feat(server): make database and OAuth providers optional configuration

All external services (database, Discord/GitHub OAuth, S3) can now be individually disabled by omitting their environment variables. The server gracefully degrades functionality when services are unavailable. Partial configuration of any service group triggers a clear error at startup.

- Database: Falls back to dummy pool when DATABASE_URL is unset
- OAuth: Providers only registered when credentials are complete
- S3: Image storage disabled when credentials are missing
- Health checks reflect actual configuration state

pacman-server/tests/common/mod.rs

@@ -3,7 +3,8 @@ use bon::builder;
 use pacman_server::{
     app::{create_router, AppState},
     auth::AuthRegistry,
-    config::Config,
+    config::{Config, DatabaseConfig, DiscordConfig, GithubConfig},
+    data::pool::{create_dummy_pool, create_pool},
 };
 use std::sync::{Arc, Once};
 use testcontainers::{
@@ -23,12 +24,24 @@ pub struct TestContext {
     pub config: Config,
     pub server: TestServer,
     pub app_state: AppState,
-    // Optional database
+    // Optional database container (only for Postgres tests)
     pub container: Option<ContainerAsync<GenericImage>>,
 }
 
 #[builder]
-pub async fn test_context(#[builder(default = false)] use_database: bool, auth_registry: Option<AuthRegistry>) -> TestContext {
+pub async fn test_context(
+    /// Whether to use a real PostgreSQL database via testcontainers (default: false)
+    #[builder(default = false)]
+    use_database: bool,
+    /// Optional custom AuthRegistry (otherwise built from config)
+    auth_registry: Option<AuthRegistry>,
+    /// Include Discord OAuth config (default: true for backward compatibility)
+    #[builder(default = true)]
+    with_discord: bool,
+    /// Include GitHub OAuth config (default: true for backward compatibility)
+    #[builder(default = true)]
+    with_github: bool,
+) -> TestContext {
     CRYPTO_INIT.call_once(|| {
         rustls::crypto::ring::default_provider()
             .install_default()
@@ -38,7 +51,8 @@ pub async fn test_context(#[builder(default = false)] use_database: bool, auth_r
     // Set up logging
     std::env::set_var("RUST_LOG", "debug,sqlx=info");
     pacman_server::logging::setup_logging();
-    let (database_url, container) = if use_database {
+
+    let (database_config, container) = if use_database {
         let db = "testdb";
         let user = "testuser";
         let password = "testpass";
@@ -59,47 +73,59 @@ pub async fn test_context(#[builder(default = false)] use_database: bool, auth_r
         let port = container.get_host_port_ipv4(5432).await.unwrap();
 
         tracing::debug!(host = %host, port = %port, duration = ?duration, "Test database ready");
-        (
-            Some(format!("postgresql://{user}:{password}@{host}:{port}/{db}?sslmode=disable")),
-            Some(container),
-        )
+        let url = format!("postgresql://{user}:{password}@{host}:{port}/{db}?sslmode=disable");
+        (Some(DatabaseConfig { url }), Some(container))
     } else {
         (None, None)
     };
 
+    // Build OAuth configs if requested
+    let discord = if with_discord {
+        Some(DiscordConfig {
+            client_id: "test_discord_client_id".to_string(),
+            client_secret: "test_discord_client_secret".to_string(),
+        })
+    } else {
+        None
+    };
+
+    let github = if with_github {
+        Some(GithubConfig {
+            client_id: "test_github_client_id".to_string(),
+            client_secret: "test_github_client_secret".to_string(),
+        })
+    } else {
+        None
+    };
+
     let config = Config {
-        database_url: database_url.clone().unwrap_or_default(),
-        discord_client_id: "test_discord_client_id".to_string(),
-        discord_client_secret: "test_discord_client_secret".to_string(),
-        github_client_id: "test_github_client_id".to_string(),
-        github_client_secret: "test_github_client_secret".to_string(),
-        s3_access_key: "test_s3_access_key".to_string(),
-        s3_secret_access_key: "test_s3_secret_access_key".to_string(),
-        s3_bucket_name: "test_bucket".to_string(),
-        s3_public_base_url: "https://test.example.com".to_string(),
-        port: 0, // Will be set by test server
+        database: database_config,
+        discord,
+        github,
+        s3: None, // Tests don't need S3
+        port: 0,  // Will be set by test server
         host: "127.0.0.1".parse().unwrap(),
         shutdown_timeout_seconds: 5,
         public_base_url: "http://localhost:3000".to_string(),
         jwt_secret: "test_jwt_secret_key_for_testing_only".to_string(),
     };
 
