dcfd24b624
v1.0.3 定位为 bug fix release,收口 v1.0.2 引入的破坏性清理并修复 4 个轻量 bug + 依赖复查 + 版本号治理 + 文档对齐。同时包含此前未提交 的 v1.0.2 全部工作。 v1.0.3 变更: Fixed: - generateJTI 忽略 rand.Read 错误(jwt)— 改为 (string, error) 并传播 - QueryBuilder.Page Count 受残留 Limit 截断(repository)— countDB 加 Limit(-1).Offset(-1) - OSS/本地存储文件名冲突(storage)— 新增 uniqueFilename 加 8 字节随机后缀 - 数据库重试策略对不可恢复错误无效(database)— 新增 isTransientDBError Dependencies: - go mod tidy 补全 postgres 方言传递依赖;安全补丁升级 x/crypto v0.49→v0.53、golang-jwt/jwt/v5 v5.2.1→v5.3.1、gorilla/websocket v1.5.1→v1.5.3 Removed: - Breaking: 清理 v1.0.2 兼容别名(InitMySQL* / driverName) - 死代码 database.DBResolver - 代码中 292 行"评分/理由"自夸注释(#26,23 个文件) Changed: - Breaking: 错误码体系重构 CodeSuccess 1→0、CodeFail 0→1,删除 CodeInvalidParams,加编译期防撞码 - database/mysql.go → manager.go;Logger 拆分三独立 core 修复 Tee 重复写入 - 版本号常量化:app.go 新增 const Version 作为唯一来源,CLI/脚手架模板引用之,不再散落字面量 Security: - CORS 中间件按 W3C 规范修复 Allow-Credentials / Vary: Origin / 非白名单不回显 Added: - console 包显式 level 控制(SetLevel/WithLevel/LevelSilent,atomic.Int32 并发安全) - 新增测试 jwt/repository/storage/database/router/middleware/app - 文档:新增 CHANGELOG.md、Version_v1.0.2_report.md;更新 README/GUIDE 顶部更新日志 - 文档对齐:删除对不存在的 config.DefaultManager() getter 的描述(保持 API 与文档一致) 详见 CHANGELOG.md 与 README.md 更新日志。 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
161 lines
5.6 KiB
Go
161 lines
5.6 KiB
Go
package middleware_test
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/EthanCodeCraft/xlgo-core/middleware"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func performAuthMiddlewareRequest(m gin.HandlerFunc, setup func(*gin.Context)) *httptest.ResponseRecorder {
|
|
gin.SetMode(gin.TestMode)
|
|
r := gin.New()
|
|
r.Use(func(c *gin.Context) {
|
|
if setup != nil {
|
|
setup(c)
|
|
}
|
|
})
|
|
r.Use(m)
|
|
r.GET("/test", func(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{"ok": true})
|
|
})
|
|
|
|
w := httptest.NewRecorder()
|
|
req := httptest.NewRequest(http.MethodGet, "/test", nil)
|
|
r.ServeHTTP(w, req)
|
|
return w
|
|
}
|
|
|
|
func setAuthUser(userType, role string) func(*gin.Context) {
|
|
return func(c *gin.Context) {
|
|
c.Set(middleware.ContextKeyUserID, uint(1))
|
|
c.Set(middleware.ContextKeyUsername, "tester")
|
|
c.Set(middleware.ContextKeyRole, role)
|
|
c.Set(middleware.ContextKeyUserType, userType)
|
|
}
|
|
}
|
|
|
|
func TestRequireUserTypes(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(middleware.RequireUserTypes("tenant_admin"), setAuthUser("tenant_admin", "owner"))
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
if !strings.Contains(w.Body.String(), `"ok":true`) {
|
|
t.Fatalf("expected request to pass, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRequireUserTypesRejectsOtherTypes(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(middleware.RequireUserTypes("tenant_admin"), setAuthUser("staff", "owner"))
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected business error over status 200, got %d", w.Code)
|
|
}
|
|
if !strings.Contains(w.Body.String(), `"code":403`) {
|
|
t.Fatalf("expected forbidden response, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRequireRoles(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(middleware.RequireRoles("owner"), setAuthUser("tenant_admin", "owner"))
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
if !strings.Contains(w.Body.String(), `"ok":true`) {
|
|
t.Fatalf("expected request to pass, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRequireAuthCustomChecker(t *testing.T) {
|
|
checker := func(user middleware.AuthUser, c *gin.Context) bool {
|
|
