11 files changed, 677 insertions, 0 deletions
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..d382ead
--- /dev/null
+++ b/tests/__init__.py
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: CC0-1.0
+
+# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
+#
+# Available under the terms of Creative Commons Zero v1.0 Universal.
diff --git a/tests/config.json b/tests/config.json
new file mode 100644
index 0000000..a75e2b1
--- /dev/null
+++ b/tests/config.json
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: CC0-1.0
+
+// Hydrilla development config file.
+//
+// Copyright (C) 2021, 2022 Wojtek Kosior
+//
+// Available under the terms of Creative Commons Zero v1.0 Universal.
+
+// this config is meant to be used in development environment; unlike
+// src/hydrilla/server/config.json, it shall not be included in distribution
+{
+    // Relative paths now get resolved from config's containing direcotry.
+    "malcontent_dir": "./sample_malcontent",
+
+    // Hydrilla will display this link to users as a place where they can
+    // obtain sources for its software. This config option is meant to ease
+    // compliance with the AGPL.
+    "hydrilla_project_url": "https://hydrillabugs.koszko.org/projects/hydrilla/wiki",
+
+    // Port to listen on (not relevant when Flask.test_client() is used).
+    "port": 10112,
+
+    // Use english for HTML files and generated messages.
+    "language": "en_US",
+
+    // Make Hydrilla error out on any warning
+    "werror": true
+
+    // With the below we can make hydrilla look for missing content items in
+    // another instance instead of just erroring/warning.
+    // TODO: feature not implemented
+    // ,"hydrilla_parent": "https://api.hydrilla.koszko.org/1.0/"
+}
diff --git a/tests/source-package-example/.reuse/dep5 b/tests/source-package-example/.reuse/dep5
new file mode 100644
index 0000000..9091060
--- /dev/null
+++ b/tests/source-package-example/.reuse/dep5
@@ -0,0 +1,10 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Hydrilla source package example
+Upstream-Contact: Wojtek Kosior <koszko@koszko.org>
+Source: https://git.koszko.org/hydrilla-source-package-example
+
+# Sample paragraph, commented out:
+#
+# Files: src/*
+# Copyright: $YEAR $NAME <$CONTACT>
+# License: ...
diff --git a/tests/source-package-example/LICENSES/CC0-1.0.txt b/tests/source-package-example/LICENSES/CC0-1.0.txt
new file mode 100644
index 0000000..0e259d4
--- /dev/null
+++ b/tests/source-package-example/LICENSES/CC0-1.0.txt
@@ -0,0 +1,121 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+    LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
+    ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+    INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
+    REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
+    PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
+    THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
+    HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator
+and subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for
+the purpose of contributing to a commons of creative, cultural and
+scientific works ("Commons") that the public can reliably and without fear
+of later claims of infringement build upon, modify, incorporate in other
+works, reuse and redistribute as freely as possible in any form whatsoever
+and for any purposes, including without limitation commercial purposes.
