backend/internal/handler/auth_linuxdo_oauth_test.go

package handler

import (
	"strings"
	"testing"

	"github.com/Wei-Shaw/sub2api/internal/config"
	"github.com/stretchr/testify/require"
)

func TestSanitizeFrontendRedirectPath(t *testing.T) {
	require.Equal(t, "/dashboard", sanitizeFrontendRedirectPath("/dashboard"))
	require.Equal(t, "/dashboard", sanitizeFrontendRedirectPath(" /dashboard "))
	require.Equal(t, "", sanitizeFrontendRedirectPath("dashboard"))
	require.Equal(t, "", sanitizeFrontendRedirectPath("//evil.com"))
	require.Equal(t, "", sanitizeFrontendRedirectPath("https://evil.com"))
	require.Equal(t, "", sanitizeFrontendRedirectPath("/\nfoo"))

	long := "/" + strings.Repeat("a", linuxDoOAuthMaxRedirectLen)
	require.Equal(t, "", sanitizeFrontendRedirectPath(long))
}

func TestBuildBearerAuthorization(t *testing.T) {
	auth, err := buildBearerAuthorization("", "token123")
	require.NoError(t, err)
	require.Equal(t, "Bearer token123", auth)

	auth, err = buildBearerAuthorization("bearer", "token123")
	require.NoError(t, err)
	require.Equal(t, "Bearer token123", auth)

	_, err = buildBearerAuthorization("MAC", "token123")
	require.Error(t, err)

	_, err = buildBearerAuthorization("Bearer", "token 123")
	require.Error(t, err)
}

func TestLinuxDoParseUserInfoParsesIDAndUsername(t *testing.T) {
	cfg := config.LinuxDoConnectConfig{
		UserInfoURL: "https://connect.linux.do/api/user",
	}

	email, username, subject, err := linuxDoParseUserInfo(`{"id":123,"username":"alice"}`, cfg)
	require.NoError(t, err)
	require.Equal(t, "123", subject)
	require.Equal(t, "alice", username)
	require.Equal(t, "linuxdo-123@linuxdo-connect.invalid", email)
}

func TestLinuxDoParseUserInfoDefaultsUsername(t *testing.T) {
	cfg := config.LinuxDoConnectConfig{
		UserInfoURL: "https://connect.linux.do/api/user",
	}

	email, username, subject, err := linuxDoParseUserInfo(`{"id":"123"}`, cfg)
	require.NoError(t, err)
	require.Equal(t, "123", subject)
	require.Equal(t, "linuxdo_123", username)
	require.Equal(t, "linuxdo-123@linuxdo-connect.invalid", email)
}

func TestLinuxDoParseUserInfoRejectsUnsafeSubject(t *testing.T) {
	cfg := config.LinuxDoConnectConfig{
		UserInfoURL: "https://connect.linux.do/api/user",
	}

	_, _, _, err := linuxDoParseUserInfo(`{"id":"123@456"}`, cfg)
	require.Error(t, err)

	tooLong := strings.Repeat("a", linuxDoOAuthMaxSubjectLen+1)
	_, _, _, err = linuxDoParseUserInfo(`{"id":"`+tooLong+`"}`, cfg)
	require.Error(t, err)
}
feat(auth): 添加 Linux DO Connect OAuth 登录支持 - 新增 Linux DO OAuth 配置项和环境变量支持 - 实现 OAuth 授权流程和回调处理 - 前端添加 Linux DO 登录按钮和回调页面 - 支持通过 Linux DO 账号注册/登录 - 添加相关国际化文本 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-09 12:05:25 +08:00			`package handler`

			`import (`
			`"strings"`
			`"testing"`

			`"github.com/Wei-Shaw/sub2api/internal/config"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestSanitizeFrontendRedirectPath(t *testing.T) {`
			`require.Equal(t, "/dashboard", sanitizeFrontendRedirectPath("/dashboard"))`
			`require.Equal(t, "/dashboard", sanitizeFrontendRedirectPath(" /dashboard "))`
			`require.Equal(t, "", sanitizeFrontendRedirectPath("dashboard"))`
			`require.Equal(t, "", sanitizeFrontendRedirectPath("//evil.com"))`
			`require.Equal(t, "", sanitizeFrontendRedirectPath("https://evil.com"))`
			`require.Equal(t, "", sanitizeFrontendRedirectPath("/\nfoo"))`

			`long := "/" + strings.Repeat("a", linuxDoOAuthMaxRedirectLen)`
			`require.Equal(t, "", sanitizeFrontendRedirectPath(long))`
			`}`

			`func TestBuildBearerAuthorization(t *testing.T) {`
			`auth, err := buildBearerAuthorization("", "token123")`
			`require.NoError(t, err)`
			`require.Equal(t, "Bearer token123", auth)`

			`auth, err = buildBearerAuthorization("bearer", "token123")`
			`require.NoError(t, err)`
			`require.Equal(t, "Bearer token123", auth)`

			`_, err = buildBearerAuthorization("MAC", "token123")`
			`require.Error(t, err)`

			`_, err = buildBearerAuthorization("Bearer", "token 123")`
			`require.Error(t, err)`
			`}`

			`func TestLinuxDoParseUserInfoParsesIDAndUsername(t *testing.T) {`
			`cfg := config.LinuxDoConnectConfig{`
			`UserInfoURL: "https://connect.linux.do/api/user",`
			`}`

			email, username, subject, err := linuxDoParseUserInfo(`{"id":123,"username":"alice"}`, cfg)
			`require.NoError(t, err)`
			`require.Equal(t, "123", subject)`
			`require.Equal(t, "alice", username)`
			`require.Equal(t, "linuxdo-123@linuxdo-connect.invalid", email)`
			`}`

			`func TestLinuxDoParseUserInfoDefaultsUsername(t *testing.T) {`
			`cfg := config.LinuxDoConnectConfig{`
			`UserInfoURL: "https://connect.linux.do/api/user",`
			`}`

			email, username, subject, err := linuxDoParseUserInfo(`{"id":"123"}`, cfg)
			`require.NoError(t, err)`
			`require.Equal(t, "123", subject)`
			`require.Equal(t, "linuxdo_123", username)`
			`require.Equal(t, "linuxdo-123@linuxdo-connect.invalid", email)`
			`}`

			`func TestLinuxDoParseUserInfoRejectsUnsafeSubject(t *testing.T) {`
			`cfg := config.LinuxDoConnectConfig{`
			`UserInfoURL: "https://connect.linux.do/api/user",`
			`}`

			_, _, _, err := linuxDoParseUserInfo(`{"id":"123@456"}`, cfg)
			`require.Error(t, err)`

			`tooLong := strings.Repeat("a", linuxDoOAuthMaxSubjectLen+1)`
			_, _, _, err = linuxDoParseUserInfo(`{"id":"`+tooLong+`"}`, cfg)
			`require.Error(t, err)`
			`}`