package user_test import ( "context" "database/sql" "errors" "fmt" "github.com/go-sql-driver/mysql" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/zeromicro/go-zero/core/stores/redis" "github.com/zeromicro/go-zero/core/stores/sqlx" "perms-system-server/internal/model/user" "perms-system-server/internal/testutil" "strings" "sync" "sync/atomic" "testing" "time" ) func newTestSysUser(username string, deptId int64) *user.SysUser { now := time.Now().Unix() return &user.SysUser{ Username: username, Password: "hashed", Nickname: "nick", Avatar: sql.NullString{Valid: false}, Email: "t@example.com", Phone: "13800000000", Remark: "", DeptId: deptId, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: now, UpdateTime: now, } } func newModel(t *testing.T) (user.SysUserModel, sqlx.SqlConn) { t.Helper() conn := testutil.GetTestSqlConn() m := user.NewSysUserModel(conn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) return m, conn } // TC-0333: 获取表名 func TestSysUserModel_TableName(t *testing.T) { m, _ := newModel(t) require.Equal(t, "`sys_user`", m.TableName()) } // TC-0310: 正常插入 func TestSysUserModel_CRUD(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "crud_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) require.Greater(t, id, int64(0)) defer testutil.CleanTable(ctx, conn, m.TableName(), id) got, err := m.FindOne(ctx, id) require.NoError(t, err) require.Equal(t, username, got.Username) require.Equal(t, data.Email, got.Email) data.Id = id data.Nickname = "updated_nick" data.UpdateTime = time.Now().Unix() require.NoError(t, m.Update(ctx, data)) after, err := m.FindOne(ctx, id) require.NoError(t, err) require.Equal(t, "updated_nick", after.Nickname) require.NoError(t, m.Delete(ctx, id)) _, err = m.FindOne(ctx, id) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0359: FindOneByUsername func TestSysUserModel_FindOneByUsername(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "findname_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id) found, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) require.Equal(t, id, found.Id) require.Equal(t, username, found.Username) _, err = m.FindOneByUsername(ctx, "no_such_"+testutil.UniqueId()) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0336: 多条记录(3条) func TestSysUserModel_BatchInsert_BatchDelete(t *testing.T) { ctx := context.Background() m, conn := newModel(t) names := []string{ "batch_a_" + testutil.UniqueId(), "batch_b_" + testutil.UniqueId(), "batch_c_" + testutil.UniqueId(), } list := []*user.SysUser{ newTestSysUser(names[0], 10), newTestSysUser(names[1], 10), newTestSysUser(names[2], 10), } require.NoError(t, m.BatchInsert(ctx, list)) var ids []int64 for _, name := range names { u, err := m.FindOneByUsername(ctx, name) require.NoError(t, err) ids = append(ids, u.Id) } defer testutil.CleanTable(ctx, conn, m.TableName(), ids...) require.NoError(t, m.BatchDelete(ctx, ids)) for _, name := range names { _, err := m.FindOneByUsername(ctx, name) require.ErrorIs(t, err, user.ErrNotFound) } } // TC-0345: 多条记录(3条) func TestSysUserModel_BatchUpdate(t *testing.T) { ctx := context.Background() m, conn := newModel(t) u1 := "bupd1_" + testutil.UniqueId() u2 := "bupd2_" + testutil.UniqueId() d1 := newTestSysUser(u1, 20) d2 := newTestSysUser(u2, 20) r1, err := m.Insert(ctx, d1) require.NoError(t, err) id1, err := r1.LastInsertId() require.NoError(t, err) r2, err := m.Insert(ctx, d2) require.NoError(t, err) id2, err := r2.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id1, id2) now := time.Now().Unix() upd := []*user.SysUser{ {Id: id1, Username: u1, Password: d1.Password, Nickname: "n1_new", Avatar: sql.NullString{}, Email: d1.Email, Phone: d1.Phone, Remark: d1.Remark, DeptId: 21, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: d1.CreateTime, UpdateTime: now}, {Id: id2, Username: u2, Password: d2.Password, Nickname: "n2_new", Avatar: sql.NullString{}, Email: d2.Email, Phone: d2.Phone, Remark: d2.Remark, DeptId: 22, IsSuperAdmin: 2, MustChangePassword: 2, Status: 2, CreateTime: d2.CreateTime, UpdateTime: now}, } require.NoError(t, m.BatchUpdate(ctx, upd)) g1, err := m.FindOne(ctx, id1) require.NoError(t, err) require.Equal(t, "n1_new", g1.Nickname) require.Equal(t, int64(21), g1.DeptId) g2, err := m.FindOne(ctx, id2) require.NoError(t, err) require.Equal(t, "n2_new", g2.Nickname) require.Equal(t, int64(22), g2.DeptId) require.Equal(t, int64(2), g2.Status) } // TC-0331: 正常事务 func TestSysUserModel_TransactCtx_Commit(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "tx_ok_" + testutil.UniqueId() data := newTestSysUser(username, 3) var insertedID int64 err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { res, err := m.InsertWithTx(c, session, data) if err != nil { return err } insertedID, err = res.LastInsertId() return err }) require.NoError(t, err) require.Greater(t, insertedID, int64(0)) defer testutil.CleanTable(ctx, conn, m.TableName(), insertedID) got, err := m.FindOne(ctx, insertedID) require.NoError(t, err) require.Equal(t, username, got.Username) } // TC-0332: fn返回错误 func TestSysUserModel_TransactCtx_Rollback(t *testing.T) { ctx := context.Background() m, _ := newModel(t) username := "tx_rb_" + testutil.UniqueId() data := newTestSysUser(username, 3) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { if _, e := m.InsertWithTx(c, session, data); e != nil { return e } return errors.New("force rollback") }) require.Error(t, err) require.Contains(t, err.Error(), "force rollback") _, err = m.FindOneByUsername(ctx, username) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0314: 事务内插入 func TestSysUserModel_InsertWithTx_DeleteWithTx_SameTransaction(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "tx_del_" + testutil.UniqueId() data := newTestSysUser(username, 4) // DeleteWithTx 会先 FindOne;未提交事务内的插入对默认连接不可见,因此分两个 TransactCtx: // 先提交插入,再在独立事务中 DeleteWithTx。 var insertedID int64 err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { res, err := m.InsertWithTx(c, session, data) if err != nil { return err } insertedID, err = res.LastInsertId() return err }) require.NoError(t, err) require.Greater(t, insertedID, int64(0)) defer testutil.CleanTable(ctx, conn, m.TableName(), insertedID) err = m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.DeleteWithTx(c, session, insertedID) }) require.NoError(t, err) _, err = m.FindOne(ctx, insertedID) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0405: 正常分页 func TestSysUserModel_FindListByPage(t *testing.T) { ctx := context.Background() m, conn := newModel(t) var cnt int64 err := conn.QueryRowCtx(ctx, &cnt, "SELECT COUNT(*) FROM "+m.TableName()) require.NoError(t, err) username := "page_" + testutil.UniqueId() res, err := m.Insert(ctx, newTestSysUser(username, 5)) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id) list, total, err := m.FindListByPage(ctx, 1, 10) require.NoError(t, err) var cntAfter int64 require.NoError(t, conn.QueryRowCtx(ctx, &cntAfter, "SELECT COUNT(*) FROM "+m.TableName())) require.Equal(t, cntAfter, total) require.GreaterOrEqual(t, len(list), 1) require.LessOrEqual(t, len(list), 10) list2, total2, err := m.FindListByPage(ctx, 1, 1) require.NoError(t, err) require.Equal(t, cntAfter, total2) require.Len(t, list2, 1) } // TC-0410: FindListByProductMembers 正常查询 func TestSysUserModel_FindListByProductMembers(t *testing.T) { ctx := context.Background() m, conn := newModel(t) productCode := "t_fpm_" + testutil.UniqueId() list, mtMap, total, err := m.FindListByProductMembers(ctx, productCode, 1, 10) require.NoError(t, err) require.Empty(t, list) require.Empty(t, mtMap) require.Equal(t, int64(0), total) u1 := "fpm1_" + testutil.UniqueId() u2 := "fpm2_" + testutil.UniqueId() u3 := "fpm3_" + testutil.UniqueId() r1, err := m.Insert(ctx, newTestSysUser(u1, 1)) require.NoError(t, err) id1, _ := r1.LastInsertId() r2, err := m.Insert(ctx, newTestSysUser(u2, 1)) require.NoError(t, err) id2, _ := r2.LastInsertId() r3, err := m.Insert(ctx, newTestSysUser(u3, 1)) require.NoError(t, err) id3, _ := r3.