+These owners may contribute to the Commons to promote the ideal of a free
+culture and the further production of creative, cultural and scientific
+works, or to gain reputation or greater distribution for their Work in
+part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any
+expectation of additional consideration or compensation, the person
+associating CC0 with a Work (the "Affirmer"), to the extent that he or she
+is an owner of Copyright and Related Rights in the Work, voluntarily
+elects to apply CC0 to the Work and publicly distribute the Work under its
+terms, with knowledge of his or her Copyright and Related Rights in the
+Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not
+limited to, the following:
+
+  i. the right to reproduce, adapt, distribute, perform, display,
+     communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or
+     likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a Work,
+     subject to the limitations in paragraph 4(a), below;
+  v. rights protecting the extraction, dissemination, use and reuse of data
+     in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC of the
+     European Parliament and of the Council of 11 March 1996 on the legal
+     protection of databases, and under any national implementation
+     thereof, including any amended or successor version of such
+     directive); and
+vii. other similar, equivalent or corresponding rights throughout the
+     world based on applicable law or treaty, and any national
+     implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention
+of, applicable law, Affirmer hereby overtly, fully, permanently,
+irrevocably and unconditionally waives, abandons, and surrenders all of
+Affirmer's Copyright and Related Rights and associated claims and causes
+of action, whether now known or unknown (including existing as well as
+future claims and causes of action), in the Work (i) in all territories
+worldwide, (ii) for the maximum duration provided by applicable law or
+treaty (including future time extensions), (iii) in any current or future
+medium and for any number of copies, and (iv) for any purpose whatsoever,
+including without limitation commercial, advertising or promotional
+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
+member of the public at large and to the detriment of Affirmer's heirs and
+successors, fully intending that such Waiver shall not be subject to
+revocation, rescission, cancellation, termination, or any other legal or
+equitable action to disrupt the quiet enjoyment of the Work by the public
+as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason
+be judged legally invalid or ineffective under applicable law, then the
+Waiver shall be preserved to the maximum extent permitted taking into
+account Affirmer's express Statement of Purpose. In addition, to the
+extent the Waiver is so judged Affirmer hereby grants to each affected
+person a royalty-free, non transferable, non sublicensable, non exclusive,
+irrevocable and unconditional license to exercise Affirmer's Copyright and
+Related Rights in the Work (i) in all territories worldwide, (ii) for the
+maximum duration provided by applicable law or treaty (including future
+time extensions), (iii) in any current or future medium and for any number
+of copies, and (iv) for any purpose whatsoever, including without
+limitation commercial, advertising or promotional purposes (the
+"License"). The License shall be deemed effective as of the date CC0 was
+applied by Affirmer to the Work. Should any part of the License for any
+reason be judged legally invalid or ineffective under applicable law, such
+partial invalidity or ineffectiveness shall not invalidate the remainder
+of the License, and in such case Affirmer hereby affirms that he or she
+will not (i) exercise any of his or her remaining Copyright and Related
+Rights in the Work or (ii) assert any associated claims and causes of
+action with respect to the Work, in either case contrary to Affirmer's
+express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+ a. No trademark or patent rights held by Affirmer are waived, abandoned,
+    surrendered, licensed or otherwise affected by this document.
+ b. Affirmer offers the Work as-is and makes no representations or
+    warranties of any kind concerning the Work, express, implied,
+    statutory or otherwise, including without limitation warranties of
+    title, merchantability, fitness for a particular purpose, non
+    infringement, or the absence of latent or other defects, accuracy, or
+    the present or absence of errors, whether or not discoverable, all to
+    the greatest extent permissible under applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other persons
+    that may apply to the Work or any use thereof, including without
+    limitation any person's Copyright and Related Rights in the Work.
+    Further, Affirmer disclaims responsibility for obtaining any necessary
+    consents, permissions or other rights required for any use of the
+    Work.
+ d. Affirmer understands and acknowledges that Creative Commons is not a
+    party to this document and has no duty or obligation with respect to
+    this CC0 or use of the Work.
diff --git a/tests/source-package-example/README.txt b/tests/source-package-example/README.txt
new file mode 100644
index 0000000..c6d5da2
--- /dev/null
+++ b/tests/source-package-example/README.txt
@@ -0,0 +1,2 @@
+This is a sample Hydrilla source package. Hydrilla builder can be used to build
+it for distribution.
diff --git a/tests/source-package-example/README.txt.license b/tests/source-package-example/README.txt.license
new file mode 100644
index 0000000..c02cd58
--- /dev/null
+++ b/tests/source-package-example/README.txt.license
@@ -0,0 +1,3 @@
+SPDX-License-Identifier: CC0-1.0
+
+Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org>
diff --git a/tests/source-package-example/bye.js b/tests/source-package-example/bye.js
new file mode 100644
index 0000000..fcd0fdc
--- /dev/null
+++ b/tests/source-package-example/bye.js
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: CC0-1.0
+
+// Copyright (C) 2021 Wojtek Kosior <koszko@koszko.org>
+//
+// Available under the terms of Creative Commons Zero v1.0 Universal.
