Merge branch 'master' into codex/tiaoyitiao

2026-06-07 00:57:38 +08:00
parent d0be3f36aa e3ecac85f3
commit f5cefc8d5f
37 changed files with 2734 additions and 194 deletions
--- a/server-rs/crates/api-server/src/app.rs
+++ b/server-rs/crates/api-server/src/app.rs
@@ -1504,6 +1504,88 @@ mod tests {
        assert!(!body_text.contains("length limit exceeded"));
    }

+    #[tokio::test]
+    async fn wooden_fish_session_creation_accepts_legacy_audio_body_above_default_limit() {
+        let state = AppState::new(AppConfig::default()).expect("state should build");
+        let seed_user =
+            seed_phone_user_with_password(&state, "13800138026", TEST_PASSWORD).await;
+        let token = sign_test_user_token(&state, &seed_user, "sess_wooden_fish_audio_body");
+        let app = build_router(state);
+        let request_body = format!(
+            "{{\"templateId\":\"wooden-fish\",\"hitSoundAsset\":{{\"audioSrc\":\"data:audio/webm;base64,{}\"}}",
+            "A".repeat(3 * 1024 * 1024)
+        );
+        assert!(request_body.len() > 2 * 1024 * 1024);
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method("POST")
+                    .uri("/api/creation/wooden-fish/sessions")
+                    .header("authorization", format!("Bearer {token}"))
+                    .header("content-type", "application/json")
+                    .body(Body::from(request_body))
+                    .expect("request should build"),
+            )
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+        let body = response
+            .into_body()
+            .collect()
+            .await
+            .expect("response body should collect")
+            .to_bytes();
+        let body_text = String::from_utf8_lossy(&body);
+        assert!(
+            body_text.contains("hitSoundAsset") || body_text.contains("missing field"),
+            "handler should parse the oversized wooden fish payload before rejecting invalid JSON fields: {body_text}"
+        );
+        assert!(!body_text.contains("length limit exceeded"));
+    }
+
+    #[tokio::test]
+    async fn wooden_fish_actions_accept_legacy_audio_body_above_default_limit() {
+        let state = AppState::new(AppConfig::default()).expect("state should build");
+        let seed_user =
+            seed_phone_user_with_password(&state, "13800138027", TEST_PASSWORD).await;
+        let token = sign_test_user_token(&state, &seed_user, "sess_wooden_fish_action_body");
+        let app = build_router(state);
+        let request_body = format!(
+            "{{\"actionType\":\"replace-hit-sound\",\"hitSoundAsset\":{{\"audioSrc\":\"data:audio/webm;base64,{}\"}}",
+            "A".repeat(3 * 1024 * 1024)
+        );
+        assert!(request_body.len() > 2 * 1024 * 1024);
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method("POST")
+                    .uri("/api/creation/wooden-fish/sessions/wooden-fish-session-large/actions")
+                    .header("authorization", format!("Bearer {token}"))
+                    .header("content-type", "application/json")
+                    .body(Body::from(request_body))
+                    .expect("request should build"),
+            )
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+        let body = response
+            .into_body()
+            .collect()
+            .await
+            .expect("response body should collect")
+            .to_bytes();
+        let body_text = String::from_utf8_lossy(&body);
+        assert!(
+            body_text.contains("hitSoundAsset") || body_text.contains("missing field"),
+            "handler should parse the oversized wooden fish action payload before rejecting invalid JSON fields: {body_text}"
+        );
+        assert!(!body_text.contains("length limit exceeded"));
+    }
+
    #[tokio::test]
    async fn password_entry_rejects_unknown_phone_without_registration() {
        let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
@@ -2502,7 +2584,7 @@ mod tests {
    }

