use actix_web::{HttpRequest, HttpResponse};
use crate::AppState;
use super::context_auth::authorize_schema_read;
pub(super) async fn authorize_debug_schema_request(
req: &HttpRequest,
app_state: &AppState,
) -> Result<(), HttpResponse> {
authorize_schema_read(req, app_state, None).await
}
#[cfg(test)]
mod tests {
use actix_web::http::StatusCode;
use actix_web::test::TestRequest;
use super::*;
use crate::api::schema::debug_response_test_helpers::{
assert_error_payload_for_tests, response_json_for_tests,
};
use crate::test_support::{ATHENA_TEST_ADMIN_KEY, AthAdminKeyGuard};
#[actix_web::test]
async fn auth_gate_rejects_missing_admin_key_with_unauthorized_envelope() {
let _admin = AthAdminKeyGuard::new();
let request = TestRequest::get().uri("/debug/schema").to_http_request();
let app_state = AppState::default();
let result = authorize_debug_schema_request(&request, &app_state).await;
let response = result.expect_err("request without admin key should be rejected");
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
let body = response_json_for_tests(response, "auth-gate unauthorized envelope").await;
assert_error_payload_for_tests(
&body,
"Authentication required",
&["Invalid or missing API key"],
"auth-gate unauthorized envelope",
);
}
#[actix_web::test]
async fn auth_gate_allows_valid_admin_key() {
let _admin = AthAdminKeyGuard::new();
let request = TestRequest::get()
.uri("/debug/schema")
.insert_header(("x-athena-key", ATHENA_TEST_ADMIN_KEY))
.to_http_request();
let app_state = AppState::default();
let result = authorize_debug_schema_request(&request, &app_state).await;
assert!(
result.is_ok(),
"request with valid admin key should be authorized"
);
}
}