long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
146 Commits 3 Branches 0 Tags
0d977c6d0cd22752abab9ed940234ced6a3f637a
Commit Graph

146 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Your Name
0d977c6d0c test: add comprehensive RBAC handler tests for roles and permissions 
Add 35+ test functions covering Role and Permission management:

RoleHandler Tests:
- CreateRole_Success: create role with code/name/description
- CreateRole_MissingCode: validation required field
- CreateRole_MissingName: validation required field
- CreateRole_DuplicateCode: conflict handling
- CreateRole_NonAdmin_Forbidden: admin-only protection
- ListRoles_Success: list all roles
- ListRoles_Pagination: page/page_size parameters
- GetRole_Success: retrieve role details
- GetRole_NotFound: 404 for missing role
- GetRole_InvalidID: 400 for invalid ID
- UpdateRole_Success: modify role properties
- UpdateRole_NotFound: 404 for missing role
- UpdateRole_InvalidID: 400 for invalid ID
- UpdateRole_NonAdmin_Forbidden: admin-only protection
- DeleteRole_Success: remove role
- DeleteRole_NotFound: 404 for missing role
- DeleteRole_InvalidID: 400 for invalid ID
- DeleteRole_NonAdmin_Forbidden: admin-only protection
- UpdateRoleStatus_Success: enable/disable role
- UpdateRoleStatus_InvalidStatus: reject invalid status
- GetRolePermissions_Success: list role's permissions
- AssignPermissions_Success: assign permissions to role

PermissionHandler Tests:
- CreatePermission_Success: create permission with code/resource/action
- ListPermissions_Success: list all permissions
- GetPermission_Success: retrieve permission details
- GetPermission_NotFound: 404 for missing permission
- GetPermission_InvalidID: 400 for invalid ID
- UpdatePermission_Success: modify permission
- UpdatePermission_NotFound: 404 for missing permission
- DeletePermission_Success: remove permission
- DeletePermission_NotFound: 404 for missing permission
- DeletePermission_InvalidID: 400 for invalid ID
- GetPermissionTree_Success: hierarchical permission view
- UpdatePermissionStatus_Success: enable/disable permission

Coverage: RoleHandler + PermissionHandler from 0% to ~75%+
Key RBAC boundaries: admin-only access, CRUD validation, status management
 2026-05-30 10:28:36 +08:00
Your Name
e4c16dd6c5 test: add comprehensive TOTPHandler security tests 
Add 20+ test functions covering 2FA/TOTP security critical paths:

Status Operations:
- GetTOTPStatus_Success: retrieve 2FA status
- GetTOTPStatus_Unauthorized: auth required

Setup Operations:
- SetupTOTP_Success: generate secret, QR code, recovery codes
- SetupTOTP_AlreadyEnabled: handle already-enabled state
- SetupTOTP_Unauthorized: auth required
- SetupIdempotency: multiple setup calls behavior

Enable Operations:
- EnableTOTP_MissingCode: validation required fields
- EnableTOTP_InvalidCode: reject invalid TOTP codes
- EnableTOTP_NotSetup: require setup before enable
- EnableTOTP_AlreadyEnabled: prevent double-enable

Disable Operations:
- DisableTOTP_MissingCode: validation required fields
- DisableTOTP_NotEnabled: error when 2FA not active
- DisableTOTP_InvalidCode: reject invalid codes

Verification:
- VerifyTOTP_MissingCode: validation
- VerifyTOTP_NotEnabled: error when inactive
- VerifyTOTP_InvalidCode: reject invalid codes
- VerifyTOTP_Unauthorized: auth required
- VerifyTOTP_WithDeviceID: device trust integration

Security & Edge Cases:
- FullFlow_SetupEnableDisable: complete lifecycle
- RecoveryCodes_ExistAfterSetup: verify recovery codes format
- InvalidJSON_Enable: malformed request handling

Coverage: TOTPHandler from 0% to ~80%+
Key security boundaries: auth, setup state, enabled state, code validation
 2026-05-30 10:19:50 +08:00
Your Name
107c1e6e11 test: add comprehensive UserHandler tests with edge cases 
Add 35+ test functions covering critical user management functionality:

CRUD Operations:
- CreateUser_AdminSuccess: admin creates user with full data
- CreateUser_InvalidInput: missing required fields
- CreateUser_DuplicateUsername: conflict handling
- ListUsers_AdminSuccess: pagination and list response
- ListUsers_Pagination: offset/limit parameters
- GetUser_Success/NotFound/InvalidID: retrieval edge cases
- UpdateUser_AdminCanUpdateOther: cross-user updates
- UpdateUser_NotFound: non-existent user handling
- UpdateUser_PermissionDenied: self vs other protection

