1

2026-04-22 23:44:57 +08:00
parent 76ac9d22a5
commit 84dc92646a
484 changed files with 9598 additions and 9135 deletions
--- a/src/services/apiClient.test.ts
+++ b/src/services/apiClient.test.ts
@@ -6,6 +6,7 @@ import {
  clearStoredAccessToken,
  fetchWithApiAuth,
  getStoredAccessToken,
+  isTimeoutError,
  requestJson,
  setStoredAccessToken,
 } from './apiClient';
@@ -150,6 +151,68 @@ describe('apiClient', () => {
    expect(getStoredAccessToken()).toBe('fresh-token');
  });

+  it('hydrates a missing local bearer token before the first protected request', async () => {
+    fetchMock
+      .mockResolvedValueOnce(
+        createResponseMock({
+          status: 200,
+          body: JSON.stringify({
+            ok: true,
+            data: {
+              ok: true,
+              token: 'fresh-token',
+            },
+            error: null,
+            meta: {
+              apiVersion: '2026-04-08',
+            },
+          }),
+        }),
+      )
+      .mockResolvedValueOnce(
+        createResponseMock({
+          status: 200,
+          body: JSON.stringify({
+            ok: true,
+            data: {
+              value: 9,
+            },
+            error: null,
+            meta: {
+              apiVersion: '2026-04-08',
+            },
+          }),
+        }),
+      );
+
+    const result = await requestJson<{ value: number }>(
+      '/api/runtime/protected',
+      { method: 'GET' },
+      '读取受保护数据失败',
+    );
+
+    expect(result).toEqual({ value: 9 });
+    expect(fetchMock).toHaveBeenCalledTimes(2);
+    expect(fetchMock).toHaveBeenNthCalledWith(
+      1,
+      '/api/auth/refresh',
+      expect.objectContaining({
+        method: 'POST',
+        credentials: 'same-origin',
+      }),
+    );
+    expect(fetchMock).toHaveBeenNthCalledWith(
+      2,
+      '/api/runtime/protected',
+      expect.objectContaining({
+        headers: expect.objectContaining({
+          Authorization: 'Bearer fresh-token',
+        }),
+      }),
+    );
+    expect(getStoredAccessToken()).toBe('fresh-token');
+  });
+
  it('does not emit auth change events when 401 probe requests opt into silent mode', async () => {
    fetchMock.mockResolvedValueOnce(createResponseMock({ status: 401 }));

@@ -185,6 +248,38 @@ describe('apiClient', () => {
    expect(getStoredAccessToken()).toBe('');
  });

+  it('keeps the refreshed token when the retried protected request is still unauthorized', async () => {
+    setStoredAccessToken('expired-token', { emit: false });
+    fetchMock
+      .mockResolvedValueOnce(createResponseMock({ status: 401 }))
+      .mockResolvedValueOnce(
+        createResponseMock({
+          status: 200,
+          body: JSON.stringify({
+            ok: true,
+            data: {
+              ok: true,
+              token: 'fresh-token',
+            },
+            error: null,
+            meta: {
+              apiVersion: '2026-04-08',
+            },
+          }),
+        }),
+      )
+      .mockResolvedValueOnce(createResponseMock({ status: 401 }));
+
+    const response = await fetchWithApiAuth('/api/runtime/puzzle/works', {
+      method: 'GET',
+    });
+
+    expect(response.status).toBe(401);
+    expect(fetchMock).toHaveBeenCalledTimes(3);
+    expect(getStoredAccessToken()).toBe('fresh-token');
+    expect(dispatchEventMock).toHaveBeenCalledTimes(1);
+  });
+
  it('rejects refresh responses that do not return a renewed bearer token', async () => {
    setStoredAccessToken('expired-token', { emit: false });
    fetchMock
@@ -280,7 +375,43 @@ describe('apiClient', () => {
    expect(result).toEqual({ value: 42 });
  });

+  it('aborts requests when timeoutMs is reached', async () => {
+    setStoredAccessToken('timeout-token', { emit: false });
+    fetchMock.mockImplementation(
+      async (_input: string, init?: RequestInit) =>
+        new Promise((_resolve, reject) => {
+          init?.signal?.addEventListener(
+            'abort',
+            () => {
+              reject(init.signal?.reason);
+            },
+            { once: true },
+          );
+        }),
+    );
+
+    let capturedError: unknown;
+    try {
+      await requestJson(
+        '/api/runtime/protected',
+        { method: 'POST' },
+        '创建会话失败',
+        {
+          timeoutMs: 20,
+          skipRefresh: true,
+        },
+      );
+    } catch (error) {
+      capturedError = error;
+    }
+
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(isTimeoutError(capturedError)).toBe(true);
+    expect(capturedError).toBeInstanceOf(Error);
+  });
+
  it('surfaces response metadata through ApiClientError', async () => {
+    setStoredAccessToken('metadata-token', { emit: false });
    fetchMock.mockResolvedValueOnce(
      createResponseMock({
        status: 503,