    #[tokio::test]
-    async fn wechat_miniprogram_login_returns_system_token_and_marks_session_source() {
+    async fn wechat_miniprogram_login_returns_system_token_and_marks_session_label() {
        let config = AppConfig {
            wechat_auth_enabled: true,
            ..AppConfig::default()
@@ -2524,7 +2606,8 @@ mod tests {
                    .header("x-mini-program-env", "develop")
                    .body(Body::from(
                        serde_json::json!({
-                            "code": "wx-mini-code-001"
+                            "code": "wx-mini-code-001",
+                            "displayName": "微信旅人"
                        })
                        .to_string(),
                    ))
@@ -2557,10 +2640,19 @@ mod tests {
            login_payload["bindingStatus"],
            Value::String("pending_bind_phone".to_string())
        );
+        assert_eq!(login_payload["created"], Value::Bool(true));
        assert_eq!(
            login_payload["user"]["loginMethod"],
            Value::String("wechat".to_string())
        );
+        assert_eq!(
+            login_payload["user"]["wechatDisplayName"],
+            Value::String("微信旅人".to_string())
+        );
+        assert_eq!(
+            login_payload["user"]["wechatAccount"],
+            Value::String("wx-mini-code-001".to_string())
+        );
        assert!(refresh_cookie.contains("genarrative_refresh_session="));

        let sessions_response = app
@@ -2585,16 +2677,23 @@ mod tests {
        let sessions_payload: Value =
            serde_json::from_slice(&sessions_body).expect("sessions payload should be json");
        assert_eq!(
-            sessions_payload["sessions"][0]["clientType"],
-            Value::String("mini_program".to_string())
+            sessions_payload["sessions"][0]["clientLabel"],
+            Value::String("微信小程序 / iPhone".to_string())
        );
        assert_eq!(
-            sessions_payload["sessions"][0]["clientRuntime"],
-            Value::String("wechat_mini_program".to_string())
+            sessions_payload["sessions"][0]["sessionCount"],
+            Value::Number(1.into())
        );
        assert_eq!(
-            sessions_payload["sessions"][0]["miniProgramAppId"],
-            Value::String("wx-mini-test".to_string())
+            sessions_payload["sessions"][0]["isCurrent"],
+            Value::Bool(true)
+        );
+        assert_eq!(
+            sessions_payload["sessions"][0]["sessionIds"]
+                .as_array()
+                .expect("session ids should exist")
+                .len(),
+            1
        );
    }

@@ -2621,7 +2720,8 @@ mod tests {
                    .header("x-mini-program-env", "develop")
                    .body(Body::from(
                        serde_json::json!({
-                            "code": "wx-mini-code-bind-001"
+                            "code": "wx-mini-code-bind-001",
+                            "displayName": "微信旅人"
                        })
                        .to_string(),
                    ))
@@ -2647,6 +2747,7 @@ mod tests {
            login_payload["bindingStatus"],
            Value::String("pending_bind_phone".to_string())
        );
+        assert_eq!(login_payload["created"], Value::Bool(true));

        let bind_response = app
            .oneshot(
@@ -2663,7 +2764,8 @@ mod tests {
                    .header("x-mini-program-env", "develop")
                    .body(Body::from(
                        serde_json::json!({
-                            "wechatPhoneCode": "13800138000"
+                            "wechatPhoneCode": "13800138000",
+                            "displayName": "微信旅人"
                        })
                        .to_string(),
                    ))
@@ -2914,7 +3016,7 @@ mod tests {
    }

    #[tokio::test]
-    async fn auth_sessions_returns_multi_device_session_fields() {
+    async fn auth_sessions_returns_multi_device_session_summaries() {
        let state = AppState::new(AppConfig::default()).expect("state should build");
        seed_phone_user_with_password(&state, "13800138013", TEST_PASSWORD).await;
        let app = build_router(state);
@@ -3014,23 +3116,19 @@ mod tests {