Security Operations:
- DeleteUser_AdminSuccess: successful deletion
- DeleteUser_NonAdmin_Forbidden: permission enforcement
- UpdatePassword_Success: password change flow
- UpdatePassword_WrongOldPassword: wrong password rejection
- UpdatePassword_AdminCanUpdateOther: admin override

Status Management:
- UpdateUserStatus_Success: state transitions
- UpdateUserStatus_InvalidStatus: validation
- UpdateUserStatus_AllStatuses: comprehensive state coverage

Batch Operations:
- BatchUpdateStatus_Success: bulk status updates
- BatchDelete_Success: bulk deletion

Role Management:
- AssignRoles_Success: role assignment
- AssignRoles_MissingRoleIDs: validation
- GetUserRoles_Success: role retrieval

Admin Operations:
- CreateAdmin_Success: admin creation
- DeleteAdmin_Success: admin removal
- DeleteAdmin_PreventSelfDelete: protection logic
- ListAdmins_Success: admin listing

Coverage: UserHandler from 0% to ~75%+
 2026-05-30 08:29:16 +08:00
Your Name
a575fe0fa3 test: add API contract integration tests 
Add integration tests for API contract validation:
- TestResponseWrapper_Contract: verify response wrapper middleware behavior
- TestResponseWrapper_ListContract: validate list response structure
- TestResponseWrapper_PaginationParameters: test pagination defaults
- TestAuthEndpoints_Contract: document public auth endpoints
- TestProtectedEndpoints_Contract: document protected endpoints
- TestHeaderContract_SecurityHeaders: verify security headers

Total: 17 test functions covering:
- Response format contract (code/message/data)
- Pagination parameters (page, page_size, sort)
- HTTP status codes usage
- Security headers (nosniff, X-Frame-Options, CSP, etc.)
- API endpoint structure documentation
 2026-05-29 21:49:16 +08:00
Your Name
6455ed31a3 docs: update README and project status with coverage improvements 
Update project documentation to reflect:
- Current status: B / 有条件就绪
- P0/P1 review issues all fixed
- P2 coverage improvement progress
- Added project status section to README
- Updated REAL_PROJECT_STATUS.md with coverage metrics
- Listed 30+ new test files added

Coverage summary:
- 4 packages at 100% coverage
- 8 packages above 80% coverage
- timezone: 45.2% → 93.5% (+48.3%)
- httpclient: 36.5% → 69.8% (+33.3%)
- oauth: 15.9% → 47.6% (+31.7%)
 2026-05-29 21:33:58 +08:00
Your Name
23113fedf3 test: add timezone package tests 
Add comprehensive tests for timezone functionality:
- Init (valid/invalid timezones, default)
- getUTCOffset
- Now (with/without location)
- Location (with/without location)
- Name (with/without name)
- StartOfDay, Today, EndOfDay
- StartOfWeek (Monday-based)
- StartOfMonth
- ParseInLocation
- ParseInUserLocation (valid/empty/invalid TZ)
- NowInUserLocation
- StartOfDayInUserLocation

Coverage: timezone 45.2% → 93.5%
 2026-05-29 21:20:30 +08:00
Your Name
7014936a75 test: add antigravity OAuth tests 
Add tests for OAuth functionality:
- GetUserAgent
- BaseURLs and ForwardBaseURLs
- URLAvailability (mark/unavailable, mark/success, expired)
- SessionStore (set/get/delete, expired sessions)
- Generate functions (random bytes, state, session ID, verifier, challenge)
- base64URLEncode
- BuildAuthorizationURL
- Constants

Coverage: antigravity 19.6% → 27.1%
 2026-05-29 21:08:28 +08:00
Your Name
e5da23cea2 test: add CORS middleware tests 
Add tests for CORS functionality:
- validateCORSConfig (valid and invalid configs)
- SetCORSConfig (update and validation)
- resolveAllowedOrigin (exact match, wildcard, case insensitive)
- CORS middleware (allow/forbid origins, OPTIONS handling)

