feat: reverts message in json output and allows configuration (#1082)

* feat: allow future deprecated message response with config

* tests: middleware

* fix: middleware order

* fix: frontend using message in body

* fix: cors

* feat: modify response type with header

* fix(webapp): added new headers

* dist: updated webapp files

* test(e2e): fixes

* fix: middleware returning body for 204 requests

* fix: frontend apis

* tests: cors middleware

Author: fmartingr

e2e/playwright/auth_test.go

@@ -1,4 +1,4 @@
-package playwright_test
+package playwright
 
 import (
 	"fmt"
@@ -14,146 +14,110 @@ func TestAuth(t *testing.T) {
 	container := e2eutil.NewShioriContainer(t, "")
 	baseURL := fmt.Sprintf("http://localhost:%s", container.GetPort())
 
-	// Initialize the browser
-	pw, err := playwright.Run()
-	require.NoError(t, err, "Initialize Playwright")
-	defer pw.Stop()
-
-	browser, err := pw.Chromium.Launch(playwright.BrowserTypeLaunchOptions{
-		Headless: playwright.Bool(true),
-	})
-	require.NoError(t, err, "Launch browser")
-	defer browser.Close()
+	mainTestHelper, err := NewTestHelper(t, "main")
+	require.NoError(t, err)
+	defer mainTestHelper.Close()
 
 	t.Run("successful login with default credentials", func(t *testing.T) {
-		context, err := browser.NewContext()
-		require.NoError(t, err, "Create browser context")
-
-		t.Cleanup(func() {
-			context.Close()
-		})
-
-		page, err := context.NewPage()
-		require.NoError(t, err, "Create new page")
-		defer page.Close()
-
 		// Navigate to the login page
-		_, err = page.Goto(baseURL)
-		require.NoError(t, err, "Navigate to login page")
+		_, err = mainTestHelper.page.Goto(baseURL)
+		mainTestHelper.Require().NoError(t, err, "Navigate to base URL")
 
 		// Get locators for form elements
-		usernameLocator := page.Locator("#username")
-		passwordLocator := page.Locator("#password")
-		buttonLocator := page.Locator(".button")
+		usernameLocator := mainTestHelper.page.Locator("#username")
+		passwordLocator := mainTestHelper.page.Locator("#password")
+		buttonLocator := mainTestHelper.page.Locator(".button")
 
 		// Wait for and fill the login form
-		require.NoError(t, usernameLocator.WaitFor())
-		require.NoError(t, usernameLocator.Fill("shiori"))
-		require.NoError(t, passwordLocator.Fill("gopher"))
+		mainTestHelper.Require().NoError(t, usernameLocator.WaitFor(), "Wait for username field")
+		mainTestHelper.Require().NoError(t, usernameLocator.Fill("shiori"), "Fill username field")
+		mainTestHelper.Require().NoError(t, passwordLocator.Fill("gopher"), "Fill password field")
 
 		// Click login and wait for success
-		require.NoError(t, buttonLocator.Click())
-		require.NoError(t, page.Locator("#bookmarks-grid").WaitFor())
+		mainTestHelper.Require().NoError(t, buttonLocator.Click(), "Click login button")
+		mainTestHelper.Require().NoError(t, mainTestHelper.page.Locator("#bookmarks-grid").WaitFor(playwright.LocatorWaitForOptions{
+			State:   playwright.WaitForSelectorStateVisible,
+			Timeout: playwright.Float(1000),
+		}), "Wait for bookmarks section to show up")
 	})
 
 	t.Run("failed login with wrong username", func(t *testing.T) {
-		context, err := browser.NewContext()
+		th, err := NewTestHelper(t, t.Name())
 		require.NoError(t, err)
-
-		t.Cleanup(func() {
-			context.Close()
-		})
-
-		page, err := context.NewPage()
-		require.NoError(t, err)
-		defer page.Close()
+		defer th.Close()
 
 		// Navigate to the login page
-		_, err = page.Goto(baseURL)
-		require.NoError(t, err)
+		_, err = th.page.Goto(baseURL)
+		th.Require().NoError(t, err, "Navigate to base URL")
 
 		// Get locators for form elements
-		usernameLocator := page.Locator("#username")
-		passwordLocator := page.Locator("#password")
-		buttonLocator := page.Locator(".button")
-		errorLocator := page.Locator(".error-message")
+		usernameLocator := th.page.Locator("#username")
+		passwordLocator := th.page.Locator("#password")
+		buttonLocator := th.page.Locator(".button")
+		errorLocator := th.page.Locator(".error-message")
 
 		// Wait for and fill the login form
-		require.NoError(t, usernameLocator.WaitFor())
-		require.NoError(t, usernameLocator.Fill("wrong_user"))
-		require.NoError(t, passwordLocator.Fill("gopher"))
+		th.Require().NoError(t, usernameLocator.WaitFor(), "Wait for username field")
+		th.Require().NoError(t, usernameLocator.Fill("wrong_user"), "Fill username field")
+		th.Require().NoError(t, passwordLocator.Fill("gopher"), "Fill password field")
 