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id1, id2, id3) now := time.Now().Unix() memberQ := "INSERT INTO `sys_product_member` (`productCode`,`userId`,`memberType`,`createTime`,`updateTime`) VALUES (?,?,?,?,?),(?,?,?,?,?)" res, err := conn.ExecCtx(ctx, memberQ, productCode, id1, "MEMBER", now, now, productCode, id2, "MEMBER", now, now) require.NoError(t, err) _ = res defer func() { _, _ = conn.ExecCtx(ctx, "DELETE FROM `sys_product_member` WHERE `productCode`=?", productCode) }() list, mtMap, total, err = m.FindListByProductMembers(ctx, productCode, 1, 10) require.NoError(t, err) require.Equal(t, int64(2), total) found := map[int64]struct{}{} for _, u := range list { found[u.Id] = struct{}{} } _, ok1 := found[id1] _, ok2 := found[id2] _, ok3 := found[id3] require.True(t, ok1 && ok2, "expected u1 and u2 to be in product members") require.False(t, ok3, "u3 should not appear since not a product member") // -G 修复:FindListByProductMembers 同时返回 memberType,验证 map 字段完整性 require.Equal(t, "MEMBER", mtMap[id1]) require.Equal(t, "MEMBER", mtMap[id2]) _, ok3m := mtMap[id3] require.False(t, ok3m, "u3 不是成员,不应出现在 memberMap 中") list2, _, _, err := m.FindListByProductMembers(ctx, productCode, 1, 1) require.NoError(t, err) require.Len(t, list2, 1) } // TC-0412: 正常批量查询 func TestSysUserModel_FindByIds(t *testing.T) { ctx := context.Background() m, conn := newModel(t) list, err := m.FindByIds(ctx, nil) require.NoError(t, err) require.Nil(t, list) list, err = m.FindByIds(ctx, []int64{}) require.NoError(t, err) require.Nil(t, list) r1, err := m.Insert(ctx, newTestSysUser("fid1_"+testutil.UniqueId(), 6)) require.NoError(t, err) id1, err := r1.LastInsertId() require.NoError(t, err) r2, err := m.Insert(ctx, newTestSysUser("fid2_"+testutil.UniqueId(), 6)) require.NoError(t, err) id2, err := r2.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id1, id2) list, err = m.FindByIds(ctx, []int64{id1, id2}) require.NoError(t, err) require.Len(t, list, 2) ids := map[int64]struct{}{list[0].Id: {}, list[1].Id: {}} _, ok1 := ids[id1] _, ok2 := ids[id2] require.True(t, ok1 && ok2) list, err = m.FindByIds(ctx, []int64{id1, 999999999999999}) require.NoError(t, err) require.Len(t, list, 1) require.Equal(t, id1, list[0].Id) } // TC-0312: 唯一索引冲突 func TestSysUserModel_Insert_DuplicateUsername(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "dup_" + testutil.UniqueId() data := newTestSysUser(username, 7) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id) _, err = m.Insert(ctx, newTestSysUser(username, 8)) require.Error(t, err) var me *mysql.MySQLError if errors.As(err, &me) { require.Equal(t, uint16(1062), me.Number) } else { require.True(t, strings.Contains(strings.ToLower(err.Error()), "duplicate"), "expected duplicate key error, got: %v", err) } } // TC-0319: 记录不存在 func TestSysUserModel_FindOne_NotFound(t *testing.T) { m, _ := newModel(t) _, err := m.FindOne(context.Background(), 999999999999) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0326: 记录不存在 func TestSysUserModel_Update_NotFound(t *testing.T) { m, _ := newModel(t) err := m.Update(context.Background(), &user.SysUser{ Id: 999999999999, Username: "ghost", Password: "x", Nickname: "n", Email: "e", Phone: "p", IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: time.Now().Unix(), UpdateTime: time.Now().Unix(), }) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0329: 记录不存在 func TestSysUserModel_Delete_NotFound(t *testing.T) { m, _ := newModel(t) err := m.Delete(context.Background(), 999999999999) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0334: 空列表 func TestSysUserModel_BatchInsert_Empty(t *testing.T) { m, _ := newModel(t) require.NoError(t, m.BatchInsert(context.Background(), nil)) require.NoError(t, m.BatchInsert(context.Background(), []*user.SysUser{})) } // TC-0343: 空列表 func TestSysUserModel_BatchUpdate_Empty(t *testing.T) { m, _ := newModel(t) require.NoError(t, m.BatchUpdate(context.Background(), nil)) require.NoError(t, m.BatchUpdate(context.Background(), []*user.SysUser{})) } // TC-0353: 空ids func TestSysUserModel_BatchDelete_Empty(t *testing.T) { m, _ := newModel(t) require.NoError(t, m.BatchDelete(context.Background(), nil)) require.NoError(t, m.BatchDelete(context.Background(), []int64{})) } // TC-0406: 第二页 func TestSysUserModel_FindListByPage_SecondPage(t *testing.T) { ctx := context.Background() m, conn := newModel(t) var ids []int64 for i := 0; i < 3; i++ { res, err := m.Insert(ctx, newTestSysUser("p2_"+testutil.UniqueId(), 0)) require.NoError(t, err) id, _ := res.LastInsertId() ids = append(ids, id) } t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), ids...) }) _, total, err := m.FindListByPage(ctx, 1, 1) require.NoError(t, err) if total >= 2 { list2, _, err := m.FindListByPage(ctx, 2, 1) require.NoError(t, err) require.Len(t, list2, 1) } } // TC-0411: FindListByProductMembers productCode 不存在 func TestSysUserModel_FindListByProductMembers_NotExist(t *testing.T) { m, _ := newModel(t) list, mtMap, total, err := m.FindListByProductMembers(context.Background(), "not_exist_pc_"+testutil.UniqueId(), 1, 10) require.NoError(t, err) require.Equal(t, int64(0), total) require.Len(t, list, 0) require.Empty(t, mtMap) } // TC-0327: 事务内更新 func TestSysUserModel_UpdateWithTx(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "upd_tx_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id) err = m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { data.Id = id data.Nickname = "tx_updated" data.UpdateTime = time.Now().Unix() return m.UpdateWithTx(c, session, data) }) require.NoError(t, err) got, err := m.FindOne(ctx, id) require.NoError(t, err) require.Equal(t, "tx_updated", got.Nickname) } // TC-0335: 单条记录 func TestSysUserModel_BatchInsert_Single(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "bi_single_" + testutil.UniqueId() list := []*user.SysUser{newTestSysUser(username, 1)} require.NoError(t, m.BatchInsert(ctx, list)) found, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), found.Id) require.Equal(t, username, found.Username) } // TC-0338: 唯一索引冲突 func TestSysUserModel_BatchInsert_UniqueConflict(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "bi_dup_" + testutil.UniqueId() list := []*user.SysUser{ newTestSysUser(username, 1), newTestSysUser(username, 2), } err := m.BatchInsert(ctx, list) require.Error(t, err) t.Cleanup(func() { if found, e := m.FindOneByUsername(ctx, username); e == nil { testutil.CleanTable(ctx, conn, m.TableName(), found.Id) } }) var me *mysql.MySQLError if errors.As(err, &me) { require.Equal(t, uint16(1062), me.Number) } else { require.True(t, strings.Contains(strings.ToLower(err.Error()), "duplicate"), "expected duplicate key error, got: %v", err) } } // TC-0341: 正常多条 func TestSysUserModel_BatchInsertWithTx_Normal(t *testing.T) { ctx := context.Background() m, conn := newModel(t) u1 := "bitx_a_" + testutil.UniqueId() u2 := "bitx_b_" + testutil.UniqueId() list := []*user.SysUser{ newTestSysUser(u1, 1), newTestSysUser(u2, 1), } err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchInsertWithTx(c, session, list) }) require.NoError(t, err) f1, err := m.FindOneByUsername(ctx, u1) require.NoError(t, err) f2, err := m.FindOneByUsername(ctx, u2) require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), f1.Id, f2.Id) require.Equal(t, u1, f1.Username) require.Equal(t, u2, f2.Username) } // TC-0340: 空列表 func TestSysUserModel_BatchInsertWithTx_Empty(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchInsertWithTx(c, session, nil) }) require.NoError(t, err) } // TC-0342: 事务回滚 func TestSysUserModel_BatchInsertWithTx_Rollback(t *testing.T) { ctx := context.Background() m, _ := newModel(t) u1 := "bitx_rb_" + testutil.UniqueId() u2 := "bitx_rb_" + testutil.UniqueId() list := []*user.SysUser{ newTestSysUser(u1, 1), newTestSysUser(u2, 1), } err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { if e := m.BatchInsertWithTx(c, session, list); e != nil { return e } return errors.New("force rollback") }) require.Error(t, err) _, err = m.FindOneByUsername(ctx, u1) require.ErrorIs(t, err, user.ErrNotFound) _, err = m.FindOneByUsername(ctx, u2) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0349: 正常多条 func TestSysUserModel_BatchUpdateWithTx_Normal(t *testing.T) { ctx := context.Background() m, conn := newModel(t) u1 := "butx_a_" + testutil.UniqueId() u2 := "butx_b_" + testutil.UniqueId() r1, err := m.Insert(ctx, newTestSysUser(u1, 1)) require.NoError(t, err) id1, _ := r1.LastInsertId() r2, err := m.Insert(ctx, newTestSysUser(u2, 1)) require.NoError(t, err) id2, _ := r2.