return user.UserID == 1 && user.UserType == "merchant" && user.Role == "owner"
|
|
}
|
|
|
|
w := performAuthMiddlewareRequest(middleware.RequireAuth(checker), setAuthUser("merchant", "owner"))
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
if !strings.Contains(w.Body.String(), `"ok":true`) {
|
|
t.Fatalf("expected request to pass, got body %s", w.Body.String())
|
|
}
|
|
|
|
w = performAuthMiddlewareRequest(middleware.RequireAuth(checker, "需要商户所有者权限"), setAuthUser("merchant", "staff"))
|
|
if !strings.Contains(w.Body.String(), "需要商户所有者权限") {
|
|
t.Fatalf("expected custom forbidden message, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestDefaultRoleShortcuts(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
mw gin.HandlerFunc
|
|
userType string
|
|
wantPass bool
|
|
}{
|
|
{"admin allows super admin", middleware.AdminRequired(), middleware.DefaultUserTypeSuperAdmin, true},
|
|
{"admin allows admin", middleware.AdminRequired(), middleware.DefaultUserTypeAdmin, true},
|
|
{"admin rejects staff", middleware.AdminRequired(), middleware.DefaultUserTypeStaff, false},
|
|
{"super admin allows super admin", middleware.SuperAdminRequired(), middleware.DefaultUserTypeSuperAdmin, true},
|
|
{"super admin rejects admin", middleware.SuperAdminRequired(), middleware.DefaultUserTypeAdmin, false},
|
|
{"staff allows staff", middleware.StaffRequired(), middleware.DefaultUserTypeStaff, true},
|
|
{"any allows staff", middleware.AnyUserRequired(), middleware.DefaultUserTypeStaff, true},
|
|
{"any rejects external", middleware.AnyUserRequired(), "external", false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(tt.mw, setAuthUser(tt.userType, "role"))
|
|
body := w.Body.String()
|
|
if tt.wantPass && !strings.Contains(body, `"ok":true`) {
|
|
t.Fatalf("expected pass, got body %s", body)
|
|
}
|
|
if !tt.wantPass && !strings.Contains(body, `"code":403`) {
|
|
t.Fatalf("expected forbidden, got body %s", body)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestRequireAuthRejectsMissingContext(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(middleware.RequireUserTypes("admin"), nil)
|
|
if !strings.Contains(w.Body.String(), `"code":401`) || !strings.Contains(w.Body.String(), "请先登录") {
|
|
t.Fatalf("expected unauthorized login response, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestRequireAuthRejectsMalformedContext(t *testing.T) {
|
|
w := performAuthMiddlewareRequest(middleware.RequireUserTypes("admin"), func(c *gin.Context) {
|
|
c.Set(middleware.ContextKeyUserID, uint(1))
|
|
c.Set(middleware.ContextKeyUsername, "tester")
|
|
c.Set(middleware.ContextKeyRole, "owner")
|
|
c.Set(middleware.ContextKeyUserType, 123)
|
|
})
|
|
if !strings.Contains(w.Body.String(), `"code":401`) || !strings.Contains(w.Body.String(), "用户信息异常") {
|
|
t.Fatalf("expected malformed user response, got body %s", w.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestGetAuthUser(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
c, _ := gin.CreateTestContext(httptest.NewRecorder())
|
|
setAuthUser("tenant_admin", "owner")(c)
|
|
|
|
user, ok := middleware.GetAuthUser(c)
|
|
if !ok {
|
|
t.Fatal("expected auth user")
|
|
}
|
|
if user.UserID != 1 || user.Username != "tester" || user.UserType != "tenant_admin" || user.Role != "owner" {
|
|
t.Fatalf("unexpected auth user: %+v", user)
|
|
}
|
|
if middleware.GetRole(c) != "owner" {
|
|
t.Fatalf("expected role owner, got %q", middleware.GetRole(c))
|
|
}
|
|
|
|
c.Set(middleware.ContextKeyUserID, "bad")
|
|
if _, ok := middleware.GetAuthUser(c); ok {
|
|
t.Fatal("expected malformed auth user to fail")
|
|
}
|
|
}
|