3220 lines
117 KiB
Rust
3220 lines
117 KiB
Rust
use axum::{
|
||
Router,
|
||
body::Body,
|
||
extract::Extension,
|
||
http::Request,
|
||
middleware,
|
||
routing::{delete, get, post},
|
||
};
|
||
use tower_http::{
|
||
classify::ServerErrorsFailureClass,
|
||
trace::{DefaultOnRequest, TraceLayer},
|
||
};
|
||
use tracing::{Level, Span, error, info, info_span, warn};
|
||
|
||
use crate::{
|
||
admin::{
|
||
admin_console_page, admin_debug_http, admin_login, admin_me, admin_overview,
|
||
require_admin_auth,
|
||
},
|
||
ai_tasks::{
|
||
append_ai_text_chunk, attach_ai_result_reference, cancel_ai_task, complete_ai_stage,
|
||
complete_ai_task, create_ai_task, fail_ai_task, start_ai_task, start_ai_task_stage,
|
||
},
|
||
assets::{
|
||
bind_asset_object_to_entity, confirm_asset_object, create_direct_upload_ticket,
|
||
create_sts_upload_credentials, get_asset_read_url,
|
||
},
|
||
auth::{
|
||
attach_refresh_session_token, inspect_auth_claims, inspect_refresh_session_cookie,
|
||
require_bearer_auth,
|
||
},
|
||
auth_me::auth_me,
|
||
auth_public_user::{get_public_user_by_code, get_public_user_by_id},
|
||
auth_sessions::auth_sessions,
|
||
big_fish::{
|
||
create_big_fish_session, delete_big_fish_work, execute_big_fish_action, get_big_fish_run,
|
||
get_big_fish_session, get_big_fish_works, start_big_fish_run, stream_big_fish_message,
|
||
submit_big_fish_input, submit_big_fish_message,
|
||
},
|
||
character_animation_assets::{
|
||
generate_character_animation, get_character_animation_job, get_character_workflow_cache,
|
||
import_character_animation_video, list_character_animation_templates,
|
||
publish_character_animation, save_character_workflow_cache,
|
||
},
|
||
character_visual_assets::{
|
||
generate_character_visual, get_character_visual_job, publish_character_visual,
|
||
},
|
||
creation_agent_document_input::parse_creation_agent_document_input,
|
||
custom_world::{
|
||
create_custom_world_agent_session, delete_custom_world_agent_session,
|
||
delete_custom_world_library_profile, execute_custom_world_agent_action,
|
||
get_custom_world_agent_card_detail, get_custom_world_agent_operation,
|
||
get_custom_world_agent_session, get_custom_world_gallery_detail,
|
||
get_custom_world_gallery_detail_by_code, get_custom_world_library,
|
||
get_custom_world_library_detail, get_custom_world_works, list_custom_world_gallery,
|
||
publish_custom_world_library_profile, put_custom_world_library_profile,
|
||
stream_custom_world_agent_message, submit_custom_world_agent_message,
|
||
unpublish_custom_world_library_profile,
|
||
},
|
||
custom_world_ai::{
|
||
generate_custom_world_cover_image, generate_custom_world_entity,
|
||
generate_custom_world_scene_image, generate_custom_world_scene_npc,
|
||
upload_custom_world_cover_image,
|
||
},
|
||
error_middleware::normalize_error_response,
|
||
health::health_check,
|
||
legacy_generated_assets::{
|
||
proxy_generated_animations, proxy_generated_big_fish_assets,
|
||
proxy_generated_character_drafts, proxy_generated_characters,
|
||
proxy_generated_custom_world_covers, proxy_generated_custom_world_scenes,
|
||
proxy_generated_qwen_sprites,
|
||
},
|
||
llm::proxy_llm_chat_completions,
|
||
login_options::auth_login_options,
|
||
logout::logout,
|
||
logout_all::logout_all,
|
||
password_entry::password_entry,
|
||
password_management::{change_password, reset_password},
|
||
phone_auth::{phone_login, send_phone_code},
|
||
puzzle::{
|
||
advance_local_puzzle_next_level, advance_puzzle_next_level, create_puzzle_agent_session,
|
||
delete_puzzle_work, drag_puzzle_piece_or_group, execute_puzzle_agent_action,
|
||
get_puzzle_agent_session, get_puzzle_gallery_detail, get_puzzle_run,
|
||
get_puzzle_work_detail, get_puzzle_works, list_puzzle_gallery, put_puzzle_work,
|
||
start_puzzle_run, stream_puzzle_agent_message, submit_puzzle_agent_message,
|
||
swap_puzzle_pieces,
|
||
},
|
||
refresh_session::refresh_session,
|
||
request_context::{attach_request_context, resolve_request_id},
|
||
response_headers::propagate_request_id_header,
|
||
runtime_browse_history::{
|
||
delete_runtime_browse_history, get_runtime_browse_history, post_runtime_browse_history,
|
||
},
|
||
runtime_chat::stream_runtime_npc_chat_turn,
|
||
runtime_inventory::get_runtime_inventory_state,
|
||
runtime_profile::{
|
||
create_profile_recharge_order, get_profile_dashboard, get_profile_play_stats,
|
||
get_profile_recharge_center, get_profile_wallet_ledger,
|
||
},
|
||
runtime_save::{
|
||
delete_runtime_snapshot, get_runtime_snapshot, list_profile_save_archives,
|
||
put_runtime_snapshot, resume_profile_save_archive,
|
||
},
|
||
runtime_settings::{get_runtime_settings, put_runtime_settings},
|
||
runtime_story::{
|
||
generate_runtime_story_continue, generate_runtime_story_initial, get_runtime_story_state,
|
||
resolve_runtime_story_action, resolve_runtime_story_state,
|
||
},
|
||
state::AppState,
|
||
story_battles::{
|
||
create_story_battle, create_story_npc_battle, get_story_battle_state, resolve_story_battle,
|
||
},
|
||
story_sessions::{begin_story_session, continue_story, get_story_session_state},
|
||
wechat_auth::{bind_wechat_phone, handle_wechat_callback, start_wechat_login},
|
||
};
|
||
|
||
// 统一由这里构造 Axum 路由树,后续再逐项挂接中间件与业务路由。
|
||
pub fn build_router(state: AppState) -> Router {
|
||
let slow_request_threshold_ms = state.config.slow_request_threshold_ms;
|
||
|
||
Router::new()
|
||
.route("/admin", get(admin_console_page))
|
||
.route("/admin/api/login", post(admin_login))
|
||
.route(
|
||
"/admin/api/me",
|
||
get(admin_me).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_admin_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/admin/api/overview",
|
||
get(admin_overview).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_admin_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/admin/api/debug/http",
|
||
post(admin_debug_http).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_admin_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/healthz",
|
||
get(|Extension(request_context): Extension<_>| async move {
|
||
health_check(Extension(request_context)).await
|
||
}),
|
||
)
|
||
.route(
|
||
"/_internal/auth/claims",
|
||
get(inspect_auth_claims).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/_internal/auth/refresh-cookie",
|
||
get(inspect_refresh_session_cookie).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
attach_refresh_session_token,
|
||
)),
|
||
)
|
||
.route("/api/auth/login-options", get(auth_login_options))
|
||
.route(
|
||
"/api/auth/public-users/by-code/{code}",
|
||
get(get_public_user_by_code),
|
||
)
|
||
.route(
|
||
"/api/auth/public-users/by-id/{user_id}",
|
||
get(get_public_user_by_id),
|
||
)
|
||
.route(
|
||
"/generated-character-drafts/{*path}",
|
||
get(proxy_generated_character_drafts),
|
||
)
|
||
.route(
|
||
"/generated-characters/{*path}",
|
||
get(proxy_generated_characters),
|
||
)
|
||
.route(
|
||
"/generated-animations/{*path}",
|
||
get(proxy_generated_animations),
|
||
)
|
||
.route(
|
||
"/generated-big-fish-assets/{*path}",
|
||
get(proxy_generated_big_fish_assets),
|
||
)
|
||
.route(
|
||
"/generated-custom-world-scenes/{*path}",
|
||
get(proxy_generated_custom_world_scenes),
|
||
)
|
||
.route(
|
||
"/generated-custom-world-covers/{*path}",
|
||
get(proxy_generated_custom_world_covers),
|
||
)
|
||
.route(
|
||
"/generated-qwen-sprites/{*path}",
|
||
get(proxy_generated_qwen_sprites),
|
||
)
|
||
.route(
|
||
"/api/auth/me",
|
||
get(auth_me).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/auth/sessions",
|
||
get(auth_sessions)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
attach_refresh_session_token,
|
||
))
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/auth/refresh",
|
||
post(refresh_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
attach_refresh_session_token,
|
||
)),
|
||
)
|
||
.route("/api/auth/phone/send-code", post(send_phone_code))
|
||
.route("/api/auth/phone/login", post(phone_login))
|
||
.route("/api/auth/wechat/start", get(start_wechat_login))
|
||
.route("/api/auth/wechat/callback", get(handle_wechat_callback))
|
||
.route(
|
||
"/api/auth/wechat/bind-phone",
|
||
post(bind_wechat_phone).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/llm/chat/completions",
|
||
post(proxy_llm_chat_completions).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/chat/npc/turn/stream",
|
||
post(stream_runtime_npc_chat_turn).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/creation-agent/document-inputs/parse",
