using System.Net; using System.Net.Http.Json; using Microsoft.AspNetCore.Mvc.Testing; using Xunit; namespace StellaOps.Signals.Tests; public class SignalsApiTests : IClassFixture> { private readonly WebApplicationFactory factory; public SignalsApiTests(WebApplicationFactory factory) { this.factory = factory; } [Fact] public async Task Healthz_ReturnsOk() { var client = factory.CreateClient(); var response = await client.GetAsync("/healthz"); Assert.Equal(HttpStatusCode.OK, response.StatusCode); } [Fact] public async Task Readyz_ReturnsOk() { var client = factory.CreateClient(); var response = await client.GetAsync("/readyz"); Assert.Equal(HttpStatusCode.OK, response.StatusCode); var payload = await response.Content.ReadFromJsonAsync>(); Assert.NotNull(payload); Assert.Equal("ready", payload!["status"]); } [Fact] public async Task Ping_WithoutScopeHeader_ReturnsUnauthorized() { var client = factory.CreateClient(); var response = await client.GetAsync("/signals/ping"); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); } [Fact] public async Task Ping_WithMissingScope_ReturnsForbidden() { var client = factory.CreateClient(); var request = new HttpRequestMessage(HttpMethod.Get, "/signals/ping"); request.Headers.Add("X-Scopes", "signals:write"); var response = await client.SendAsync(request); Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); } [Fact] public async Task Ping_WithReadScope_ReturnsNoContent() { var client = factory.CreateClient(); var request = new HttpRequestMessage(HttpMethod.Get, "/signals/ping"); request.Headers.Add("X-Scopes", "signals:read"); var response = await client.SendAsync(request); Assert.Equal(HttpStatusCode.NoContent, response.StatusCode); } }