+
+console.log(bye_message + "apple!");
diff --git a/tests/source-package-example/hello.js b/tests/source-package-example/hello.js
new file mode 100644
index 0000000..46c0148
--- /dev/null
+++ b/tests/source-package-example/hello.js
@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: CC0-1.0
+
+// Copyright (C) 2021 Wojtek Kosior <koszko@koszko.org>
+//
+// Available under the terms of Creative Commons Zero v1.0 Universal.
+
+console.log(hello_message + "apple!");
diff --git a/tests/source-package-example/index.json b/tests/source-package-example/index.json
new file mode 100644
index 0000000..7162dd7
--- /dev/null
+++ b/tests/source-package-example/index.json
@@ -0,0 +1,207 @@
+// SPDX-License-Identifier: CC0-1.0
+
+// Copyright (C) 2021, 2022 Wojtek Kosior <koszko@koszko.org>
+// Available under the terms of Creative Commons Zero v1.0 Universal.
+
+// This is an example index.json file describing Hydrilla site content. As you
+// can see, for storing site content information Hydrilla utilizes JSON with an
+// additional extension in the form of '//' comments support.
+
+// An index.json file conveys definitions of site resources and pattern->payload
+// mappings. The definitions may reference files under index.json's containing
+// directory, using relative paths. This is how scripts, license texts, etc. are
+// included.
+// File reference always takes the form of an object with "file" property
+// specifying path to the file. In certain contexts additional properties may be
+// allowed or required. Unix paths (using '/' as separator) are assumed. It is
+// not allowed for an index.json file to reference files outside its directory.
+
+// Certain objects are allowed to contain a "comment" field. Although '//'
+// comments can be used in index.json files, they will not be included in
+// generated JSON definitions. If a comment should be included in the
+// definitions served by Hydrilla API, it should be put in a "comment" field of
+// the proper object.
+
+// Unknown object properties will be ignored. This is for compatibility with
+// possible future revisions of the format.
+{
+    // Once our index.json schema changes, this field's value will change. Our
+    // software will be able to handle both current and older formats thanks to
+    // this information present in every index.json file. Schemas that differ by
+    // the first (major) number are always incompatible (e.g. a Hydrilla builder
+    // instance released at the time of 1.2 being the most recent schema version
+    // will not understand version 2.1).
+    // Schemas that are backwards-compatible will have the same major number
+    // and might differ by the second (minor) version number. The third (patch)
+    // and subsequent numbers are being ignored right now.
+    "$schema": "https://hydrilla.koszko.org/schemas/package_source-1.schema.json",
+
+    // Used when referring to this source package. Should be consize, unique
+    // (among other source package names) and can only use a restricted set of
+    // characters. It has to match: [-0-9a-z.]+
+    "source_name": "hello",
+
+    // This property lists files that contain copyright information regarding
+    // this source package as well as texts of licenses used. Although no
+    // specific format of these files is mandated, it is recommended to make
+    // each source package REUSE-compliant, generate an spdx report for it as
+    // `report.spdx` and list this report together with all license files here.
+    "copyright":  [
+	{"file": "report.spdx"},
+	{"file": "LICENSES/CC0-1.0.txt"}
+    ],
+
+    // Where this software/work initially comes from.
+    "upstream_url": "https://git.koszko.org/hydrilla-source-package-example",
+
+    // Additional "comment" field can be used if needed.
+    // "comment": ""
+
+    // List of actual site resources and pattern->payload mappings. Each of them
+    // is represented by an object. Meta-sites and replacement site interfaces
+    // will also belong here once they get implemented.
+    "definitions": [
+	{
+	    // Value of "type" can currently be one of: "resource" and
+	    // "mapping". The one we have here, "resource", defines a list
+	    // of injectable scripts that can be used as a payload or as a
+	    // dependency of another "resource". In the future CSS style sheets
+	    // and WASM modules will also be composite parts of a "resource" as
+	    // scripts are now.