|
||
post(parse_creation_agent_document_input).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/auth/logout",
|
||
post(logout)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
attach_refresh_session_token,
|
||
))
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/auth/logout-all",
|
||
post(logout_all).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks",
|
||
post(create_ai_task).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/start",
|
||
post(start_ai_task).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/stages/{stage_kind}/start",
|
||
post(start_ai_task_stage).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/chunks",
|
||
post(append_ai_text_chunk).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/stages/{stage_kind}/complete",
|
||
post(complete_ai_stage).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/references",
|
||
post(attach_ai_result_reference).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/complete",
|
||
post(complete_ai_task).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/fail",
|
||
post(fail_ai_task).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/ai/tasks/{task_id}/cancel",
|
||
post(cancel_ai_task).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/assets/direct-upload-tickets",
|
||
post(create_direct_upload_ticket),
|
||
)
|
||
.route(
|
||
"/api/assets/sts-upload-credentials",
|
||
post(create_sts_upload_credentials),
|
||
)
|
||
.route("/api/assets/objects/confirm", post(confirm_asset_object))
|
||
.route(
|
||
"/api/assets/objects/bind",
|
||
post(bind_asset_object_to_entity),
|
||
)
|
||
.route(
|
||
"/api/assets/character-visual/generate",
|
||
post(generate_character_visual),
|
||
)
|
||
.route(
|
||
"/api/assets/character-visual/jobs/{task_id}",
|
||
get(get_character_visual_job),
|
||
)
|
||
.route(
|
||
"/api/assets/character-visual/publish",
|
||
post(publish_character_visual),
|
||
)
|
||
.route(
|
||
"/api/assets/character-animation/generate",
|
||
post(generate_character_animation),
|
||
)
|
||
.route(
|
||
"/api/assets/character-animation/jobs/{task_id}",
|
||
get(get_character_animation_job),
|
||
)
|
||
.route(
|
||
"/api/assets/character-animation/publish",
|
||
post(publish_character_animation),
|
||
)
|
||
.route(
|
||
"/api/assets/character-animation/import-video",
|
||
post(import_character_animation_video),
|
||
)
|
||
.route(
|
||
"/api/assets/character-animation/templates",
|
||
get(list_character_animation_templates),
|
||
)
|
||
.route(
|
||
"/api/assets/character-workflow-cache",
|
||
post(save_character_workflow_cache),
|
||
)
|
||
.route(
|
||
"/api/assets/character-workflow-cache/{character_id}",
|
||
get(get_character_workflow_cache),
|
||
)
|
||
.route("/api/assets/read-url", get(get_asset_read_url))
|
||
.route(
|
||
"/api/runtime/settings",
|
||
get(get_runtime_settings)
|
||
.put(put_runtime_settings)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/save/snapshot",
|
||
get(get_runtime_snapshot)
|
||
.put(put_runtime_snapshot)
|
||
.delete(delete_runtime_snapshot)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-library",
|
||
get(get_custom_world_library).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-library/{profile_id}",
|
||
get(get_custom_world_library_detail)
|
||
.put(put_custom_world_library_profile)
|
||
.delete(delete_custom_world_library_profile)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-library/{profile_id}/publish",
|
||
post(publish_custom_world_library_profile).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-library/{profile_id}/unpublish",
|
||
post(unpublish_custom_world_library_profile).route_layer(
|
||
middleware::from_fn_with_state(state.clone(), require_bearer_auth),
|
||
),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-gallery",
|
||
get(list_custom_world_gallery),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-gallery/{owner_user_id}/{profile_id}",
|
||
get(get_custom_world_gallery_detail),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world-gallery/by-code/{code}",
|
||
get(get_custom_world_gallery_detail_by_code),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions",
|
||
post(create_custom_world_agent_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}",
|
||
get(get_custom_world_agent_session)
|
||
.delete(delete_custom_world_agent_session)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/works",
|
||
get(get_custom_world_works).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}/cards/{card_id}",
|
||
get(get_custom_world_agent_card_detail).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}/messages",
|
||
post(submit_custom_world_agent_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}/messages/stream",
|
||
post(stream_custom_world_agent_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}/actions",
|
||
post(execute_custom_world_agent_action).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/agent/sessions/{session_id}/operations/{operation_id}",
|
||
get(get_custom_world_agent_operation).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/agent/sessions",
|
||
post(create_big_fish_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/agent/sessions/{session_id}",
|
||
get(get_big_fish_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/agent/sessions/{session_id}/messages",
|
||
post(submit_big_fish_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/agent/sessions/{session_id}/messages/stream",
|
||
post(stream_big_fish_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/agent/sessions/{session_id}/actions",
|
||
post(execute_big_fish_action).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/works",
|
||
get(get_big_fish_works).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/works/{session_id}",
|
||
delete(delete_big_fish_work).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/sessions/{session_id}/runs",
|
||
post(start_big_fish_run).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/runs/{run_id}",
|
||
get(get_big_fish_run).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/big-fish/runs/{run_id}/input",
|
||
post(submit_big_fish_input).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/agent/sessions",
|
||
post(create_puzzle_agent_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/agent/sessions/{session_id}",
|
||
get(get_puzzle_agent_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/agent/sessions/{session_id}/messages",
|
||
post(submit_puzzle_agent_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/agent/sessions/{session_id}/messages/stream",
|
||
post(stream_puzzle_agent_message).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/agent/sessions/{session_id}/actions",
|
||
post(execute_puzzle_agent_action).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/works",
|
||
get(get_puzzle_works).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/works/{profile_id}",
|
||
get(get_puzzle_work_detail)
|
||
.put(put_puzzle_work)
|
||
.delete(delete_puzzle_work)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route("/api/runtime/puzzle/gallery", get(list_puzzle_gallery))
|
||
.route(
|
||
"/api/runtime/puzzle/gallery/{profile_id}",
|
||
get(get_puzzle_gallery_detail),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs",
|
||
post(start_puzzle_run).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs/local-next-level",
|
||
post(advance_local_puzzle_next_level).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs/{run_id}",
|
||
get(get_puzzle_run).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs/{run_id}/swap",
|
||
post(swap_puzzle_pieces).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs/{run_id}/drag",
|
||
post(drag_puzzle_piece_or_group).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/puzzle/runs/{run_id}/next-level",
|
||
post(advance_puzzle_next_level).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/custom-world/entity",
|
||
post(generate_custom_world_entity).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/entity",
|
||
post(generate_custom_world_entity).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/custom-world/scene-npc",
|
||
post(generate_custom_world_scene_npc).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/scene-npc",
|
||
post(generate_custom_world_scene_npc).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/custom-world/scene-image",
|
||
post(generate_custom_world_scene_image).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/custom-world/cover-image",
