fix: enforce resource ownership checks

2026-05-28 17:28:08 +08:00
parent 7eb5f9c7d4
commit 11232177d9
4 changed files with 209 additions and 22 deletions
--- a/internal/api/handler/webhook_handler_test.go
+++ b/internal/api/handler/webhook_handler_test.go
@@ -359,9 +359,9 @@ func TestWebhookHandler_DeleteWebhook_NotFound(t *testing.T) {
 	resp := doRequestWithCheck(t, "DELETE", server.URL+"/api/v1/webhooks/99999", token, nil)
 	defer resp.Body.Close()

-	// Delete is idempotent - returns 200 even if not found
-	if resp.StatusCode != http.StatusOK {
-		t.Fatalf("expected status 200, got %d", resp.StatusCode)
+	// 先做归属/存在性校验，不存在的 webhook 返回 404
+	if resp.StatusCode != http.StatusNotFound {
+		t.Fatalf("expected status 404, got %d", resp.StatusCode)
 	}
 }