+	    "type": "resource",
+
+	    // Used when referring to this resource in "dependencies" list of
+	    // another resource or in "payload" field of a mapping. Should
+	    // be consize and can only use a restricted set of characters. It
+	    // has to match: [-0-9a-z]+
+	    "identifier": "helloapple",
+
+	    // "long_name" should be used to specify a user-friendly alternative
+	    // to an identifier. It should generally not collide with a long
+	    // name of some resource with a different UUID and also shouldn't
+	    // change in-between versions of the same resource, although
+	    // exceptions to both rules might be considered. Long name is
+	    // allowed to contain arbitrary unicode characters (within reason!).
+	    "long_name": "Hello Apple",
+
+	    // Item definitions contain version information. Version is
+	    // represented as an array of integers, with major version number
+	    // being the first array item. In case of resources, version is
+	    // accompanied by a revision field which contains a positive
+	    // integer. If versions specified by arrays of different length need
+	    // to be compared, the shorter array gets padded with zeroes on the
+	    // right. This means that for example version 1.3 could be given as
+	    // both [1, 3] and [1, 3, 0, 0] (aka 1.3.0.0) and either would mean
+	    // the same.
+	    // Different versions (e.g. 1.0 and 1.3) of the same resource can be
+	    // defined in separate index.json files. This makes it easy to
+	    // accidently cause an identifier clash. To help detect it, we allow
+	    // each resource to have a UUID associated with it. Attempt to
+	    // define multiple resources with the same identifier and different
+	    // UUIDs will result in an error being reported. Defining multiple
+	    // resources with different identifiers and the same UUID is
+	    // disallowed for now (it may be later permitted if we consider it
+	    // good for some use-case).
+	    // As of package source schema version 1.0, UUIDs are optional and
+	    // can be omitted.
+	    "uuid": "a6754dcb-58d8-4b7a-a245-24fd7ad4cd68",
+
+	    // Version should match the upstream version of the resource (e.g. a
+	    // version of javascript library). Revision number starts as 1 for
+	    // each new resource version and gets incremented by 1 each time a
+	    // modification to the packaging of this version is done. Hydrilla
+	    // will allow multiple definitions of the same resource to load, as
+	    // long as their versions differ. Thanks to the "version" and
+	    // "revision" fields, clients will know they have to update certain
+	    // resource after it has been updated. If multiple definitions of
+	    // the same version of given resource are provided, an error is
+	    // generated (even if those definitions differ by revision number).
+	    "version": [2021, 11, 10],
+	    "revision": 1,
+
+	    // A short, meaningful description of what the resource is and/or
+	    // what it does.
+	    "description": "greets an apple",
+
+	    // If needed, a "comment" field can be added to provide some
+	    // additional information.
+	    // "comment": "this resource something something",
+
+	    // Resource's "dependencies" array shall contain names of other
+	    // resources that (in case of scripts at least) should get evaluated
+	    // on a page before this resource's own scripts.
+	    "dependencies": [{"identifier": "hello-message"}],
+
+	    // Array of javascript files that belong to this resource.
+	    "scripts": [
+		{"file": "hello.js"},
+		{"file":   "bye.js"}
+	    ]
+	}, {
+	    "type":	   "resource",
+	    "identifier":  "hello-message",
+	    "long_name":   "Hello Message",
+	    "uuid":	   "1ec36229-298c-4b35-8105-c4f2e1b9811e",
+	    "version":     [2021, 11, 10],
+	    "revision":    2,
+	    "description": "define messages for saying hello and bye",
+	    // If "dependencies" is empty, it can also be omitted.
+	    // "dependencies": [],
+	    "scripts": [{"file": "message.js"}]
+	}, {
+	    "type": "mapping",
+
+	    // Has similar function to resource's identifier. Should be consize
+	    // and can only use a restricted set of characters. It has to match:
+	    // [-0-9a-z]+
+	    // It can be the same as some resource identifier (those are
+	    // different entities and are treated separately).
