from __future__ import annotations import asyncio import sys import tempfile import threading import time import unittest from pathlib import Path import httpx sys.path.insert(0, str(Path(__file__).resolve().parents[3])) from backend.app.dependencies import get_delete_task_service, get_file_ops_service, get_task_service from backend.app.db.task_repository import TaskRepository from backend.app.fs.filesystem_adapter import FilesystemAdapter from backend.app.main import app from backend.app.security.path_guard import PathGuard from backend.app.services.delete_task_service import DeleteTaskService from backend.app.services.file_ops_service import FileOpsService from backend.app.services.task_service import TaskService from backend.app.tasks_runner import TaskRunner class BlockingDeleteFilesystemAdapter(FilesystemAdapter): def __init__(self) -> None: super().__init__() self.entered = threading.Event() self.release = threading.Event() def delete_file(self, path: Path) -> None: self.entered.set() self.release.wait(timeout=2.0) super().delete_file(path) class FileOpsApiGoldenTest(unittest.TestCase): def setUp(self) -> None: self.temp_dir = tempfile.TemporaryDirectory() self.root = Path(self.temp_dir.name) / "root" self.root.mkdir(parents=True, exist_ok=True) self.repo = TaskRepository(str(Path(self.temp_dir.name) / "tasks.db")) self.scope = self.root / "scope" self.scope.mkdir(parents=True, exist_ok=True) (self.scope / "old.txt").write_text("x", encoding="utf-8") (self.scope / "existing.txt").write_text("y", encoding="utf-8") path_guard = PathGuard({"storage1": str(self.root)}) service = FileOpsService( path_guard=path_guard, filesystem=FilesystemAdapter(), ) delete_service = DeleteTaskService( path_guard=path_guard, repository=self.repo, runner=TaskRunner(repository=self.repo, filesystem=FilesystemAdapter()), ) task_service = TaskService(repository=self.repo) async def _override_file_ops_service() -> FileOpsService: return service async def _override_delete_task_service() -> DeleteTaskService: return delete_service async def _override_task_service() -> TaskService: return task_service app.dependency_overrides[get_file_ops_service] = _override_file_ops_service app.dependency_overrides[get_delete_task_service] = _override_delete_task_service app.dependency_overrides[get_task_service] = _override_task_service def tearDown(self) -> None: app.dependency_overrides.clear() self.temp_dir.cleanup() def _post(self, url: str, payload: dict[str, str]) -> httpx.Response: async def _run() -> httpx.Response: transport = httpx.ASGITransport(app=app) async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client: return await client.post(url, json=payload) return asyncio.run(_run()) def _get(self, url: str) -> httpx.Response: async def _run() -> httpx.Response: transport = httpx.ASGITransport(app=app) async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client: return await client.get(url) return asyncio.run(_run()) def _wait_task(self, task_id: str, timeout_s: float = 2.0) -> dict: deadline = time.time() + timeout_s while time.time() < deadline: response = self._get(f"/api/tasks/{task_id}") body = response.json() if body["status"] in {"completed", "failed", "cancelled"}: return body time.sleep(0.02) self.fail("task did not reach terminal state in time") def _wait_for_status(self, task_id: str, statuses: set[str], timeout_s: float = 2.0) -> dict: deadline = time.time() + timeout_s while time.time() < deadline: response = self._get(f"/api/tasks/{task_id}") body = response.json() if body["status"] in statuses: return body time.sleep(0.02) self.fail(f"task did not reach one of {sorted(statuses)} in time") def test_mkdir_success(self) -> None: response = self._post( "/api/files/mkdir", {"parent_path": "storage1/scope", "name": "new_folder"}, ) self.assertEqual(response.status_code, 200) self.assertEqual(response.json(), {"path": "storage1/scope/new_folder"}) self.assertTrue((self.scope / "new_folder").is_dir()) def test_mkdir_conflict_directory_exists(self) -> None: (self.scope / "existing_dir").mkdir() response = self._post( "/api/files/mkdir", {"parent_path": "storage1/scope", "name": "existing_dir"}, ) self.assertEqual(response.status_code, 409) self.assertEqual( response.json(), { "error": { "code": "already_exists", "message": "Target path already exists", "details": {"path": "storage1/scope/existing_dir"}, } }, ) def