|
||
post(generate_custom_world_cover_image).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/cover-image",
|
||
post(generate_custom_world_cover_image).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/custom-world/cover-upload",
|
||
post(upload_custom_world_cover_image).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/custom-world/cover-upload",
|
||
post(upload_custom_world_cover_image).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/browse-history",
|
||
get(get_runtime_browse_history)
|
||
.post(post_runtime_browse_history)
|
||
.delete(delete_runtime_browse_history)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/browse-history",
|
||
get(get_runtime_browse_history)
|
||
.post(post_runtime_browse_history)
|
||
.delete(delete_runtime_browse_history)
|
||
.route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/dashboard",
|
||
get(get_profile_dashboard).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/dashboard",
|
||
get(get_profile_dashboard).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/wallet-ledger",
|
||
get(get_profile_wallet_ledger).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/wallet-ledger",
|
||
get(get_profile_wallet_ledger).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/recharge-center",
|
||
get(get_profile_recharge_center).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/recharge-center",
|
||
get(get_profile_recharge_center).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/recharge/orders",
|
||
post(create_profile_recharge_order).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/recharge/orders",
|
||
post(create_profile_recharge_order).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/play-stats",
|
||
get(get_profile_play_stats).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/save-archives",
|
||
get(list_profile_save_archives).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/save-archives",
|
||
get(list_profile_save_archives).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/profile/save-archives/{world_key}",
|
||
post(resume_profile_save_archive).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/save-archives/{world_key}",
|
||
post(resume_profile_save_archive).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/sessions/{runtime_session_id}/inventory",
|
||
get(get_runtime_inventory_state).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/story/state/resolve",
|
||
post(resolve_runtime_story_state).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/story/state/{session_id}",
|
||
get(get_runtime_story_state).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/story/actions/resolve",
|
||
post(resolve_runtime_story_action).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/story/initial",
|
||
post(generate_runtime_story_initial).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/runtime/story/continue",
|
||
post(generate_runtime_story_continue).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/profile/play-stats",
|
||
get(get_profile_play_stats).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/sessions",
|
||
post(begin_story_session).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/sessions/{story_session_id}/state",
|
||
get(get_story_session_state).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/sessions/continue",
|
||
post(continue_story).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/battles",
|
||
post(create_story_battle).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/battles/{battle_state_id}",
|
||
get(get_story_battle_state).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/npc/battle",
|
||
post(create_story_npc_battle).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route(
|
||
"/api/story/battles/resolve",
|
||
post(resolve_story_battle).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route("/api/auth/entry", post(password_entry))
|
||
.route(
|
||
"/api/auth/password/change",
|
||
post(change_password).route_layer(middleware::from_fn_with_state(
|
||
state.clone(),
|
||
require_bearer_auth,
|
||
)),
|
||
)
|
||
.route("/api/auth/password/reset", post(reset_password))
|
||
// 错误归一化层放在 tracing 里侧,让 tracing 记录到最终对外返回的状态与错误体形态。
|
||
.layer(middleware::from_fn(normalize_error_response))
|
||
// 响应头回写放在错误归一化外侧,确保最终写回的是归一化后的最终响应。
|
||
.layer(middleware::from_fn(propagate_request_id_header))
|
||
// 当前阶段先统一挂接 HTTP tracing,后续 request_id、响应头与错误中间件继续在这里扩展。
|
||
.layer(
|
||
TraceLayer::new_for_http()
|
||
.make_span_with(|request: &Request<Body>| {
|
||
let request_id =
|
||
resolve_request_id(request).unwrap_or_else(|| "unknown".to_string());
|
||
|
||
info_span!(
|
||
"http.request",
|
||
method = %request.method(),
|
||
uri = %request.uri(),
|
||
request_id = %request_id,
|
||
)
|
||
})
|
||
.on_request(DefaultOnRequest::new().level(Level::INFO))
|
||
.on_response(
|
||
move |response: &axum::response::Response,
|
||
latency: std::time::Duration,
|
||
span: &Span| {
|
||
let latency_ms = latency.as_millis().min(u64::MAX as u128) as u64;
|
||
let status = response.status().as_u16();
|
||
let slow_request = latency_ms >= slow_request_threshold_ms;
|
||
span.record("status", status);
|
||
span.record("latency_ms", latency_ms);
|
||
if slow_request {
|
||
warn!(
|
||
parent: span,
|
||
status,
|
||
latency_ms,
|
||
slow_request = true,
|
||
"http request completed slowly"
|
||
);
|
||
} else {
|
||
info!(
|
||
parent: span,
|
||
status,
|
||
latency_ms,
|
||
slow_request = false,
|
||
"http request completed"
|
||
);
|
||
}
|
||
},
|
||
)
|
||
.on_failure(
|
||
|failure: ServerErrorsFailureClass,
|
||
latency: std::time::Duration,
|
||
span: &Span| {
|
||
let latency_ms = latency.as_millis().min(u64::MAX as u128) as u64;
|
||
error!(
|
||
parent: span,
|
||
latency_ms,
|
||
failure = %failure,
|
||
"http request failed"
|
||
);
|
||
},
|
||
),
|
||
)
|
||
// request_id 中间件先进入请求链,确保后续 tracing、错误处理和响应头层都能复用同一份请求标识。
|
||
.layer(middleware::from_fn(attach_request_context))
|
||
.with_state(state)
|
||
}
|
||
|
||
#[cfg(test)]
|
||
mod tests {
|
||
use axum::{
|
||
body::Body,
|
||
http::{Request, StatusCode},
|
||
};
|
||
use http_body_util::BodyExt;
|
||
use platform_auth::{
|
||
AccessTokenClaims, AccessTokenClaimsInput, AuthProvider, BindingStatus, sign_access_token,
|
||
};
|
||
use reqwest::Client;
|
||
use serde_json::Value;
|
||
use time::OffsetDateTime;
|
||
use tokio::net::TcpListener;
|
||
use tower::ServiceExt;
|
||
|
||
use crate::{config::AppConfig, state::AppState};
|
||
|
||
use super::build_router;
|
||
|
||
#[tokio::test]
|
||
async fn healthz_returns_legacy_compatible_payload_and_headers() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/healthz")
|
||
.header("x-request-id", "req-health-legacy")
|
||
.body(Body::empty())
|
||
.expect("healthz request should build"),
|
||
)
|
||
.await
|
||
.expect("healthz request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
assert_eq!(
|
||
response
|
||
.headers()
|
||
.get("x-request-id")
|
||
.and_then(|value| value.to_str().ok()),
|
||
Some("req-health-legacy")
|
||
);
|
||
assert_eq!(
|
||
response
|
||
.headers()
|
||
.get("x-api-version")
|
||
.and_then(|value| value.to_str().ok()),
|
||
Some("2026-04-08")
|
||
);
|
||
assert_eq!(
|
||
response
|
||
.headers()
|
||
.get("x-route-version")
|
||
.and_then(|value| value.to_str().ok()),
|
||
Some("2026-04-08")
|
||
);
|
||
assert!(response.headers().contains_key("x-response-time-ms"));
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("healthz body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("healthz body should be valid json");
|
||
|
||
assert_eq!(payload["ok"], Value::Bool(true));
|
||
assert_eq!(
|
||
payload["service"],
|
||
Value::String("genarrative-api-server".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn healthz_returns_standard_envelope_when_requested() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/healthz")
|
||
.header("x-request-id", "req-health-envelope")
|
||
.header("x-genarrative-response-envelope", "v1")
|
||
.body(Body::empty())
|
||
.expect("healthz request should build"),
|
||
)
|
||
.await
|
||
.expect("healthz request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("healthz body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("healthz body should be valid json");
|
||
|
||
assert_eq!(payload["ok"], Value::Bool(true));
|
||
assert_eq!(
|
||
payload["data"]["service"],
|
||