+	    "identifier": "helloapple",
+
+	    // "long name" and "uuid" have the same meaning as in the case of
+	    // resources and "uuid" is also optional. UUIDs of a resource and a
+	    // mapping can technically be the same but it is recommended to
+	    // avoid even this kind of repetition.
+	    "long_name": "Hello Apple",
+	    "uuid": "54d23bba-472e-42f5-9194-eaa24c0e3ee7",
+
+	    // "version" differs from its counterpart in resource in that it has
+	    // no accompanying revision number.
+	    "version": [2021, 11, 10],
+
+	    // A short, meaningful description of what the mapping does.
+	    "description": "causes apple to get greeted on Hydrillabugs issue tracker",
+
+	    // A comment, if necessary.
+	    // "comment": "blah blah because bleh"
+
+	    // The "payloads" object specifies which payloads are to be applied
+	    // to which URLs.
+	    "payloads": {
+		// Each key should be a valid Haketilo URL pattern.
+		"https://hydrillabugs.koszko.org/***": {
+		    // Should be the name of an existing resource. The resource
+		    // may, but doesn't have to, be defined in the same
+		    // index.json file.
+		    "identifier": "helloapple"
+		},
+		// More associations may follow.
+		"https://hachettebugs.koszko.org/***": {
+		    "identifier": "helloapple"
+		}
+	    }
+	}
+    ],
+    // We can also list additional files to include in the produced source
+    // archive. Hydrilla builder will then include those together with all
+    // script and copyright files used.
+    "additional_files": [
+	{"file": "README.txt"},
+	{"file": "README.txt.license"},
+	{"file": ".reuse/dep5"}
+    ],
+    // We can optionally tell Hydrilla builder to run the REUSE tool to generate
+    // report.spdx file. Using this option requires REUSE to be installed and
+    // and importable in the Python virtualenv used by Hydrilla builder.
+    "reuse_generate_spdx_report": true
+}
diff --git a/tests/source-package-example/message.js b/tests/source-package-example/message.js
new file mode 100644
index 0000000..2ad61cb
--- /dev/null
+++ b/tests/source-package-example/message.js
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: CC0-1.0
+
+// Copyright (C) 2021 Wojtek Kosior <koszko@koszko.org>
+//
+// Available under the terms of Creative Commons Zero v1.0 Universal.
+
+var hello_message = "hello, "
+var bye_message = "bye, "
diff --git a/tests/test_server.py b/tests/test_server.py
new file mode 100644
index 0000000..0820d5c
--- /dev/null
+++ b/tests/test_server.py
@@ -0,0 +1,274 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# Repository tests
+#
+# This file is part of Hydrilla
+#
+# Copyright (C) 2021, 2022 Wojtek Kosior
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+#
+# I, Wojtek Kosior, thereby promise not to sue for violation of this
+# file's license. Although I request that you do not make use this code
+# in a proprietary program, I am not going to enforce this in court.
+
+# Enable using with Python 3.7.
+from __future__ import annotations
+
+import pytest
+import sys
+import shutil
+import json
+
+from pathlib import Path
+from hashlib import sha256
+from tempfile import TemporaryDirectory
+from typing import Callable, Optional
+
+from flask.testing import FlaskClient
+from markupsafe import escape
+from werkzeug import Response
+
+from hydrilla import util as hydrilla_util
+from hydrilla.builder import Build
+from hydrilla.server import config, _version
+from hydrilla.server.serve import HydrillaApp
+
+here        = Path(__file__).resolve().parent
+config_path = here / 'config.json'
+source_path = here / 'source-package-example'
+
+expected_generated_by = {
+    'name': 'hydrilla.server',
+    'version': _version.version
+}
+
+SetupMod = Optional[Callable['Setup', None]]
+
+source_files = (
+    'index.json', 'hello.js', 'bye.js', 'message.js', 'README.txt',
+    'README.txt.license', '.reuse/dep5', 'LICENSES/CC0-1.0.txt'
+)
+
+class Setup:
+    """
+    Facilitate preparing test malcontent directory, Hydrilla config file and the
+    actual Flask client. In a customizable way.
