Начало Каталог Помощ
Вход
weiym
/
perms-system-server
1
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
ИН на ревизия: 30b0369738
Клонове Маркери
perms-system...
/
internal
/
logic
/
pub
/
syncPerms404_audit_test.go

syncPerms404_audit_test.go 5.2 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. package pub
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"testing"
    6. 

  6. 

  7. 	productModel "perms-system-server/internal/model/product"
    8. 

  8. 	"perms-system-server/internal/response"
    9. 

  9. 	"perms-system-server/internal/testutil/mocks"
    10. 

  10. 	"perms-system-server/internal/types"
    11. 

  11. 

  12. 	"github.com/stretchr/testify/assert"
    13. 

  13. 	"github.com/stretchr/testify/require"
    14. 

  14. 	"github.com/zeromicro/go-zero/core/stores/sqlx"
    15. 

  15. 	"go.uber.org/mock/gomock"
    16. 

  16. 	"golang.org/x/crypto/bcrypt"
    17. 

  17. )
    18. 

  18. 

  19. // ---------------------------------------------------------------------------
    20. 

  20. // 覆盖目标:审计 M-2(第 8 轮)—— SyncPermsError{Code: 404} 必须被 REST 侧映射为 HTTP 404
    21. 

  21. // "产品不存在"(ErrNotFound),而不是 default 分支里 err 的原文。
    22. 

  22. //
    23. 

  23. // 404 的触发条件:
    24. 

  24. //   前置 FindOneByAppKey 已经拉到产品行(走通 401/403 校验),但事务内 LockByCodeTx 再查
    25. 

  25. //   同一产品码时 sqlx.ErrNotFound —— 即事务打开前后并发有人把产品删了。目前仓库里没有
    26. 

  26. //   DeleteProduct Logic,该分支在生产里还到不了;但契约必须稳,否则将来加 DeleteProduct
    27. 

  27. //   时前端/SDK 分类会错乱。
    28. 

  28. //
    29. 

  29. // 命名规则:TC-0979
    30. 

  30. // ---------------------------------------------------------------------------
    31. 

  31. 

  32. // TC-0979: REST SyncPerms —— tx 内 LockByCodeTx ErrNotFound → HTTP 404
    33. 

  33. func TestSyncPerms_LockByCodeTxNotFound_MapsToHTTP404(t *testing.T) {
    34. 

  34. 	ctrl := gomock.NewController(t)
    35. 

  35. 	defer ctrl.Finish()
    36. 

  36. 

  37. 	hashedSecret, err := bcrypt.GenerateFromPassword([]byte("m2_secret"), bcrypt.MinCost)
    38. 

  38. 	require.NoError(t, err)
    39. 

  39. 

  40. 	mockProduct := mocks.NewMockSysProductModel(ctrl)
    41. 

  41. 	mockProduct.EXPECT().FindOneByAppKey(gomock.Any(), "m2_key").
    42. 

  42. 		Return(&productModel.SysProduct{
    43. 

  43. 			Id: 1, Code: "m2_prod", AppKey: "m2_key",
    44. 

  44. 			AppSecret: string(hashedSecret), Status: 1,
    45. 

  45. 		}, nil)
    46. 

  46. 	// 关键:tx 内 LockByCodeTx 拿到 ErrNotFound → service 返回 SyncPermsError{Code:404, "产品不存在"}。
    47. 

  47. 	mockProduct.EXPECT().LockByCodeTx(gomock.Any(), gomock.Any(), "m2_prod").
    48. 

  48. 		Return((*productModel.SysProduct)(nil), sqlx.ErrNotFound)
    49. 

  49. 

  50. 	mockPerm := mocks.NewMockSysPermModel(ctrl)
    51. 

  51. 	mockPerm.EXPECT().TransactCtx(gomock.Any(), gomock.Any()).
    52. 

  52. 		DoAndReturn(func(ctx context.Context, fn func(context.Context, sqlx.Session) error) error {
    53. 

  53. 			return fn(ctx, nil)
    54. 

  54. 		})
    55. 

  55. 

  56. 	svcCtx := mocks.NewMockServiceContext(mocks.MockModels{Product: mockProduct, Perm: mockPerm})
    57. 

  57. 

  58. 	logic := NewSyncPermsLogic(context.Background(), svcCtx)
    59. 

  59. 	resp, err := logic.SyncPerms(&types.SyncPermsReq{
    60. 

  60. 		AppKey: "m2_key", AppSecret: "m2_secret",
    61. 

  61. 		Perms: []types.SyncPermItem{{Code: "p1", Name: "P1"}},
    62. 

  62. 	})
    63. 

  63. 

  64. 	assert.Nil(t, resp)
    65. 

  65. 	require.Error(t, err, "M-2:tx 内产品消失必须返回错误")
    66. 

