92a03aeafd
页面 / PWA 关闭、或桌面窗口非前台时,收到文件、消息、传输完成 / 失败以系统通知提醒。
判定统一为「页面打开走应用内提示,否则系统通知」,三端各自落地;网页端的判定直接复用
Hub.SendTo 的投递结果,零额外状态。
- Web Push(VAPID,账号无关):服务端 internal/push.Sender 在事件未经 SSE 投递到目标
设备时(即该设备页面已关)发推送,文案按订阅 locale 在服务端渲染(中简 / 中繁 / 英)、
404 / 410 自动清理死订阅;新增 push_subscriptions 表(含 locale,主键为 endpoint 的
SHA-256 以幂等 upsert)+ /api/push/{vapid-key, subscribe POST/DELETE} 端点
- 事件挂接:transfer:incoming / message(离线返 202,文本随推送送达)/ transfer:state
DONE|FAILED,均未投递才推
- 配置 CDROP_VAPID_PUBLIC_KEY / CDROP_VAPID_PRIVATE_KEY(半对即拒启动,都空则推送惰性
关闭)+ just vapid-keygen 生成工具(cmd/vapidgen)
- 前端:service worker 加 push / notificationclick(仍不拦截 /api 与导航);net/push.ts
订阅管理 + push store slice + 设置页「推送通知」面板(仅浏览器 / PWA);登录后 resyncPush
把既有订阅重新登记到当前用户,换用户 / endpoint 轮换 / 切换语言皆自愈
- 桌面原生通知:platform/notify_{darwin,windows,other}.go + notify_darwin.m,仅窗口非
前台时弹原生通知(macOS UNUserNotificationCenter,未签名时安全空操作、待签名后显示;
Windows go-toast 即用);app.go ShowNotification 绑定,前端 notifyNativeIfBackground
复用 hub 事件分发 + 客户端本地化
- 文档:README / .env.example / compose 模板补 CDROP_VAPID_* 配置
注:sqlc v1.31.1 对 query 文件里的多字节字符会错位偏移、生成损坏 SQL,故 query 注释保持纯
ASCII(文件内留有警示)。
135 lines
4.4 KiB
Go
135 lines
4.4 KiB
Go
package config
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestValidate_DevRequiresDevToken(t *testing.T) {
|
|
c := &Config{AuthMode: "dev", DevToken: ""}
|
|
err := c.validate()
|
|
if err == nil {
|
|
t.Fatal("dev mode without DevToken must reject; got nil error")
|
|
}
|
|
if !strings.Contains(err.Error(), "CDROP_DEV_TOKEN") {
|
|
t.Errorf("error must mention CDROP_DEV_TOKEN; got %q", err.Error())
|
|
}
|
|
}
|
|
|
|
func TestValidate_DevWithDevTokenOK(t *testing.T) {
|
|
c := &Config{AuthMode: "dev", DevToken: "x"}
|
|
if err := c.validate(); err != nil {
|
|
t.Fatalf("dev with token should pass; got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidate_ProdOK(t *testing.T) {
|
|
c := &Config{AuthMode: "prod", OIDCAudience: "cdrop-web,cdrop-desktop", SessionSecret: "s3cr3t"}
|
|
if err := c.validate(); err != nil {
|
|
t.Fatalf("prod mode with audience + session secret should pass; got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidate_ProdRequiresSessionSecret(t *testing.T) {
|
|
// SessionSecret keys at-rest encryption of browser refresh_tokens; without it
|
|
// passwordless re-login can't run safely. Refuse to boot in prod.
|
|
c := &Config{AuthMode: "prod", OIDCAudience: "cdrop-web", SessionSecret: ""}
|
|
err := c.validate()
|
|
if err == nil {
|
|
t.Fatal("prod without CDROP_SESSION_SECRET must reject; got nil error")
|
|
}
|
|
if !strings.Contains(err.Error(), "CDROP_SESSION_SECRET") {
|
|
t.Errorf("error must mention CDROP_SESSION_SECRET; got %q", err.Error())
|
|
}
|
|
}
|
|
|
|
func TestValidate_ProdRequiresAudience(t *testing.T) {
|
|
// R6: prod with an empty audience leaves RS256 audience checking off, so a
|
|
// token minted for any sibling app sharing the JWKS would validate. Refuse.