+    """
+    def __init__(self, modify_before_build: SetupMod=None,
+                 modify_after_build: SetupMod=None) -> None:
+        """Initialize Setup."""
+        self._modify_before_build = modify_before_build
+        self._modify_after_build = modify_after_build
+        self._config = None
+        self._client = None
+
+    def _prepare(self) -> None:
+        """Perform the build and call the callbacks as appropriate."""
+        self.tmpdir = TemporaryDirectory()
+
+        self.containing_dir = Path(self.tmpdir.name)
+        self.malcontent_dir = self.containing_dir / 'sample_malcontent'
+        self.index_json     = Path('index.json')
+
+        self.source_dir = self.containing_dir / 'sample_source_package'
+        for source_file in source_files:
+            dst_path = self.source_dir / source_file
+            dst_path.parent.mkdir(parents=True, exist_ok=True)
+            shutil.copyfile(source_path / source_file, dst_path)
+
+        self.config_path = self.containing_dir / 'config.json'
+        shutil.copyfile(config_path, self.config_path)
+
+        if self._modify_before_build:
+            self._modify_before_build(self)
+
+        build = Build(self.source_dir, self.index_json)
+        build.write_package_files(self.malcontent_dir)
+
+        if self._modify_after_build:
+            self._modify_after_build(self)
+
+    def config(self) -> dict:
+        """Provide the contents of JSON config file used."""
+        if self._config is None:
+            self._prepare()
+            self._config = config.load([self.config_path])
+
+        return self._config
+
+    def client(self) -> FlaskClient:
+        """
+        Provide app client that serves the objects from built sample package.
+        """
+        if self._client is None:
+            app = HydrillaApp(self.config(), flask_config={'TESTING': True})
+            self._client = app.test_client()
+
+        return self._client
+
+def remove_all_uuids(setup: Setup) -> None:
+    """Modify sample packages before build to contain no (optional) UUIDs"""
+    index_json = (setup.source_dir / 'index.json').read_text()
+    index_json = json.loads(hydrilla_util.strip_json_comments(index_json))
+
+    for definition in index_json['definitions']:
+        del definition['uuid']
+
+    index_json = ("// SPDX-License-Identifier: CC0-1.0\n" +
+                  "// Copyright (C) 2021, 2022 Wojtek Kosior\n" +
+                  json.dumps(index_json))
+
+    (setup.source_dir / 'index.json').write_text(index_json)
+
+default_setup = Setup()
+uuidless_setup = Setup(modify_before_build=remove_all_uuids)
+
+def def_get(url: str) -> Response:
+    """Convenience wrapper for def_get()"""
+    return default_setup.client().get(url)
+
+def test_project_url() -> None:
+    """Fetch index.html and verify project URL from config is present there."""
+    response = def_get('/')
+    assert b'html' in response.data
+    project_url = default_setup.config()['hydrilla_project_url']
+    assert escape(project_url).encode() in response.data
+
+@pytest.mark.parametrize('setup', [default_setup, uuidless_setup])
+@pytest.mark.parametrize('item_type', ['resource', 'mapping'])
+def test_get_newest(setup: Setup, item_type: str) -> None:
+    """
+    Verify that
+        GET '/{item_type}/{item_identifier}.json'
+    returns proper definition that is also served at:
+        GET '/{item_type}/{item_identifier}/{item_version}'
+    """
+    response = setup.client().get(f'/{item_type}/helloapple.json')
+    assert response.status_code == 200
+    definition = json.loads(response.data.decode())
+    assert definition['type']        == item_type
+    assert definition['identifier']  == 'helloapple'
+
+    response = setup.client().get(f'/{item_type}/helloapple/2021.11.10')
+    assert response.status_code == 200
+    assert definition == json.loads(response.data.decode())
+
+    assert ('uuid' in definition) == (setup is not uuidless_setup)
+
+    hydrilla_util.validator_for(f'api_{item_type}_description-1.0.1.schema.json')\
+                 .validate(definition)
+
+@pytest.mark.parametrize('item_type', ['resource', 'mapping'])
+def test_get_nonexistent(item_type: str) -> None:
+    """
+    Verify that attempts to GET a JSON definition of a nonexistent item or item
+    version result in 404.
