feat: add refresh cookie reader

server-rs/crates/api-server/src/app.rs

@@ -3,7 +3,10 @@ use tower_http::trace::{DefaultOnFailure, DefaultOnRequest, DefaultOnResponse, T
 use tracing::{Level, info_span};
 
 use crate::{
-    auth::{inspect_auth_claims, require_bearer_auth},
+    auth::{
+        attach_refresh_session_token, inspect_auth_claims, inspect_refresh_session_cookie,
+        require_bearer_auth,
+    },
     error_middleware::normalize_error_response,
     health::health_check,
     request_context::{attach_request_context, resolve_request_id},
@@ -27,6 +30,13 @@ pub fn build_router(state: AppState) -> Router {
                 require_bearer_auth,
             )),
         )
+        .route(
+            "/_internal/auth/refresh-cookie",
+            get(inspect_refresh_session_cookie).route_layer(middleware::from_fn_with_state(
+                state.clone(),
+                attach_refresh_session_token,
+            )),
+        )
         // 错误归一化层放在 tracing 里侧，让 tracing 记录到最终对外返回的状态与错误体形态。
         .layer(middleware::from_fn(normalize_error_response))
         // 响应头回写放在错误归一化外侧，确保最终写回的是归一化后的最终响应。
@@ -239,4 +249,72 @@ mod tests {
             Value::Number(serde_json::Number::from(7))
         );
     }
+
+    #[tokio::test]
+    async fn internal_refresh_cookie_reports_missing_cookie() {
+        let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .uri("/_internal/auth/refresh-cookie")
+                    .body(Body::empty())
+                    .expect("request should build"),
+            )
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(response.status(), StatusCode::OK);
+
+        let body = response
+            .into_body()
+            .collect()
+            .await
+            .expect("response body should collect")
+            .to_bytes();
+        let payload: Value =
+            serde_json::from_slice(&body).expect("response body should be valid json");
+
+        assert_eq!(payload["present"], Value::Bool(false));
+        assert_eq!(
+            payload["cookieName"],
+            Value::String("genarrative_refresh_session".to_string())
+        );
+    }
+
+    #[tokio::test]
+    async fn internal_refresh_cookie_reports_present_cookie() {
+        let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .uri("/_internal/auth/refresh-cookie")
+                    .header(
+                        "cookie",
+                        "theme=dark; genarrative_refresh_session=token12345",
+                    )
+                    .body(Body::empty())
+                    .expect("request should build"),
+            )
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(response.status(), StatusCode::OK);
+
+        let body = response
+            .into_body()
+            .collect()
+            .await
+            .expect("response body should collect")
+            .to_bytes();
+        let payload: Value =
+            serde_json::from_slice(&body).expect("response body should be valid json");
+
+        assert_eq!(payload["present"], Value::Bool(true));
+        assert_eq!(
+            payload["tokenLength"],
+            Value::Number(serde_json::Number::from(10))
+        );
+    }
 }