Skip to content

Unit Testing: API Routes & Core Logic

Detailed Checklist

  1. Core Authentication
  • app/core/auth.py:
    • create_access_token: Generates token with correct payload.
    • verify_token: Rejects invalid signatures or expired tokens.
  • app/core/rbac.py:
    • has_permission: Correctly resolves permissions from roles.
    • require_role: Blocks unauthorized roles (assert HTTP 403).
  1. Main App (app/main.py)
  • GET /: Returns welcome message (200).
  • GET /health: Returns { "status": "healthy" } (200).
  1. API Routes (app/api/v1/routes/)

A. Authentication (auth_routes.py)

  • POST /login: Successful login returns JWT (200). Invalid creds (401).
  • POST /signup: Fails on duplicate phone/email (400).
  • POST /send-otp: Rate limiting (mock 3+ requests within 24h).

B. Users & Profiles (users_routes.py)

  • GET /me: Authenticated user gets own profile (200).
  • GET /users: Admin only list (200). Non-admin gets (403).

C. Patients (patient_routes.py)

  • POST /patients: Creates patient (201). Rejects duplicates.
  • GET /patients/search: Search by phone/name works.

D. Doctors (doctor_routes.py)

  • GET /doctors: Lists available doctors.
  • PUT /doctors/{id}: Update availability status.

E. Consultations (consultation_routes.py)

  • POST /consultations: Validates doctor schedule (409 if busy).
  • Create consultation linked to patient.

F. Queue Management (consultation_queue_routes.py)

  • POST /queue/check-in: Adds to waiting list.
  • POST /queue/complete: Moves from In-Consultation to Completed.
  • Verify invalid transitions (e.g., waiting -> completed directly) fail.

G. Medicines (medicine_routes.py)

  • POST /medicines: Add stock (Admin only).
  • GET /medicines: Listing available stock.

H. Medical Camps (medical_camp_routes.py)

  • POST /medical-camps: Create camp (Admin only).

🛠 Testing Strategy

.Mock Dependencies: Override DB dependency (get_db) and Auth dependency (get_current_user) in conftest.py.

.Test Roles: Create separate test cases for different roles (e.g., Patient, Doctor, Admin) to verify permissions.

.Database: Ideally use a test database (SQLite in-memory) for speed and isolation.

Edited by Banuri Koushik Reddy