txai-dev/zhiyin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v4.3 安全修复+代码质量+测试体系+护城河验证

Browse Source 
## 安全修复 (5项)
- CRITICAL JWT 硬编码 fallback(jwt.strategy / app.module / user.module)
- HIGH seed_admin.js MongoDB 凭据泄漏
- MEDIUM 邮箱验证码泄漏
- MEDIUM 支付订单查询 IDOR
- MEDIUM 管理后台 NoSQL 注入

## 代码质量 (14处)
- console.log→Logger(user.service.ts)
- as any 类型化(11处跨7个文件)
- Schema 联合类型修复(progress.schema)
- Module 依赖缺失修复(progress.module)

## 测试体系 (61项)
- 后端单元测试 Jest(43项):BenchmarkService/UserService/PaymentController
- 后端集成测试 Supertest(11项):API 认证/支付/进度/管理
- 前端单元测试 Vitest(7项):配置文件/API端点
- 浏览器自动化 Playwright(7项):API smoke test
- 覆盖率报告 + e2e 配置

## 护城河 P0-P5 启动验证通过 + 编译通过
This commit is contained in:
yuzhiran
2026-06-11 10:27:35 +08:00
parent 9276ab9028
commit e6b79ddb21
39 changed files with 4576 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/test/api.browser.spec.ts
+48
View File
@@ -0,0 +1,48 @@
import { test, expect } from '@playwright/test'
const BASE = 'http://localhost:3006/api'
test.describe('Backend API (Playwright)', () => {
test('GET /api/user/info returns 401 without token', async ({ request }) => {
const res = await request.get(`${BASE}/user/info`)
expect(res.status()).toBe(401)
})
test('POST /api/user/send-code returns 200', async ({ request }) => {
const res = await request.post(`${BASE}/user/send-code`, {
data: { phone: '13800138000' },
})
expect(res.status()).toBe(201)
const body = await res.json()
expect(body.message).toBe('验证码已发送')
})
test('POST /api/payment/create returns 401 without auth', async ({ request }) => {
const res = await request.post(`${BASE}/payment/create`, {
data: { plan: 'growth' },
})
expect(res.status()).toBe(401)
})
test('POST /api/progress/checkin returns 401 without auth', async ({ request }) => {
const res = await request.post(`${BASE}/progress/checkin`)
expect(res.status()).toBe(401)
})
test('POST /api/contribution returns 401 without auth', async ({ request }) => {
const res = await request.post(`${BASE}/contribution`, {
data: { company: 'Test', position: '前端工程师' },
})
expect(res.status()).toBe(401)
})
test('GET /api/progress requires auth', async ({ request }) => {
const res = await request.get(`${BASE}/progress`)
expect(res.status()).toBe(401)
})
test('GET /api/admin/check requires auth', async ({ request }) => {
const res = await request.get(`${BASE}/admin/check`)
expect(res.status()).toBe(401)
})
})