Files
admin f21fa5b5e8 cdrop — 跨 OS 剪贴板与文件传输服务
Commilitia Drop:自托管的跨设备剪贴板同步与点对点文件传输。

- 后端 Go(chi / SQLite WAL / SSE Hub / WebRTC signaling + 状态机 / Relay ring buffer),编译进单个 distroless 镜像(前端 go:embed)。
- 前端 React + TanStack Router + Zustand,自实现 SSE + WebRTC P2P,NAT 受阻时回退服务端中继;聚珍(Juzhen)CJK 综合排版。
- 桌面端 Wails v2(macOS / Windows),瘦客户端复用 web。
- 鉴权 OIDC PKCE(自建 Casdoor 等),refresh_token 信封加密存系统密钥库;iOS Shortcut 用 HS256 scoped token。

架构文档与变更记录见 docs 分支(PROJECT_BRIEF / FRONTEND_DESIGN / CHANGELOG)。

本次为公开发布初始提交:完整开发历史(含部署细节)留存于私有归档,公开仓库自此干净起步。
2026-06-15 21:38:28 +08:00

95 lines
2.8 KiB
Go

package platform
import (
"encoding/base64"
"encoding/json"
"testing"
)
// makeJWT builds a syntactically valid (unsigned) JWT carrying the given claims.
// UserFromToken never verifies the signature, so a dummy header + sig suffice.
func makeJWT(claims map[string]any) string {
payload, _ := json.Marshal(claims)
seg := base64.RawURLEncoding.EncodeToString(payload)
return "eyJhbGciOiJSUzI1NiJ9." + seg + ".sig"
}
func TestUserFromTokenPrefersIDToken(t *testing.T) {
idTok := makeJWT(map[string]any{"sub": "u-1", "preferred_username": "alice"})
accessTok := makeJWT(map[string]any{"sub": "u-1", "name": "bob"})
u, err := UserFromToken(idTok, accessTok)
if err != nil {
t.Fatalf("UserFromToken: %v", err)
}
if u.ID != "u-1" {
t.Errorf("id: got %q, want u-1", u.ID)
}
if u.Name != "alice" {
t.Errorf("name should come from id_token preferred_username, got %q", u.Name)
}
}
func TestUserFromTokenNamePriority(t *testing.T) {
cases := []struct {
name string
claims map[string]any
want string
}{
{"preferred_username wins", map[string]any{"sub": "s", "preferred_username": "p", "name": "n", "email": "e"}, "p"},
{"name when no preferred", map[string]any{"sub": "s", "name": "n", "email": "e"}, "n"},
{"email when no name", map[string]any{"sub": "s", "email": "e@x"}, "e@x"},
{"sub as last resort", map[string]any{"sub": "s"}, "s"},
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
u, err := UserFromToken(makeJWT(c.claims), "")
if err != nil {
t.Fatalf("UserFromToken: %v", err)
}
if u.Name != c.want {
t.Errorf("name: got %q, want %q", u.Name, c.want)
}
})
}
}
func TestUserFromTokenAvatarPriority(t *testing.T) {
u, _ := UserFromToken(makeJWT(map[string]any{
"sub": "s", "avatar": "a.png", "picture": "p.png",
}), "")
if u.Avatar != "a.png" {
t.Errorf("avatar should prefer 'avatar' claim, got %q", u.Avatar)
}
u2, _ := UserFromToken(makeJWT(map[string]any{"sub": "s", "picture": "p.png"}), "")
if u2.Avatar != "p.png" {
t.Errorf("avatar should fall back to 'picture', got %q", u2.Avatar)
}
u3, _ := UserFromToken(makeJWT(map[string]any{"sub": "s"}), "")
if u3.Avatar != "" {
t.Errorf("avatar should be empty when no claim, got %q", u3.Avatar)
}
}
func TestUserFromTokenFallsBackToAccessToken(t *testing.T) {
accessTok := makeJWT(map[string]any{"sub": "u-9", "name": "carol"})
u, err := UserFromToken("", accessTok)
if err != nil {
t.Fatalf("UserFromToken: %v", err)
}
if u.ID != "u-9" || u.Name != "carol" {
t.Errorf("fallback to access_token failed: %+v", u)
}
}
func TestUserFromTokenRejectsGarbage(t *testing.T) {
if _, err := UserFromToken("not-a-jwt", ""); err == nil {
t.Error("expected error for non-JWT token")
}
if _, err := UserFromToken("a.!!!notbase64!!!.c", ""); err == nil {
t.Error("expected error for undecodable payload")
}
}