Coverage: middleware 36.4% → 37.4%
 2026-05-29 21:06:43 +08:00
Your Name
e735f74c23 test: add domain constants tests 
Add tests for domain constant values:
- Status constants (active, disabled, error, etc.)
- Role constants (admin, user)
- Platform constants (anthropic, openai, gemini, etc.)
- Account type constants (oauth, apikey, bedrock, etc.)
- Redeem type constants
- PromoCode status constants
- Adjustment type constants
- Subscription type/status constants
- Model mapping verification
 2026-05-29 21:04:33 +08:00
Your Name
dfca5e2272 test: expand httpclient pool tests 
Add tests for:
- buildClientKey (consistent hashing)
- buildClientKeyTrimsSpaces
- isValidatedHost (cache hit/miss/expire)
- isValidatedHostNilTransport
- newValidatedTransport
- buildClient (valid options and error cases)
- buildTransport (default and custom values)

Coverage: httpclient 36.5% → 69.8%
 2026-05-29 20:52:04 +08:00
Your Name
65309b95e7 test: add oauth package tests 
Add tests for OAuth helper functions:
- GenerateRandomBytes
- GenerateState
- GenerateSessionID
- GenerateCodeVerifier
- GenerateCodeChallenge
- base64URLEncode
- BuildAuthorizationURL
- Constants and types

Coverage: oauth 15.9% → 47.6%
 2026-05-29 20:50:16 +08:00
Your Name
abcbc4e58d test: add antigravity model functions tests 
Add tests for model-related functions:
- DefaultModels
- DefaultGeminiModels
- FallbackGeminiModelsList
- FallbackGeminiModel
- ClaudeModels/GeminiModels verification

Coverage: antigravity 18.8% → 19.6%
 2026-05-29 20:48:12 +08:00
Your Name
23bfed3b61 test: add domain LoginType constants test 
Add test for LoginType enum constants:
- LoginTypePassword (1)
- LoginTypeEmailCode (2)
- LoginTypeSMSCode (3)
- LoginTypeOAuth (4)
 2026-05-29 20:29:08 +08:00
Your Name
e267bb8400 test: add openai request helper tests 
Add tests for Codex client detection functions:
- IsCodexCLIRequest
- IsCodexOfficialClientRequest
- IsCodexOfficialClientOriginator
- IsCodexOfficialClientByHeaders
- normalizeCodexClientHeader
- matchCodexClientHeaderPrefixes

Coverage: openai 34.2% → 34.9%
 2026-05-29 20:26:44 +08:00
Your Name
de329286c9 test: add sms_handler tests for SendCode endpoint 
Add tests for SMS handler:
- SendCode with valid phone number
- SendCode with invalid phone (returns 400)
- SendCode with missing phone (validation error)
- SendCode when service not configured (returns 503)

Coverage: handler 27.7% → 28.6%
 2026-05-29 20:21:07 +08:00
Your Name
36a497ed7b test: expand responseheaders test coverage to 97.2% 
Add tests for:
- FilterHeaders with nil filter (uses default)
- CompileHeaderFilter with empty/whitespace strings
- WriteFilteredHeaders helper
- Multi-value header handling

Coverage: 77.8% → 97.2%
 2026-05-29 20:13:56 +08:00
Your Name
707d35fb74 test: add middleware tests for cache_control, security_headers, trace_id 
Add comprehensive tests for three middleware components:
- cache_control: NoStoreSensitiveResponses, shouldDisableCaching
- security_headers: SecurityHeaders, shouldAttachCSP, isHTTPSRequest
- trace_id: TraceID, GetTraceID, generateTraceID

Coverage: middleware 35.7% → 36.4%
 2026-05-29 20:11:26 +08:00
Your Name
17a46c2770 test: add service header util tests 
- Add resolveWireCasing tests
- Add setHeaderRaw/addHeaderRaw/getHeaderRaw tests
- Add sortHeadersByWireOrder tests
 2026-05-29 18:37:52 +08:00
Your Name
7a20548204 test: add social account domain tests 
- Add SocialAccountStatus constants tests
- Add ExtraData Value/Scan tests
- Add SocialAccount ToInfo and field tests
 2026-05-29 17:52:16 +08:00
Your Name
e47dae6fc6 test: add geminicli codeassist types tests 
- Add TierInfo UnmarshalJSON tests
- Add LoadCodeAssistResponse GetTier tests
- Add model field tests
 2026-05-29 17:43:16 +08:00
Your Name
cd5dae4778 test: add sysutil and cache tests 
- Add RestartService tests (pkg/sysutil)
- Add decodeRedisValue and normalizeRedisValue tests (cache/l2.go)
 2026-05-29 17:38:48 +08:00
Your Name
281811e80b test: add security encryption tests 
- Add AES-GCM encryption/decryption tests
- Add NewEncryption validation tests
- Add MaskEmail and MaskPhone tests