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id1, id2) now := time.Now().Unix() err = m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchUpdateWithTx(c, session, []*user.SysUser{ {Id: id1, Username: u1, Password: "hashed", Nickname: "new1", Avatar: sql.NullString{}, Email: "t@example.com", Phone: "13800000000", DeptId: 1, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: now, UpdateTime: now}, {Id: id2, Username: u2, Password: "hashed", Nickname: "new2", Avatar: sql.NullString{}, Email: "t@example.com", Phone: "13800000000", DeptId: 1, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: now, UpdateTime: now}, }) }) require.NoError(t, err) g1, err := m.FindOne(ctx, id1) require.NoError(t, err) require.Equal(t, "new1", g1.Nickname) g2, err := m.FindOne(ctx, id2) require.NoError(t, err) require.Equal(t, "new2", g2.Nickname) } // TC-0348: 空列表 func TestSysUserModel_BatchUpdateWithTx_Empty(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchUpdateWithTx(c, session, nil) }) require.NoError(t, err) } // TC-0354: 单个id func TestSysUserModel_BatchDelete_Single(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "bd_single_" + testutil.UniqueId() res, err := m.Insert(ctx, newTestSysUser(username, 1)) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) require.NoError(t, m.BatchDelete(ctx, []int64{id})) _, err = m.FindOne(ctx, id) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0356: 包含不存在id func TestSysUserModel_BatchDelete_ContainsNonExist(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "bd_nonex_" + testutil.UniqueId() res, err := m.Insert(ctx, newTestSysUser(username, 1)) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) require.NoError(t, m.BatchDelete(ctx, []int64{id, 999999999})) _, err = m.FindOne(ctx, id) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0358: 正常多条 func TestSysUserModel_BatchDeleteWithTx_Normal(t *testing.T) { ctx := context.Background() m, conn := newModel(t) u1 := "bdtx_a_" + testutil.UniqueId() u2 := "bdtx_b_" + testutil.UniqueId() r1, err := m.Insert(ctx, newTestSysUser(u1, 1)) require.NoError(t, err) id1, _ := r1.LastInsertId() r2, err := m.Insert(ctx, newTestSysUser(u2, 1)) require.NoError(t, err) id2, _ := r2.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id1, id2) err = m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchDeleteWithTx(c, session, []int64{id1, id2}) }) require.NoError(t, err) _, err = m.FindOne(ctx, id1) require.ErrorIs(t, err, user.ErrNotFound) _, err = m.FindOne(ctx, id2) require.ErrorIs(t, err, user.ErrNotFound) } // TC-0357: 空ids func TestSysUserModel_BatchDeleteWithTx_Empty(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchDeleteWithTx(c, session, nil) }) require.NoError(t, err) } // TC-0323: 事务内可见性 func TestSysUserModel_FindOneWithTx_InsertThenFind(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "fone_tx_" + testutil.UniqueId() data := newTestSysUser(username, 1) var insertedID int64 err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { res, err := m.InsertWithTx(c, session, data) if err != nil { return err } insertedID, err = res.LastInsertId() if err != nil { return err } got, err := m.FindOneWithTx(c, session, insertedID) if err != nil { return err } require.Equal(t, insertedID, got.Id) require.Equal(t, username, got.Username) assert.Equal(t, data.Email, got.Email) assert.Equal(t, data.Phone, got.Phone) assert.Equal(t, data.DeptId, got.DeptId) return nil }) require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), insertedID) } // TC-0322: 事务内记录不存在 func TestSysUserModel_FindOneWithTx_NotFound(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { _, err := m.FindOneWithTx(c, session, 999999999999) require.ErrorIs(t, err, user.ErrNotFound) return nil }) require.NoError(t, err) } // TC-0361: FindOneByUsernameWithTx func TestSysUserModel_FindOneByUsernameWithTx_InsertThenFind(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "fuser_tx_" + testutil.UniqueId() data := newTestSysUser(username, 1) var insertedID int64 err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { res, err := m.InsertWithTx(c, session, data) if err != nil { return err } insertedID, err = res.LastInsertId() if err != nil { return err } got, err := m.FindOneByUsernameWithTx(c, session, username) if err != nil { return err } require.Equal(t, insertedID, got.Id) require.Equal(t, username, got.Username) assert.Equal(t, data.Email, got.Email) return nil }) require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), insertedID) } // TC-0362: FindOneByUsernameWithTx func TestSysUserModel_FindOneByUsernameWithTx_NotFound(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { _, err := m.FindOneByUsernameWithTx(c, session, "no_such_"+testutil.UniqueId()) require.ErrorIs(t, err, user.ErrNotFound) return nil }) require.NoError(t, err) } // TC-0416: FindIdsByDeptId 正常返回部门下用户ID列表 func TestSysUserModel_FindIdsByDeptId_Normal(t *testing.T) { ctx := context.Background() m, conn := newModel(t) deptId := time.Now().UnixNano()%100_000_000 + 600_000_000 u1 := "fbd1_" + testutil.UniqueId() u2 := "fbd2_" + testutil.UniqueId() r1, err := m.Insert(ctx, newTestSysUser(u1, deptId)) require.NoError(t, err) id1, err := r1.LastInsertId() require.NoError(t, err) r2, err := m.Insert(ctx, newTestSysUser(u2, deptId)) require.NoError(t, err) id2, err := r2.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id1, id2) }) ids, err := m.FindIdsByDeptId(ctx, deptId) require.NoError(t, err) require.Len(t, ids, 2) assert.ElementsMatch(t, []int64{id1, id2}, ids) } // TC-0417: FindIdsByDeptId 部门无用户返回空 func TestSysUserModel_FindIdsByDeptId_Empty(t *testing.T) { m, _ := newModel(t) deptId := time.Now().UnixNano()%100_000_000 + 700_000_000 ids, err := m.FindIdsByDeptId(context.Background(), deptId) require.NoError(t, err) require.Empty(t, ids) } // TC-0409: FindListByPage list查询失败(DB异常) func TestSysUserModel_FindListByPage_DBError(t *testing.T) { badConn := sqlx.NewMysql("root:bad@tcp(127.0.0.1:1)/bad?timeout=1s") m := user.NewSysUserModel(badConn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) _, _, err := m.FindListByPage(context.Background(), 1, 10) require.Error(t, err) } // TC-0415: FindByIds DB异常 func TestSysUserModel_FindByIds_DBError(t *testing.T) { badConn := sqlx.NewMysql("root:bad@tcp(127.0.0.1:1)/bad?timeout=1s") m := user.NewSysUserModel(badConn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) list, err := m.FindByIds(context.Background(), []int64{1, 2, 3}) require.Error(t, err) require.Nil(t, list) } // TC-0407: FindListByPage - 空结果页 func TestSysUserModel_FindListByPage_EmptyPage(t *testing.T) { ctx := context.Background() m, _ := newModel(t) list, total, err := m.FindListByPage(ctx, 999999, 10) require.NoError(t, err) require.GreaterOrEqual(t, total, int64(0)) require.Empty(t, list) } // TC-0311: Insert 正常插入含TokenVersion func TestSysUserModel_Insert_WithTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "tv_insert_" + testutil.UniqueId() data := newTestSysUser(username, 0) res, err := m.Insert(ctx, data) require.NoError(t, err, "Insert should include tokenVersion in SQL parameters") id, err := res.LastInsertId() require.NoError(t, err) defer testutil.CleanTable(ctx, conn, m.TableName(), id) got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(0), got.TokenVersion, "default tokenVersion should be 0") } // TC-0315: InsertWithTx 事务内插入含TokenVersion func TestSysUserModel_InsertWithTx_WithTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "tv_instx_" + testutil.UniqueId() data := newTestSysUser(username, 0) var insertedId int64 err := m.TransactCtx(ctx, func(txCtx context.Context, session sqlx.Session) error { res, err := m.InsertWithTx(txCtx, session, data) if err != nil { return err } insertedId, _ = res.LastInsertId() return nil }) require.NoError(t, err, "InsertWithTx should include tokenVersion in SQL parameters") defer testutil.CleanTable(ctx, conn, m.TableName(), insertedId) got, err := m.FindOne(ctx, insertedId) require.NoError(t, err) assert.Equal(t, int64(0), got.TokenVersion) } // TC-0325: Update 正常更新含TokenVersion func TestSysUserModel_Update_WithTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "tv_update_" + testutil.UniqueId() data := newTestSysUser(username, 0) res, err := m.Insert(ctx, data) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) got, err := m.FindOne(ctx, id) require.NoError(t, err) got.TokenVersion = 5 got.Nickname = "updated_nick" err = m.Update(ctx, got) require.NoError(t, err, "Update should include tokenVersion in SQL parameters") updated, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(5), updated.TokenVersion) assert.Equal(t, "updated_nick", updated.Nickname) } // TC-0337: BatchInsert 批量插入含TokenVersion func TestSysUserModel_BatchInsert_WithTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) dataList := make([]*user.SysUser, 3) for i := range dataList { dataList[i] = newTestSysUser("tv_batch_"+testutil.UniqueId(), 0) } err := m.BatchInsert(ctx, dataList) require.NoError(t, err, "BatchInsert should include tokenVersion in SQL parameters") for _, d := range dataList { got, err := m.FindOneByUsername(ctx, d.Username) require.NoError(t, err) assert.Equal(t, int64(0), got.TokenVersion) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), got.Id) }) } } // TC-0346: BatchUpdate 批量更新不污染数据 func TestSysUserModel_BatchUpdate_NoDataCorruption(t *testing.T) { ctx := context.Background() m, conn := newModel(t) now := time.Now().Unix() dataList := make([]*user.SysUser, 2) var ids []int64 for i := range dataList { dataList[i] = newTestSysUser("tv_bupd_"+testutil.UniqueId(), 0) res, err := m.Insert(ctx, dataList[i]) require.NoError(t, err) id, _ := res.LastInsertId() ids = append(ids, id) dataList[i].Id = id } t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), ids...) }) dataList[0].TokenVersion = 10 dataList[0].Nickname = "batch_updated_0" dataList[0].UpdateTime = now + 100 dataList[1].TokenVersion = 20 dataList[1].Nickname = "batch_updated_1" dataList[1].UpdateTime = now + 200 err := m.BatchUpdate(ctx, dataList) require.NoError(t, err, "BatchUpdate should correctly assign values without offset") for i, id := range ids { got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, dataList[i].TokenVersion, got.TokenVersion, "tokenVersion must not be corrupted (should not contain createTime value)") assert.Equal(t, dataList[i].Nickname, got.Nickname) assert.NotEqual(t, got.Id, got.UpdateTime, "updateTime must not be corrupted (should not contain Id value)") } } // TC-0418: UpdateProfile 正常更新(状态未变,不递增 tokenVersion) func TestSysUserModel_UpdateProfile_NoStatusChange(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "up_nc_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) orig, err := m.FindOne(ctx, id) require.NoError(t, err) origTv := orig.TokenVersion origStatus := orig.Status err = m.UpdateProfile(ctx, id, username, "new_nick", "new@example.com", "13900000000", "remark", 2, origStatus, false, orig.UpdateTime) require.NoError(t, err) got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, "new_nick", got.Nickname) assert.Equal(t, "new@example.com", got.Email) assert.Equal(t, "13900000000", got.Phone) assert.Equal(t, "remark", got.Remark) assert.Equal(t, int64(2), got.DeptId) assert.Equal(t, origStatus, got.Status) assert.Equal(t, origTv, got.TokenVersion, "tokenVersion 未变(statusChanged=false)") } // TC-0419: UpdateProfile 状态改变时 tokenVersion+1 func TestSysUserModel_UpdateProfile_StatusChange_IncrementsTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "up_sc_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) orig, err := m.FindOne(ctx, id) require.NoError(t, err) origTv := orig.TokenVersion err = m.UpdateProfile(ctx, id, username, orig.Nickname, orig.Email, orig.Phone, orig.Remark, orig.DeptId, 2, true, orig.UpdateTime) require.NoError(t, err) got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(2), got.Status) assert.Equal(t, origTv+1, got.TokenVersion, "statusChanged=true 时 tokenVersion 应递增") } // TC-0420: UpdateProfile 乐观锁冲突时返回 ErrUpdateConflict func TestSysUserModel_UpdateProfile_OptimisticLockConflict(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "up_ol_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) orig, err := m.FindOne(ctx, id) require.NoError(t, err) staleUpdateTime := orig.UpdateTime - 100 err = m.UpdateProfile(ctx, id, username, "x", "x@x.com", "13900000000", "r", 1, 1, false, staleUpdateTime) require.ErrorIs(t, err, user.ErrUpdateConflict) } // TC-0421: UpdateProfile 串行两次更新: 第一次成功刷新 updateTime, 第二次基于旧 updateTime 触发 ErrUpdateConflict // 乐观锁依赖秒级 updateTime, 两次更新之间需 >= 1 秒的间隔. func TestSysUserModel_UpdateProfile_ConcurrentOnlyOneWins(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "up_cc_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, _ := res.LastInsertId() defer testutil.CleanTable(ctx, conn, m.TableName(), id) orig, err := m.FindOne(ctx, id) require.NoError(t, err) time.Sleep(1100 * time.Millisecond) expectedUT := orig.UpdateTime err1 := m.UpdateProfile(ctx, id, username, "n1", orig.Email, orig.Phone, orig.Remark, orig.DeptId, orig.Status, false, expectedUT) require.NoError(t, err1) err2 := m.UpdateProfile(ctx, id, username, "n2", orig.Email, orig.Phone, orig.Remark, orig.DeptId, orig.Status, false, expectedUT) require.ErrorIs(t, err2, user.ErrUpdateConflict, "基于旧 updateTime 的第二次更新应因乐观锁失败") got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, "n1", got.Nickname, "仅第一次更新应生效") } // TC-0422: UpdateProfile userId 不存在时返回 ErrUpdateConflict func TestSysUserModel_UpdateProfile_NotFound(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.UpdateProfile(ctx, 999999999, "nouser", "n", "n@n.com", "13900000000", "r", 1, 1, false, time.Now().Unix()) require.ErrorIs(t, err, user.ErrUpdateConflict) } func TestSysUserModel_IncrementTokenVersionIfMatch_Match(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "cas_match_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 5, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) got, err := m.IncrementTokenVersionIfMatch(ctx, id, username, 5) require.NoError(t, err) assert.Equal(t, int64(6), got, "expected 命中时返回 DB 真实递增后的新版本") fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(6), fresh.TokenVersion, "DB 落盘值必须也是 6") } // TC-0803: expected 与 DB 不一致时返回 ErrTokenVersionMismatch 且 DB 不得发生任何变更。 // 这是会话劫持窗口的关键拦截:攻击者的 token 里 TokenVersion = V,但合法用户已刷新到 V+1, // 攻击者再来刷新时 expected=V 打不中 WHERE 子句 → 必须失败。 