Name: tessl-labs/go-api-testing
Rating: 98.4 (1 reviews)
Author: tessl-labs

tessl-labs/go-api-testing

Go API testing patterns -- httptest setup, table-driven tests with subtests, test helpers, middleware testing, dependency injection with interfaces, database isolation, parallel tests, testify assertions, golden files

1.06x

Quality

98%

Does it follow best practices?

Impact

99%

1.06x

Average score across 5 eval scenarios

Securityby

Passed

No known issues

{
  "context": "Tests whether the agent tests auth middleware in isolation by wrapping a dummy handler, uses table-driven tests for auth scenarios (no token, invalid token, expired token, valid token), and tests a protected endpoint through the full middleware chain.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Middleware tested in isolation",
      "description": "AuthMiddleware is tested by wrapping a dummy http.HandlerFunc (not just through the full router), so the middleware logic is tested independently",
      "max_score": 15
    },
    {
      "name": "No-token returns 401",
      "description": "There is a test case where no Authorization header is sent and the response is 401",
      "max_score": 10
    },
    {
      "name": "Invalid token returns 401",
      "description": "There is a test case where an invalid/malformed Bearer token is sent and the response is 401",
      "max_score": 10
    },
    {
      "name": "Expired token returns 401",
      "description": "There is a test case where an expired JWT token is sent and the response is 401",
      "max_score": 10
    },
    {
      "name": "Valid token passes through",
      "description": "There is a test case where a valid token is sent and the inner handler is called (200 response)",
      "max_score": 10
    },
    {
      "name": "Table-driven with t.Run",
      "description": "Auth test cases use a table-driven pattern with t.Run subtests for the different scenarios",
      "max_score": 10
    },
    {
      "name": "Protected endpoint integration test",
      "description": "There is at least one test that calls GET /api/profile through the full router with a valid token and verifies the response contains the user email",
      "max_score": 10
    },
    {
      "name": "httptest used",
      "description": "All tests use httptest.NewRequest and httptest.NewRecorder, not real HTTP calls",
      "max_score": 8
    },
    {
      "name": "t.Helper in helpers",
      "description": "Test helper functions call t.Helper() as their first line",
      "max_score": 7
    },
    {
      "name": "Health endpoint unprotected",
      "description": "There is a test verifying that GET /api/health works without authentication",
      "max_score": 5
    },
    {
      "name": "Dummy handler verifies context",
      "description": "The dummy handler used for middleware isolation testing checks that the user email was correctly injected into the request context",
      "max_score": 5
    }
  ]
}