weiym
/
perms-system-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
							package server

import (
	"context"
	"testing"

	productModel "perms-system-server/internal/model/product"
	pub "perms-system-server/internal/logic/pub"
	"perms-system-server/internal/testutil/mocks"
	"perms-system-server/pb"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/zeromicro/go-zero/core/stores/sqlx"
	"go.uber.org/mock/gomock"
	"golang.org/x/crypto/bcrypt"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
)

// ---------------------------------------------------------------------------
// 审计 M-2（第 8 轮）—— PermServer.SyncPermissions gRPC 侧必须把 SyncPermsError{Code:404}
// 映射为 codes.NotFound；此前落到 default 分支时会被统一为 codes.Internal，使接入方 SDK
// 把"产品不存在"当作系统故障触发重试/告警。
//
// TC 编号：TC-0981（404→NotFound），TC-0982（未识别 code 仍走 Internal 防止误收）。
// ---------------------------------------------------------------------------

// TC-0981: gRPC 404 → codes.NotFound（配合 permserver.go:81 的 case 404 分支）。
func TestSyncPermissions_gRPC_LockByCodeTxNotFound_MapsToCodesNotFound(t *testing.T) {
	ctrl := gomock.NewController(t)
	defer ctrl.Finish()

	hashedSecret, err := bcrypt.GenerateFromPassword([]byte("m2_secret_grpc"), bcrypt.MinCost)
	require.NoError(t, err)

	mockProduct := mocks.NewMockSysProductModel(ctrl)
	mockProduct.EXPECT().FindOneByAppKey(gomock.Any(), "m2_grpc_key").
		Return(&productModel.SysProduct{
			Id: 1, Code: "m2_grpc_prod", AppKey: "m2_grpc_key",
			AppSecret: string(hashedSecret), Status: 1,
		}, nil)
	// LockByCodeTx 命中 sqlx.ErrNotFound → service 内部构造 SyncPermsError{Code:404}。
	mockProduct.EXPECT().LockByCodeTx(gomock.Any(), gomock.Any(), "m2_grpc_prod").
		Return((*productModel.SysProduct)(nil), sqlx.ErrNotFound)

	mockPerm := mocks.NewMockSysPermModel(ctrl)
	mockPerm.EXPECT().TransactCtx(gomock.Any(), gomock.Any()).
		DoAndReturn(func(ctx context.Context, fn func(context.Context, sqlx.Session) error) error {
			return fn(ctx, nil)
		})

	svcCtx := mocks.NewMockServiceContext(mocks.MockModels{Product: mockProduct, Perm: mockPerm})
	srv := NewPermServer(svcCtx)

	_, err = srv.SyncPermissions(context.Background(), &pb.SyncPermissionsReq{
		AppKey: "m2_grpc_key", AppSecret: "m2_secret_grpc",
		Perms: []*pb.PermItem{{Code: "p1", Name: "P1"}},
	})

	require.Error(t, err, "M-2：tx 内产品消失必须返回 gRPC 错误")
	st, ok := status.FromError(err)
	require.True(t, ok, "M-2：必须是 gRPC status.Error，不得为裸 error")
	assert.Equal(t, codes.NotFound, st.Code(),
		"M-2：SyncPermsError{Code:404} 必须映射为 codes.NotFound；若仍为 codes.Internal，"+
			"说明 permserver.go 的 switch 缺少 case 404，接入方 SDK 会把业务未命中当作系统故障重试")
	assert.Equal(t, "产品不存在", st.Message(), "M-2：保留原始语义文案")
}

// TC-0982: 未映射的 SyncPermsError.Code（例如 500）必须继续落到 codes.Internal。
// 防御未来有人错误"兜底"把所有 SyncPermsError 全部变 NotFound。
func TestSyncPermissions_gRPC_UnmappedCode_StaysInternal(t *testing.T) {
	ctrl := gomock.NewController(t)
	defer ctrl.Finish()

	hashedSecret, err := bcrypt.GenerateFromPassword([]byte("m2_secret_grpc"), bcrypt.MinCost)
	require.NoError(t, err)

	mockProduct := mocks.NewMockSysProductModel(ctrl)
	mockProduct.EXPECT().FindOneByAppKey(gomock.Any(), "m2_grpc_key2").
		Return(&productModel.SysProduct{
			Id: 1, Code: "m2_grpc_prod2", AppKey: "m2_grpc_key2",
			AppSecret: string(hashedSecret), Status: 1,
		}, nil)
	mockProduct.EXPECT().LockByCodeTx(gomock.Any(), gomock.Any(), "m2_grpc_prod2").
		Return(&productModel.SysProduct{Id: 1, Code: "m2_grpc_prod2"}, nil)

	mockPerm := mocks.NewMockSysPermModel(ctrl)
	mockPerm.EXPECT().FindMapByProductCodeWithTx(gomock.Any(), gomock.Any(), "m2_grpc_prod2").
		Return(nil, &pub.SyncPermsError{Code: 500, Message: "any low-level"})
	mockPerm.EXPECT().TransactCtx(gomock.Any(), gomock.Any()).
		DoAndReturn(func(ctx context.Context, fn func(context.Context, sqlx.Session) error) error {
			return fn(ctx, nil)
		})

	svcCtx := mocks.NewMockServiceContext(mocks.MockModels{Product: mockProduct, Perm: mockPerm})
	srv := NewPermServer(svcCtx)

	_, err = srv.SyncPermissions(context.Background(), &pb.SyncPermissionsReq{
		AppKey: "m2_grpc_key2", AppSecret: "m2_secret_grpc",
		Perms: []*pb.PermItem{{Code: "p1", Name: "P1"}},
	})

	require.Error(t, err)
	st, ok := status.FromError(err)
	require.True(t, ok)
	assert.Equal(t, codes.Internal, st.Code(),
		"M-2：未识别的 SyncPermsError.Code 必须仍落到 codes.Internal，不得被"+
			"一刀切映射成 codes.NotFound 掩盖真正的系统故障")
}