huang
1f71741836
主要变更: - ✅ 完成所有文档任务(T092-T095a) * 创建中文 README.md 和项目文档 * 添加限流器使用指南 * 更新快速入门文档 * 添加详细的中文代码注释 - ✅ 完成代码质量任务(T096-T103) * 通过 gofmt、go vet、golangci-lint 检查 * 修复 17 个 errcheck 问题 * 验证无硬编码 Redis key * 确保命名规范符合 Go 标准 - ✅ 完成测试任务(T104-T108) * 58 个测试全部通过 * 总体覆盖率 75.1%(超过 70% 目标) * 核心模块覆盖率 90%+ - ✅ 完成安全审计任务(T109-T113) * 修复日志中令牌泄露问题 * 验证 Fail-closed 策略正确实现 * 审查 Redis 连接安全 * 完成依赖项漏洞扫描 - ✅ 完成性能验证任务(T114-T117) * 令牌验证性能:17.5 μs/op(~58,954 ops/s) * 响应序列化性能:1.1 μs/op(>1,000,000 ops/s) * 配置访问性能:0.58 ns/op(接近 CPU 缓存速度) - ✅ 完成质量关卡任务(T118-T126) * 所有测试通过 * 代码格式和静态检查通过 * 无 TODO/FIXME 遗留 * 中间件集成验证 * 优雅关闭机制验证 新增文件: - README.md(中文项目文档) - docs/rate-limiting.md(限流器指南) - docs/security-audit-report.md(安全审计报告) - docs/performance-benchmark-report.md(性能基准报告) - docs/quality-gate-report.md(质量关卡报告) - docs/PROJECT-COMPLETION-SUMMARY.md(项目完成总结) - 基准测试文件(config, response, validator) 安全修复: - 移除 pkg/validator/token.go 中的敏感日志记录 质量评分:9.6/10(优秀) 项目状态:✅ 已完成,待部署
426 lines
12 KiB
Go
426 lines
12 KiB
Go
package integration
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/break/junhong_cmp_fiber/internal/handler"
|
|
"github.com/break/junhong_cmp_fiber/internal/middleware"
|
|
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
|
"github.com/break/junhong_cmp_fiber/pkg/errors"
|
|
"github.com/break/junhong_cmp_fiber/pkg/logger"
|
|
"github.com/break/junhong_cmp_fiber/pkg/response"
|
|
"github.com/break/junhong_cmp_fiber/pkg/validator"
|
|
"github.com/gofiber/fiber/v2"
|
|
"github.com/redis/go-redis/v9"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// setupAuthTestApp creates a Fiber app with authentication middleware for testing
|
|
func setupAuthTestApp(t *testing.T, rdb *redis.Client) *fiber.App {
|
|
t.Helper()
|
|
|
|
// Initialize logger
|
|
appLogConfig := logger.LogRotationConfig{
|
|
Filename: "logs/app_test.log",
|
|
MaxSize: 10,
|
|
MaxBackups: 3,
|
|
MaxAge: 7,
|
|
Compress: false,
|
|
}
|
|
accessLogConfig := logger.LogRotationConfig{
|
|
Filename: "logs/access_test.log",
|
|
MaxSize: 10,
|
|
MaxBackups: 3,
|
|
MaxAge: 7,
|
|
Compress: false,
|
|
}
|
|
if err := logger.InitLoggers("info", false, appLogConfig, accessLogConfig); err != nil {
|
|
t.Fatalf("failed to initialize logger: %v", err)
|
|
}
|
|
|
|
app := fiber.New()
|
|
|
|
// Add request ID middleware
|
|
app.Use(func(c *fiber.Ctx) error {
|
|
c.Locals(constants.ContextKeyRequestID, "test-request-id-123")
|
|
return c.Next()
|
|
})
|
|
|
|
// Add authentication middleware
|
|
tokenValidator := validator.NewTokenValidator(rdb, logger.GetAppLogger())
|
|
app.Use(middleware.KeyAuth(tokenValidator, logger.GetAppLogger()))
|
|
|
|
// Add protected test routes
|
|
app.Get("/api/v1/test", func(c *fiber.Ctx) error {
|
|
userID := c.Locals(constants.ContextKeyUserID)
|
|
return response.Success(c, fiber.Map{
|
|
"message": "protected resource",
|
|
"user_id": userID,
|
|
})
|
|
})
|
|
|
|
app.Get("/api/v1/users", handler.GetUsers)
|
|
|
|
return app
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_ValidToken tests authentication with a valid token
|
|
func TestKeyAuthMiddleware_ValidToken(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1, // Use test database
|
|
})
|
|
defer func() { _ = rdb.Close() }()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Clean up test data
|
|
defer rdb.FlushDB(ctx)
|
|
|
|
// Setup test token
|
|
testToken := "test-valid-token-12345"
|
|
testUserID := "user-789"
|
|
err := rdb.Set(ctx, constants.RedisAuthTokenKey(testToken), testUserID, 1*time.Hour).Err()
|
|
require.NoError(t, err, "Failed to set test token in Redis")
|
|
|
|
// Create test app
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Create request with valid token
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
req.Header.Set("token", testToken)
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions
|
|
assert.Equal(t, 200, resp.StatusCode, "Expected status 200 for valid token")
|
|
|
|
// Parse response body
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Logf("Response body: %s", string(body))
|
|
|
|
// Should contain user_id in response
