wsh5485/CarLog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
main
CarLog/server/test/middleware.auth.test.js
T
wsh5485 fe17886ac4 feat: 洗车管理系统 v2.8 — 个人 detailer 单用户全栈应用 
- 车辆 / 洗车 / 加油 / 充电 / 保养 / 保险 完整 CRUD + 软删
- AI 截图识别(5 类型 OCR schema):OpenAI 兼容 + MiniMax M3
- 化学品 / Grocy 实例对接 + 库存镜像同步
- 仪表盘:30 天频次 + 健康度 + 同比环比 + 油价趋势 + 年均养护
- 月度报表:Excel 6 sheet + PDF
- PWA:manifest / SW / 离线缓存 / iOS 引导
- 安全:bcrypt + CSRF + 登录锁定(IP/用户/全局三级)+ 401 自动跳登录 + 表单草稿
- 高 ROI 8 功能:里程/提醒/成本/搜索/标签/通知/同比/成就
- 3 个新 migration(0016/0017/0018)+ 18 个迁移全幂等
- 101/101 测试通过(含 ipRateLimit / CSRF / retry / stats / tags / notifications)
- 部署:宝塔面板文档 + PM2 + Nginx
2026-06-20 21:11:54 +08:00

67 lines
2.4 KiB
JavaScript
Raw Permalink Blame History

// server/test/middleware.auth.test.js
import { describe, it, expect, vi } from 'vitest';
import { requireAuth } from '../src/middleware/auth.js';
function mockRes() {
return {
statusCode: 200,
body: null,
headers: {},
status(c) { this.statusCode = c; return this; },
json(b) { this.body = b; return this; },
redirect(url) { this.headers.location = url; this.statusCode = 302; return this; },
};
}
describe('middleware/requireAuth', () => {
it('已登录 → 放行', () => {
const req = { session: { userId: 1 } };
const next = vi.fn();
requireAuth(req, mockRes(), next);
expect(next).toHaveBeenCalledOnce();
});
it('未登录 + /api/ 路径 → 401 JSON', () => {
const req = { session: {}, path: '/api/washes', originalUrl: '/api/washes' };
const res = mockRes();
const next = vi.fn();
requireAuth(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.statusCode).toBe(401);
expect(res.body.error.code).toBe('UNAUTHORIZED');
});
it('未登录 + 非 /api 路径 → 302 redirect 到 /login?return_to=', () => {
const req = { session: {}, path: '/settings', originalUrl: '/settings?tab=profile' };
const res = mockRes();
const next = vi.fn();
requireAuth(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.statusCode).toBe(302);
expect(res.headers.location).toMatch(/^\/login\?return_to=/);
});
it('未登录 + originalUrl 含特殊字符 → URL 编码', () => {
const req = { session: {}, path: '/foo', originalUrl: '/foo?x=1&y=2' };
const res = mockRes();
requireAuth(req, res, vi.fn());
expect(decodeURIComponent(res.headers.location.split('return_to=')[1])).toBe('/foo?x=1&y=2');
});
it('未登录 + 无 session 对象 → 401', () => {
const req = { path: '/api/x' };
const res = mockRes();
requireAuth(req, res, vi.fn());
expect(res.statusCode).toBe(401);
});
it('session.userId = 0/false/空 → 视为未登录', () => {
for (const uid of [0, false, null, '']) {
const req = { session: { userId: uid }, path: '/api/x' };
const res = mockRes();
requireAuth(req, res, vi.fn());
expect(res.statusCode).toBe(401);
}
});
});
Reference in New Issue View Git Blame Copy Permalink