easyai-ai-gateway/apps/api/cmd/migrate/main_test.go
chengcheng 96bbd3a2f6 feat(identity): 实现接入码配对后台流程
Gateway 使用一次性接入码创建 Exchange,将 Exchange Token、机器凭据与 Session Key 仅写入 SecretStore,并持久化脱敏配对进度。\n\n资源就绪后先保存凭据和 Manifest,再自动准备 SSF,最后确认远端 Exchange;SecretStore 失败时保持 ready,重试会触发新 Secret 轮换,不回放旧值。\n\n验证:go test ./...;go vet ./...
2026-07-17 11:55:24 +08:00

88 lines
3.0 KiB
Go

package main
import (
"os"
"strings"
"testing"
)
func TestSecurityEventIdempotencyRepairMigrationExists(t *testing.T) {
payload, err := os.ReadFile("../../migrations/0064_security_event_connection_idempotency_repair.sql")
if err != nil {
t.Fatalf("read repair migration: %v", err)
}
sql := string(payload)
for _, statement := range []string{
"CREATE TABLE IF NOT EXISTS gateway_security_event_connection_idempotency",
"CREATE INDEX IF NOT EXISTS idx_gateway_security_event_connection_idempotency_created",
} {
if !strings.Contains(sql, statement) {
t.Fatalf("repair migration is missing %q", statement)
}
}
}
func TestSecurityEventVerificationStateRepairMigrationExists(t *testing.T) {
payload, err := os.ReadFile("../../migrations/0065_security_event_verification_state_repair.sql")
if err != nil {
t.Fatalf("read verification state repair migration: %v", err)
}
sql := string(payload)
for _, statement := range []string{
"ADD COLUMN IF NOT EXISTS stream_status",
"ADD COLUMN IF NOT EXISTS created_at",
"CREATE TABLE IF NOT EXISTS gateway_security_event_verification_challenges",
"CREATE INDEX IF NOT EXISTS idx_gateway_security_event_challenges_expiry",
} {
if !strings.Contains(sql, statement) {
t.Fatalf("verification state repair migration is missing %q", statement)
}
}
}
func TestIdentityConfigurationRevisionMigrationDefinesSecretReferencesAndSingleActiveRevision(t *testing.T) {
payload, err := os.ReadFile("../../migrations/0067_identity_configuration_revisions.sql")
if err != nil {
t.Fatal(err)
}
content := string(payload)
for _, required := range []string{
"CREATE TABLE IF NOT EXISTS gateway_identity_configuration_revisions",
"machine_credential_ref text",
"session_encryption_key_ref text",
"WHERE state = 'active'",
"CHECK (state IN ('draft','validated','active','superseded','failed'))",
} {
if !strings.Contains(content, required) {
t.Fatalf("identity configuration migration is missing %q", required)
}
}
for _, forbidden := range []string{"machine_secret", "client_secret", "exchange_token text", "onboarding_code text"} {
if strings.Contains(strings.ToLower(content), forbidden) {
t.Fatalf("identity configuration migration stores forbidden secret field %q", forbidden)
}
}
}
func TestIdentityOnboardingExchangeMigrationStoresOnlySecretReferences(t *testing.T) {
payload, err := os.ReadFile("../../migrations/0068_identity_onboarding_exchanges.sql")
if err != nil {
t.Fatal(err)
}
content := strings.ToLower(string(payload))
for _, required := range []string{
"create table if not exists gateway_identity_onboarding_exchanges",
"exchange_token_ref text not null",
"security_event_configuration_url text",
} {
if !strings.Contains(content, required) {
t.Fatalf("identity onboarding migration is missing %q", required)
}
}
for _, forbidden := range []string{"exchange_token text", "onboarding_code", "client_secret", "machine_secret"} {
if strings.Contains(content, forbidden) {
t.Fatalf("identity onboarding migration stores forbidden secret field %q", forbidden)
}
}
}