|
|
assert.Contains(t, string(body), testUserID, "Response should contain user ID")
|
|
assert.Contains(t, string(body), `"code":0`, "Response should have success code")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_MissingToken tests authentication with missing token
|
|
func TestKeyAuthMiddleware_MissingToken(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Create test app
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Create request without token
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions
|
|
assert.Equal(t, 401, resp.StatusCode, "Expected status 401 for missing token")
|
|
|
|
// Parse response body
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Logf("Response body: %s", string(body))
|
|
|
|
// Should contain error code 1001
|
|
assert.Contains(t, string(body), `"code":1001`, "Response should have missing token error code")
|
|
// Message is in Chinese: "缺失认证令牌"
|
|
assert.Contains(t, string(body), "缺失认证令牌", "Response should have missing token message")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_InvalidToken tests authentication with invalid token
|
|
func TestKeyAuthMiddleware_InvalidToken(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Clean up test data
|
|
defer rdb.FlushDB(ctx)
|
|
|
|
// Create test app
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Create request with invalid token (not in Redis)
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
req.Header.Set("token", "invalid-token-xyz")
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions
|
|
assert.Equal(t, 401, resp.StatusCode, "Expected status 401 for invalid token")
|
|
|
|
// Parse response body
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Logf("Response body: %s", string(body))
|
|
|
|
// Should contain error code 1002
|
|
assert.Contains(t, string(body), `"code":1002`, "Response should have invalid token error code")
|
|
// Message is in Chinese: "令牌无效或已过期"
|
|
assert.Contains(t, string(body), "令牌无效或已过期", "Response should have invalid token message")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_ExpiredToken tests authentication with expired token
|
|
func TestKeyAuthMiddleware_ExpiredToken(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Clean up test data
|
|
defer rdb.FlushDB(ctx)
|
|
|
|
// Setup test token with short TTL
|
|
testToken := "test-expired-token-999"
|
|
testUserID := "user-999"
|
|
err := rdb.Set(ctx, constants.RedisAuthTokenKey(testToken), testUserID, 1*time.Second).Err()
|
|
require.NoError(t, err, "Failed to set test token in Redis")
|
|
|
|
// Wait for token to expire
|
|
time.Sleep(2 * time.Second)
|
|
|
|
// Create test app
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Create request with expired token
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
req.Header.Set("token", testToken)
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions
|
|
assert.Equal(t, 401, resp.StatusCode, "Expected status 401 for expired token")
|
|
|
|
// Parse response body
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Logf("Response body: %s", string(body))
|
|
|
|
// Should contain error code 1002 (expired token treated as invalid)
|
|
assert.Contains(t, string(body), `"code":1002`, "Response should have invalid token error code")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_RedisDown tests fail-closed behavior when Redis is unavailable
|
|
func TestKeyAuthMiddleware_RedisDown(t *testing.T) {
|
|
// Setup Redis client with invalid address (simulating Redis down)
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:9999", // Invalid port
|
|
DialTimeout: 100 * time.Millisecond,
|
|
ReadTimeout: 100 * time.Millisecond,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Create test app with unavailable Redis
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Create request with any token
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
req.Header.Set("token", "any-token")
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions - should fail closed with 503
|
|