        assert_eq!(sessions.len(), 2);
        assert!(sessions.iter().any(|session| {
-            session["clientType"] == Value::String("web_browser".to_string())
-                && session["clientRuntime"] == Value::String("chrome".to_string())
-                && session["clientPlatform"] == Value::String("windows".to_string())
+            session["clientLabel"] == Value::String("Windows / Chrome".to_string())
                && session["sessionCount"] == Value::Number(1.into())
                && session["sessionIds"]
                    .as_array()
                    .is_some_and(|ids| ids.len() == 1)
-                && session["deviceDisplayName"] == Value::String("Windows / Chrome".to_string())
                && session["isCurrent"] == Value::Bool(true)
        }));
        assert!(sessions.iter().any(|session| {
-            session["clientType"] == Value::String("mini_program".to_string())
-                && session["clientRuntime"] == Value::String("wechat_mini_program".to_string())
+            session["clientLabel"] == Value::String("微信小程序 / Android".to_string())
                && session["sessionCount"] == Value::Number(1.into())
-                && session["miniProgramAppId"] == Value::String("wx-session-test".to_string())
-                && session["miniProgramEnv"] == Value::String("release".to_string())
-                && session["deviceDisplayName"] == Value::String("微信小程序 / Android".to_string())
+                && session["sessionIds"]
+                    .as_array()
+                    .is_some_and(|ids| ids.len() == 1)
                && session["isCurrent"] == Value::Bool(false)
        }));
    }
--- a/server-rs/crates/api-server/src/modules/wooden_fish.rs
+++ b/server-rs/crates/api-server/src/modules/wooden_fish.rs
@@ -1,27 +1,36 @@
 use axum::{
-    Router, middleware,
-    routing::{delete, get, post},
+    Router,
+    extract::DefaultBodyLimit,
+    middleware,
+    routing::{get, post},
 };

 use crate::{
    auth::{require_bearer_auth, require_runtime_principal_auth},
    state::AppState,
    wooden_fish::{
-        checkpoint_wooden_fish_run, create_wooden_fish_session, delete_wooden_fish_work,
-        execute_wooden_fish_action, finish_wooden_fish_run, get_wooden_fish_gallery_detail,
-        get_wooden_fish_runtime_work, get_wooden_fish_session, list_wooden_fish_gallery,
-        list_wooden_fish_works, publish_wooden_fish_work, start_wooden_fish_run,
+        checkpoint_wooden_fish_run, create_wooden_fish_session, execute_wooden_fish_action,
+        finish_wooden_fish_run, get_wooden_fish_gallery_detail, get_wooden_fish_runtime_work,
+        get_wooden_fish_session, list_wooden_fish_gallery, list_wooden_fish_works,
+        publish_wooden_fish_work, start_wooden_fish_run,
    },
 };

