Added tests, shift 'delete'. Fixed overnight shifts, sync, error handling.

handle_settings_test.go

@@ -0,0 +1,71 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestGetSettings(t *testing.T) {
+	app := testApp(t)
+	admin := testAdminUser(t, app)
+	token := testToken(t, app, admin)
+	mux := testMux(app)
+
+	req := testAuthRequest("GET", "/api/settings", nil, token)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d", w.Code)
+	}
+	result := parseJSON(t, w)
+	if result["smtp_host"] == nil {
+		t.Error("missing smtp_host key")
+	}
+}
+
+func TestUpdateSettings(t *testing.T) {
+	app := testApp(t)
+	admin := testAdminUser(t, app)
+	token := testToken(t, app, admin)
+	mux := testMux(app)
+
+	req := testAuthRequest("PUT", "/api/settings", map[string]any{
+		"smtp_host":     "smtp.example.com",
+		"smtp_port":     587,
+		"smtp_password": "secret",
+		"base_url":      "https://turnpike.example.com",
+	}, token)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("status = %d\nbody: %s", w.Code, w.Body.String())
+	}
+	result := parseJSON(t, w)
+	if result["smtp_host"] != "smtp.example.com" {
+		t.Errorf("smtp_host = %v", result["smtp_host"])
+	}
+	if result["smtp_password"] != "***" {
+		t.Errorf("smtp_password = %v, want '***'", result["smtp_password"])
+	}
+	if result["base_url"] != "https://turnpike.example.com" {
+		t.Errorf("base_url = %v", result["base_url"])
+	}
+}
+
+func TestSettingsNonAdminRejected(t *testing.T) {
+	app := testApp(t)
+	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
+	token := testToken(t, app, gate)
+	mux := testMux(app)
+
+	req := testAuthRequest("GET", "/api/settings", nil, token)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+
+	if w.Code != http.StatusForbidden {
+		t.Errorf("status = %d, want 403", w.Code)
+	}
+}