|
|
c := &Config{AuthMode: "prod", OIDCAudience: ""}
|
|
err := c.validate()
|
|
if err == nil {
|
|
t.Fatal("prod without CDROP_OIDC_AUDIENCE must reject; got nil error")
|
|
}
|
|
if !strings.Contains(err.Error(), "CDROP_OIDC_AUDIENCE") {
|
|
t.Errorf("error must mention CDROP_OIDC_AUDIENCE; got %q", err.Error())
|
|
}
|
|
}
|
|
|
|
func TestValidate_VAPIDHalfPairRejected(t *testing.T) {
|
|
// A single VAPID key is always an operator mistake: every push would fail at
|
|
// runtime while the feature reads as "on". Reject either half alone.
|
|
pubOnly := &Config{AuthMode: "dev", DevToken: "x", VAPIDPublicKey: "pub"}
|
|
if err := pubOnly.validate(); err == nil {
|
|
t.Fatal("public key without private must reject")
|
|
}
|
|
privOnly := &Config{AuthMode: "dev", DevToken: "x", VAPIDPrivateKey: "priv"}
|
|
if err := privOnly.validate(); err == nil {
|
|
t.Fatal("private key without public must reject")
|
|
}
|
|
}
|
|
|
|
func TestValidate_VAPIDBothOrNeitherOK(t *testing.T) {
|
|
both := &Config{AuthMode: "dev", DevToken: "x", VAPIDPublicKey: "pub", VAPIDPrivateKey: "priv"}
|
|
if err := both.validate(); err != nil {
|
|
t.Fatalf("both VAPID keys should pass; got %v", err)
|
|
}
|
|
if !both.PushEnabled() {
|
|
t.Fatal("PushEnabled should be true when both keys set")
|
|
}
|
|
neither := &Config{AuthMode: "dev", DevToken: "x"}
|
|
if err := neither.validate(); err != nil {
|
|
t.Fatalf("no VAPID keys should pass (push disabled); got %v", err)
|
|
}
|
|
if neither.PushEnabled() {
|
|
t.Fatal("PushEnabled should be false when no keys set")
|
|
}
|
|
}
|
|
|
|
func TestVAPIDSubjectOrDefault(t *testing.T) {
|
|
explicit := &Config{VAPIDSubject: "mailto:ops@example.com"}
|
|
if got := explicit.VAPIDSubjectOrDefault(); got != "mailto:ops@example.com" {
|
|
t.Fatalf("explicit subject: got %q", got)
|
|
}
|
|
derived := &Config{OIDCRedirectURI: "https://drop.example.com/oauth/callback"}
|
|
if got := derived.VAPIDSubjectOrDefault(); got != "https://drop.example.com" {
|
|
t.Fatalf("derived subject: got %q, want scheme://host", got)
|
|
}
|
|
fallback := &Config{}
|
|
if got := fallback.VAPIDSubjectOrDefault(); !strings.HasPrefix(got, "https://") {
|
|
t.Fatalf("fallback subject should be an https URL; got %q", got)
|
|
}
|
|
}
|
|
|
|
func TestValidate_UnknownMode(t *testing.T) {
|
|
c := &Config{AuthMode: "rogue"}
|
|
err := c.validate()
|
|
if err == nil {
|
|
t.Fatal("unknown auth mode must reject")
|
|
}
|
|
}
|
|
|
|
func TestLoad_EnvOverridesDefaults(t *testing.T) {
|
|
t.Setenv("CDROP_AUTH_MODE", "dev")
|
|
t.Setenv("CDROP_DEV_TOKEN", "abc")
|
|
t.Setenv("CDROP_LISTEN", ":9090")
|
|
t.Setenv("CDROP_DB_PATH", "/tmp/x.db")
|
|
|
|
cfg, err := Load()
|
|
if err != nil {
|
|
t.Fatalf("load: %v", err)
|
|
}
|
|
if cfg.AuthMode != "dev" {
|
|
t.Errorf("AuthMode: got %q, want %q", cfg.AuthMode, "dev")
|
|
}
|
|
if cfg.DevToken != "abc" {
|
|
t.Errorf("DevToken: got %q, want %q", cfg.DevToken, "abc")
|
|
}
|
|
if cfg.Listen != ":9090" {
|
|
t.Errorf("Listen: got %q, want %q", cfg.Listen, ":9090")
|
|
}
|
|
if cfg.DBPath != "/tmp/x.db" {
|
|
t.Errorf("DBPath: got %q, want %q", cfg.DBPath, "/tmp/x.db")
|
|
}
|
|
}
|