 		// Click login and verify error
-		require.NoError(t, buttonLocator.Click())
+		th.Require().NoError(t, buttonLocator.Click(), "Click login button")
 		errorText, err := errorLocator.TextContent()
-		require.NoError(t, err, "Get error message text")
-		require.Contains(t, errorText, "username or password do not match", "Verify error message for wrong username")
+		th.Require().NoError(t, err, "Get error message text")
+		th.Require().Contains(t, errorText, "username or password do not match")
 	})
 
 	t.Run("failed login with wrong password", func(t *testing.T) {
-		context, err := browser.NewContext()
+		th, err := NewTestHelper(t, t.Name())
 		require.NoError(t, err)
-
-		t.Cleanup(func() {
-			context.Close()
-		})
-
-		page, err := context.NewPage()
-		require.NoError(t, err)
-		defer page.Close()
+		defer th.Close()
 
 		// Navigate to the login page
-		_, err = page.Goto(baseURL)
-		require.NoError(t, err)
+		_, err = th.page.Goto(baseURL)
+		th.Require().NoError(t, err, "Navigate to base URL")
 
 		// Get locators for form elements
-		usernameLocator := page.Locator("#username")
-		passwordLocator := page.Locator("#password")
-		buttonLocator := page.Locator(".button")
-		errorLocator := page.Locator(".error-message")
+		usernameLocator := th.page.Locator("#username")
+		passwordLocator := th.page.Locator("#password")
+		buttonLocator := th.page.Locator(".button")
+		errorLocator := th.page.Locator(".error-message")
 
 		// Wait for and fill the login form
-		require.NoError(t, usernameLocator.WaitFor())
-		require.NoError(t, usernameLocator.Fill("shiori"))
-		require.NoError(t, passwordLocator.Fill("wrong_password"))
+		th.Require().NoError(t, usernameLocator.WaitFor(), "Wait for username field")
+		th.Require().NoError(t, usernameLocator.Fill("shiori"), "Fill username field")
+		th.Require().NoError(t, passwordLocator.Fill("wrong_password"), "Fill password field")
 
 		// Click login and verify error
-		require.NoError(t, buttonLocator.Click())
+		th.Require().NoError(t, buttonLocator.Click(), "Click login button")
 		errorText, err := errorLocator.TextContent()
-		require.NoError(t, err)
-		require.Contains(t, errorText, "username or password do not match")
+		th.Require().NoError(t, err, "Get error message text")
+		th.Require().Contains(t, errorText, "username or password do not match")
 	})
 
 	t.Run("empty username validation", func(t *testing.T) {
-		context, err := browser.NewContext()
+		th, err := NewTestHelper(t, t.Name())
 		require.NoError(t, err)
-
-		t.Cleanup(func() {
-			context.Close()
-		})
-
-		page, err := context.NewPage()
-		require.NoError(t, err)
-		defer page.Close()
+		defer th.Close()
 
 		// Navigate to the login page
-		_, err = page.Goto(baseURL)
-		require.NoError(t, err)
+		_, err = th.page.Goto(baseURL)
+		th.Require().NoError(t, err, "Navigate to base URL")
 
 		// Get locators for form elements
-		usernameLocator := page.Locator("#username")
-		passwordLocator := page.Locator("#password")
-		buttonLocator := page.Locator(".button")
-		errorLocator := page.Locator(".error-message")
+		usernameLocator := th.page.Locator("#username")
+		passwordLocator := th.page.Locator("#password")
+		buttonLocator := th.page.Locator(".button")
+		errorLocator := th.page.Locator(".error-message")
 
 		// Wait for form and fill only password
-		require.NoError(t, usernameLocator.WaitFor())
-		require.NoError(t, passwordLocator.Fill("gopher"))
+		th.Require().NoError(t, usernameLocator.WaitFor(), "Wait for username field")
+		th.Require().NoError(t, passwordLocator.Fill("gopher"), "Fill password field")
 
 		// Click login and verify error
-		require.NoError(t, buttonLocator.Click())
+		th.Require().NoError(t, buttonLocator.Click(), "Click login button")
 		errorText, err := errorLocator.TextContent()
-		require.NoError(t, err)
-		require.Contains(t, errorText, "Username must not empty")
+		th.Require().NoError(t, err, "Get error message text")
+		th.Require().Contains(t, errorText, "Username must not empty")
 	})
 }

e2e/playwright/testhelper.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"strings"
 	"testing"
 	"time"
 
@@ -191,6 +192,15 @@ func (pr *PlaywrightRequire) Error(t *testing.T, err error, msgAndArgs ...interf
 	pr.Assertions.Error(err, msgAndArgs...)
 }
 