func TestSysUserModel_IncrementTokenVersionIfMatch_Mismatch_NoSideEffect(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "cas_mismatch_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 10, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) got, err := m.IncrementTokenVersionIfMatch(ctx, id, username, 9) require.Error(t, err, "expected 未命中时必须返回错误") assert.True(t, errors.Is(err, user.ErrTokenVersionMismatch), "错误必须是 ErrTokenVersionMismatch 以供 logic 层分辨") assert.Equal(t, int64(0), got) fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(10), fresh.TokenVersion, "CAS 失败必须对 DB 零副作用") } // 原 TC-0804 "用户不存在必须返回原生 NotFound 而非 ErrTokenVersionMismatch" 已按 // 新契约废止: 取消了模型内 FindOne 预检,所有 CAS 未命中(无论是版本不匹配还是 // 行根本不存在)都统一返回 ErrTokenVersionMismatch。logic 层 RefreshToken 改由 // 上游 UserDetailsLoader.Load 的 status 分支分辨"离职/冻结"。 // TC-0805: 并发回归 —— N 个 goroutine 用同一个 expected 去 CAS, // 必须恰好只有 1 个返回 success,其余全部 ErrTokenVersionMismatch; // 最终 DB 的 tokenVersion 必须只递增 1(攻击者无法劫持第二枚令牌)。 func TestSysUserModel_IncrementTokenVersionIfMatch_ConcurrentSingleWinner(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "cas_race_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 20, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) // 限制在 8 并发以避免触发 go-zero sqlx breaker(单机 MySQL + breaker 对同批次突发 // 的并发 UPDATE 容易误伤;CAS 契约在 N=8 时已足以验证"唯一胜出")。 const N = 8 var ( wg sync.WaitGroup successCnt int32 mismatchCnt int32 otherErr atomic.Value winners sync.Map ) start := make(chan struct{}) for i := 0; i < N; i++ { wg.Add(1) go func(idx int) { defer wg.Done() <-start // 最大程度对齐并发起跑线 v, e := m.IncrementTokenVersionIfMatch(ctx, id, username, 20) switch { case e == nil: atomic.AddInt32(&successCnt, 1) winners.Store(idx, v) case errors.Is(e, user.ErrTokenVersionMismatch): atomic.AddInt32(&mismatchCnt, 1) default: otherErr.Store(e) } }(i) } close(start) wg.Wait() if v := otherErr.Load(); v != nil { t.Fatalf("并发 CAS 出现非预期错误:%v", v) } assert.Equal(t, int32(1), atomic.LoadInt32(&successCnt), "会话劫持防线:N=16 的竞态中必须有且仅有 1 个 CAS 胜出") assert.Equal(t, int32(N-1), atomic.LoadInt32(&mismatchCnt), "其他并发者必须全部返回 ErrTokenVersionMismatch,即攻击者会被 401 下线") // 唯一胜出者的返回值必须等于 21(起点 20 → +1) winners.Range(func(_, v any) bool { assert.Equal(t, int64(21), v.(int64), "唯一胜出的 CAS 应返回 expected+1") return true }) fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(21), fresh.TokenVersion, "DB 最终只能递增 1(CAS 原子性的外部可观察证据)") } // TC-0806: 成功后必须使 id-key / username-key 双路缓存失效, // 否则 middleware 读缓存拿到的 tokenVersion 与 DB 不一致,依然存在"旧令牌合法误放"的旁路。 func TestSysUserModel_IncrementTokenVersionIfMatch_InvalidatesCaches(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "cas_cache_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 0, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) u0a, err := m.FindOne(ctx, id) require.NoError(t, err) require.Equal(t, int64(0), u0a.TokenVersion) u0b, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) require.Equal(t, int64(0), u0b.TokenVersion) got, err := m.IncrementTokenVersionIfMatch(ctx, id, username, 0) require.NoError(t, err) require.Equal(t, int64(1), got) // 再次读两路缓存,必须看到递增后的 1(而非 stale 0) u1a, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(1), u1a.TokenVersion, fmt.Sprintf( "id-key 缓存未被清理,stale tokenVersion=%d(的缓存一致性防线)", u1a.TokenVersion)) u1b, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) assert.Equal(t, int64(1), u1b.TokenVersion, fmt.Sprintf( "username-key 缓存未被清理,stale tokenVersion=%d", u1b.TokenVersion)) } func TestSysUserModel_IncrementTokenVersion_ReturnedEqualsPersisted(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "itv_eq_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 7, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) for expected := int64(8); expected <= 12; expected++ { got, err := m.IncrementTokenVersion(ctx, id, username) require.NoError(t, err) assert.Equal(t, expected, got, "IncrementTokenVersion 必须返回 DB 真实递增后的值(H-B:不可再受 stale cache 影响)") fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, got, fresh.TokenVersion, "返回值必须等于 DB 中真实持久化的 tokenVersion") } } // TC-0737: -B 修复回归 —— 自增后缓存必须被主动清理,Load → tokenVersion 能读到新值。 // 旧实现只更新 DB,返回值基于缓存,并且未强制 DelCache,导致 JWT 中间件仍从缓存读到旧值。 func TestSysUserModel_IncrementTokenVersion_InvalidatesCache(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "itv_cache_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 0, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) // 先 FindOne 让 id-key、username-key 双路缓存写入 u0, err := m.FindOne(ctx, id) require.NoError(t, err) require.Equal(t, int64(0), u0.TokenVersion) u0b, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) require.Equal(t, int64(0), u0b.TokenVersion) _, err = m.IncrementTokenVersion(ctx, id, username) require.NoError(t, err) u1, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(1), u1.TokenVersion, "按 id 读取缓存路径也必须拿到最新版本") u1b, err := m.FindOneByUsername(ctx, username) require.NoError(t, err) assert.Equal(t, int64(1), u1b.TokenVersion, "按 username 读取缓存路径也必须失效") } // TC-0738: -B 修复并发回归 —— 10 个 goroutine 同时 Increment 同一用户, // 每次返回值必须互不重复,最终 DB 里 tokenVersion = 起始值 + N。 func TestSysUserModel_IncrementTokenVersion_ConcurrentUnique(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "itv_conc_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 0, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) const N = 10 var wg sync.WaitGroup results := make([]int64, N) errs := make([]error, N) for i := 0; i < N; i++ { wg.Add(1) go func(idx int) { defer wg.Done() v, e := m.IncrementTokenVersion(ctx, id, username) results[idx] = v errs[idx] = e }(i) } wg.Wait() seen := make(map[int64]int, N) for i := 0; i < N; i++ { require.NoError(t, errs[i], "并发 IncrementTokenVersion 任一 goroutine 不得失败") seen[results[i]]++ } for v, cnt := range seen { assert.Equal(t, 1, cnt, fmt.Sprintf("返回值 %d 被重复派发 %d 次,与 DB 实际递增序列脱节", v, cnt)) } fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(N), fresh.TokenVersion, "DB 最终 tokenVersion 应为并发次数") } func sysUserUsernameCacheKey(username string) string { return testutil.GetTestCachePrefix() + ":cache:sysUser:username:" + username } // TC-1044: UpdateStatus 失效 wrongUser cache,real username cache 不受影响 func TestSysUserModel_UpdateStatus_UsesSuppliedUsername_NoInternalFindOne(t *testing.T) { ctx := context.Background() m, conn := newModel(t) realUsername := "mr112s_real_" + testutil.UniqueId() wrongUsername := "mr112s_wrong_" + testutil.UniqueId() data := newTestSysUser(realUsername, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) // 预热 cache:sysUser:username:(via FindOneByUsername 走 go-zero 的 WithCache)。 _, err = m.FindOneByUsername(ctx, realUsername) require.NoError(t, err) rds := redis.MustNewRedis(testutil.GetTestConfig().CacheRedis.Nodes[0].RedisConf) // 直接往 Redis 里插一条 wrongUser 的桩缓存,供我们观察它是否被 UpdateStatus 失效。 // 注意:我们并不关心桩的内容,只关心 key 是否被 Del。 wrongKey := sysUserUsernameCacheKey(wrongUsername) realKey := sysUserUsernameCacheKey(realUsername) require.NoError(t, rds.Set(wrongKey, "stub")) // 预热后确认 realKey 存在(如果环境脏,用下面的断言兜底;缓存可能是 */null/任意值)。 gotReal, err := rds.Get(realKey) require.NoError(t, err) require.NotEmpty(t, gotReal, "FindOneByUsername 未能把 realKey 写入缓存,前置条件失败") // 推进 updateTime 以触发 CAS 可成功。sys_user.updateTime 精度到秒。 time.Sleep(1100 * time.Millisecond) cur, err := m.FindOne(ctx, id) require.NoError(t, err) // 关键:传入故意错位的 username。若 Model 还在内部 FindOne,就会用 realUsername 作失效键, // wrongKey 不会被删;若 Model 已按 的契约"透传即用",wrongKey 必被删。 require.NoError(t, m.UpdateStatus(ctx, id, wrongUsername, 2, cur.UpdateTime), "UpdateStatus 语义上只依赖 id+expectedUpdateTime 做 CAS,username 只用于构造缓存键,不应因错位而失败") // 契约 1:wrongKey 必被删 gotWrong, _ := rds.Get(wrongKey) assert.Empty(t, gotWrong, "UpdateStatus 必须用调用方透传的 username 做 Del,wrongKey 必须消失") // 契约 2:realKey 依然留存(Model 不知道真 username,不应当去动它) gotRealAfter, err := rds.Get(realKey) require.NoError(t, err) assert.NotEmpty(t, gotRealAfter, "Model 没有内部 FindOne 获取真 username,因此不应删除 realKey") } // TC-1045: IncrementTokenVersion 同样只删调用方透传的 username key func TestSysUserModel_IncrementTokenVersion_UsesSuppliedUsername_NoInternalFindOne(t *testing.T) { ctx := context.Background() m, conn := newModel(t) realUsername := "mr112i_real_" + testutil.UniqueId() wrongUsername := "mr112i_wrong_" + testutil.UniqueId() data := newTestSysUser(realUsername, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) _, err = m.FindOneByUsername(ctx, realUsername) require.NoError(t, err) rds := redis.MustNewRedis(testutil.GetTestConfig().CacheRedis.Nodes[0].RedisConf) wrongKey := sysUserUsernameCacheKey(wrongUsername) realKey := sysUserUsernameCacheKey(realUsername) require.NoError(t, rds.Set(wrongKey, "stub")) // IncrementTokenVersion 不依赖 expectedUpdateTime,直接按 id 更新即可。 