from __future__ import annotations import asyncio import sys import tempfile import time import unittest from pathlib import Path import httpx sys.path.insert(0, str(Path(__file__).resolve().parents[3])) from backend.app.dependencies import get_move_task_service, get_task_service from backend.app.db.task_repository import TaskRepository from backend.app.fs.filesystem_adapter import FilesystemAdapter from backend.app.main import app from backend.app.security.path_guard import PathGuard from backend.app.services.move_task_service import MoveTaskService from backend.app.services.task_service import TaskService from backend.app.tasks_runner import TaskRunner class FailingDeleteFilesystemAdapter(FilesystemAdapter): def delete_file(self, path: Path) -> None: raise OSError("forced delete failure") class MoveApiGoldenTest(unittest.TestCase): def setUp(self) -> None: self.temp_dir = tempfile.TemporaryDirectory() self.root1 = Path(self.temp_dir.name) / "root1" self.root2 = Path(self.temp_dir.name) / "root2" self.root1.mkdir(parents=True, exist_ok=True) self.root2.mkdir(parents=True, exist_ok=True) self.repo = TaskRepository(str(Path(self.temp_dir.name) / "tasks.db")) path_guard = PathGuard({"storage1": str(self.root1), "storage2": str(self.root2)}) self._set_services(path_guard=path_guard, filesystem=FilesystemAdapter()) def tearDown(self) -> None: app.dependency_overrides.clear() self.temp_dir.cleanup() def _set_services(self, path_guard: PathGuard, filesystem: FilesystemAdapter) -> None: runner = TaskRunner(repository=self.repo, filesystem=filesystem) move_service = MoveTaskService(path_guard=path_guard, repository=self.repo, runner=runner) task_service = TaskService(repository=self.repo) async def _override_move_service() -> MoveTaskService: return move_service async def _override_task_service() -> TaskService: return task_service app.dependency_overrides[get_move_task_service] = _override_move_service app.dependency_overrides[get_task_service] = _override_task_service def _request(self, method: str, url: str, payload: dict | None = None) -> httpx.Response: async def _run() -> httpx.Response: transport = httpx.ASGITransport(app=app) async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client: if method == "POST": return await client.post(url, json=payload) return await client.get(url) return asyncio.run(_run()) def _wait_task(self, task_id: str, timeout_s: float = 2.0) -> dict: deadline = time.time() + timeout_s while time.time() < deadline: response = self._request("GET", f"/api/tasks/{task_id}") body = response.json() if body["status"] in {"completed", "failed"}: return body time.sleep(0.02) self.fail("task did not reach terminal state in time") def test_move_success_same_root_create_task_shape_and_completed(self) -> None: src = self.root1 / "source.txt" src.write_text("hello", encoding="utf-8") response = self._request( "POST", "/api/files/move", {"source": "storage1/source.txt", "destination": "storage1/moved.txt"}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertIn("task_id", body) self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["status"], "completed") self.assertTrue((self.root1 / "moved.txt").exists()) self.assertFalse(src.exists()) def test_move_directory_success_same_root_and_completed(self) -> None: src_dir = self.root1 / "source-dir" src_dir.mkdir() (src_dir / "nested.txt").write_text("hello", encoding="utf-8") target_parent = self.root1 / "target-parent" target_parent.mkdir() response = self._request( "POST", "/api/files/move", {"source": "storage1/source-dir", "destination": "storage1/target-parent/moved-dir"}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["status"], "completed") self.assertEqual(detail["done_items"], 1) self.assertEqual(detail["total_items"], 1) self.assertIsNone(detail["done_bytes"]) self.assertIsNone(detail["total_bytes"]) self.assertTrue((self.root1 / "target-parent" / "moved-dir").is_dir()) self.assertTrue((self.root1 / "target-parent" / "moved-dir" / "nested.txt").exists()) self.assertFalse(src_dir.exists()) def test_move_success_cross_root_create_task_shape_and_completed(self) -> None: src = self.root1 / "source.txt" src.write_text("hello", encoding="utf-8") response = self._request( "POST", "/api/files/move", {"source": "storage1/source.txt", "destination": "storage2/moved.txt"}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertIn("task_id", body) self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["status"], "completed") self.assertTrue((self.root2 / "moved.txt").exists()) self.assertFalse(src.exists()) def test_move_directory_cross_root_blocked(self) -> None: src_dir = self.root1 / "source-dir" src_dir.mkdir() response = self._request( "POST", "/api/files/move", {"source": "storage1/source-dir", "destination": "storage2/source-dir"}, ) self.assertEqual(response.status_code, 400) self.assertEqual(response.json()["error"]["code"], "invalid_request") def