9b1cea246e
feat: permissions CRUD browser integration + E2E enhancements
...
Backend:
- permission_handler: 完善权限 CRUD 接口(列表/创建/更新/删除)
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖
Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强(权限流程覆盖)
Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案
验证: go build 0错误
2026-04-24 07:30:18 +08:00
3f3bb82f1d
fix: v6 code review P0 auth/IDOR fixes + frontend regression patches
...
Backend fixes:
- auth_handler: P0 认证逻辑修复
- ratelimit: 限速中间件增强 + 新增单元测试
- auth_service: 认证服务逻辑完善 + 新增测试
- server: server 配置增强 + 新增测试
- handler_test: 新增 handler 层集成测试
- auth_bootstrap_test: bootstrap 路径测试
Frontend patches:
- LoginPage/RegisterPage: CSRF + 表单交互修复
- BootstrapAdminPage: 引导流程修复
- DevicesPage: 设备管理页修复
- auth/social-accounts/users/webhooks services: 类型修正
- csrf.ts: CSRF token 处理修正
- E2E 脚本: CDP smoke + auth e2e 增强
Docs:
- FULL_CODE_REVIEW_REPORT_2026-04-20
- report-v6 执行计划
- REAL_PROJECT_STATUS 更新
- .gitignore: 新增 .gocache-*/config.yaml 排除
验证: go build/vet 0错误, go test 42/42 PASS, 0 FAIL
2026-04-23 07:14:12 +08:00
582ad7a069
test: add comprehensive test coverage and improve code quality
...
- Add new test files for auth, service, and handler modules
- Improve test organization and coverage
- Refactor code for better maintainability
- Add captcha, settings, stats, and theme handler tests
- Add auth module tests (CAS, OAuth, password, SSO, state)
- Add service layer tests for auth, export, permissions, roles
- All Go tests pass (exit code 0)
- All frontend tests pass (325 tests in 59 files)
2026-04-17 20:43:50 +08:00
27a8dd91a2
test: add AvatarHandler tests for upload validation
...
Add unit tests for avatar upload including:
- Unauthorized access (no token)
- Non-admin cannot update other user avatar
- User not found or forbidden case
2026-04-11 20:05:40 +08:00
a6a0e58340
test: add more UserHandler tests for RBAC coverage
...
Add tests for UserHandler permission checks:
- TestUserHandler_UpdateUserStatus_RequiresAdmin
- TestUserHandler_GetUserRoles_Success
- TestUserHandler_AssignRoles_RequiresAdmin
- TestUserHandler_BatchUpdateStatus_RequiresAdmin
- TestUserHandler_BatchDelete_RequiresAdmin
- TestUserHandler_BatchDelete_EmptyIDs_RequiresAdmin
These tests verify that admin-only endpoints properly return 403
for non-admin users (RBAC security validation).
2026-04-09 14:00:42 +08:00
1d42ede7e0
test: add coverage for Logout, GetUserInfo, GetCSRFToken, RefreshToken
...
Added tests for critical auth handler functions:
- TestAuthHandler_Logout_Success
- TestAuthHandler_Logout_WithoutToken
- TestAuthHandler_GetUserInfo_Success
- TestAuthHandler_GetUserInfo_WithoutToken
- TestAuthHandler_GetCSRFToken_Success
- TestAuthHandler_RefreshToken_Success
- TestAuthHandler_RefreshToken_InvalidToken
- TestAuthHandler_RefreshToken_MissingToken
auth_handler.go coverage: 10% → 12.1%
2026-04-09 07:53:06 +08:00
5ca3633be4
feat: 系统全面优化 - 设备管理/登录日志导出/性能监控/设置页面
...
后端:
- 新增全局设备管理 API(DeviceHandler.GetAllDevices)
- 新增登录日志导出功能(LogHandler.ExportLoginLogs, CSV/XLSX)
- 新增设置服务(SettingsService)和设置页面 API
- 设备管理支持多条件筛选(状态/信任状态/关键词)
- 登录日志支持流式导出防 OOM
- 操作日志支持按方法/时间范围搜索
- 主题配置服务(ThemeService)
- 增强监控健康检查(Prometheus metrics + SLO)
- 移除旧 ratelimit.go(已迁移至 robustness)
- 修复 SocialAccount NULL 扫描问题
- 新增 API 契约测试、Handler 测试、Settings 测试
前端:
- 新增管理员设备管理页面(DevicesPage)
- 新增管理员登录日志导出功能
- 新增系统设置页面(SettingsPage)
- 设备管理支持筛选和分页
- 增强 HTTP 响应类型
测试:
- 业务逻辑测试 68 个(含并发 CONC_001~003)
- 规模测试 16 个(P99 百分位统计)
- E2E 测试、集成测试、契约测试
- 性能基准测试、鲁棒性测试
全面测试通过(38 个测试包)
2026-04-07 12:08:16 +08:00
