AI
/
claude-code-hub
镜像来自 https://github.com/ding113/claude-code-hub.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
							import { beforeEach, describe, expect, it, vi } from "vitest";
import { NextRequest } from "next/server";

const mockValidateKey = vi.hoisted(() => vi.fn());
const mockSetAuthCookie = vi.hoisted(() => vi.fn());
const mockGetSessionTokenMode = vi.hoisted(() => vi.fn());
const mockGetLoginRedirectTarget = vi.hoisted(() => vi.fn());
const mockGetTranslations = vi.hoisted(() => vi.fn());
const mockGetEnvConfig = vi.hoisted(() => vi.fn());
const mockLogger = vi.hoisted(() => ({
  warn: vi.fn(),
  error: vi.fn(),
  info: vi.fn(),
  debug: vi.fn(),
}));

vi.mock("@/lib/auth", () => ({
  validateKey: mockValidateKey,
  setAuthCookie: mockSetAuthCookie,
  getSessionTokenMode: mockGetSessionTokenMode,
  getLoginRedirectTarget: mockGetLoginRedirectTarget,
  toKeyFingerprint: vi.fn().mockResolvedValue("sha256:mock"),
  withNoStoreHeaders: (res: any) => {
    (res as any).headers.set("Cache-Control", "no-store, no-cache, must-revalidate");
    (res as any).headers.set("Pragma", "no-cache");
    return res;
  },
}));

vi.mock("next-intl/server", () => ({
  getTranslations: mockGetTranslations,
}));

vi.mock("@/lib/config/env.schema", () => ({
  getEnvConfig: mockGetEnvConfig,
}));

vi.mock("@/lib/logger", () => ({
  logger: mockLogger,
}));

vi.mock("@/lib/security/auth-response-headers", () => ({
  withAuthResponseHeaders: (res: any) => {
    (res as any).headers.set("Cache-Control", "no-store, no-cache, must-revalidate");
    (res as any).headers.set("Pragma", "no-cache");
    return res;
  },
}));

function makeRequest(body: unknown, xForwardedProto = "https"): NextRequest {
  return new NextRequest("http://localhost/api/auth/login", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "x-forwarded-proto": xForwardedProto,
    },
    body: JSON.stringify(body),
  });
}

const adminSession = {
  user: {
    id: -1,
    name: "Admin Token",
    description: "Environment admin session",
    role: "admin" as const,
  },
  key: { canLoginWebUi: true },
};

const dashboardUserSession = {
  user: {
    id: 1,
    name: "Dashboard User",
    description: "dashboard",
    role: "user" as const,
  },
  key: { canLoginWebUi: true },
};

const readonlyUserSession = {
  user: {
    id: 2,
    name: "Readonly User",
    description: "readonly",
    role: "user" as const,
  },
  key: { canLoginWebUi: false },
};

describe("Login Regression Matrix", () => {
  let POST: (request: NextRequest) => Promise<Response>;

  beforeEach(async () => {
    vi.clearAllMocks();

    const mockT = vi.fn((key: string) => `translated:${key}`);
    mockGetTranslations.mockResolvedValue(mockT);
    mockGetEnvConfig.mockReturnValue({ ENABLE_SECURE_COOKIES: false });
    mockSetAuthCookie.mockResolvedValue(undefined);
    mockGetSessionTokenMode.mockReturnValue("legacy");

    const mod = await import("@/app/api/auth/login/route");
    POST = mod.POST;
  });

  describe("Success Paths", () => {
    it("admin user: redirectTo=/dashboard, loginType=admin", async () => {
      mockValidateKey.mockResolvedValue(adminSession);
      mockGetLoginRedirectTarget.mockReturnValue("/dashboard");

      const res = await POST(makeRequest({ key: "admin-key" }));

