Background
PR #79 fixed a privilege-escalation bug where the /api/v1/admin/users/* routes were wired with authMiddleware but not adminMiddleware, letting any authenticated driver manage user accounts.
The requireAdmin middleware itself is well-covered (TestRequireAdmin_DriverDenied, TestRequireAdmin_MissingClaims, expired/invalid tokens). However, nothing tests that the routes in main.go are actually wrapped with that middleware. That wiring gap is exactly what caused the bug in #75/#79, and the same untested wiring also protects the /api/v1/admin/vehicles/* and /api/v1/admin/status routes.
Proposal
Add an integration-style test that builds the real mux (or a shared route-registration helper) and asserts that each /api/v1/admin/* route returns 403 Forbidden for a valid driver-role JWT. A table-driven test over the admin route list would prevent a future contributor from adding an admin route and forgetting the middleware.
Acceptance criteria
Follow-up to #79.
Background
PR #79 fixed a privilege-escalation bug where the
/api/v1/admin/users/*routes were wired withauthMiddlewarebut notadminMiddleware, letting any authenticated driver manage user accounts.The
requireAdminmiddleware itself is well-covered (TestRequireAdmin_DriverDenied,TestRequireAdmin_MissingClaims, expired/invalid tokens). However, nothing tests that the routes inmain.goare actually wrapped with that middleware. That wiring gap is exactly what caused the bug in #75/#79, and the same untested wiring also protects the/api/v1/admin/vehicles/*and/api/v1/admin/statusroutes.Proposal
Add an integration-style test that builds the real mux (or a shared route-registration helper) and asserts that each
/api/v1/admin/*route returns403 Forbiddenfor a valid driver-role JWT. A table-driven test over the admin route list would prevent a future contributor from adding an admin route and forgetting the middleware.Acceptance criteria
/api/v1/admin/*route is asserted to reject a non-admin token with 403Follow-up to #79.