assert.Equal(t, 503, resp.StatusCode, "Expected status 503 when Redis is unavailable")
|
|
|
|
// Parse response body
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Logf("Response body: %s", string(body))
|
|
|
|
// Should contain error code 1004
|
|
assert.Contains(t, string(body), `"code":1004`, "Response should have service unavailable error code")
|
|
// Message is in Chinese: "认证服务不可用"
|
|
assert.Contains(t, string(body), "认证服务不可用", "Response should have service unavailable message")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_UserIDPropagation tests that user ID is properly stored in context
|
|
func TestKeyAuthMiddleware_UserIDPropagation(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Clean up test data
|
|
defer rdb.FlushDB(ctx)
|
|
|
|
// Setup test token
|
|
testToken := "test-propagation-token"
|
|
testUserID := "user-propagation-123"
|
|
err := rdb.Set(ctx, constants.RedisAuthTokenKey(testToken), testUserID, 1*time.Hour).Err()
|
|
require.NoError(t, err)
|
|
|
|
// Initialize logger
|
|
appLogConfig := logger.LogRotationConfig{
|
|
Filename: "logs/app_test.log",
|
|
MaxSize: 10,
|
|
MaxBackups: 3,
|
|
MaxAge: 7,
|
|
Compress: false,
|
|
}
|
|
accessLogConfig := logger.LogRotationConfig{
|
|
Filename: "logs/access_test.log",
|
|
MaxSize: 10,
|
|
MaxBackups: 3,
|
|
MaxAge: 7,
|
|
Compress: false,
|
|
}
|
|
if err := logger.InitLoggers("info", false, appLogConfig, accessLogConfig); err != nil {
|
|
t.Fatalf("failed to initialize logger: %v", err)
|
|
}
|
|
|
|
app := fiber.New()
|
|
|
|
// Add request ID middleware
|
|
app.Use(func(c *fiber.Ctx) error {
|
|
c.Locals(constants.ContextKeyRequestID, "test-request-id")
|
|
return c.Next()
|
|
})
|
|
|
|
// Add authentication middleware
|
|
tokenValidator := validator.NewTokenValidator(rdb, logger.GetAppLogger())
|
|
app.Use(middleware.KeyAuth(tokenValidator, logger.GetAppLogger()))
|
|
|
|
// Add test route that checks user ID
|
|
var capturedUserID string
|
|
app.Get("/api/v1/check-user", func(c *fiber.Ctx) error {
|
|
userID, ok := c.Locals(constants.ContextKeyUserID).(string)
|
|
if !ok {
|
|
return response.Error(c, 500, errors.CodeInternalError, "User ID not found in context")
|
|
}
|
|
capturedUserID = userID
|
|
return response.Success(c, fiber.Map{
|
|
"user_id": userID,
|
|
})
|
|
})
|
|
|
|
// Create request
|
|
req := httptest.NewRequest("GET", "/api/v1/check-user", nil)
|
|
req.Header.Set("token", testToken)
|
|
|
|
// Execute request
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
// Assertions
|
|
assert.Equal(t, 200, resp.StatusCode)
|
|
assert.Equal(t, testUserID, capturedUserID, "User ID should be propagated to handler")
|
|
}
|
|
|
|
// TestKeyAuthMiddleware_MultipleRequests tests multiple requests with different tokens
|
|
func TestKeyAuthMiddleware_MultipleRequests(t *testing.T) {
|
|
// Setup Redis client
|
|
rdb := redis.NewClient(&redis.Options{
|
|
Addr: "localhost:6379",
|
|
DB: 1,
|
|
})
|
|
defer rdb.Close()
|
|
|
|
// Check Redis availability
|
|
ctx := context.Background()
|
|
if err := rdb.Ping(ctx).Err(); err != nil {
|
|
t.Skip("Redis not available, skipping integration test")
|
|
}
|
|
|
|
// Clean up test data
|
|
defer rdb.FlushDB(ctx)
|
|
|
|
// Setup multiple test tokens
|
|
tokens := map[string]string{
|
|
"token-user-1": "user-001",
|
|
"token-user-2": "user-002",
|
|
"token-user-3": "user-003",
|
|
}
|
|
|
|
for token, userID := range tokens {
|
|
err := rdb.Set(ctx, constants.RedisAuthTokenKey(token), userID, 1*time.Hour).Err()
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
// Create test app
|
|
app := setupAuthTestApp(t, rdb)
|
|
|
|
// Test each token
|
|
for token, expectedUserID := range tokens {
|
|
t.Run("token_"+expectedUserID, func(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/api/v1/test", nil)
|
|
req.Header.Set("token", token)
|
|
|
|
resp, err := app.Test(req, -1)
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
|
|
assert.Equal(t, 200, resp.StatusCode)
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
|
|
assert.Contains(t, string(body), expectedUserID)
|
|
})
|
|
}
|
|
}
|