Value::String("genarrative-api-server".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["meta"]["requestId"],
|
||
Value::String("req-health-envelope".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn internal_auth_claims_rejects_missing_bearer_token() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/_internal/auth/claims")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn internal_auth_claims_returns_verified_claims() {
|
||
let config = AppConfig::default();
|
||
let state = AppState::new(config.clone()).expect("state should build");
|
||
state
|
||
.password_entry_service()
|
||
.execute(module_auth::PasswordEntryInput {
|
||
username: "guest_auth_debug".to_string(),
|
||
password: "secret123".to_string(),
|
||
})
|
||
.await
|
||
.expect("seed login should succeed");
|
||
let claims = AccessTokenClaims::from_input(
|
||
AccessTokenClaimsInput {
|
||
user_id: "user_00000001".to_string(),
|
||
session_id: "sess_auth_debug".to_string(),
|
||
provider: AuthProvider::Password,
|
||
roles: vec!["user".to_string()],
|
||
token_version: 1,
|
||
phone_verified: true,
|
||
binding_status: BindingStatus::Active,
|
||
display_name: Some("测试用户".to_string()),
|
||
},
|
||
state.auth_jwt_config(),
|
||
OffsetDateTime::now_utc(),
|
||
)
|
||
.expect("claims should build");
|
||
let token = sign_access_token(&claims, state.auth_jwt_config()).expect("token should sign");
|
||
let app = build_router(state);
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/_internal/auth/claims")
|
||
.header("authorization", format!("Bearer {token}"))
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(
|
||
payload["claims"]["sub"],
|
||
Value::String("user_00000001".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["claims"]["sid"],
|
||
Value::String("sess_auth_debug".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["claims"]["ver"],
|
||
Value::Number(serde_json::Number::from(1))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn internal_refresh_cookie_reports_missing_cookie() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/_internal/auth/refresh-cookie")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(payload["present"], Value::Bool(false));
|
||
assert_eq!(
|
||
payload["cookieName"],
|
||
Value::String("genarrative_refresh_session".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn internal_refresh_cookie_reports_present_cookie() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/_internal/auth/refresh-cookie")
|
||
.header(
|
||
"cookie",
|
||
"theme=dark; genarrative_refresh_session=token12345",
|
||
)
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(payload["present"], Value::Bool(true));
|
||
assert_eq!(
|
||
payload["tokenLength"],
|
||
Value::Number(serde_json::Number::from(10))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn password_entry_creates_user_and_sets_refresh_cookie() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_001",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
assert!(
|
||
response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("genarrative_refresh_session="))
|
||
);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(
|
||
payload["user"]["username"],
|
||
Value::String("guest_001".to_string())
|
||
);
|
||
assert!(payload["token"].as_str().is_some());
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn auth_login_options_returns_enabled_methods_in_stable_order() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
wechat_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/login-options")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(
|
||
payload["availableLoginMethods"],
|
||
serde_json::json!(["phone", "wechat"])
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn send_phone_code_returns_mock_cooldown_and_expire_seconds() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(payload["ok"], Value::Bool(true));
|
||
assert_eq!(
|
||
payload["cooldownSeconds"],
|
||
Value::Number(serde_json::Number::from(60))
|
||
);
|
||
assert_eq!(
|
||
payload["expiresInSeconds"],
|
||
Value::Number(serde_json::Number::from(300))
|
||
);
|
||
assert_eq!(
|
||
payload["providerRequestId"],
|
||
Value::String("mock-request-id".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn send_phone_code_rejects_same_scene_during_cooldown() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let first_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("first request should build"),
|
||
)
|
||
.await
|
||
.expect("first request should succeed");
|
||
assert_eq!(first_response.status(), StatusCode::OK);
|
||
|
||
let cooldown_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("cooldown request should build"),
|
||
)
|
||
.await
|
||
.expect("cooldown request should succeed");
|
||
|
||
assert_eq!(cooldown_response.status(), StatusCode::TOO_MANY_REQUESTS);
|
||
assert!(
|
||
cooldown_response
|
||
.headers()
|
||
.get("retry-after")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.parse::<u64>().is_ok_and(|seconds| seconds > 0))
|
||
);
|
||
|
||
let body = cooldown_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("cooldown body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("cooldown body should be valid json");
|
||
|
||
assert_eq!(
|
||
payload["error"]["code"],
|
||
Value::String("TOO_MANY_REQUESTS".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["error"]["message"],
|
||
Value::String("验证码发送过于频繁,请稍后再试".to_string())
|
||
);
|
||
assert!(
|
||
payload["error"]["details"]["retryAfterSeconds"]
|
||
.as_u64()
|
||
.is_some()
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn phone_login_creates_user_and_sets_refresh_cookie() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let send_code_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("send code request should build"),
|
||
)
|
||
.await
|
||
.expect("send code request should succeed");
|
||
assert_eq!(send_code_response.status(), StatusCode::OK);
|
||
|
||
let login_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
|
||
assert_eq!(login_response.status(), StatusCode::OK);
|
||
assert!(
|
||
login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("genarrative_refresh_session="))
|
||
);
|
||
|
||
let body = login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert!(payload["token"].as_str().is_some());
|
||
assert_eq!(
|
||
payload["user"]["loginMethod"],
|
||
Value::String("phone".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["user"]["bindingStatus"],
|
||
Value::String("active".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["user"]["phoneNumberMasked"],
|
||
Value::String("138****8000".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn phone_login_reuses_existing_user_for_same_phone_number() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let send_code_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13900139000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("send code request should build"),
|
||
)
|
||
.await
|
||
.expect("send code request should succeed");
|
||
assert_eq!(send_code_response.status(), StatusCode::OK);
|
||
|
||
let first_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13900139000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("first login request should build"),
|
||
)
|
||
.await
|
||
.expect("first login request should succeed");
|
||
assert_eq!(first_login_response.status(), StatusCode::OK);
|
||
let first_body = first_login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("first login body should collect")
|
||
.to_bytes();
|
||
let first_payload: Value =
|
||
serde_json::from_slice(&first_body).expect("first login payload should be json");
|
||
|
||
let send_code_again_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13900139000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("send code request should build"),
|
||
)
|
||
.await
|
||
.expect("send code request should succeed");
|
||
assert_eq!(send_code_again_response.status(), StatusCode::OK);
|
||
|
||
let second_login_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13900139000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("second login request should build"),
|
||
)
|
||
.await
|
||
.expect("second login request should succeed");
|
||
assert_eq!(second_login_response.status(), StatusCode::OK);
|
||
let second_body = second_login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("second login body should collect")
|
||
.to_bytes();
|
||
let second_payload: Value =
|
||
serde_json::from_slice(&second_body).expect("second login payload should be json");