test_move_source_not_found(self) -> None: response = self._request( "POST", "/api/files/move", {"source": "storage1/missing.txt", "destination": "storage1/out.txt"}, ) self.assertEqual(response.status_code, 404) self.assertEqual(response.json()["error"]["code"], "path_not_found") def test_move_directory_source_not_found(self) -> None: response = self._request( "POST", "/api/files/move", {"source": "storage1/missing-dir", "destination": "storage1/out-dir"}, ) self.assertEqual(response.status_code, 404) self.assertEqual(response.json()["error"]["code"], "path_not_found") def test_move_source_is_directory_type_conflict_for_file_destination_parent(self) -> None: (self.root1 / "dir").mkdir() (self.root1 / "out.txt").write_text("x", encoding="utf-8") response = self._request( "POST", "/api/files/move", {"source": "storage1/dir", "destination": "storage1/out.txt/child"}, ) self.assertEqual(response.status_code, 409) self.assertEqual(response.json()["error"]["code"], "type_conflict") def test_move_destination_exists_already_exists(self) -> None: (self.root1 / "source.txt").write_text("x", encoding="utf-8") (self.root1 / "exists.txt").write_text("y", encoding="utf-8") response = self._request( "POST", "/api/files/move", {"source": "storage1/source.txt", "destination": "storage1/exists.txt"}, ) self.assertEqual(response.status_code, 409) self.assertEqual(response.json()["error"]["code"], "already_exists") def test_move_directory_destination_exists_already_exists(self) -> None: (self.root1 / "source-dir").mkdir() (self.root1 / "target-dir").mkdir() response = self._request( "POST", "/api/files/move", {"source": "storage1/source-dir", "destination": "storage1/target-dir"}, ) self.assertEqual(response.status_code, 409) self.assertEqual(response.json()["error"]["code"], "already_exists") def test_move_traversal_source(self) -> None: response = self._request( "POST", "/api/files/move", {"source": "storage1/../etc/passwd", "destination": "storage1/out.txt"}, ) self.assertEqual(response.status_code, 403) self.assertEqual(response.json()["error"]["code"], "path_traversal_detected") def test_move_traversal_destination(self) -> None: (self.root1 / "source.txt").write_text("x", encoding="utf-8") response = self._request( "POST", "/api/files/move", {"source": "storage1/source.txt", "destination": "storage1/../etc/out.txt"}, ) self.assertEqual(response.status_code, 403) self.assertEqual(response.json()["error"]["code"], "path_traversal_detected") def test_move_directory_destination_inside_source_blocked(self) -> None: src_dir = self.root1 / "source-dir" src_dir.mkdir() (src_dir / "child").mkdir() response = self._request( "POST", "/api/files/move", {"source": "storage1/source-dir", "destination": "storage1/source-dir/child/moved-dir"}, ) self.assertEqual(response.status_code, 400) self.assertEqual(response.json()["error"]["code"], "invalid_request") def test_move_directory_same_source_destination_blocked(self) -> None: src_dir = self.root1 / "source-dir" src_dir.mkdir() response = self._request( "POST", "/api/files/move", {"source": "storage1/source-dir", "destination": "storage1/source-dir"}, ) self.assertEqual(response.status_code, 400) self.assertEqual(response.json()["error"]["code"], "invalid_request") def test_move_source_symlink_rejected(self) -> None: target = self.root1 / "real.txt" target.write_text("x", encoding="utf-8") link = self.root1 / "link.txt" link.symlink_to(target) response = self._request( "POST", "/api/files/move", {"source": "storage1/link.txt", "destination": "storage1/out.txt"}, ) self.assertEqual(response.status_code, 409) self.assertEqual(response.json()["error"]["code"], "type_conflict") def test_move_directory_source_symlink_rejected(self) -> None: target = self.root1 / "real-dir" target.mkdir() (target / "nested.txt").write_text("x", encoding="utf-8") link = self.root1 / "dir-link" link.symlink_to(target, target_is_directory=True) response = self._request( "POST", "/api/files/move", {"source": "storage1/dir-link", "destination": "storage1/out-dir"}, ) self.assertEqual(response.status_code, 409) self.assertEqual(response.json()["error"]["code"], "type_conflict") def test_move_runtime_io_error_failed_task_shape(self) -> None: src = self.root1 / "source.txt" src.write_text("hello", encoding="utf-8") path_guard = PathGuard({"storage1": str(self.root1), "storage2": str(self.root2)}) self._set_services(path_guard=path_guard, filesystem=FailingDeleteFilesystemAdapter()) response = self._request( "POST", "/api/files/move", {"source": "storage1/source.txt", "destination": "storage2/moved.txt"}, ) self.assertEqual(response.status_code, 202) task_id = response.json()["task_id"] detail = self._wait_task(task_id) self.assertEqual(detail["status"], "failed") self.assertEqual(detail["error_code"], "io_error") self.assertTrue((self.root2 / "moved.txt").exists()) self.assertTrue(src.exists()) if __name__ == "__main__": unittest.main()