187-template-176
/
mini-starter
forked de 155-template-138/mini-starter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
							import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
import { testClient } from 'hono/testing';
import { authRoutes } from '../../src/routes';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { Role, UserEntity } from '@d8d/user-module';
import { redisUtil, JWTUtil } from '@d8d/shared-utils';
import { File } from '@d8d/file-module';

// Mock MiniAuthService 的 decryptPhoneNumber 方法
vi.mock('../../src/services/mini-auth.service', () => ({
  MiniAuthService: vi.fn().mockImplementation(() => ({
    decryptPhoneNumber: vi.fn().mockImplementation(async (encryptedData: string, iv: string, sessionKey: string) => {
      // 模拟解密过程
      if (!encryptedData || !iv || !sessionKey) {
        throw { code: 400, message: '加密数据或初始向量不能为空' };
      }

      // 根据不同的加密数据返回不同的手机号用于测试
      if (encryptedData === 'valid_encrypted_data') {
        return '13800138000';
      } else if (encryptedData === 'another_valid_data') {
        return '13900139000';
      } else {
        throw { code: 400, message: '解密失败' };
      }
    })
  }))
}));

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([UserEntity, File, Role])

describe('手机号解密API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof authRoutes>>;
  let testToken: string;
  let testUser: UserEntity;
  let getSessionKeySpy: any;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(authRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();

    // 创建测试用户
    const userRepository = dataSource.getRepository(UserEntity);
    testUser = userRepository.create({
      username: `test_user_${Date.now()}`,
      password: 'test_password',
      nickname: '测试用户',
      phone: null, // 初始手机号为null
      registrationSource: 'web'
    });
    await userRepository.save(testUser);

    // 生成测试用户的token
    testToken = JWTUtil.generateToken({
      id: testUser.id,
      username: testUser.username,
      roles: [{name:'user'}]
    });

    // 使用 spyOn 来 mock getSessionKey 方法
    getSessionKeySpy = vi.spyOn(redisUtil, 'getSessionKey').mockResolvedValue('mock-session-key');
  });

  afterEach(() => {
    // 清理 spy
    if (getSessionKeySpy) {
      getSessionKeySpy.mockRestore();
    }
  });

  describe('POST /auth/phone-decrypt', () => {
    it('应该成功解密手机号并更新用户信息', async () => {
      const requestData = {
        encryptedData: 'valid_encrypted_data',
        iv: 'encryption_iv'
      };

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      console.debug('响应状态:', response.status);
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('错误响应:', errorData);
      }

      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();

        // 验证响应数据格式
        expect(data).toHaveProperty('phoneNumber');
        expect(data).toHaveProperty('user');
        expect(data.phoneNumber).toBe('13800138000');
        expect(data.user.phone).toBe('13800138000');
        expect(data.user.id).toBe(testUser.id);
      }

      // 验证数据库中的用户手机号已更新
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const userRepository = dataSource.getRepository(UserEntity);
      const updatedUser = await userRepository.findOne({
        where: { id: testUser.id }
      });
      expect(updatedUser?.phone).toBe('13800138000');
    });

    it('应该处理用户不存在的情况', async () => {
      const requestData = {
        encryptedData: 'valid_encrypted_data',
        iv: 'encryption_iv'
      };

      // 使用不存在的用户ID生成token
      const nonExistentUserToken = 'non_existent_user_token';

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': `Bearer ${nonExistentUserToken}`
        }
      });

      // 当用户不存在时，应该返回401或404
      expect(response.status).toBe(401);
    });

    it('应该处理解密失败的情况', async () => {
      const requestData = {
        encryptedData: '', // 空加密数据
        iv: 'encryption_iv'
      };

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(400);

      if (response.status === 400) {
        const data = await response.json();
        expect(data.message).toBe('加密数据或初始向量不能为空');
      }
    });

    it('应该处理无效的加密数据', async () => {
      const requestData = {
        encryptedData: 'invalid_encrypted_data',
        iv: 'encryption_iv'
      };

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(400);

      if (response.status === 400) {
        const data = await response.json();
        expect(data.message).toBe('解密失败');
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const requestData = {
        encryptedData: 'valid_encrypted_data',
        iv: 'encryption_iv'
      };

      const response = await client['phone-decrypt'].$post({
        json: requestData
      });

      expect(response.status).toBe(401);
    });

    it('应该拒绝无效token的访问', async () => {
      const requestData = {
        encryptedData: 'valid_encrypted_data',
        iv: 'encryption_iv'
      };

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': 'Bearer invalid_token'
        }
      });

      expect(response.status).toBe(401);
    });

    it('应该处理sessionKey过期的情况', async () => {
      const requestData = {
        encryptedData: 'valid_encrypted_data',
        iv: 'encryption_iv'
      };

      // 模拟 sessionKey 过期的情况
      getSessionKeySpy.mockResolvedValue(null);

      const response = await client['phone-decrypt'].$post({
        json: requestData
      },
      {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(400);

      if (response.status === 400) {
        const data = await response.json();
        expect(data.message).toBe('sessionKey已过期，请重新登录');
      }
    });
  });
});