Refactor: split serve/server.py (3220 lines) into focused modules

serve/server.py is now 69 lines — app factory, middleware, and router registration only. New modules: deps.py (168 lines) — module-level globals + auth dependency functions models.py (85 lines) — all Pydantic request/response models tasks.py (136 lines) — background workers and job tracker routers/ — one file per domain (10 routers, ~2750 lines total) auth.py, me.py, admin.py, activities.py, uploads.py, segments.py, strava.py, garmin.py, ideas.py, feed.py cli.py updated to set globals on deps instead of server. 88 new regression tests in tests/serve/ cover auth guards and key behaviours for every router; 294 total passing after the split.
2026-05-13 23:47:19 +02:00
parent 2ec4d9157c
commit 8380b1d2cc
28 changed files with 3982 additions and 3193 deletions
@@ -0,0 +1,98 @@
+"""Pre-split regression tests for auth/register/invites routes."""
+from __future__ import annotations
+
+import pytest
+from fastapi.testclient import TestClient
+
+
+class TestLogin:
+    def test_missing_body_returns_422(self, client: TestClient):
+        r = client.post("/api/auth/login", json={})
+        assert r.status_code == 422
+
+    def test_wrong_credentials_returns_401(self, client: TestClient):
+        r = client.post("/api/auth/login", json={"handle": "nobody", "password": "x"})
+        assert r.status_code == 401
+
+    def test_valid_login_sets_cookie(self, user_client: TestClient, tmp_data):
+        from bincio.serve.db import open_db, authenticate
+        db = open_db(tmp_data)
+        assert authenticate(db, "alice", "alicepass1") is not None
+        r = user_client.post("/api/auth/login",
+                             json={"handle": "alice", "password": "alicepass1"})
+        assert r.status_code == 200
+        assert r.json()["handle"] == "alice"
+
+
+class TestToken:
+    def test_missing_body_returns_422(self, client: TestClient):
+        r = client.post("/api/auth/token", json={})
+        assert r.status_code == 422
+
+    def test_wrong_credentials_returns_401(self, client: TestClient):
+        r = client.post("/api/auth/token", json={"handle": "nobody", "password": "x"})
+        assert r.status_code == 401
+
+    def test_valid_token_in_body(self, user_client: TestClient):
+        r = user_client.post("/api/auth/token",
+                             json={"handle": "alice", "password": "alicepass1"})
+        assert r.status_code == 200
+        assert "token" in r.json()
+
+
+class TestLogout:
+    def test_logout_unauthenticated_returns_200(self, client: TestClient):
+        r = client.post("/api/auth/logout")
+        assert r.status_code == 200
+
+    def test_logout_authenticated_returns_200(self, user_client: TestClient):
+        r = user_client.post("/api/auth/logout")
+        assert r.status_code == 200
+
+
+class TestResetPassword:
+    def test_missing_body_returns_422(self, client: TestClient):
+        r = client.post("/api/auth/reset-password", json={})
+        assert r.status_code == 422
+
+    def test_invalid_code_returns_400(self, client: TestClient):
+        r = client.post("/api/auth/reset-password",
+                        json={"handle": "nobody", "code": "BADCODE", "password": "newpass123"})
+        assert r.status_code == 400
+
+    def test_short_password_returns_400(self, client: TestClient):
+        r = client.post("/api/auth/reset-password",
+                        json={"handle": "nobody", "code": "BADCODE", "password": "short"})
+        assert r.status_code == 400
+
+
+class TestRegister:
+    def test_missing_body_returns_422(self, client: TestClient):
+        r = client.post("/api/register", json={})
+        assert r.status_code == 422
+
+    def test_invalid_invite_returns_400(self, client: TestClient):
+        r = client.post("/api/register",
+                        json={"code": "BADCODE", "handle": "bob", "password": "bobpass123"})
+        assert r.status_code == 400
+
+    def test_invalid_handle_returns_400(self, client: TestClient):
+        r = client.post("/api/register",
+                        json={"code": "BADCODE", "handle": "BOB INVALID", "password": "bobpass123"})
+        assert r.status_code in (400, 422)
+
+
+class TestInvites:
+    def test_unauthenticated_returns_401(self, client: TestClient):
+        assert client.get("/api/invites").status_code == 401
+        assert client.post("/api/invites", json={}).status_code == 401
+
+    def test_authenticated_get_returns_list(self, user_client: TestClient):
+        r = user_client.get("/api/invites")
+        assert r.status_code == 200
+        assert isinstance(r.json(), list)
+
+    def test_create_invite(self, user_client: TestClient):
+        r = user_client.post("/api/invites", json={"grants_activity": False})
+        assert r.status_code == 200
+        assert "code" in r.json()