📌 Description
There is no integration coverage for the assembled Fiber app from internal/api/api.go. Routing (including the order-sensitive /projects/mine before /projects/:id), middleware (requestid, CORS, recover), RequireAuth/RequireRole gates, and JSON shapes are all untested end-to-end. We need table-driven HTTP tests exercising the app via app.Test(httptest.NewRequest(...)).
💡 Why it matters: End-to-end handler tests catch routing-order regressions, auth-gate mistakes, and response-shape drift that unit tests on individual handlers miss.
🧩 Requirements and context
- Build the app with a fake/stub DB and the in-memory bus and drive it via
app.Test.
- Cover: a public endpoint (e.g.
/health, /projects), an auth-required endpoint returning 401 without a token and 200 with one, and an admin endpoint returning 403 for non-admins.
- Assert the route-precedence cases (
/projects/mine, /projects/pending-setup) resolve before /projects/:id.
- Assert error responses use the standard envelope and include a request id.
- Keep tests hermetic — no real DB/NATS/GitHub.
Non-functional requirements
- Must be secure, tested, and documented.
- Should be efficient and easy to review.
🛠️ Suggested execution
1. Fork the repo and create a branch
git checkout -b test/api-integration
2. Implement changes
- Write/modify the relevant source: introduce a small DB interface/seam if needed for stubbing
- Write comprehensive tests:
internal/api/api_integration_test.go
- Add documentation: testing section in
DEVELOPMENT.md
- Include GoDoc comments on the test helpers
- Validate security assumptions: verify auth gates actually block
3. Test and commit
go test ./internal/api/... -race
- Cover edge cases: missing token, wrong role, route precedence, unknown path 404
- Include test output and security notes in the PR description.
Example commit message
test(api): add HTTP integration tests for routing and auth gates
✅ Acceptance criteria
🔒 Security notes
Explicitly assert that RequireAuth/RequireRole reject missing/invalid tokens and insufficient roles.
📋 Guidelines
- Minimum 95% test coverage
- Clear documentation
- Timeframe: 96 hours
📌 Description
There is no integration coverage for the assembled Fiber app from
internal/api/api.go. Routing (including the order-sensitive/projects/minebefore/projects/:id), middleware (requestid, CORS, recover),RequireAuth/RequireRolegates, and JSON shapes are all untested end-to-end. We need table-driven HTTP tests exercising the app viaapp.Test(httptest.NewRequest(...)).🧩 Requirements and context
app.Test./health,/projects), an auth-required endpoint returning 401 without a token and 200 with one, and an admin endpoint returning 403 for non-admins./projects/mine,/projects/pending-setup) resolve before/projects/:id.Non-functional requirements
🛠️ Suggested execution
1. Fork the repo and create a branch
2. Implement changes
internal/api/api_integration_test.goDEVELOPMENT.md3. Test and commit
go test ./internal/api/... -raceExample commit message
✅ Acceptance criteria
app.Testwith stubbed deps🔒 Security notes
Explicitly assert that
RequireAuth/RequireRolereject missing/invalid tokens and insufficient roles.📋 Guidelines