  66. 

  67. 	var ce *response.CodeError
    68. 

  68. 	require.ErrorAs(t, err, &ce,
    69. 

  69. 		"M-2:必须映射成 response.CodeError 结构化错误,不能透传 SyncPermsError 原文")
    70. 

  70. 	assert.Equal(t, 404, ce.Code(),
    71. 

  71. 		"M-2:SyncPermsError{Code:404} 必须落到 HTTP 404 分支;若仍是 500 说明 syncPermsLogic 的 switch 缺少 404 case")
    72. 

  72. 	assert.Equal(t, "产品不存在", ce.Error(), "M-2:保留原始语义文案")
    73. 

  73. }
    74. 

  74. 

  75. // TC-0980(负值域对称):未映射的 se.Code(例如 500)依旧走 default,原样透传,不得被误收进 404。
    76. 

  76. // 防御未来有人想"把所有 SyncPermsError 都按 404 处理"的随手改动。
    77. 

  77. func TestSyncPerms_UnmappedSyncPermsErrCode_StillFallsThroughDefault(t *testing.T) {
    78. 

  78. 	ctrl := gomock.NewController(t)
    79. 

  79. 	defer ctrl.Finish()
    80. 

  80. 

  81. 	hashedSecret, err := bcrypt.GenerateFromPassword([]byte("m2_secret"), bcrypt.MinCost)
    82. 

  82. 	require.NoError(t, err)
    83. 

  83. 

  84. 	mockProduct := mocks.NewMockSysProductModel(ctrl)
    85. 

  85. 	mockProduct.EXPECT().FindOneByAppKey(gomock.Any(), "m2_key2").
    86. 

  86. 		Return(&productModel.SysProduct{
    87. 

  87. 			Id: 1, Code: "m2_prod2", AppKey: "m2_key2",
    88. 

  88. 			AppSecret: string(hashedSecret), Status: 1,
    89. 

  89. 		}, nil)
    90. 

  90. 	// 审计 M-R10-1:LockByCodeTx 拿到的行必须 Status=1 才能继续进入 diff 逻辑
    91. 

  91. 	mockProduct.EXPECT().LockByCodeTx(gomock.Any(), gomock.Any(), "m2_prod2").
    92. 

  92. 		Return(&productModel.SysProduct{Id: 1, Code: "m2_prod2", Status: 1}, nil)
    93. 

  93. 

  94. 	mockPerm := mocks.NewMockSysPermModel(ctrl)
    95. 

  95. 	mockPerm.EXPECT().FindMapByProductCodeWithTx(gomock.Any(), gomock.Any(), "m2_prod2").
    96. 

  96. 		Return(nil, assertAnyErr("internal storage bug"))
    97. 

  97. 	mockPerm.EXPECT().TransactCtx(gomock.Any(), gomock.Any()).
    98. 

  98. 		DoAndReturn(func(ctx context.Context, fn func(context.Context, sqlx.Session) error) error {
    99. 

  99. 			return fn(ctx, nil)
    100. 

  100. 		})
    101. 

  101. 

  102. 	svcCtx := mocks.NewMockServiceContext(mocks.MockModels{Product: mockProduct, Perm: mockPerm})
    103. 

  103. 

  104. 	logic := NewSyncPermsLogic(context.Background(), svcCtx)
    105. 

  105. 	_, err = logic.SyncPerms(&types.SyncPermsReq{
    106. 

  106. 		AppKey: "m2_key2", AppSecret: "m2_secret",
    107. 

  107. 		Perms: []types.SyncPermItem{{Code: "p1", Name: "P1"}},
    108. 

  108. 	})
    109. 

  109. 

  110. 	require.Error(t, err)
    111. 

  111. 	var se *SyncPermsError
    112. 

  112. 	require.ErrorAs(t, err, &se, "M-2:未映射 code 走 default,原 SyncPermsError 被原样透传")
    113. 

  113. 	assert.Equal(t, 500, se.Code, "M-2:500 必须保持 500 原语义,不得被误归类为 404")
    114. 

  114. 	var ce *response.CodeError
    115. 

  115. 	assert.False(t, assert.ObjectsAreEqual(err, ce),
    116. 

  116. 		"M-2:500 分支绝不能被映射成 response.CodeError{Code:404}")
    117. 

  117. }
    118. 

  118. 

  119. // assertAnyErr 构造任意错误,用来模拟 tx 内非业务分支错误。
    120. 

  120. func assertAnyErr(msg string) error {
    121. 

  121. 	return &localErr{s: msg}
    122. 

  122. }
    123. 

  123. 

  124. type localErr struct{ s string }
    125. 

  125. 

  126. func (e *localErr) Error() string { return e.s }
    127.