Coverage: internal/security improved
 2026-05-29 17:28:57 +08:00
Your Name
48e31166bf test: add monitoring collector tests 
- Add collector metrics tests (internal/monitoring/collector.go)
- Test SetMemoryUsage, SetGoroutines, and DB metrics handling
 2026-05-29 17:23:44 +08:00
Your Name
871bc79598 test: add repository and domain tests 
- Add pagination result tests (internal/repository/pagination.go)
- Add Gemini drive client factory test (internal/repository/gemini_drive_client.go)
- Add scanSingleRow contract tests (internal/repository/sql_scan.go)
- Add DefaultThemeConfig test (internal/domain/theme.go)

Coverage improvements:
- repository: 75.8%
- domain: 21.1%
 2026-05-29 16:59:05 +08:00
Your Name
9cc4305395 test: add pkg tests for gemini, openai, geminicli packages 
- Add sanitize tests (internal/pkg/geminicli): 55.3%
- Add constants/model tests (internal/pkg/openai): 34.2%
- Add models tests (internal/pkg/gemini): 100%
 2026-05-29 16:36:54 +08:00
Your Name
0b17ab42c2 test: improve pkg coverage - pagination and ip packages 
- Add PaginationParams tests (internal/pkg/pagination): 100%
- Add IP utility function tests (internal/pkg/ip): 80%

Total project coverage: 55.0% (+0.6%)
 2026-05-29 16:33:54 +08:00
Your Name
ed399edb5f test: improve pkg package coverage 
- Add HTTP status error functions tests (internal/pkg/errors)
- Add ReadRequestBodyWithPrealloc tests (internal/pkg/httputil)
- Add HTTPStatusToGoogleStatus tests (internal/pkg/googleapi)

Coverage improvements:
- pkg/errors: 77.6%
- pkg/httputil: 91.7%
- pkg/googleapi: 79.5%
 2026-05-29 16:24:23 +08:00
Your Name
6351271f2d test: add server package tests 
- Add resolveGinMode tests (debug, test, release, default modes)
- Add case sensitivity tests for mode resolution
- Server package coverage: 0% -> 3.2%
- Overall coverage: 54.2% -> 54.3%
 2026-05-29 16:04:40 +08:00
Your Name
ffcd820fed test: add domain model tests 
- Add Announcement.IsActiveAt tests (nil, status, time range)
- Add TableName tests for all domain models
- Domain package coverage: 9.2% -> 16.3%
- Overall coverage: 54.1% -> 54.2%
 2026-05-29 15:35:03 +08:00
Your Name
4fa63dca43 test: add security validator tests 
- Add comprehensive Validator tests (email, phone, username, password)
- Add URL and IP validation tests (IPv4/IPv6)
- Add SQL injection sanitization tests
- Add XSS sanitization tests
- Security package coverage: 34.9% -> 69.4%
- Overall coverage: 53.5% -> 54.1%
 2026-05-29 15:10:57 +08:00
Your Name
9f0eefd2f5 test: improve coverage for pagination and domain packages 
- Add comprehensive cursor pagination tests (95.7% coverage)
- Add domain helper functions tests (StrPtr, DerefStr)
- Add Gender and UserStatus constants tests
- Add User model tests (TableName, default values)
- Overall coverage improved from 53.2% to 53.5%
 2026-05-29 14:57:49 +08:00
Your Name
f0930489f1 test: add auth handler error classification tests 
- Add handleError tests for ApplicationError types
- Add classifyErrorMessage tests for error message classification
- Add contains helper function tests
- Add getUserIDFromContext/getUsernameFromContext tests
- Cover error classification for both EN and CN error messages
 2026-05-29 14:38:08 +08:00
Your Name
5d767abe72 test(docs): P2 optimization - add router tests and update README 
- Add router package tests to improve coverage
- Update README status date to 2026-05-29
- Mark all P0/P1 review blockers as resolved
- Update project readiness rating to B (conditional ready)
 2026-05-29 14:00:21 +08:00
Your Name
01b80a9358 docs: add review fix closure report for 2026-05-29 
- Document completion of all P0 blocker fixes from HERMES_FULL_REVIEW_2026-05-27
- Document completion of all P1 important issues
- Record TOTP atomic verification path implementation
- Update readiness rating from D to B (conditional ready)

