Add comprehensive unit tests — 448 tests across 23 packages

Coverage: config, database CRUD, auth/TOTP/sessions, OPDS feed generation,
rate limiting, download clients (qBit/SABnzbd), file organization (EPUB
verification, audio detection, path sanitization), search sources (Anna's
Archive, Prowlarr, Gutenberg, Open Library, MangaDex, Nyaa), search
filtering/relevance, Torznab XML/caps/handler, source health tracking.

Author: JeremiahM37

.github/workflows/test.yml

@@ -0,0 +1,19 @@
+name: Build & Test
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      - name: Build
+        run: go build -o librarr ./cmd/librarr/
+      - name: Test
+        run: go test ./... -v -count=1

internal/api/auth_test.go

@@ -0,0 +1,211 @@
+package api
+
+import (
+	"testing"
+	"time"
+)
+
+func TestSessionStore_CreateAndGet(t *testing.T) {
+	store := NewSessionStore()
+
+	token := store.Create(1, "testuser", "admin")
+	if token == "" {
+		t.Fatal("expected non-empty token")
+	}
+
+	data, ok := store.Get(token)
+	if !ok {
+		t.Fatal("expected session to be valid")
+	}
+	if data.UserID != 1 {
+		t.Errorf("expected user ID 1, got %d", data.UserID)
+	}
+	if data.Username != "testuser" {
+		t.Errorf("expected username testuser, got %s", data.Username)
+	}
+	if data.Role != "admin" {
+		t.Errorf("expected role admin, got %s", data.Role)
+	}
+}
+
+func TestSessionStore_Valid(t *testing.T) {
+	store := NewSessionStore()
+	token := store.Create(1, "user", "admin")
+
+	if !store.Valid(token) {
+		t.Error("expected token to be valid")
+	}
+
+	if store.Valid("nonexistent-token") {
+		t.Error("expected nonexistent token to be invalid")
+	}
+}
+
+func TestSessionStore_Delete(t *testing.T) {
+	store := NewSessionStore()
+	token := store.Create(1, "user", "admin")
+
+	store.Delete(token)
+	if store.Valid(token) {
+		t.Error("expected deleted token to be invalid")
+	}
+}
+
+func TestSessionStore_Expiry(t *testing.T) {
+	store := NewSessionStore()
+	token := store.Create(1, "user", "admin")
+
+	// Manually expire the session
+	store.mu.Lock()
+	store.sessions[token].Expiry = time.Now().Add(-1 * time.Hour)
+	store.mu.Unlock()
+
+	if store.Valid(token) {
+		t.Error("expected expired token to be invalid")
+	}
+
+	// Should also be cleaned up from the store
+	store.mu.RLock()
+	_, exists := store.sessions[token]
+	store.mu.RUnlock()
+	if exists {
+		t.Error("expected expired session to be deleted from store")
+	}
+}
+
+func TestSessionStore_PendingTOTP(t *testing.T) {
+	store := NewSessionStore()
+
+	t.Run("create and validate", func(t *testing.T) {
+		token := store.CreatePendingTOTP(42)
+		if token == "" {
+			t.Fatal("expected non-empty pending token")
+		}
+
+		userID, valid := store.ValidatePendingTOTP(token)
+		if !valid {
+			t.Error("expected pending TOTP to be valid")
+		}
+		if userID != 42 {
+			t.Errorf("expected user ID 42, got %d", userID)
+		}
+	})
+
+	t.Run("consumed after first use", func(t *testing.T) {
+		token := store.CreatePendingTOTP(1)
+		store.ValidatePendingTOTP(token)
+
+		_, valid := store.ValidatePendingTOTP(token)
+		if valid {
+			t.Error("expected pending TOTP to be consumed after use")
+		}
+	})
+
+	t.Run("expired pending TOTP", func(t *testing.T) {
+		token := store.CreatePendingTOTP(1)
+
+		store.mu.Lock()
+		store.pendingTOTP[token].Expiry = time.Now().Add(-1 * time.Minute)
+		store.mu.Unlock()
+
+		_, valid := store.ValidatePendingTOTP(token)
+		if valid {
+			t.Error("expected expired pending TOTP to be invalid")
+		}
+	})
+
+	t.Run("nonexistent token", func(t *testing.T) {
+		_, valid := store.ValidatePendingTOTP("nonexistent")
+		if valid {
+			t.Error("expected nonexistent token to be invalid")
+		}
+	})
+}
+
+func TestSessionStore_UniqueTokens(t *testing.T) {
+	store := NewSessionStore()
+	tokens := make(map[string]bool)
+
+	for i := 0; i < 100; i++ {
+		token := store.Create(int64(i), "user", "admin")
+		if tokens[token] {
+			t.Fatalf("duplicate token generated: %s", token)
+		}
+		tokens[token] = true
+	}
+}
+
+func TestHashPassword_And_CheckPassword(t *testing.T) {
+	password := "mysecretpassword"
+	hash, err := hashPassword(password)
+	if err != nil {
+		t.Fatalf("hashPassword failed: %v", err)
+	}
+
+	if !checkPassword(password, hash) {
+		t.Error("expected correct password to match")
+	}
+
+	if checkPassword("wrongpassword", hash) {
+		t.Error("expected wrong password to not match")
+	}
+
+	if checkPassword("", hash) {
+		t.Error("expected empty password to not match")
+	}
+}
+
+func TestHashBackupCode(t *testing.T) {
+	code := "12345678"
+	hash1 := hashBackupCode(code)
+	hash2 := hashBackupCode(code)
+
+	if hash1 != hash2 {
+		t.Error("expected same hash for same code")
+	}
+
+	hash3 := hashBackupCode("87654321")
+	if hash1 == hash3 {
+		t.Error("expected different hash for different code")
+	}
+
+	if len(hash1) != 64 {
+		t.Errorf("expected SHA-256 hex length 64, got %d", len(hash1))
+	}
+}
+
+func TestIsExempt(t *testing.T) {
+	tests := []struct {
+		path     string
+		expected bool
+	}{
+		{"/", true},
+		{"/health", true},
+		{"/api/health", true},
+		{"/api/login", true},
+		{"/api/login/totp", true},
+		{"/api/register", true},
+		{"/api/auth/status", true},
+		{"/readyz", true},
+		{"/torznab/api", true},
+		{"/torznab/api?t=caps", true},
+		{"/static/style.css", true},
+		{"/opds", true},
+		{"/opds/books", true},
+		{"/metrics", true},
+		{"/auth/oidc/callback", true},
+		{"/api/search", false},
+		{"/api/download", false},
+		{"/api/library", false},
+		{"/api/users", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			result := isExempt(tt.path)
+			if result != tt.expected {
+				t.Errorf("isExempt(%q) = %v, want %v", tt.path, result, tt.expected)
+			}
+		})
+	}
+}