-    let db = if use_database {
-        let db = pacman_server::data::pool::create_pool(use_database, &database_url.unwrap(), 5).await;
+    // Create database pool
+    let db = if let Some(ref db_config) = config.database {
+        let pool = create_pool(false, &db_config.url, 5).await;
 
-        // Run migrations
+        // Run migrations for Postgres
         sqlx::migrate!("./migrations")
-            .run(&db)
+            .run(&pool)
             .instrument(debug_span!("running_migrations"))
             .await
             .expect("Failed to run database migrations");
         debug!("Database migrations ran successfully");
 
-        db
+        pool
     } else {
-        // Create a dummy database pool that will fail gracefully
-        let dummy_url = "postgresql://dummy:dummy@localhost:5432/dummy?sslmode=disable";
-        pacman_server::data::pool::create_pool(false, dummy_url, 1).await
+        // Create dummy pool for tests that don't need database
+        create_dummy_pool()
     };
 
     // Create auth registry
@@ -107,13 +133,15 @@ pub async fn test_context(#[builder(default = false)] use_database: bool, auth_r
 
     // Create app state
     let notify = Arc::new(Notify::new());
-    let app_state = AppState::new_with_database(config.clone(), auth, db, notify, use_database).await;
+    let app_state = AppState::new_with_options(config.clone(), auth, db, notify, use_database).await;
 
-    // Set health status based on database usage
+    // Set health status
     {
         let mut health = app_state.health.write().await;
-        health.set_migrations(use_database);
-        health.set_database(use_database);
+        if use_database {
+            health.set_migrations(true);
+            health.set_database(true);
+        }
     }
 
     let router = create_router(app_state.clone());

