Fix OCI route mounting — integrate into authenticated /v2 group

NewRouter now accepts an optional OCI handler to mount inside the authenticated /v2 route group, avoiding chi's Mount conflict on an existing path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 22:22:31 -07:00
parent 8cf26895a3
commit 15a306dc4a
3 changed files with 15 additions and 9 deletions
--- a/internal/server/routes_test.go
+++ b/internal/server/routes_test.go
@@ -15,7 +15,7 @@ func TestRoutesV2Authenticated(t *testing.T) {
 		claims: &auth.Claims{Subject: "alice", AccountType: "user", Roles: []string{"reader"}},
 	}
 	loginClient := &fakeLoginClient{token: "tok-abc", expiresIn: 3600}
-	router := NewRouter(validator, loginClient, "mcr-test")
+	router := NewRouter(validator, loginClient, "mcr-test", nil)

 	req := httptest.NewRequest(http.MethodGet, "/v2/", nil)
 	req.Header.Set("Authorization", "Bearer valid-token")
@@ -42,7 +42,7 @@ func TestRoutesV2Unauthenticated(t *testing.T) {
 	t.Helper()
 	validator := &fakeValidator{claims: nil, err: auth.ErrUnauthorized}
 	loginClient := &fakeLoginClient{}
-	router := NewRouter(validator, loginClient, "mcr-test")
+	router := NewRouter(validator, loginClient, "mcr-test", nil)

 	req := httptest.NewRequest(http.MethodGet, "/v2/", nil)
 	// No Authorization header.
@@ -66,7 +66,7 @@ func TestRoutesTokenEndpoint(t *testing.T) {
 	// The validator should never be called for /v2/token.
 	validator := &fakeValidator{claims: nil, err: auth.ErrUnauthorized}
 	loginClient := &fakeLoginClient{token: "tok-from-login", expiresIn: 1800}
-	router := NewRouter(validator, loginClient, "mcr-test")
+	router := NewRouter(validator, loginClient, "mcr-test", nil)

 	req := httptest.NewRequest(http.MethodGet, "/v2/token", nil)
 	req.SetBasicAuth("bob", "password")