|
||
|
||
assert_eq!(first_payload["user"]["id"], second_payload["user"]["id"]);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn phone_login_exhausts_code_after_too_many_wrong_attempts() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let send_code_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("send code request should build"),
|
||
)
|
||
.await
|
||
.expect("send code request should succeed");
|
||
assert_eq!(send_code_response.status(), StatusCode::OK);
|
||
|
||
for _ in 0..4 {
|
||
let wrong_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"code": "000000"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("wrong login request should build"),
|
||
)
|
||
.await
|
||
.expect("wrong login request should succeed");
|
||
assert_eq!(wrong_response.status(), StatusCode::BAD_REQUEST);
|
||
}
|
||
|
||
let exhausted_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"code": "000000"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("exhausted login request should build"),
|
||
)
|
||
.await
|
||
.expect("exhausted login request should succeed");
|
||
assert_eq!(exhausted_response.status(), StatusCode::TOO_MANY_REQUESTS);
|
||
|
||
let exhausted_body = exhausted_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("exhausted body should collect")
|
||
.to_bytes();
|
||
let exhausted_payload: Value =
|
||
serde_json::from_slice(&exhausted_body).expect("exhausted payload should be json");
|
||
assert_eq!(
|
||
exhausted_payload["error"]["message"],
|
||
Value::String("验证码错误次数过多,请重新获取验证码".to_string())
|
||
);
|
||
|
||
let stale_right_code_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("stale login request should build"),
|
||
)
|
||
.await
|
||
.expect("stale login request should succeed");
|
||
assert_eq!(stale_right_code_response.status(), StatusCode::BAD_REQUEST);
|
||
|
||
let resend_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("resend request should build"),
|
||
)
|
||
.await
|
||
.expect("resend request should succeed");
|
||
assert_eq!(resend_response.status(), StatusCode::OK);
|
||
|
||
let login_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13700137000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
assert_eq!(login_response.status(), StatusCode::OK);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn wechat_start_returns_mock_callback_url_with_state() {
|
||
let config = AppConfig {
|
||
wechat_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/wechat/start?redirectPath=%2Fplay")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("host", "localhost:3000")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
let authorization_url = payload["authorizationUrl"]
|
||
.as_str()
|
||
.expect("authorization url should exist");
|
||
|
||
assert!(authorization_url.contains("/api/auth/wechat/callback"));
|
||
assert!(authorization_url.contains("mock_code=wx-mock-code"));
|
||
assert!(authorization_url.contains("state="));
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn wechat_callback_creates_pending_bind_phone_session_with_wechat_provider() {
|
||
let config = AppConfig {
|
||
wechat_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config.clone()).expect("state should build"));
|
||
|
||
let start_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/wechat/start?redirectPath=%2Fplay")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("host", "localhost:3000")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("wechat start should succeed");
|
||
let start_body = start_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("wechat start body should collect")
|
||
.to_bytes();
|
||
let start_payload: Value =
|
||
serde_json::from_slice(&start_body).expect("wechat start payload should be json");
|
||
let authorization_url = start_payload["authorizationUrl"]
|
||
.as_str()
|
||
.expect("authorization url should exist");
|
||
|
||
let callback_url =
|
||
url::Url::parse(authorization_url).expect("authorization url should be valid");
|
||
let state = callback_url
|
||
.query_pairs()
|
||
.find(|(key, _)| key == "state")
|
||
.map(|(_, value)| value.into_owned())
|
||
.expect("state query should exist");
|
||
|
||
let callback_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri(format!(
|
||
"/api/auth/wechat/callback?state={state}&mock_code=wx-mock-code"
|
||
))
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("host", "localhost:3000")
|
||
.body(Body::empty())
|
||
.expect("callback request should build"),
|
||
)
|
||
.await
|
||
.expect("callback request should succeed");
|
||
|
||
assert_eq!(callback_response.status(), StatusCode::SEE_OTHER);
|
||
let location = callback_response
|
||
.headers()
|
||
.get("location")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("redirect location should exist");
|
||
let refresh_cookie = callback_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("refresh cookie should exist");
|
||
|
||
assert!(location.starts_with("/play#"));
|
||
assert!(location.contains("auth_provider=wechat"));
|
||
assert!(location.contains("auth_binding_status=pending_bind_phone"));
|
||
assert!(location.contains("auth_token="));
|
||
assert!(refresh_cookie.contains("genarrative_refresh_session="));
|
||
|
||
let auth_hash = location
|
||
.split('#')
|
||
.nth(1)
|
||
.expect("hash fragment should exist");
|
||
let auth_params = url::form_urlencoded::parse(auth_hash.as_bytes())
|
||
.into_owned()
|
||
.collect::<std::collections::HashMap<String, String>>();
|
||
let token = auth_params
|
||
.get("auth_token")
|
||
.expect("auth token should exist in hash");
|
||
|
||
let me_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/me")
|
||
.header("authorization", format!("Bearer {token}"))
|
||
.body(Body::empty())
|
||
.expect("auth me request should build"),
|
||
)
|
||
.await
|
||
.expect("auth me request should succeed");
|
||
|
||
assert_eq!(me_response.status(), StatusCode::OK);
|
||
let me_body = me_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("auth me body should collect")
|
||
.to_bytes();
|
||
let me_payload: Value =
|
||
serde_json::from_slice(&me_body).expect("auth me payload should be json");
|
||
|
||
assert_eq!(
|
||
me_payload["user"]["loginMethod"],
|
||
Value::String("wechat".to_string())
|
||
);
|
||
assert_eq!(
|
||
me_payload["user"]["bindingStatus"],
|
||
Value::String("pending_bind_phone".to_string())
|
||
);
|
||
|
||
let claims_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/_internal/auth/claims")
|
||
.header("authorization", format!("Bearer {token}"))
|
||
.body(Body::empty())
|
||
.expect("claims request should build"),
|
||
)
|
||
.await
|
||
.expect("claims request should succeed");
|
||
let claims_body = claims_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("claims body should collect")
|
||
.to_bytes();
|
||
let claims_payload: Value =
|
||
serde_json::from_slice(&claims_body).expect("claims payload should be json");
|
||
|
||
assert_eq!(
|
||
claims_payload["claims"]["provider"],
|
||
Value::String("wechat".to_string())
|
||
);
|
||
assert_eq!(
|
||
claims_payload["claims"]["binding_status"],
|
||
Value::String("pending_bind_phone".to_string())
|
||
);
|
||
assert_eq!(
|
||
claims_payload["claims"]["phone_verified"],
|
||
Value::Bool(false)
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn wechat_bind_phone_merges_into_existing_phone_user() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
wechat_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let phone_send_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "login"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("phone send request should build"),
|
||
)
|
||
.await
|
||
.expect("phone send request should succeed");
|
||
assert_eq!(phone_send_response.status(), StatusCode::OK);
|
||
|
||
let phone_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("phone login request should build"),
|
||
)
|
||
.await
|
||
.expect("phone login request should succeed");
|
||
let phone_login_body = phone_login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("phone login body should collect")
|
||
.to_bytes();
|
||
let phone_login_payload: Value =
|
||
serde_json::from_slice(&phone_login_body).expect("phone login payload should be json");
|
||
let phone_user_id = phone_login_payload["user"]["id"].clone();
|
||
|
||
let wechat_start_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/wechat/start?redirectPath=%2Fplay")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("host", "localhost:3000")