      expect(res.status).toBe(200);
      expect(await res.json()).toEqual({
        ok: true,
        user: {
          id: -1,
          name: "Admin Token",
          description: "Environment admin session",
          role: "admin",
        },
        redirectTo: "/dashboard",
        loginType: "admin",
      });
      expect(mockSetAuthCookie).toHaveBeenCalledWith("admin-key");
      expect(mockGetLoginRedirectTarget).toHaveBeenCalledWith(adminSession);
    });

    it("dashboard user: redirectTo=/dashboard, loginType=dashboard_user", async () => {
      mockValidateKey.mockResolvedValue(dashboardUserSession);
      mockGetLoginRedirectTarget.mockReturnValue("/dashboard");

      const res = await POST(makeRequest({ key: "dashboard-user-key" }));

      expect(res.status).toBe(200);
      expect(await res.json()).toEqual({
        ok: true,
        user: {
          id: 1,
          name: "Dashboard User",
          description: "dashboard",
          role: "user",
        },
        redirectTo: "/dashboard",
        loginType: "dashboard_user",
      });
      expect(mockSetAuthCookie).toHaveBeenCalledWith("dashboard-user-key");
      expect(mockGetLoginRedirectTarget).toHaveBeenCalledWith(dashboardUserSession);
    });

    it("readonly user: redirectTo=/my-usage, loginType=readonly_user", async () => {
      mockValidateKey.mockResolvedValue(readonlyUserSession);
      mockGetLoginRedirectTarget.mockReturnValue("/my-usage");

      const res = await POST(makeRequest({ key: "readonly-user-key" }));

      expect(res.status).toBe(200);
      expect(await res.json()).toEqual({
        ok: true,
        user: {
          id: 2,
          name: "Readonly User",
          description: "readonly",
          role: "user",
        },
        redirectTo: "/my-usage",
        loginType: "readonly_user",
      });
      expect(mockSetAuthCookie).toHaveBeenCalledWith("readonly-user-key");
      expect(mockGetLoginRedirectTarget).toHaveBeenCalledWith(readonlyUserSession);
    });
  });

  describe("Failure Paths", () => {
    it("missing key: 400 + KEY_REQUIRED", async () => {
      const res = await POST(makeRequest({}));

      expect(res.status).toBe(400);
      expect(await res.json()).toEqual({
        error: "translated:apiKeyRequired",
        errorCode: "KEY_REQUIRED",
      });
      expect(mockValidateKey).not.toHaveBeenCalled();
      expect(mockSetAuthCookie).not.toHaveBeenCalled();
    });

    it("invalid key: 401 + KEY_INVALID", async () => {
      mockValidateKey.mockResolvedValue(null);

      const res = await POST(makeRequest({ key: "invalid-key" }));

      expect(res.status).toBe(401);
      expect(await res.json()).toEqual({
        error: "translated:apiKeyInvalidOrExpired",
        errorCode: "KEY_INVALID",
      });
      expect(mockSetAuthCookie).not.toHaveBeenCalled();
    });

    it("HTTP mismatch: 401 + httpMismatchGuidance", async () => {
      mockGetEnvConfig.mockReturnValue({ ENABLE_SECURE_COOKIES: true });
      mockValidateKey.mockResolvedValue(null);

      const res = await POST(makeRequest({ key: "mismatch-key" }, "http"));

      expect(res.status).toBe(401);
      expect(await res.json()).toEqual({
        error: "translated:apiKeyInvalidOrExpired",
        errorCode: "KEY_INVALID",
        httpMismatchGuidance: "translated:cookieWarningDescription",
      });
      expect(mockSetAuthCookie).not.toHaveBeenCalled();
    });

    it("server error: 500 + SERVER_ERROR", async () => {
      mockValidateKey.mockRejectedValue(new Error("DB connection failed"));

      const res = await POST(makeRequest({ key: "trigger-server-error" }));

      expect(res.status).toBe(500);
      expect(await res.json()).toEqual({
        error: "translated:serverError",
        errorCode: "SERVER_ERROR",
      });
      expect(mockSetAuthCookie).not.toHaveBeenCalled();
      expect(mockLogger.error).toHaveBeenCalled();
    });
  });
});