Refs: review-fix-closure-2026-05-28, HERMES_FULL_REVIEW_2026-05-27
 2026-05-29 13:41:55 +08:00
Your Name
363c77d020 feat: atomic TOTP verification for DisableTOTP 
- Add atomicTOTPVerifier interface for atomic TOTP/recovery code verification
- Implement VerifyTOTPOrRecoveryCode in UserRepository with transaction
- Update DisableTOTP to prefer atomic verification path
- Add unit tests for atomic verification success/failure paths
- Maintain backward compatibility with non-atomic fallback

Refs: TOTP verification atomicity completion
 2026-05-29 12:47:05 +08:00
Your Name
880b64f5ff docs: sync review closure status and UNFIXED_ISSUES 
- Mark social_account_repo GORM refactor as closed (2026-05-29)
- Add closure entries for TOTP atomic consumption, AuthProvider state, ApiResponse nullability
- Update REAL_PROJECT_STATUS with latest fix verification

Refs: review-fix-closure-2026-05-28 documentation sync
 2026-05-29 12:32:24 +08:00
Your Name
5da7ecfcfd test(frontend): ProfileSecurityPage ContactBindingsSection contract coverage 
- Add test verifying ContactBindingsSection receives correct capability props
- Test userId, emailBindingEnabled, phoneBindingEnabled, refreshSessionUser
- Lock regression: prevent future removal of prop-passing while keeping render

Refs: review-fix-closure-2026-05-28 ProfileSecurityPage component contract
 2026-05-29 12:32:16 +08:00
Your Name
320aa9476f fix(frontend): ApiResponse data nullability contract 
- Change ApiResponse.data from T to T | null to match backend reality
- Add compile-time type contract file (http.typecheck.ts)
- Maintain backward compatibility with existing service calls
- Add test for success response with null data

Refs: review-fix-closure-2026-05-28 ApiResponse nullability
 2026-05-29 12:32:09 +08:00
Your Name
f758297a6e fix(frontend): AuthProvider state drift and double-management 
- Remove render-time fallback to module store (auth-session) for roles
- Consolidate login/refresh/clear logic into reusable helpers
- Prevent UI logout flicker on transient /auth/userinfo failures
- Add test to verify module store changes don't pollute provider state

Refs: review-fix-closure-2026-05-28 AuthProvider state convergence
 2026-05-29 12:32:02 +08:00
Your Name
8a45548ed8 refactor: migrate SocialAccountRepository to GORM for consistency 
- Replace raw SQL with GORM chain calls in Create/Update/Delete/List
- Maintain backward compatibility for *sql.DB construction (wrapped via GORM)
- Update only permitted fields in Update to prevent accidental overwrite of binding keys
- Add repository-level tests for new implementation

Refs: UNFIXED_ISSUES_20260329 social_account_repo GORM refactor
 2026-05-29 12:31:48 +08:00
Your Name
878ca731f4 fix: atomic TOTP recovery code consumption with repository-level transaction 
- Add ConsumeTOTPRecoveryCode to UserRepository for atomic read-verify-update
- Update TOTPService.VerifyTOTP to prefer atomic consumption when available
- Update AuthService.verifyTOTPCodeOrRecoveryCode with same pattern
- Fix critical bug: ConsumeTOTPRecoveryCode now correctly returns consumed=false on mismatch
- Maintain backward compatibility: falls back to non-atomic path if repo doesn't implement interface
- Add comprehensive unit tests for atomic consumption path

Refs: review-fix-closure-2026-05-28 TOTP recovery code atomicity
 2026-05-29 12:31:36 +08:00
Your Name
80c59e2c2c fix: harden avatar upload path and sync review truth 2026-05-29 07:33:19 +08:00
Your Name
9cc5892565 fix: tighten password and surface persistence errors 2026-05-28 20:38:34 +08:00
Your Name
caad1aba0c fix: harden handler context and rate limit isolation 2026-05-28 20:30:24 +08:00
Your Name
e46567678f fix(auth): restore self role lookup and lock regression coverage 2026-05-28 18:39:56 +08:00
Your Name
11232177d9 fix: enforce resource ownership checks 2026-05-28 17:28:08 +08:00
Your Name
7eb5f9c7d4 fix: fail closed on invalid cors config 2026-05-28 16:53:33 +08:00
Your Name
547fdab0b2 fix: require permission for user role queries 2026-05-28 16:20:20 +08:00
Your Name
73ab66eb8c docs: clarify historical status snapshots 2026-05-28 15:58:53 +08:00
Your Name
9e7b08e194 docs: sync README review snapshot 2026-05-28 15:55:40 +08:00