|
||
.body(Body::empty())
|
||
.expect("wechat start request should build"),
|
||
)
|
||
.await
|
||
.expect("wechat start request should succeed");
|
||
let wechat_start_body = wechat_start_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("wechat start body should collect")
|
||
.to_bytes();
|
||
let wechat_start_payload: Value = serde_json::from_slice(&wechat_start_body)
|
||
.expect("wechat start payload should be json");
|
||
let authorization_url = wechat_start_payload["authorizationUrl"]
|
||
.as_str()
|
||
.expect("wechat authorization url should exist");
|
||
let callback_state = url::Url::parse(authorization_url)
|
||
.expect("authorization url should be valid")
|
||
.query_pairs()
|
||
.find(|(key, _)| key == "state")
|
||
.map(|(_, value)| value.into_owned())
|
||
.expect("state should exist");
|
||
|
||
let wechat_callback_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri(format!(
|
||
"/api/auth/wechat/callback?state={callback_state}&mock_code=wx-mock-code"
|
||
))
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("host", "localhost:3000")
|
||
.body(Body::empty())
|
||
.expect("wechat callback request should build"),
|
||
)
|
||
.await
|
||
.expect("wechat callback request should succeed");
|
||
let wechat_location = wechat_callback_response
|
||
.headers()
|
||
.get("location")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("wechat callback location should exist");
|
||
let wechat_hash = wechat_location
|
||
.split('#')
|
||
.nth(1)
|
||
.expect("wechat callback hash should exist");
|
||
let wechat_auth_params = url::form_urlencoded::parse(wechat_hash.as_bytes())
|
||
.into_owned()
|
||
.collect::<std::collections::HashMap<String, String>>();
|
||
let wechat_token = wechat_auth_params
|
||
.get("auth_token")
|
||
.expect("wechat auth token should exist");
|
||
|
||
let bind_code_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/phone/send-code")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"scene": "bind_phone"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("bind code request should build"),
|
||
)
|
||
.await
|
||
.expect("bind code request should succeed");
|
||
assert_eq!(bind_code_response.status(), StatusCode::OK);
|
||
|
||
let bind_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/wechat/bind-phone")
|
||
.header("authorization", format!("Bearer {wechat_token}"))
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"phone": "13800138000",
|
||
"code": "123456"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("bind request should build"),
|
||
)
|
||
.await
|
||
.expect("bind request should succeed");
|
||
|
||
assert_eq!(bind_response.status(), StatusCode::OK);
|
||
assert!(
|
||
bind_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("genarrative_refresh_session="))
|
||
);
|
||
let bind_body = bind_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("bind body should collect")
|
||
.to_bytes();
|
||
let bind_payload: Value =
|
||
serde_json::from_slice(&bind_body).expect("bind payload should be json");
|
||
|
||
assert_eq!(bind_payload["user"]["id"], phone_user_id);
|
||
assert_eq!(
|
||
bind_payload["user"]["bindingStatus"],
|
||
Value::String("active".to_string())
|
||
);
|
||
assert_eq!(
|
||
bind_payload["user"]["loginMethod"],
|
||
Value::String("phone".to_string())
|
||
);
|
||
assert_eq!(bind_payload["user"]["wechatBound"], Value::Bool(true));
|
||
assert_eq!(
|
||
bind_payload["user"]["phoneNumberMasked"],
|
||
Value::String("138****8000".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn auth_sessions_returns_multi_device_session_fields() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let first_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.header("x-client-instance-id", "chrome-instance-001")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_sessions_api",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("first login request should build"),
|
||
)
|
||
.await
|
||
.expect("first login should succeed");
|
||
let first_cookie = first_login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("first cookie should exist")
|
||
.to_string();
|
||
let first_body = first_login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("first login body should collect")
|
||
.to_bytes();
|
||
let first_payload: Value =
|
||
serde_json::from_slice(&first_body).expect("first login payload should be json");
|
||
let access_token = first_payload["token"]
|
||
.as_str()
|
||
.expect("access token should exist")
|
||
.to_string();
|
||
|
||
let _second_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.header("x-client-type", "mini_program")
|
||
.header("x-client-runtime", "wechat_mini_program")
|
||
.header("x-client-platform", "android")
|
||
.header("x-client-instance-id", "mini-instance-001")
|
||
.header("x-mini-program-app-id", "wx-session-test")
|
||
.header("x-mini-program-env", "release")
|
||
.header("user-agent", "Mozilla/5.0 Chrome/123.0 MicroMessenger")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_sessions_api",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("second login request should build"),
|
||
)
|
||
.await
|
||
.expect("second login should succeed");
|
||
|
||
let sessions_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/sessions")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.header("cookie", first_cookie)
|
||
.body(Body::empty())
|
||
.expect("sessions request should build"),
|
||
)
|
||
.await
|
||
.expect("sessions request should succeed");
|
||
|
||
assert_eq!(sessions_response.status(), StatusCode::OK);
|
||
let sessions_body = sessions_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("sessions body should collect")
|
||
.to_bytes();
|
||
let sessions_payload: Value =
|
||
serde_json::from_slice(&sessions_body).expect("sessions payload should be json");
|
||
let sessions = sessions_payload["sessions"]
|
||
.as_array()
|
||
.expect("sessions should be array");
|
||
|
||
assert_eq!(sessions.len(), 2);
|
||
assert!(sessions.iter().any(|session| {
|
||
session["clientType"] == Value::String("web_browser".to_string())
|
||
&& session["clientRuntime"] == Value::String("chrome".to_string())
|
||
&& session["clientPlatform"] == Value::String("windows".to_string())
|
||
&& session["deviceDisplayName"] == Value::String("Windows / Chrome".to_string())
|
||
&& session["isCurrent"] == Value::Bool(true)
|
||
}));
|
||
assert!(sessions.iter().any(|session| {
|
||
session["clientType"] == Value::String("mini_program".to_string())
|
||
&& session["clientRuntime"] == Value::String("wechat_mini_program".to_string())
|
||
&& session["miniProgramAppId"] == Value::String("wx-session-test".to_string())
|
||
&& session["miniProgramEnv"] == Value::String("release".to_string())
|
||
&& session["deviceDisplayName"] == Value::String("微信小程序 / Android".to_string())
|
||
&& session["isCurrent"] == Value::Bool(false)
|
||
}));
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn password_entry_reuses_same_user_for_same_credentials() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let first_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_001",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("first request should succeed");
|
||
let first_body = first_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("first body should collect")
|
||
.to_bytes();
|
||
let first_payload: Value =
|
||
serde_json::from_slice(&first_body).expect("first payload should be json");
|
||
|
||
let second_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_001",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("second request should succeed");
|
||
let second_body = second_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("second body should collect")
|
||
.to_bytes();
|
||
let second_payload: Value =
|
||
serde_json::from_slice(&second_body).expect("second payload should be json");
|
||
|
||
assert_eq!(first_payload["user"]["id"], second_payload["user"]["id"]);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn password_entry_rejects_wrong_password() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
app.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_001",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("seed request should succeed");
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_001",
|
||
"password": "secret999"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn password_entry_rejects_invalid_username() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "无效用户",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn auth_me_returns_current_user_and_available_login_methods() {