+func (pr *PlaywrightRequire) Contains(t *testing.T, text, expected string, msgAndArgs ...interface{}) {
+	pr.Assert(t, func() error {
+		if !strings.Contains(text, expected) {
+			return fmt.Errorf("Expected text to contain '%s' but got '%s'", expected, text)
+		}
+		return nil
+	}, msgAndArgs...)
+}
+
 // Close cleans up resources and generates the report
 func (th *TestHelper) Close() {
 	if err := GetReporter().GenerateHTML(); err != nil {

internal/http/http.go

@@ -25,8 +25,9 @@ func ToHTTPHandler(deps model.Dependencies, h model.HttpHandler, middlewares ...
 		// Execute handler
 		h(deps, c)
 
-		// Execute OnResponse middlewares
-		for _, m := range middlewares {
+		// Execute OnResponse middlewares in reverse order
+		for i := len(middlewares) - 1; i >= 0; i-- {
+			m := middlewares[i]
 			if err := m.OnResponse(deps, c); err != nil {
 				deps.Logger().WithError(err).Error("middleware error in response")
 				return

internal/http/middleware/cors.go

@@ -13,14 +13,14 @@ type CORSMiddleware struct {
 func (m *CORSMiddleware) OnRequest(deps model.Dependencies, c model.WebContext) error {
 	c.ResponseWriter().Header().Set("Access-Control-Allow-Origin", strings.Join(m.allowedOrigins, ", "))
 	c.ResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-	c.ResponseWriter().Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+	c.ResponseWriter().Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Shiori-Response-Format")
 	return nil
 }
 
 func (m *CORSMiddleware) OnResponse(deps model.Dependencies, c model.WebContext) error {
 	c.ResponseWriter().Header().Set("Access-Control-Allow-Origin", strings.Join(m.allowedOrigins, ", "))
 	c.ResponseWriter().Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-	c.ResponseWriter().Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+	c.ResponseWriter().Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Shiori-Response-Format")
 	return nil
 }
 

internal/http/middleware/cors_test.go

@@ -0,0 +1,77 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/go-shiori/shiori/internal/http/webcontext"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCORSMiddleware(t *testing.T) {
+	t.Run("test single origin", func(t *testing.T) {
+		allowedOrigins := []string{"http://localhost:8080"}
+		middleware := NewCORSMiddleware(allowedOrigins)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		c := webcontext.NewWebContext(w, r)
+
+		err := middleware.OnRequest(nil, c)
+		require.NoError(t, err)
+
+		headers := w.Header()
+		assert.Equal(t, "http://localhost:8080", headers.Get("Access-Control-Allow-Origin"))
+		assert.Equal(t, "GET, POST, PUT, DELETE, OPTIONS", headers.Get("Access-Control-Allow-Methods"))
+		assert.Equal(t, "Content-Type, Authorization, X-Shiori-Response-Format", headers.Get("Access-Control-Allow-Headers"))
+	})
+
+	t.Run("test multiple origins", func(t *testing.T) {
+		allowedOrigins := []string{"http://localhost:8080", "http://example.com"}
+		middleware := NewCORSMiddleware(allowedOrigins)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		c := webcontext.NewWebContext(w, r)
+
+		err := middleware.OnRequest(nil, c)
+		require.NoError(t, err)
+
+		headers := w.Header()
+		assert.Equal(t, strings.Join(allowedOrigins, ", "), headers.Get("Access-Control-Allow-Origin"))
+	})
+
+	t.Run("test empty origins", func(t *testing.T) {
+		middleware := NewCORSMiddleware([]string{})
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		c := webcontext.NewWebContext(w, r)
+
+		err := middleware.OnRequest(nil, c)
+		require.NoError(t, err)
+
+		headers := w.Header()
+		assert.Equal(t, "", headers.Get("Access-Control-Allow-Origin"))
+	})
+
+	t.Run("test OnResponse headers", func(t *testing.T) {
+		allowedOrigins := []string{"http://localhost:8080"}
+		middleware := NewCORSMiddleware(allowedOrigins)
+
+		w := httptest.NewRecorder()
+		r := httptest.NewRequest(http.MethodGet, "/", nil)
+		c := webcontext.NewWebContext(w, r)
+
+		err := middleware.OnResponse(nil, c)
+		require.NoError(t, err)
+
+		headers := w.Header()
+		assert.Equal(t, "http://localhost:8080", headers.Get("Access-Control-Allow-Origin"))
+		assert.Equal(t, "GET, POST, PUT, DELETE, OPTIONS", headers.Get("Access-Control-Allow-Methods"))
+		assert.Equal(t, "Content-Type, Authorization, X-Shiori-Response-Format", headers.Get("Access-Control-Allow-Headers"))
+	})
+}