+const WOODEN_FISH_CREATION_BODY_LIMIT_BYTES: usize = 32 * 1024 * 1024;
+
 pub fn router(state: AppState) -> Router<AppState> {
    Router::new()
        .route(
            "/api/creation/wooden-fish/sessions",
-            post(create_wooden_fish_session).route_layer(middleware::from_fn_with_state(
-                state.clone(),
-                require_bearer_auth,
-            )),
+            post(create_wooden_fish_session)
+                // 中文注释：兼容旧小程序把参考图或录音 Data URL 放进创作 JSON 的请求；新前端音频会先直传 OSS。
+                .layer(DefaultBodyLimit::max(
+                    WOODEN_FISH_CREATION_BODY_LIMIT_BYTES,
+                ))
+                .route_layer(middleware::from_fn_with_state(
+                    state.clone(),
+                    require_bearer_auth,
+                )),
        )
        .route(
            "/api/creation/wooden-fish/sessions/{session_id}",
@@ -32,10 +41,15 @@ pub fn router(state: AppState) -> Router<AppState> {
        )
        .route(
            "/api/creation/wooden-fish/sessions/{session_id}/actions",
-            post(execute_wooden_fish_action).route_layer(middleware::from_fn_with_state(
-                state.clone(),
-                require_bearer_auth,
-            )),
+            post(execute_wooden_fish_action)
+                // 中文注释：compile/regenerate 会携带参考图旧兼容输入，避免 Axum 默认 2MB 先于 handler 拦截。
+                .layer(DefaultBodyLimit::max(
+                    WOODEN_FISH_CREATION_BODY_LIMIT_BYTES,
+                ))
+                .route_layer(middleware::from_fn_with_state(
+                    state.clone(),
+                    require_bearer_auth,
+                )),
        )
        .route(
            "/api/creation/wooden-fish/works",
@@ -44,13 +58,6 @@ pub fn router(state: AppState) -> Router<AppState> {
                require_bearer_auth,
            )),
        )
-        .route(
-            "/api/creation/wooden-fish/works/{profile_id}",
-            delete(delete_wooden_fish_work).route_layer(middleware::from_fn_with_state(
-                state.clone(),
-                require_bearer_auth,
-            )),
-        )
        .route(
            "/api/creation/wooden-fish/works/{profile_id}/publish",
            post(publish_wooden_fish_work).route_layer(middleware::from_fn_with_state(
@@ -91,4 +98,4 @@ pub fn router(state: AppState) -> Router<AppState> {
            "/api/runtime/wooden-fish/gallery/{public_work_code}",
            get(get_wooden_fish_gallery_detail),
        )
-}
+}
--- a/server-rs/crates/api-server/src/wechat_auth.rs
+++ b/server-rs/crates/api-server/src/wechat_auth.rs
@@ -14,6 +14,7 @@ use shared_contracts::auth::{
    WechatMiniProgramLoginRequest, WechatMiniProgramLoginResponse, WechatStartQuery,
    WechatStartResponse,
 };
+use shared_kernel::normalize_optional_string;
 use time::OffsetDateTime;
 use url::Url;

@@ -208,6 +209,7 @@ pub async fn bind_wechat_phone(
            .bind_wechat_verified_phone(BindWechatVerifiedPhoneInput {
                user_id: authenticated.claims().user_id().to_string(),
                phone_number: phone_profile.phone_number,
+                wechat_display_name: payload.display_name.clone(),
            })
            .await
            .map_err(map_wechat_bind_phone_error)?
@@ -235,6 +237,7 @@ pub async fn bind_wechat_phone(
                    user_id: authenticated.claims().user_id().to_string(),
                    phone_number: phone.to_string(),
                    verify_code: code.to_string(),
+                    wechat_display_name: payload.display_name.clone(),
                },
                OffsetDateTime::now_utc(),
            )
@@ -313,7 +316,7 @@ pub async fn login_wechat_mini_program(
    let result = state
        .wechat_auth_service()
        .resolve_login(module_auth::ResolveWechatLoginInput {
-            profile: map_wechat_profile_to_domain(profile),
+            profile: map_wechat_profile_to_domain_with_display_name(profile, payload.display_name),
        })
        .await
        .map_err(map_wechat_auth_error)?;
@@ -346,6 +349,7 @@ pub async fn login_wechat_mini_program(
                token: signed_session.access_token,
                binding_status: result.user.binding_status.as_str().to_string(),
                user: map_auth_user_payload(result.user),
+                created: result.created,
            },
        ),
    ))
@@ -389,6 +393,17 @@ fn map_wechat_profile_to_domain(
    }
 }

+fn map_wechat_profile_to_domain_with_display_name(
+    profile: platform_auth::WechatIdentityProfile,
+    display_name: Option<String>,
+) -> module_auth::WechatIdentityProfile {
+    let mut profile = map_wechat_profile_to_domain(profile);
+    if let Some(display_name) = normalize_optional_string(display_name) {
+        profile.display_name = Some(display_name);
+    }
+    profile
+}
+
 fn normalize_redirect_path(raw_value: Option<&str>, fallback: &str) -> String {
    let Some(raw_value) = raw_value.map(str::trim).filter(|value| !value.is_empty()) else {
        return fallback.to_string();