diff --git a/src/hooks/useResolvedAssetReadUrl.test.tsx b/src/hooks/useResolvedAssetReadUrl.test.tsx
new file mode 100644
index 00000000..4eac46a3
--- /dev/null
+++ b/src/hooks/useResolvedAssetReadUrl.test.tsx
@@ -0,0 +1,108 @@
+// @vitest-environment jsdom
+
+import { render, screen, waitFor } from '@testing-library/react';
+import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
+
+import { ResolvedAssetImage } from '../components/ResolvedAssetImage';
+import { clearStoredAccessToken, setStoredAccessToken } from '../services/apiClient';
+import { clearSignedAssetReadUrlCache } from '../services/assetReadUrlService';
+
+describe('useResolvedAssetReadUrl', () => {
+ beforeEach(() => {
+ clearSignedAssetReadUrlCache();
+ clearStoredAccessToken({ emit: false });
+ setStoredAccessToken('test-access-token', { emit: false });
+ vi.restoreAllMocks();
+ });
+
+ afterEach(() => {
+ clearStoredAccessToken({ emit: false });
+ });
+
+ test('generated 私有资源签名完成前不会把裸路径写入 img', async () => {
+ vi.spyOn(globalThis, 'fetch').mockResolvedValue(
+ new Response(
+ JSON.stringify({
+ ok: true,
+ data: {
+ read: {
+ objectKey:
+ 'generated-puzzle-assets/puzzle-session-1/candidate-1/asset-1/image.png',
+ signedUrl: 'https://signed.example.com/puzzle.png',
+ expiresAt: '2099-01-01T00:10:00Z',
+ },
+ },
+ error: null,
+ meta: {
+ apiVersion: '2026-04-08',
+ routeVersion: '2026-04-08',
+ latencyMs: 1,
+ timestamp: '2099-01-01T00:00:00Z',
+ },
+ }),
+ {
+ status: 200,
+ headers: {
+ 'Content-Type': 'application/json',
+ },
+ },
+ ),
+ );
+
+ render(
+ ,
+ );
+
+ expect(screen.queryByRole('img', { name: '候选图' })).toBeNull();
+
+ const image = await screen.findByRole('img', { name: '候选图' });
+ expect(image.getAttribute('src')).toBe('https://signed.example.com/puzzle.png');
+ expect(globalThis.fetch).toHaveBeenCalledTimes(1);
+ expect(String(vi.mocked(globalThis.fetch).mock.calls[0]?.[0])).toContain(
+ 'legacyPublicPath=%2Fgenerated-puzzle-assets%2Fpuzzle-session-1%2Fcandidate-1%2Fasset-1%2Fimage.png',
+ );
+ });
+
+ test('generated 私有资源签名失败时保持空图像而不是回退裸路径', async () => {
+ vi.spyOn(globalThis, 'fetch').mockResolvedValue(
+ new Response(
+ JSON.stringify({
+ ok: false,
+ data: null,
+ error: {
+ code: 'NOT_FOUND',
+ message: '对象不存在',
+ },
+ meta: {
+ apiVersion: '2026-04-08',
+ routeVersion: '2026-04-08',
+ latencyMs: 1,
+ timestamp: '2099-01-01T00:00:00Z',
+ },
+ }),
+ {
+ status: 400,
+ headers: {
+ 'Content-Type': 'application/json',
+ },
+ },
+ ),
+ );
+
+ render(
+ ,
+ );
+
+ await waitFor(() => {
+ expect(globalThis.fetch).toHaveBeenCalledTimes(1);
+ });
+ expect(screen.queryByRole('img', { name: '候选图' })).toBeNull();
+ });
+});
+
diff --git a/src/hooks/useResolvedAssetReadUrl.ts b/src/hooks/useResolvedAssetReadUrl.ts
index 4fae92e6..ddb2044a 100644
--- a/src/hooks/useResolvedAssetReadUrl.ts
+++ b/src/hooks/useResolvedAssetReadUrl.ts
@@ -18,7 +18,9 @@ export function useResolvedAssetReadUrl(
const normalizedSource = source?.trim() ?? '';
const shouldResolve =
enabled && Boolean(normalizedSource) && isGeneratedLegacyPath(normalizedSource);
- const [resolvedUrl, setResolvedUrl] = useState(normalizedSource);
+ const [resolvedUrl, setResolvedUrl] = useState(
+ shouldResolve ? '' : normalizedSource,
+ );
useEffect(() => {
if (!normalizedSource) {
@@ -32,8 +34,8 @@ export function useResolvedAssetReadUrl(
}
let cancelled = false;
- // 生成资源的签名 URL 还没回来前,先保留原始路径占位,避免结果页/运行时首屏出现空白图块。
- setResolvedUrl(normalizedSource);
+ // 生成资源通常是 OSS 私有对象;签名 URL 未就绪前不能把裸 generated 路径交给 img 触发无鉴权 GET。
+ setResolvedUrl('');
void resolveAssetReadUrl(normalizedSource, {
expireSeconds: options.expireSeconds,
@@ -45,8 +47,8 @@ export function useResolvedAssetReadUrl(
})
.catch(() => {
if (!cancelled) {
- // 读取签名失败时回退原始路径,至少保持现有 UI 可见错误表象。
- setResolvedUrl(normalizedSource);
+ // 签名失败时保持空 src,避免继续请求无签名的私有对象兼容路径。
+ setResolvedUrl('');
}
});