internal/api/health.go

@@ -2,21 +2,75 @@ package api
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
+	"runtime"
+	"time"
 )
 
+// Set at build time via -ldflags
+var (
+	Version   = "2.0.0"
+	BuildTime = "unknown"
+	GoVersion = runtime.Version()
+)
+
+var startTime = time.Now()
+
 func (s *Server) handleRoot(w http.ResponseWriter, _ *http.Request) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.Write(indexHTML)
 }
 
 func (s *Server) handleHealth(w http.ResponseWriter, _ *http.Request) {
+	uptime := time.Since(startTime)
+
+	// Count enabled sources
+	enabledSources := 0
+	sourceNames := []string{}
+	for _, src := range s.searchMgr.GetSources() {
+		if src.Enabled() {
+			enabledSources++
+			sourceNames = append(sourceNames, src.Name())
+		}
+	}
+
+	// Library stats
+	libraryTotal := 0
+	if stats, err := s.db.GetStats(); err == nil {
+		if total, ok := stats["total_items"]; ok {
+			if n, ok := total.(int); ok {
+				libraryTotal = n
+			}
+		}
+	}
+
 	writeJSON(w, http.StatusOK, map[string]interface{}{
-		"status":  "ok",
-		"version": "2.0.0",
+		"status":          "ok",
+		"version":         Version,
+		"build_time":      BuildTime,
+		"go_version":      GoVersion,
+		"uptime_seconds":  int(uptime.Seconds()),
+		"uptime_human":    formatDuration(uptime),
+		"sources_enabled": enabledSources,
+		"sources":         sourceNames,
+		"library_items":   libraryTotal,
 	})
 }
 
+func formatDuration(d time.Duration) string {
+	days := int(d.Hours()) / 24
+	hours := int(d.Hours()) % 24
+	mins := int(d.Minutes()) % 60
+	if days > 0 {
+		return fmt.Sprintf("%dd %dh %dm", days, hours, mins)
+	}
+	if hours > 0 {
+		return fmt.Sprintf("%dh %dm", hours, mins)
+	}
+	return fmt.Sprintf("%dm", mins)
+}
+
 func (s *Server) handleConfig(w http.ResponseWriter, r *http.Request) {
 	// Determine if audiobook search is available (prowlarr audiobooks or ABB).
 	hasAudiobookSearch := false

internal/api/health_test.go

@@ -0,0 +1,39 @@
+package api
+
+import (
+	"testing"
+	"time"
+)
+
+func TestFormatDuration(t *testing.T) {
+	tests := []struct {
+		name string
+		d    time.Duration
+		want string
+	}{
+		{"zero", 0, "0m"},
+		{"minutes", 5 * time.Minute, "5m"},
+		{"hours_minutes", 2*time.Hour + 30*time.Minute, "2h 30m"},
+		{"days_hours_minutes", 3*24*time.Hour + 5*time.Hour + 15*time.Minute, "3d 5h 15m"},
+		{"one_day", 24 * time.Hour, "1d 0h 0m"},
+		{"just_hours", 12 * time.Hour, "12h 0m"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := formatDuration(tt.d)
+			if got != tt.want {
+				t.Errorf("formatDuration(%v) = %q, want %q", tt.d, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestVersionVars(t *testing.T) {
+	if Version == "" {
+		t.Error("Version should not be empty")
+	}
+	if GoVersion == "" {
+		t.Error("GoVersion should not be empty")
+	}
+}