newV, err := m.IncrementTokenVersion(ctx, id, wrongUsername) require.NoError(t, err) assert.Equal(t, int64(1), newV, "从 0 起递增到 1") gotWrong, _ := rds.Get(wrongKey) assert.Empty(t, gotWrong, "IncrementTokenVersion 必须用透传的 username 做 Del,wrongKey 必须消失") gotRealAfter, err := rds.Get(realKey) require.NoError(t, err) assert.NotEmpty(t, gotRealAfter, "Model 没有内部 FindOne 取真 username,realKey 不应受影响") } // TC-1046: IncrementTokenVersion 用户已被并发删除,返回 ErrUpdateConflict // 此契约由 引入, 下的签名改动不得削弱它:affected=0 仍要 ErrUpdateConflict。 func TestSysUserModel_IncrementTokenVersion_DeletedRow_StillConflicts(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "mr112i_del_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) testutil.CleanTable(ctx, conn, m.TableName(), id) _, err = m.IncrementTokenVersion(ctx, id, username) require.ErrorIs(t, err, user.ErrUpdateConflict, "目标行已被并发删除,IncrementTokenVersion 不得静默返回 tokenVersion=0") } func TestSysUserModel_UpdatePassword_RowDeletedBetweenFindAndExec_ReturnsConflict(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "m2_pw_del_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) // 触发 FindOne 填充二级缓存 (id-key + username-key),模拟 Loader 刚读过用户的场景 _, err = m.FindOne(ctx, id) require.NoError(t, err) _, err = m.FindOneByUsername(ctx, username) require.NoError(t, err) // 直接走原始 SQL 删除行,**绕过** Model 的缓存失效钩子——此时 Redis 里仍保留用户快照 _, err = conn.ExecCtx(ctx, "DELETE FROM `sys_user` WHERE `id` = ?", id) require.NoError(t, err) // UpdatePassword 内部 WHERE id=? AND updateTime=?(外层透传 expectedUpdateTime, )。 // 行已被删除,affected=0。旧实现 `return nil` 被视为"改密成功";新实现必须回 ErrUpdateConflict。 // expectedUpdateTime 用 stale cache 的 UpdateTime,即"观测到的快照" —— DB 已无对应行,CAS 必失败。 stale, _ := m.FindOne(ctx, id) var expectedUpdateTime int64 if stale != nil { expectedUpdateTime = stale.UpdateTime } err = m.UpdatePassword(ctx, id, username, "new_hashed_pw", 1, expectedUpdateTime) require.ErrorIs(t, err, user.ErrUpdateConflict, "RowsAffected=0 必须升格为 ErrUpdateConflict,杜绝对已消失用户的静默改密") } // TC-0925: UpdateStatus 对已被并发删除(缓存仍在)的用户必须 fail-fast,禁止静默成功 func TestSysUserModel_UpdateStatus_RowDeletedBetweenFindAndExec_ReturnsConflict(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "m2_st_del_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) _, err = m.FindOne(ctx, id) require.NoError(t, err) _, err = m.FindOneByUsername(ctx, username) require.NoError(t, err) _, err = conn.ExecCtx(ctx, "DELETE FROM `sys_user` WHERE `id` = ?", id) require.NoError(t, err) // UpdateStatus 内部:FindOne 命中 stale cache → UPDATE WHERE id=? AND updateTime=? 仍 affected=0。 // 旧实现返回 nil;新实现必须回 ErrUpdateConflict,让上层区分"冻结生效 / 用户已不存在"。 // 新签名:需要把 FindOne 拿到的 UpdateTime 作为 expectedUpdateTime 传入 staleUd, _ := m.FindOne(ctx, id) var expectedUpdateTime int64 if staleUd != nil { expectedUpdateTime = staleUd.UpdateTime } err = m.UpdateStatus(ctx, id, username, 2, expectedUpdateTime) require.ErrorIs(t, err, user.ErrUpdateConflict, "RowsAffected=0 必须升格为 ErrUpdateConflict,杜绝对已消失用户的静默封禁") } // TC-0926: UpdatePassword 正常路径仍然成功,且真实落盘(保证 的 fail-close 不误伤正常流) func TestSysUserModel_UpdatePassword_HappyPath_PersistsAndBumpsTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "m2_pw_ok_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) orig, err := m.FindOne(ctx, id) require.NoError(t, err) origTv := orig.TokenVersion // 乐观锁依赖秒级 updateTime,必须让 UPDATE 的 time.Now().Unix() 严格 > orig.UpdateTime, // 否则"空白更新"仍 affected=1 但 updateTime 值不变,容易掩盖后续断言 time.Sleep(1100 * time.Millisecond) newPw := "new_hashed_password_xyz" err = m.UpdatePassword(ctx, id, username, newPw, 1, orig.UpdateTime) require.NoError(t, err) got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, newPw, got.Password) assert.Equal(t, int64(1), got.MustChangePassword) assert.Equal(t, origTv+1, got.TokenVersion, "改密必须递增 tokenVersion 以注销旧会话") assert.Greater(t, got.UpdateTime, orig.UpdateTime, "updateTime 必须推进,否则乐观锁无法生效") } // TC-0927: UpdateStatus 正常路径仍然成功且 tokenVersion 递增 func TestSysUserModel_UpdateStatus_HappyPath_PersistsAndBumpsTokenVersion(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "m2_st_ok_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) orig, err := m.FindOne(ctx, id) require.NoError(t, err) origTv := orig.TokenVersion require.Equal(t, int64(1), orig.Status) // 乐观锁依赖秒级 updateTime,确保 UPDATE 的 time.Now().Unix() 严格 > orig.UpdateTime time.Sleep(1100 * time.Millisecond) err = m.UpdateStatus(ctx, id, username, 2, orig.UpdateTime) require.NoError(t, err) got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(2), got.Status) assert.Equal(t, origTv+1, got.TokenVersion, "冻结 / 解冻必须递增 tokenVersion 使旧 token 全部失效") assert.Greater(t, got.UpdateTime, orig.UpdateTime, "updateTime 必须推进,否则后续乐观锁失效") } // TC-0928(R11 重写):UpdatePassword 对不存在的 userId 必须回 ErrUpdateConflict // ( 后,Model 不再内部 FindOne;不存在的 id + 任意 expectedUpdateTime → affected=0 → ErrUpdateConflict) func TestSysUserModel_UpdatePassword_UserNotExist_ReturnsConflict(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.UpdatePassword(ctx, 999999999999, "ghost_user", "irrelevant", 1, 1) require.ErrorIs(t, err, user.ErrUpdateConflict, "UpdatePassword 不再内部 FindOne,对不存在的 id 回 ErrUpdateConflict") } // TC-0929(R11 重写):UpdateStatus 对不存在的 userId 必须回 ErrUpdateConflict func TestSysUserModel_UpdateStatus_UserNotExist_ReturnsConflict(t *testing.T) { ctx := context.Background() m, _ := newModel(t) err := m.UpdateStatus(ctx, 999999999999, "ghost_user", 2, 1) require.ErrorIs(t, err, user.ErrUpdateConflict, "UpdateStatus 不再内部 FindOne,对不存在的 id 回 ErrUpdateConflict") } func TestSysUserModel_UpdatePassword_StaleExpectedUpdateTime_Conflict(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "hr111_stale_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) // 外层 Session A 观测到的 updateTime(会校验旧密码时一起拿到) snapshotA, err := m.FindOne(ctx, id) require.NoError(t, err) snapshotAUpdateTime := snapshotA.UpdateTime // sys_user.updateTime 精度到秒,确保 Session B 提交的 UPDATE 严格推进 updateTime; // 否则同秒写回值与 snapshotAUpdateTime 相同,CAS 仍然匹配,无法复现 TOCTOU。 time.Sleep(1100 * time.Millisecond) // Session B("设备 B 紧急改密 P2")抢先基于 snapshotA 成功完成一次 CAS require.NoError(t, m.UpdatePassword(ctx, id, username, "H_P2", 1, snapshotAUpdateTime), "Session B 基于快照 A 的 updateTime 抢先完成 CAS,应当成功") // 现在 DB 的 updateTime 已经不是 snapshotAUpdateTime。 // Session A(持有旧密码 P0、已校验过旧密码)再用**同一份**旧 snapshot 的 updateTime // 去改密 P1,CAS 必须失败,否则 P2 会被 P1 覆盖( TOCTOU)。 err = m.UpdatePassword(ctx, id, username, "H_P1_to_cover_P2", 1, snapshotAUpdateTime) require.ErrorIs(t, err, user.ErrUpdateConflict, "expectedUpdateTime 必须是外层快照;Session B 已推进时,Session A 的改密 CAS 必须失败") // DB 终态保持为 Session B 的 _P2,不被 Session A 覆盖 got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, "H_P2", got.Password, "TOCTOU 被关闭后,DB 终态必须是后到而胜出的那一方,不得被旧快照覆盖") } // TC-1040: 正常路径 expectedUpdateTime 匹配时 UpdatePassword 落盘并递增 tokenVersion func TestSysUserModel_UpdatePassword_HappyPath_ExplicitExpectedUpdateTime(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "hr111_ok_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) orig, err := m.FindOne(ctx, id) require.NoError(t, err) origTV := orig.TokenVersion time.Sleep(1100 * time.Millisecond) require.NoError(t, m.UpdatePassword(ctx, id, username, "H_NEW", 0, orig.UpdateTime), "expectedUpdateTime 与 DB 当前 updateTime 一致时必须成功") got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, "H_NEW", got.Password) assert.Equal(t, int64(0), got.MustChangePassword) assert.Equal(t, origTV+1, got.TokenVersion, "UpdatePassword 必须递增 tokenVersion 以注销旧会话") assert.Greater(t, got.UpdateTime, orig.UpdateTime, "updateTime 必须推进以支撑下一次 CAS") } // TC-1041: 同一行被并发修改(如 UpdateProfile 改了昵称)之后,UpdatePassword 的 CAS 必须失败 // 覆盖"任何修改 sys_user 行的并发写入都会触发 ErrUpdateConflict"这一更严的契约: // 不仅是另一次改密可以"偷走"本次;改昵称/解冻/任何推进 updateTime 的操作也必须把本次改密拦住。 