test_mkdir_conflict_file_exists(self) -> None: response = self._post( "/api/files/mkdir", {"parent_path": "storage1/scope", "name": "existing.txt"}, ) self.assertEqual(response.status_code, 409) self.assertEqual( response.json(), { "error": { "code": "already_exists", "message": "Target path already exists", "details": {"path": "storage1/scope/existing.txt"}, } }, ) def test_rename_success(self) -> None: response = self._post( "/api/files/rename", {"path": "storage1/scope/old.txt", "new_name": "renamed.txt"}, ) self.assertEqual(response.status_code, 200) self.assertEqual(response.json(), {"path": "storage1/scope/renamed.txt"}) self.assertFalse((self.scope / "old.txt").exists()) self.assertTrue((self.scope / "renamed.txt").exists()) def test_rename_conflict(self) -> None: response = self._post( "/api/files/rename", {"path": "storage1/scope/old.txt", "new_name": "existing.txt"}, ) self.assertEqual(response.status_code, 409) self.assertEqual( response.json(), { "error": { "code": "already_exists", "message": "Target path already exists", "details": {"path": "storage1/scope/existing.txt"}, } }, ) def test_rename_not_found(self) -> None: response = self._post( "/api/files/rename", {"path": "storage1/scope/missing.txt", "new_name": "renamed.txt"}, ) self.assertEqual(response.status_code, 404) self.assertEqual( response.json(), { "error": { "code": "path_not_found", "message": "Requested path was not found", "details": {"path": "storage1/scope/missing.txt"}, } }, ) def test_rename_invalid_new_name_dotdot(self) -> None: response = self._post( "/api/files/rename", {"path": "storage1/scope/old.txt", "new_name": ".."}, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { "error": { "code": "invalid_request", "message": "Invalid name", "details": {"new_name": ".."}, } }, ) def test_rename_invalid_new_name_with_slash(self) -> None: response = self._post( "/api/files/rename", {"path": "storage1/scope/old.txt", "new_name": "a/b"}, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { "error": { "code": "invalid_request", "message": "Invalid name", "details": {"new_name": "a/b"}, } }, ) def test_mkdir_invalid_path(self) -> None: response = self._post( "/api/files/mkdir", {"parent_path": "storage1/scope", "name": "bad/name"}, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { "error": { "code": "invalid_request", "message": "Invalid name", "details": {"name": "bad/name"}, } }, ) def test_mkdir_traversal_attempt(self) -> None: response = self._post( "/api/files/mkdir", {"parent_path": "storage1/../etc", "name": "x"}, ) self.assertEqual(response.status_code, 403) self.assertEqual( response.json(), { "error": { "code": "path_traversal_detected", "message": "Path traversal is not allowed", "details": {"path": "storage1/../etc"}, } }, ) def test_delete_file_success(self) -> None: target = self.scope / "delete_me.txt" target.write_text("z", encoding="utf-8") response = self._post( "/api/files/delete", {"path": "storage1/scope/delete_me.txt"}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["operation"], "delete") self.assertEqual(detail["status"], "completed") self.assertEqual(detail["done_items"], 1) self.assertEqual(detail["total_items"], 1) self.assertIsNone(detail["current_item"]) self.assertFalse(target.exists()) def test_delete_file_cancelled_after_current_delete_finishes(self) -> None: blocking_fs = BlockingDeleteFilesystemAdapter() path_guard = PathGuard({"storage1": str(self.root)}) service = FileOpsService(path_guard=path_guard, filesystem=blocking_fs) delete_service = DeleteTaskService( path_guard=path_guard, repository=self.repo, runner=TaskRunner(repository=self.repo, filesystem=blocking_fs), ) task_service = TaskService(repository=self.repo) async def _override_file_ops_service() -> FileOpsService: return service async def _override_delete_task_service() -> DeleteTaskService: return delete_service async def _override_task_service() -> TaskService: return task_service app.dependency_overrides[get_file_ops_service] = _override_file_ops_service app.dependency_overrides[get_delete_task_service] = _override_delete_task_service app.dependency_overrides[get_task_service] = _override_task_service target = self.scope / "delete_later.txt" target.write_text("z", encoding="utf-8") response = self._post( "/api/files/delete", {"path": "storage1/scope/delete_later.txt"}, ) task_id = response.json()["task_id"] self.assertTrue(blocking_fs.entered.wait(timeout=2.0)) running = self._wait_for_status(task_id, {"running"}) self.assertEqual(running["current_item"], "delete_later.txt") cancel_response = self._post(f"/api/tasks/{task_id}/cancel", {}) self.assertEqual(cancel_response.status_code, 200) self.assertEqual(cancel_response.json()["status"], "cancelling") blocking_fs.release.set() detail = self._wait_task(task_id) self.assertEqual(detail["status"], "cancelled") self.assertEqual(detail["done_items"], 1) self.assertEqual(detail["total_items"], 1) self.assertFalse(target.exists()) def test_delete_empty_directory_success(self) -> None: target = self.scope / "empty_dir" target.mkdir() response = self._post( "/api/files/delete", {"path": "storage1/scope/empty_dir"}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["operation"], "delete") self.assertEqual(detail["status"], "completed") self.assertEqual(detail["done_items"], 0) self.assertEqual(detail["total_items"], 0) self.assertIsNone(detail["current_item"]) self.assertFalse(target.exists()) def test_delete_not_found(self) -> None: response = self._post( "/api/files/delete", {"path": "storage1/scope/missing.txt"}, ) self.assertEqual(response.status_code, 404) self.assertEqual( response.json(), { "error": { "code": "path_not_found", "message": "Requested path was not found", "details": {"path": "storage1/scope/missing.txt"}, } }, ) def test_delete_traversal_attempt(self) -> None: response = self._post( "/api/files/delete", {"path": "storage1/../etc/passwd"}, ) self.assertEqual(response.status_code, 403) self.assertEqual( response.json(), { "error": { "code": "path_traversal_detected", "message": "Path traversal is not allowed", "details": {"path": "storage1/../etc/passwd"}, } }, ) def test_delete_non_empty_directory_conflict(self) -> None: target = self.scope / "non_empty" target.mkdir() (target / "a.txt").write_text("a", encoding="utf-8") response = self._post( "/api/files/delete", {"path": "storage1/scope/non_empty"}, ) self.assertEqual(response.status_code, 409) self.assertEqual( response.json(), { "error": { "code": "directory_not_empty", "message": "Directory is not empty", "details": {"path": "storage1/scope/non_empty"}, } }, ) def test_delete_non_empty_directory_recursive_success(self) -> None: target = self.scope / "non_empty_recursive" target.mkdir() nested = target / "nested" nested.mkdir() (nested / "a.txt").write_text("a", encoding="utf-8") (target / "b.txt").write_text("b", encoding="utf-8") response = self._post( "/api/files/delete", {"path": "storage1/scope/non_empty_recursive", "recursive": True}, ) self.assertEqual(response.status_code, 202) body = response.json() self.assertEqual(body["status"], "queued") detail = self._wait_task(body["task_id"]) self.assertEqual(detail["operation"], "delete") self.assertEqual(detail["status"], "completed") self.assertEqual(detail["done_items"], 2) self.assertEqual(detail["total_items"], 2) self.assertIsNone(detail["current_item"]) self.assertFalse(target.exists()) def test_delete_non_empty_directory_recursive_cancelled_after_current_file_finishes(self) -> None: blocking_fs = BlockingDeleteFilesystemAdapter() path_guard = PathGuard({"storage1": str(self.root)}) service = FileOpsService(path_guard=path_guard, filesystem=blocking_fs) delete_service = DeleteTaskService( path_guard=path_guard, repository=self.repo, runner=TaskRunner(repository=self.repo, filesystem=blocking_fs), ) task_service = TaskService(repository=self.repo) async def _override_file_ops_service() -> FileOpsService: return service async def _override_delete_task_service() -> DeleteTaskService: return delete_service async def _override_task_service() -> TaskService: return task_service app.dependency_overrides[get_file_ops_service] = _override_file_ops_service app.dependency_overrides[get_delete_task_service] = _override_delete_task_service app.dependency_overrides[get_task_service] = _override_task_service target = self.scope / "delete_recursive_later" target.mkdir() nested = target / "nested" nested.mkdir() (target / "a.txt").write_text("a", encoding="utf-8") (nested / "b.txt").write_text("b", encoding="utf-8") response = self._post( "/api/files/delete", {"path": "storage1/scope/delete_recursive_later", "recursive": True}, ) task_id = response.json()["task_id"] self.assertTrue(blocking_fs.entered.wait(timeout=2.0)) running = self._wait_for_status(task_id, {"running"}) self.assertEqual(running["current_item"], "a.txt") self.assertEqual(running["done_items"], 0) self.assertEqual(running["total_items"], 2) cancel_response = self._post(f"/api/tasks/{task_id}/cancel", {}) self.assertEqual(cancel_response.status_code, 200) self.assertEqual(cancel_response.json()["status"], "cancelling") blocking_fs.release.set() detail = self._wait_task(task_id) self.assertEqual(detail["status"], "cancelled") self.assertEqual(detail["done_items"], 1) self.assertEqual(detail["total_items"], 2) self.assertFalse(target.joinpath("a.txt").exists()) self.assertTrue(target.joinpath("nested", "b.txt").exists()) self.assertTrue(target.exists()) def test_delete_batch_multi_select_starts_one_task_and_completes(self) -> None: first = self.scope / "batch-a.txt" second_dir = self.scope / "batch-dir" second_nested = second_dir / "nested.txt" first.write_text("a", encoding="utf-8") second_dir.mkdir() second_nested.write_text("b", encoding="utf-8") response = self._post( "/api/files/delete", { "paths": ["storage1/scope/batch-a.txt", "storage1/scope/batch-dir"], "recursive_paths": ["storage1/scope/batch-dir"], }, ) self.assertEqual(response.status_code, 202) detail = self._wait_task(response.json()["task_id"]) self.assertEqual(detail["operation"], "delete") self.assertEqual(detail["status"], "completed") self.assertEqual(detail["source"], "2 items") self.assertEqual(detail["done_items"], 2) self.assertEqual(detail["total_items"], 2) self.assertFalse(first.exists()) self.assertFalse(second_dir.exists()) def test_delete_batch_cancelled_after_current_delete_finishes(self) -> None: blocking_fs = BlockingDeleteFilesystemAdapter() path_guard = PathGuard({"storage1": str(self.root)}) service = FileOpsService(path_guard=path_guard, filesystem=blocking_fs) delete_service = DeleteTaskService( path_guard=path_guard, repository=self.repo, runner=TaskRunner(repository=self.repo, filesystem=blocking_fs), ) task_service = TaskService(repository=self.repo) async def _override_file_ops_service() -> FileOpsService: return service async def _override_delete_task_service() -> DeleteTaskService: return delete_service async def _override_task_service() -> TaskService: return task_service app.dependency_overrides[get_file_ops_service] = _override_file_ops_service app.dependency_overrides[get_delete_task_service] = _override_delete_task_service app.dependency_overrides[get_task_service] = _override_task_service first = self.scope / "cancel-a.txt" second = self.scope / "cancel-b.txt" first.write_text("a", encoding="utf-8") second.write_text("b", encoding="utf-8") response = self._post( "/api/files/delete", { "paths": ["storage1/scope/cancel-a.txt", "storage1/scope/cancel-b.txt"], }, ) task_id = response.json()["task_id"] self.assertTrue(blocking_fs.entered.wait(timeout=2.0)) running = self._wait_for_status(task_id, {"running"}) self.assertEqual(running["done_items"], 0) self.assertEqual(running["total_items"], 2) cancel_response = self._post(f"/api/tasks/{task_id}/cancel", {}) self.assertEqual(cancel_response.status_code, 200) self.assertEqual(cancel_response.json()["status"], "cancelling") blocking_fs.release.set() detail = self._wait_task(task_id) self.assertEqual(detail["status"], "cancelled") self.assertEqual(detail["done_items"], 1) self.assertEqual(detail["total_items"], 2) self.assertFalse(first.exists()) self.assertTrue(second.exists()) def test_delete_batch_directory_only_empty_dirs_remains_honestly_coarse(self) -> None: first = self.scope / "empty-a" second = self.scope / "empty-b" first.mkdir() second.mkdir() response = self._post( "/api/files/delete", { "paths": ["storage1/scope/empty-a", "storage1/scope/empty-b"], }, ) self.assertEqual(response.status_code, 202) detail = self._wait_task(response.json()["task_id"]) self.assertEqual(detail["status"], "completed") self.assertEqual(detail["done_items"], 0) self.assertEqual(detail["total_items"], 0) self.assertIsNone(detail["current_item"]) self.assertFalse(first.exists()) self.assertFalse(second.exists()) def test_delete_invalid_path(self) -> None: response = self._post( "/api/files/delete", {"path": ""}, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { "error": { "code": "invalid_request", "message": "Query parameter 'path' is required", "details": None, } }, ) if __name__ == "__main__": unittest.main()