+    """
+    response = def_get(f'/{item_type}/nonexistentapple.json')
+    assert response.status_code == 404
+    response = def_get(f'/{item_type}/helloapple/1.2.3.999')
+    assert response.status_code == 404
+
+@pytest.mark.parametrize('item_type', ['resource', 'mapping'])
+def test_file_refs(item_type: str) -> None:
+    """
+    Verify that files referenced by definitions are accessible under their
+    proper URLs and that their hashes match.
+    """
+    response = def_get(f'/{item_type}/helloapple/2021.11.10')
+    assert response.status_code == 200
+    definition = json.loads(response.data.decode())
+
+    for file_ref in [*definition.get('scripts', []),
+                     *definition['source_copyright']]:
+        hash_sum = file_ref["sha256"]
+        response = def_get(f'/file/sha256/{hash_sum}')
+
+        assert response.status_code == 200
+        assert sha256(response.data).digest().hex() == hash_sum
+
+def test_empty_query() -> None:
+    """
+    Verify that querying mappings for URL gives an empty list when there're no
+    mathes.
+    """
+    response = def_get(f'/query?url=https://nonexiste.nt/example')
+    assert response.status_code == 200
+
+    response_object = json.loads(response.data.decode())
+
+    assert response_object == {
+        '$schema': 'https://hydrilla.koszko.org/schemas/api_query_result-1.schema.json',
+        'mappings': [],
+        'generated_by': expected_generated_by
+    }
+
+    hydrilla_util.validator_for('api_query_result-1.0.1.schema.json')\
+                 .validate(response_object)
+
+def test_query() -> None:
+    """
+    Verify that querying mappings for URL gives a list with reference(s) the the
+    matching mapping(s).
+    """
+    response = def_get(f'/query?url=https://hydrillabugs.koszko.org/')
+    assert response.status_code == 200
+
+    response_object = json.loads(response.data.decode())
+
+    assert response_object == {
+        '$schema': 'https://hydrilla.koszko.org/schemas/api_query_result-1.schema.json',
+        'mappings': [{
+            'identifier': 'helloapple',
+            'long_name': 'Hello Apple',
+            'version': [2021, 11, 10]
+        }],
+        'generated_by': expected_generated_by
+    }
+
+    hydrilla_util.validator_for('api_query_result-1.0.1.schema.json')\
+                 .validate(response_object)
+
+def test_source() -> None:
+    """Verify source descriptions are properly served."""
+    response = def_get(f'/source/hello.json')
+    assert response.status_code == 200
+
+    description = json.loads(response.data.decode())
+    assert description['source_name'] == 'hello'
+
+    assert sorted([d['identifier'] for d in description['definitions']]) == \
+        ['hello-message', 'helloapple', 'helloapple']
+
+    zipfile_hash = description['source_archives']['zip']['sha256']
+    response = def_get(f'/source/hello.zip')
+    assert sha256(response.data).digest().hex() == zipfile_hash
+
+    hydrilla_util.validator_for('api_source_description-1.0.1.schema.json')\
+                 .validate(description)
+
+def test_missing_source() -> None:
+    """Verify requests for nonexistent sources result in 404."""
+    response = def_get(f'/source/nonexistent.json')
+    assert response.status_code == 404
+
+    response = def_get(f'/source/nonexistent.zip')
+    assert response.status_code == 404
+
+def test_normalize_version():
+    assert hydrilla_util.normalize_version([4, 5, 3, 0, 0]) == [4, 5, 3]
+    assert hydrilla_util.normalize_version([1, 0, 5, 0])    == [1, 0, 5]
+    assert hydrilla_util.normalize_version([3, 3])          == [3, 3]