func TestSysUserModel_UpdatePassword_ConcurrentProfileWrite_BlocksPasswordUpdate(t *testing.T) { ctx := context.Background() m, conn := newModel(t) username := "hr111_prof_" + testutil.UniqueId() data := newTestSysUser(username, 1) res, err := m.Insert(ctx, data) require.NoError(t, err) id, err := res.LastInsertId() require.NoError(t, err) t.Cleanup(func() { testutil.CleanTable(ctx, conn, m.TableName(), id) }) snapshot, err := m.FindOne(ctx, id) require.NoError(t, err) // sys_user.updateTime 秒级,sleep 以确保 UpdateProfile 的 UPDATE 真的推进 time.Sleep(1100 * time.Millisecond) // Session B 改了昵称(完全合法的场景:管理员在用户"修改密码"弹窗打开的同一时刻修了昵称) require.NoError(t, m.UpdateProfile(ctx, id, username, "new_nick", snapshot.Email, snapshot.Phone, snapshot.Remark, snapshot.DeptId, snapshot.Status, false, snapshot.UpdateTime), "UpdateProfile 旁路已成功执行") // Session A 仍然基于 snapshot.UpdateTime 改密 —— 必须被 CAS 拦住 err = m.UpdatePassword(ctx, id, username, "H_LOST", 1, snapshot.UpdateTime) require.ErrorIs(t, err, user.ErrUpdateConflict, "任何改动(含改昵称)都推进 updateTime;基于旧快照的改密必须被 CAS 拦住") got, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, snapshot.Password, got.Password, "Password 必须保持原值,未被 Session A 覆盖") assert.Equal(t, "new_nick", got.Nickname, "Profile 写入必须成功落盘") } // --------------------------------------------------------------------------- // 覆盖目标:UpdateProfileWithTx 的 pre-commit DelCache 窗口闭合。 // // 修复前(交错): // T0: UpdateProfileWithTx 调用 m.ExecCtx(fn, idKey, usernameKey) // go-zero 的 CachedConn.Exec 在 fn 成功返回时**立即**走 DelCache 两把 key。 // T1: 事务还没 commit;并发 goroutine 的 FindOne 触发 cache-miss → 回 DB 读**旧行** // (此时事务未提交,MVCC 仍给它看到旧值)→ 再灌回缓存 = stale 值。 // T2: 事务随后 commit;新值落库但缓存已是被"回灌的旧值",直到 TTL 到期前所有 // FindOne 都读到 stale 行。 // // 修复后: // * UpdateProfileWithTx 改走 session.ExecCtx 绕过 CachedConn 的 DelCache 语义, // 事务成功与否都不去动 sysUser 的两把低层缓存。 // * 新增 InvalidateProfileCache(id, username) helper,由调用方**在 TransactCtx // 返回(commit 成功)之后**显式调 DelCacheCtx 失效 id / username 两把 key。 // // 本测试组把两个语义契约各自钉死: // A) 事务内 UpdateProfileWithTx 自身不得碰缓存(即便事务 commit 成功,缓存仍持旧值)。 // B) InvalidateProfileCache 必须一次性失效 id / username 两把低层 key。 // --------------------------------------------------------------------------- func seedUserForR12_1(t *testing.T, m user.SysUserModel) (*user.SysUser, func()) { t.Helper() ctx := context.Background() now := time.Now().Unix() username := "r12_1_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "pw", Nickname: "orig", Avatar: sql.NullString{}, Email: username + "@test.com", Phone: "13800000000", Remark: "orig_remark", DeptId: 0, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() u, err := m.FindOne(ctx, id) require.NoError(t, err, "FindOne 预热 id 维度缓存") _, err = m.FindOneByUsername(ctx, username) require.NoError(t, err, "FindOneByUsername 预热 username 维度缓存") return u, func() { conn := testutil.GetTestSqlConn() testutil.CleanTable(ctx, conn, "`sys_user`", id) } } func userCacheKeys(id int64, username string) (idKey, usernameKey string) { prefix := testutil.GetTestCachePrefix() idKey = fmt.Sprintf("%s:cache:sysUser:id:%d", prefix, id) usernameKey = fmt.Sprintf("%s:cache:sysUser:username:%s", prefix, username) return } // TC-1080: UpdateProfileWithTx 成功提交后缓存仍持旧值(证明已绕过 pre-commit DelCache) // 修复前该测试会失败:m.ExecCtx 会在 session.ExecCtx 返回时立刻清掉两把 key。 // 修复后 UpdateProfileWithTx 只走 session.ExecCtx,缓存必须保持不动,直到调用方显式 invalidate。 func TestUpdateProfileWithTx_DoesNotSelfInvalidateCache(t *testing.T) { ctx := context.Background() conn := testutil.GetTestSqlConn() m := user.NewSysUserModel(conn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) rds := redis.MustNewRedis(testutil.GetTestConfig().CacheRedis.Nodes[0].RedisConf) u, cleanup := seedUserForR12_1(t, m) t.Cleanup(cleanup) idKey, usernameKey := userCacheKeys(u.Id, u.Username) gotId, err := rds.Get(idKey) require.NoError(t, err) require.NotEmpty(t, gotId, "预置断言:id 缓存已预热") gotUn, err := rds.Get(usernameKey) require.NoError(t, err) require.NotEmpty(t, gotUn, "预置断言:username 缓存已预热") require.NoError(t, m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.UpdateProfileWithTx( c, session, u.Id, u.Username, "new_nick", u.Email, u.Phone, "new_remark", u.DeptId, u.Status, false, u.UpdateTime, ) })) // 事务已 commit,DB 里是新值;但 UpdateProfileWithTx 不得碰缓存。 // 严格契约:两把 key 必须仍存在且值为旧 payload(否则等价于 pre-commit DelCache 回归)。 gotIdAfter, err := rds.Get(idKey) require.NoError(t, err) assert.NotEmpty(t, gotIdAfter, "UpdateProfileWithTx 内部不得失效 id 维度缓存 —— "+ "若缓存被清,证明又回到 m.ExecCtx 的 pre-commit DelCache 模式,"+ "并发 FindOne 会在事务 commit 前把旧值回灌成 stale") assert.Equal(t, gotId, gotIdAfter, "缓存值必须保持不变(仍为预热时的旧 payload),一旦变动代表 UpdateProfileWithTx "+ "自作主张动了缓存") gotUnAfter, err := rds.Get(usernameKey) require.NoError(t, err) assert.NotEmpty(t, gotUnAfter, "username 维度缓存同样不得被 UpdateProfileWithTx 失效") assert.Equal(t, gotUn, gotUnAfter) // DB 确为新值:证明 session.ExecCtx 确实跑了 UPDATE,不是空操作掩盖。 var nickFromDb string require.NoError(t, conn.QueryRowCtx(ctx, &nickFromDb, "SELECT `nickname` FROM `sys_user` WHERE `id` = ?", u.Id)) assert.Equal(t, "new_nick", nickFromDb, "DB 必须已更新为新值,证明 UPDATE 真的通过 session.ExecCtx 落盘;"+ "这样缓存仍是旧值才真正构成 stale 风险场景") } // TC-1081: InvalidateProfileCache 必须同时失效 id 与 username 两把 key // 对应 fix:post-commit 阶段由调用方显式调用,一次性清理 sysUser 低层缓存。 func TestInvalidateProfileCache_DelsBothKeys(t *testing.T) { ctx := context.Background() conn := testutil.GetTestSqlConn() m := user.NewSysUserModel(conn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) rds := redis.MustNewRedis(testutil.GetTestConfig().CacheRedis.Nodes[0].RedisConf) u, cleanup := seedUserForR12_1(t, m) t.Cleanup(cleanup) idKey, usernameKey := userCacheKeys(u.Id, u.Username) idBefore, err := rds.Get(idKey) require.NoError(t, err) require.NotEmpty(t, idBefore, "预置:id 缓存已存在") unBefore, err := rds.Get(usernameKey) require.NoError(t, err) require.NotEmpty(t, unBefore, "预置:username 缓存已存在") m.InvalidateProfileCache(ctx, u.Id, u.Username) idAfter, err := rds.Get(idKey) require.NoError(t, err) assert.Empty(t, idAfter, "InvalidateProfileCache 必须失效 sysUser:id 缓存 key %q", idKey) unAfter, err := rds.Get(usernameKey) require.NoError(t, err) assert.Empty(t, unAfter, "InvalidateProfileCache 必须同时失效 sysUser:username 缓存 key %q", usernameKey) } // TC-1082: 完整两段式闭环:UpdateProfileWithTx(不碰缓存) + InvalidateProfileCache(清缓存) → 下一轮 FindOne 取到新值 // 本 TC 是修复后的正向契约:只有两步都按顺序做到,才保证业务最终从缓存读到新值。 // 若未来有人回滚到只做第一步不调 invalidate,FindOne 会返回旧值 → 本 TC 直接炸掉,不给静默回归机会。 func TestUpdateProfileWithTx_PlusInvalidateProfileCache_E2E(t *testing.T) { ctx := context.Background() conn := testutil.GetTestSqlConn() m := user.NewSysUserModel(conn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) u, cleanup := seedUserForR12_1(t, m) t.Cleanup(cleanup) require.NoError(t, m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.UpdateProfileWithTx( c, session, u.Id, u.Username, "e2e_nick", u.Email, u.Phone, "e2e_remark", u.DeptId, u.Status, false, u.UpdateTime, ) })) // Step A: 仅事务成功,缓存仍旧 → FindOne 命中缓存返回旧值 afterUpdOnly, err := m.FindOne(ctx, u.Id) require.NoError(t, err) assert.Equal(t, "orig", afterUpdOnly.Nickname, "未 invalidate 前 FindOne 必须命中缓存返回旧值,证明 UpdateProfileWithTx "+ "确实绕过了 pre-commit DelCache(否则缓存已被清,这里应当已回灌新值)") // Step B: post-commit 显式 invalidate → 下一轮 FindOne miss 后回源 DB 取新值 m.InvalidateProfileCache(ctx, u.Id, u.Username) afterInvalidate, err := m.FindOne(ctx, u.Id) require.NoError(t, err) assert.Equal(t, "e2e_nick", afterInvalidate.Nickname, "InvalidateProfileCache 后 FindOne 必须回源 DB 并得到新值;"+ "两步共同保证'事务提交 → 缓存权威'的正确顺序") assert.Equal(t, "e2e_remark", afterInvalidate.Remark, "non-status 字段也必须与 DB 一致,确保 DelCache 清到的是完整缓存行而不是部分失效") } // TC-1117: InvalidateProfileCache 在 ctx 已取消 / 已超时下仍不得 panic、不得阻塞主流程。 // 这条契约是 L-R13-5 方案 B 的核心:post-commit 缓存清理是 best-effort,ctx 异常分类 // 走 audit tag 日志,但绝不能把异常向上抛给业务流程(DB 事务已 commit,业务已成功)。 func TestInvalidateProfileCache_CanceledCtxDoesNotPanicOrBlock(t *testing.T) { conn := testutil.GetTestSqlConn() m := user.NewSysUserModel(conn, testutil.GetTestCacheConf(), testutil.GetTestCachePrefix()) u, cleanup := seedUserForR12_1(t, m) t.Cleanup(cleanup) cases := []struct { name string makeCtx func() (context.Context, context.CancelFunc) }{ { name: "already_canceled", makeCtx: func() (context.Context, context.CancelFunc) { ctx, cancel := context.WithCancel(context.Background()) cancel() return ctx, func() {} }, }, { name: "already_deadline_exceeded", makeCtx: func() (context.Context, context.CancelFunc) { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(-time.Second)) return ctx, cancel }, }, } for _, tc := range cases { tc := tc t.Run(tc.name, func(t *testing.T) { ctx, cancel := tc.makeCtx() defer cancel() done := make(chan struct{}) go func() { defer close(done) assert.NotPanics(t, func() { m.InvalidateProfileCache(ctx, u.Id, u.Username) }, "ctx 异常下 InvalidateProfileCache 必须吞错不 panic") }() select { case <-done: case <-time.After(500 * time.Millisecond): t.Fatal("InvalidateProfileCache 在 canceled ctx 下必须立即返回,不得阻塞 post-commit 路径") } }) } } // --------------------------------------------------------------------------- // M-R15-1 / L-R15-3:IncrementTokenVersionWithTx / BatchIncrementTokenVersionWithTx // // 接口契约: // - 必须在调用方提供的事务里执行(session=nil 直接 error); // - 不得自身触发 sqlc 缓存失效(与 UpdateProfileWithTx 同家族——失效由 post-commit 的 // InvalidateProfileCache 单独走); // - 事务未提交时外部 FindOne 仍看到旧 tokenVersion;rollback 必须让 DB 保持初值。 // --------------------------------------------------------------------------- // TC-1143: IncrementTokenVersionWithTx 正常路径——事务内 UPDATE,返回 DB 递增后的值。 func TestIncrementTokenVersionWithTx_ReturnsNewVersion(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "itv_tx_ok_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 3, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) var newVersion int64 require.NoError(t, m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { v, e := m.IncrementTokenVersionWithTx(c, session, id) if e != nil { return e } newVersion = v return nil })) assert.Equal(t, int64(4), newVersion, "LAST_INSERT_ID(tokenVersion+1) 必须返回 DB 真实递增后的值(4=3+1)") // 事务 commit 后再从 DB 读,确认值被持久化 fresh, err := m.FindOne(ctx, id) require.NoError(t, err) assert.Equal(t, int64(4), fresh.TokenVersion, "DB 必须持久化递增后的 tokenVersion") } // TC-1144: IncrementTokenVersionWithTx 目标行在事务内被并发删除 → affected=0 → ErrUpdateConflict。 // 与 IncrementTokenVersion 的 L-R10-3 契约对齐:不得静默返回 tokenVersion=0。 func TestIncrementTokenVersionWithTx_NotFound_ReturnsUpdateConflict(t *testing.T) { m, _ := newModel(t) ctx := context.Background() err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { _, e := m.IncrementTokenVersionWithTx(c, session, 999999999999) require.ErrorIs(t, e, user.ErrUpdateConflict, "目标行不存在时必须返回 ErrUpdateConflict,让上层事务 rollback") return nil }) require.NoError(t, err) } // TC-1145: IncrementTokenVersionWithTx session==nil → 必须返回错误(防御性编程)。 // 此契约保证调用方无法"忘了开事务"就误用——直接 nil session 等同于退化为非事务递增, // 会打破"降权吊销" = "业务 UPDATE" 的原子性语义。 func TestIncrementTokenVersionWithTx_NilSession_ReturnsError(t *testing.T) { m, _ := newModel(t) _, err := m.IncrementTokenVersionWithTx(context.Background(), nil, 1) require.Error(t, err, "nil session 必须 fail-fast,防止调用方脱离事务误用") assert.Contains(t, err.Error(), "non-nil session") } // TC-1146: 事务 rollback 时 tokenVersion 不得落盘。 // 这是"降权吊销与业务 UPDATE 原子绑定"的正向证据:UpdateMember 的 last-admin 校验 // 失败 rollback 也会把 IncrementTokenVersionWithTx 的副作用一并回滚。 func TestIncrementTokenVersionWithTx_Rollback_NoPersistence(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() username := "itv_tx_rb_" + testutil.UniqueId() res, err := m.Insert(ctx, &user.SysUser{ Username: username, Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 7, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", id) }) err = m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { _, e := m.IncrementTokenVersionWithTx(c, session, id) require.NoError(t, e) return errors.New("force rollback") }) require.Error(t, err) // 直读 DB 确认 rollback 后 tokenVersion 仍是 7(绕过缓存读法:FindOne 也能测到,因为 // IncrementTokenVersionWithTx 不自身失效缓存,事务 rollback 后缓存依旧是入口时写入的 7) var tv int64 require.NoError(t, conn.QueryRowCtx(ctx, &tv, "SELECT `tokenVersion` FROM `sys_user` WHERE `id` = ?", id)) assert.Equal(t, int64(7), tv, "事务 rollback 后 tokenVersion 必须保持初值,否则业务失败会把合法用户莫名踢下线") } // TC-1147: BatchIncrementTokenVersionWithTx 正常路径——多用户同时 +1。 func TestBatchIncrementTokenVersionWithTx_BumpsAll(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() var ids []int64 for i := 0; i < 3; i++ { res, err := m.Insert(ctx, &user.SysUser{ Username: fmt.Sprintf("bitv_ok_%d_%s", i, testutil.UniqueId()), Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: int64(10 + i), CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() ids = append(ids, id) } t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", ids...) }) require.NoError(t, m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { return m.BatchIncrementTokenVersionWithTx(c, session, ids) })) for i, id := range ids { var tv int64 require.NoError(t, conn.QueryRowCtx(ctx, &tv, "SELECT `tokenVersion` FROM `sys_user` WHERE `id` = ?", id)) assert.Equal(t, int64(10+i+1), tv, "id=%d tokenVersion 必须 +1(初值=%d)", id, 10+i) } } // TC-1148: BatchIncrementTokenVersionWithTx 空 ids 不得报错,也不得触达 DB。 // 对应 UpdateProduct 空活跃成员场景:若此方法对 []int64{} 误抛错,会让禁用产品事务整体 rollback。 func TestBatchIncrementTokenVersionWithTx_EmptyIds_NoOp(t *testing.T) { m, _ := newModel(t) ctx := context.Background() require.NoError(t, m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { require.NoError(t, m.BatchIncrementTokenVersionWithTx(c, session, nil)) require.NoError(t, m.BatchIncrementTokenVersionWithTx(c, session, []int64{})) return nil })) } // TC-1149: BatchIncrementTokenVersionWithTx nil session → error。 func TestBatchIncrementTokenVersionWithTx_NilSession_ReturnsError(t *testing.T) { m, _ := newModel(t) err := m.BatchIncrementTokenVersionWithTx(context.Background(), nil, []int64{1, 2}) require.Error(t, err) assert.Contains(t, err.Error(), "non-nil session") } // TC-1150: BatchIncrementTokenVersionWithTx rollback 后 tokenVersion 全部回滚。 // 覆盖"产品禁用事务中途失败必须整体回滚"的原子性边界—— // 若 Batch UPDATE 走独立连接(而不是 session),事务 rollback 无法撤销,则本用例直接炸。 func TestBatchIncrementTokenVersionWithTx_Rollback_NoPersistence(t *testing.T) { m, conn := newModel(t) ctx := context.Background() now := time.Now().Unix() var ids []int64 for i := 0; i < 2; i++ { res, err := m.Insert(ctx, &user.SysUser{ Username: fmt.Sprintf("bitv_rb_%d_%s", i, testutil.UniqueId()), Password: "x", Nickname: "n", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2, Status: 1, TokenVersion: 50, CreateTime: now, UpdateTime: now, }) require.NoError(t, err) id, _ := res.LastInsertId() ids = append(ids, id) } t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", ids...) }) err := m.TransactCtx(ctx, func(c context.Context, session sqlx.Session) error { if e := m.BatchIncrementTokenVersionWithTx(c, session, ids); e != nil { return e } return errors.New("force rollback after batch update") }) require.Error(t, err) for _, id := range ids { var tv int64 require.NoError(t, conn.QueryRowCtx(ctx, &tv, "SELECT `tokenVersion` FROM `sys_user` WHERE `id` = ?", id)) assert.Equal(t, int64(50), tv, "id=%d rollback 后 tokenVersion 必须保持初值", id) } }