witryna 0.1.0 — initial releasev0.1.0

Minimalist Git-based static site deployment orchestrator. Webhook-triggered builds in Podman/Docker containers with atomic symlink publishing, SIGHUP hot-reload, and zero-downtime deploys. See README.md for usage, CHANGELOG.md for details.
author: Dawid Rycerz <dawid@rycerz.xyz> 2026-01-22 22:07:32 +0100
committer: Dawid Rycerz <dawid@rycerz.xyz> 2026-02-10 18:44:26 +0100
commit: 064a1d01c5c14f5ecc032fa9b8346a4a88b893f6 (patch)
tree: a2023f9ccd297ed8a41a3a0cc5699c2add09244d /tests/integration/edge_cases.rs
1 files changed, 69 insertions, 0 deletions
diff --git a/tests/integration/edge_cases.rs b/tests/integration/edge_cases.rs
new file mode 100644
index 0000000..248c36f
--- /dev/null
+++ b/tests/integration/edge_cases.rs
@@ -0,0 +1,69 @@
+use crate::harness::{TestServer, test_config};
+
+#[tokio::test]
+async fn path_traversal_rejected() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    let traversal_attempts = [
+        "../etc/passwd",
+        "..%2F..%2Fetc%2Fpasswd",
+        "valid-site/../other",
+    ];
+
+    for attempt in &traversal_attempts {
+        let resp = TestServer::client()
+            .post(server.url(attempt))
+            .header("Authorization", "Bearer test-token")
+            .send()
+            .await;
+
+        if let Ok(resp) = resp {
+            let status = resp.status().as_u16();
+            assert!(
+                status == 400 || status == 404,
+                "path traversal '{attempt}' should be rejected, got {status}"
+            );
+        }
+    }
+}
+
+#[tokio::test]
+async fn very_long_site_name_rejected() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    let long_name = "a".repeat(1000);
+    let resp = TestServer::client()
+        .post(server.url(&long_name))
+        .header("Authorization", "Bearer test-token")
+        .send()
+        .await;
+
+    if let Ok(resp) = resp {
+        let status = resp.status().as_u16();
+        assert!(
+            status == 400 || status == 404 || status == 414,
+            "long site name should be rejected gracefully, got {status}"
+        );
+    }
+}
+
+#[tokio::test]
+async fn service_healthy_after_errors() {
+    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
+
+    // Make requests to non-existent sites (causes 404s in the app)
+    for _ in 0..5 {
+        let _ = TestServer::client()
+            .post(server.url("/nonexistent"))
+            .send()
+            .await;
+    }
+
+    // Server should still be healthy
+    let resp = TestServer::client()
+        .get(server.url("/health"))
+        .send()
+        .await
+        .unwrap();
+    assert_eq!(resp.status().as_u16(), 200);
+}
author	Dawid Rycerz <dawid@rycerz.xyz>	2026-01-22 22:07:32 +0100
committer	Dawid Rycerz <dawid@rycerz.xyz>	2026-02-10 18:44:26 +0100
commit	064a1d01c5c14f5ecc032fa9b8346a4a88b893f6 (patch)
tree	a2023f9ccd297ed8a41a3a0cc5699c2add09244d /tests/integration/edge_cases.rs