|
||
let config = AppConfig {
|
||
sms_auth_enabled: true,
|
||
wechat_auth_enabled: true,
|
||
..AppConfig::default()
|
||
};
|
||
let state = AppState::new(config).expect("state should build");
|
||
state
|
||
.password_entry_service()
|
||
.execute(module_auth::PasswordEntryInput {
|
||
username: "guest_001".to_string(),
|
||
password: "secret123".to_string(),
|
||
})
|
||
.await
|
||
.expect("seed login should succeed");
|
||
let claims = AccessTokenClaims::from_input(
|
||
AccessTokenClaimsInput {
|
||
user_id: "user_00000001".to_string(),
|
||
session_id: "sess_me_query".to_string(),
|
||
provider: AuthProvider::Password,
|
||
roles: vec!["user".to_string()],
|
||
token_version: 1,
|
||
phone_verified: false,
|
||
binding_status: BindingStatus::Active,
|
||
display_name: Some("guest_001".to_string()),
|
||
},
|
||
state.auth_jwt_config(),
|
||
OffsetDateTime::now_utc(),
|
||
)
|
||
.expect("claims should build");
|
||
let token = sign_access_token(&claims, state.auth_jwt_config()).expect("token should sign");
|
||
let app = build_router(state);
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/me")
|
||
.header("authorization", format!("Bearer {token}"))
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert_eq!(
|
||
payload["user"]["id"],
|
||
Value::String("user_00000001".to_string())
|
||
);
|
||
assert_eq!(
|
||
payload["availableLoginMethods"],
|
||
serde_json::json!(["phone", "wechat"])
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn auth_me_returns_unauthorized_when_user_missing() {
|
||
let config = AppConfig::default();
|
||
let state = AppState::new(config).expect("state should build");
|
||
let claims = AccessTokenClaims::from_input(
|
||
AccessTokenClaimsInput {
|
||
user_id: "user_missing".to_string(),
|
||
session_id: "sess_missing".to_string(),
|
||
provider: AuthProvider::Password,
|
||
roles: vec!["user".to_string()],
|
||
token_version: 1,
|
||
phone_verified: false,
|
||
binding_status: BindingStatus::Active,
|
||
display_name: Some("ghost".to_string()),
|
||
},
|
||
state.auth_jwt_config(),
|
||
OffsetDateTime::now_utc(),
|
||
)
|
||
.expect("claims should build");
|
||
let token = sign_access_token(&claims, state.auth_jwt_config()).expect("token should sign");
|
||
let app = build_router(state);
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/me")
|
||
.header("authorization", format!("Bearer {token}"))
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn refresh_session_rotates_cookie_and_returns_new_access_token() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_refresh",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
let first_cookie = login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("refresh cookie should exist")
|
||
.to_string();
|
||
|
||
let refresh_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/refresh")
|
||
.header("cookie", first_cookie.clone())
|
||
.body(Body::empty())
|
||
.expect("refresh request should build"),
|
||
)
|
||
.await
|
||
.expect("refresh request should succeed");
|
||
|
||
assert_eq!(refresh_response.status(), StatusCode::OK);
|
||
let second_cookie = refresh_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("rotated refresh cookie should exist")
|
||
.to_string();
|
||
assert_ne!(first_cookie, second_cookie);
|
||
|
||
let refresh_body = refresh_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("refresh body should collect")
|
||
.to_bytes();
|
||
let refresh_payload: Value =
|
||
serde_json::from_slice(&refresh_body).expect("refresh payload should be json");
|
||
assert!(refresh_payload["token"].as_str().is_some());
|
||
|
||
let stale_refresh_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/refresh")
|
||
.header("cookie", first_cookie)
|
||
.body(Body::empty())
|
||
.expect("stale refresh request should build"),
|
||
)
|
||
.await
|
||
.expect("stale refresh request should succeed");
|
||
|
||
assert_eq!(stale_refresh_response.status(), StatusCode::UNAUTHORIZED);
|
||
assert!(
|
||
stale_refresh_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn refresh_session_rejects_missing_cookie_and_clears_cookie() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/refresh")
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
|
||
assert!(
|
||
response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn logout_clears_cookie_and_invalidates_current_access_token() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_logout_api",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
let refresh_cookie = login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("refresh cookie should exist")
|
||
.to_string();
|
||
let login_body = login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("login body should collect")
|
||
.to_bytes();
|
||
let login_payload: Value =
|
||
serde_json::from_slice(&login_body).expect("login payload should be json");
|
||
let access_token = login_payload["token"]
|
||
.as_str()
|
||
.expect("token should exist")
|
||
.to_string();
|
||
|
||
let logout_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/logout")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.header("cookie", refresh_cookie)
|
||
.body(Body::empty())
|
||
.expect("logout request should build"),
|
||
)
|
||
.await
|
||
.expect("logout request should succeed");
|
||
|
||
assert_eq!(logout_response.status(), StatusCode::OK);
|
||
assert!(
|
||
logout_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
|
||
let logout_body = logout_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("logout body should collect")
|
||
.to_bytes();
|
||
let logout_payload: Value =
|
||
serde_json::from_slice(&logout_body).expect("logout payload should be json");
|
||
assert_eq!(logout_payload["ok"], Value::Bool(true));
|
||
|
||
let me_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/me")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.body(Body::empty())
|
||
.expect("me request should build"),
|
||
)
|
||
.await
|
||
.expect("me request should succeed");
|
||
|
||
assert_eq!(me_response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn logout_succeeds_without_refresh_cookie_when_bearer_token_is_valid() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_logout_no_cookie",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
let login_body = login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("login body should collect")
|
||
.to_bytes();
|
||
let login_payload: Value =
|
||
serde_json::from_slice(&login_body).expect("login payload should be json");
|
||
let access_token = login_payload["token"]
|
||
.as_str()
|
||
.expect("token should exist")
|
||
.to_string();
|
||
|
||
let logout_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/logout")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.body(Body::empty())
|
||
.expect("logout request should build"),
|
||
)
|
||
.await
|
||
.expect("logout request should succeed");
|
||
|
||
assert_eq!(logout_response.status(), StatusCode::OK);
|
||
assert!(
|
||
logout_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn logout_all_clears_cookie_and_invalidates_all_sessions() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let first_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.header(
|
||
"user-agent",
|
||
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0 Safari/537.36",
|
||
)
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_logout_all_api",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("first login request should build"),
|
||
)
|
||
.await
|
||
.expect("first login should succeed");
|
||
let first_refresh_cookie = first_login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("first refresh cookie should exist")
|
||
.to_string();
|
||
let first_login_body = first_login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("first login body should collect")
|
||
.to_bytes();
|
||
let first_login_payload: Value =
|
||
serde_json::from_slice(&first_login_body).expect("first login payload should be json");
|
||
let first_access_token = first_login_payload["token"]
|
||
.as_str()
|
||
.expect("first access token should exist")
|
||
.to_string();
|
||
|
||
let second_login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.header("x-client-runtime", "firefox")
|
||
.header("x-client-instance-id", "logout-all-instance-002")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_logout_all_api",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("second login request should build"),
