unittest.main()