pacman-server/tests/config_optional.rs

@@ -0,0 +1,208 @@
+//! Tests for optional configuration features
+//!
+//! These tests verify that:
+//! 1. The server can start without database, Discord, GitHub, or S3 configured
+//! 2. Partial configuration (e.g., only DISCORD_CLIENT_ID) fails with a clear error
+//! 3. Routes behave correctly when features are disabled
+
+mod common;
+
+use axum::http::StatusCode;
+use pretty_assertions::assert_eq;
+
+use crate::common::{test_context, TestContext};
+
+/// Test that the server starts and responds to health checks without any OAuth providers
+#[tokio::test]
+async fn test_server_without_oauth_providers() {
+    let TestContext { server, app_state, .. } = test_context()
+        .with_discord(false)
+        .with_github(false)
+        .use_database(false)
+        .call()
+        .await;
+
+    // Verify no providers registered
+    assert_eq!(app_state.auth.len(), 0);
+
+    // Health check should work
+    let response = server.get("/api/health").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+
+    // Providers endpoint should return empty list
+    let response = server.get("/api/auth/providers").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+    let body: Vec<serde_json::Value> = response.json();
+    assert!(body.is_empty());
+}
+
+/// Test that the server starts with only Discord configured
+#[tokio::test]
+async fn test_server_with_discord_only() {
+    let TestContext { server, app_state, .. } = test_context()
+        .with_discord(true)
+        .with_github(false)
+        .use_database(false)
+        .call()
+        .await;
+
+    // Verify only Discord is registered
+    assert_eq!(app_state.auth.len(), 1);
+    assert!(app_state.auth.get("discord").is_some());
+    assert!(app_state.auth.get("github").is_none());
+
+    // Providers endpoint should return only Discord
+    let response = server.get("/api/auth/providers").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+    let body: Vec<serde_json::Value> = response.json();
+    assert_eq!(body.len(), 1);
+    assert_eq!(body[0]["id"], "discord");
+}
+
+/// Test that the server starts with only GitHub configured
+#[tokio::test]
+async fn test_server_with_github_only() {
+    let TestContext { server, app_state, .. } = test_context()
+        .with_discord(false)
+        .with_github(true)
+        .use_database(false)
+        .call()
+        .await;
+
+    // Verify only GitHub is registered
+    assert_eq!(app_state.auth.len(), 1);
+    assert!(app_state.auth.get("github").is_some());
+    assert!(app_state.auth.get("discord").is_none());
+
+    // Providers endpoint should return only GitHub
+    let response = server.get("/api/auth/providers").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+    let body: Vec<serde_json::Value> = response.json();
+    assert_eq!(body.len(), 1);
+    assert_eq!(body[0]["id"], "github");
+}
+
+/// Test that the server starts without database configured
+#[tokio::test]
+async fn test_server_without_database() {
+    let TestContext {
+        server,
+        app_state,
+        config,
+        ..
+    } = test_context().use_database(false).call().await;
+
+    // Verify database is not configured
+    assert!(config.database.is_none());
+    assert!(!app_state.database_configured);
+
+    // Health check should still work
+    let response = server.get("/api/health").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+
+    let body: serde_json::Value = response.json();
+    assert_eq!(body["ok"], true);
+    assert_eq!(body["database_configured"], false);
+}
+
+/// Test that profile endpoint returns 503 when database is not configured
+#[tokio::test]
+async fn test_profile_without_database_returns_503() {
+    let TestContext { server, .. } = test_context().use_database(false).call().await;
+
+    // Create a fake session cookie to get past the auth check
+    let response = server.get("/api/profile").await;
+
+    // Should return 503 Service Unavailable because database is not configured
+    assert_eq!(response.status_code(), StatusCode::SERVICE_UNAVAILABLE);
+
+    let body: serde_json::Value = response.json();
+    assert_eq!(body["error"], "database_not_configured");
+}
+
+/// Test that OAuth callback returns 503 when database is not configured
+#[tokio::test]
+async fn test_oauth_callback_without_database_returns_503() {
+    let TestContext { server, .. } = test_context().with_github(true).use_database(false).call().await;
+
+    // Try to complete OAuth flow - should fail because database is not configured
+    let response = server
+        .get("/api/auth/github/callback")
+        .add_query_param("code", "test_code")
+        .add_query_param("state", "test_state")
+        .await;
+
+    // Should return 503 Service Unavailable because database is not configured
+    assert_eq!(response.status_code(), StatusCode::SERVICE_UNAVAILABLE);
+
+    let body: serde_json::Value = response.json();
+    assert_eq!(body["error"], "database_not_configured");
+}
+
+/// Test that unknown provider returns 400
+#[tokio::test]
+async fn test_unknown_provider_returns_400() {
+    let TestContext { server, .. } = test_context().with_discord(true).use_database(false).call().await;
+
+    // Try to access non-existent provider
+    let response = server.get("/api/auth/twitter").await;
+    assert_eq!(response.status_code(), StatusCode::BAD_REQUEST);
+
+    let body: serde_json::Value = response.json();
+    assert_eq!(body["error"], "invalid_provider");
+}
+
+/// Test that logout works without database
+#[tokio::test]
+async fn test_logout_without_database() {
+    let TestContext { server, .. } = test_context().use_database(false).call().await;
+
+    // Logout should work even without database
+    let response = server.get("/api/logout").await;
+
+    // Logout redirects to home
+    assert_eq!(response.status_code(), StatusCode::FOUND);
+}
+
+/// Test basic routes work without database or OAuth
+#[tokio::test]
+async fn test_basic_routes_minimal_config() {
+    let TestContext { server, .. } = test_context()
+        .with_discord(false)
+        .with_github(false)
+        .use_database(false)
+        .call()
+        .await;
+
+    // Root API endpoint
+    let response = server.get("/api/").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+
+    // Health endpoint
+    let response = server.get("/api/health").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+
+    // Providers endpoint (empty list)
+    let response = server.get("/api/auth/providers").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+}
+
+/// Test health endpoint includes feature status
+#[tokio::test]
+async fn test_health_includes_feature_status() {
+    let TestContext { server, .. } = test_context()
+        .with_discord(true)
+        .with_github(false)
+        .use_database(false)
+        .call()
+        .await;
+
+    let response = server.get("/api/health").await;
+    assert_eq!(response.status_code(), StatusCode::OK);
+
+    let body: serde_json::Value = response.json();
+    assert_eq!(body["ok"], true);
+    assert_eq!(body["database_configured"], false);
+    assert_eq!(body["auth_providers"], 1); // Only Discord
+    assert_eq!(body["image_storage_enabled"], false); // No S3 configured
+}