|
||
)
|
||
.await
|
||
.expect("second login should succeed");
|
||
let second_refresh_cookie = second_login_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.expect("second refresh cookie should exist")
|
||
.to_string();
|
||
|
||
let logout_all_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/logout-all")
|
||
.header("authorization", format!("Bearer {first_access_token}"))
|
||
.header("cookie", first_refresh_cookie.clone())
|
||
.body(Body::empty())
|
||
.expect("logout-all request should build"),
|
||
)
|
||
.await
|
||
.expect("logout-all request should succeed");
|
||
|
||
assert_eq!(logout_all_response.status(), StatusCode::OK);
|
||
assert!(
|
||
logout_all_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
|
||
let logout_all_body = logout_all_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("logout-all body should collect")
|
||
.to_bytes();
|
||
let logout_all_payload: Value =
|
||
serde_json::from_slice(&logout_all_body).expect("logout-all payload should be json");
|
||
assert_eq!(logout_all_payload["ok"], Value::Bool(true));
|
||
|
||
let me_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/api/auth/me")
|
||
.header("authorization", format!("Bearer {first_access_token}"))
|
||
.body(Body::empty())
|
||
.expect("me request should build"),
|
||
)
|
||
.await
|
||
.expect("me request should succeed");
|
||
assert_eq!(me_response.status(), StatusCode::UNAUTHORIZED);
|
||
|
||
let first_refresh_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/refresh")
|
||
.header("cookie", first_refresh_cookie)
|
||
.body(Body::empty())
|
||
.expect("first refresh request should build"),
|
||
)
|
||
.await
|
||
.expect("first refresh request should succeed");
|
||
assert_eq!(first_refresh_response.status(), StatusCode::UNAUTHORIZED);
|
||
|
||
let second_refresh_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/refresh")
|
||
.header("cookie", second_refresh_cookie)
|
||
.body(Body::empty())
|
||
.expect("second refresh request should build"),
|
||
)
|
||
.await
|
||
.expect("second refresh request should succeed");
|
||
assert_eq!(second_refresh_response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn logout_all_succeeds_without_refresh_cookie_when_bearer_token_is_valid() {
|
||
let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
|
||
|
||
let login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_logout_all_nc",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login request should succeed");
|
||
let login_body = login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("login body should collect")
|
||
.to_bytes();
|
||
let login_payload: Value =
|
||
serde_json::from_slice(&login_body).expect("login payload should be json");
|
||
let access_token = login_payload["token"]
|
||
.as_str()
|
||
.expect("access token should exist")
|
||
.to_string();
|
||
|
||
let logout_all_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/logout-all")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.body(Body::empty())
|
||
.expect("logout-all request should build"),
|
||
)
|
||
.await
|
||
.expect("logout-all request should succeed");
|
||
|
||
assert_eq!(logout_all_response.status(), StatusCode::OK);
|
||
assert!(
|
||
logout_all_response
|
||
.headers()
|
||
.get("set-cookie")
|
||
.and_then(|value| value.to_str().ok())
|
||
.is_some_and(|value| value.contains("Max-Age=0"))
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn admin_login_returns_token_when_configured() {
|
||
let mut config = AppConfig::default();
|
||
config.admin_username = Some("root".to_string());
|
||
config.admin_password = Some("secret123".to_string());
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/admin/api/login")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "root",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::OK);
|
||
let body = response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("response body should collect")
|
||
.to_bytes();
|
||
let payload: Value =
|
||
serde_json::from_slice(&body).expect("response body should be valid json");
|
||
|
||
assert!(payload["token"].as_str().is_some());
|
||
assert_eq!(
|
||
payload["admin"]["username"],
|
||
Value::String("root".to_string())
|
||
);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn admin_route_rejects_regular_user_token() {
|
||
let mut config = AppConfig::default();
|
||
config.admin_username = Some("root".to_string());
|
||
config.admin_password = Some("secret123".to_string());
|
||
let state = AppState::new(config).expect("state should build");
|
||
let app = build_router(state.clone());
|
||
|
||
let login_response = app
|
||
.clone()
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/api/auth/entry")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"username": "guest_admin_forbidden",
|
||
"password": "secret123"
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("login request should build"),
|
||
)
|
||
.await
|
||
.expect("login should succeed");
|
||
let login_body = login_response
|
||
.into_body()
|
||
.collect()
|
||
.await
|
||
.expect("login body should collect")
|
||
.to_bytes();
|
||
let login_payload: Value =
|
||
serde_json::from_slice(&login_body).expect("login payload should be json");
|
||
let access_token = login_payload["token"]
|
||
.as_str()
|
||
.expect("token should exist")
|
||
.to_string();
|
||
|
||
let response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.uri("/admin/api/me")
|
||
.header("authorization", format!("Bearer {access_token}"))
|
||
.body(Body::empty())
|
||
.expect("request should build"),
|
||
)
|
||
.await
|
||
.expect("request should succeed");
|
||
|
||
assert_eq!(response.status(), StatusCode::FORBIDDEN);
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn admin_debug_http_can_probe_healthz_when_authenticated() {
|
||
let mut config = AppConfig::default();
|
||
config.admin_username = Some("root".to_string());
|
||
config.admin_password = Some("secret123".to_string());
|
||
let listener = TcpListener::bind("127.0.0.1:0")
|
||
.await
|
||
.expect("listener should bind");
|
||
let local_addr = listener
|
||
.local_addr()
|
||
.expect("listener should expose local addr");
|
||
config.bind_host = "127.0.0.1".to_string();
|
||
config.bind_port = local_addr.port();
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
let server = tokio::spawn(async move {
|
||
axum::serve(listener, app)
|
||
.await
|
||
.expect("test admin server should serve");
|
||
});
|
||
let http_client = Client::new();
|
||
let base_url = format!("http://{}", local_addr);
|
||
|
||
let login_payload: Value = http_client
|
||
.post(format!("{base_url}/admin/api/login"))
|
||
.json(&serde_json::json!({
|
||
"username": "root",
|
||
"password": "secret123"
|
||
}))
|
||
.send()
|
||
.await
|
||
.expect("login request should succeed")
|
||
.json()
|
||
.await
|
||
.expect("login payload should be json");
|
||
let access_token = login_payload["token"]
|
||
.as_str()
|
||
.expect("token should exist")
|
||
.to_string();
|
||
|
||
let payload: Value = http_client
|
||
.post(format!("{base_url}/admin/api/debug/http"))
|
||
.bearer_auth(access_token)
|
||
.json(&serde_json::json!({
|
||
"method": "GET",
|
||
"path": "/healthz",
|
||
"headers": [],
|
||
"body": ""
|
||
}))
|
||
.send()
|
||
.await
|
||
.expect("debug request should succeed")
|
||
.json()
|
||
.await
|
||
.expect("debug payload should be json");
|
||
|
||
server.abort();
|
||
let _ = server.await;
|
||
|
||
assert_eq!(payload["status"], Value::Number(200.into()));
|
||
}
|
||
|
||
#[tokio::test]
|
||
async fn admin_debug_http_requires_authentication() {
|
||
let mut config = AppConfig::default();
|
||
config.admin_username = Some("root".to_string());
|
||
config.admin_password = Some("secret123".to_string());
|
||
let app = build_router(AppState::new(config).expect("state should build"));
|
||
|
||
let debug_response = app
|
||
.oneshot(
|
||
Request::builder()
|
||
.method("POST")
|
||
.uri("/admin/api/debug/http")
|
||
.header("content-type", "application/json")
|
||
.body(Body::from(
|
||
serde_json::json!({
|
||
"method": "GET",
|
||
"path": "/healthz",
|
||
"headers": [],
|
||
"body": ""
|
||
})
|
||
.to_string(),
|
||
))
|
||
.expect("debug request should build"),
|
||
)
|
||
.await
|
||
.expect("debug request should succeed");
|
||
|
||
assert_eq!(debug_response.status(), StatusCode::UNAUTHORIZED);
|
||
}
|
||
}
|