package server import ( "encoding/json" "net/http" "net/http/httptest" "path/filepath" "strings" "testing" ) func TestHandleAuthGatewayBindPersistsGatewayBinding(t *testing.T) { var gotAuth string var gotUser string upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/user/self" { http.NotFound(w, r) return } gotAuth = r.Header.Get("Authorization") gotUser = r.Header.Get("New-Api-User") w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(`{"success":true,"message":"","data":{"id":123,"username":"weitao","display_name":"Wei Tao","email":"weitao@example.com"}}`)) })) defer upstream.Close() server, err := NewWithConfig(Config{ NewAPIBaseURL: upstream.URL, SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } req := httptest.NewRequest(http.MethodPost, "/v1/auth/gateway/bind", strings.NewReader(`{"gateway_user_id":123,"gateway_access_token":"gate_tok_123"}`)) req.Header.Set("Authorization", "Bearer "+sessionToken) req.Header.Set("Content-Type", "application/json") rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusOK { t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } if gotAuth != "Bearer gate_tok_123" { t.Fatalf("expected bearer gateway access token, got %q", gotAuth) } if gotUser != "123" { t.Fatalf("expected New-Api-User 123, got %q", gotUser) } current, exists, err := server.store.session(sessionToken) if err != nil { t.Fatalf("session: %v", err) } if !exists { t.Fatal("expected session to exist") } if current.GatewayUserID != 123 || current.GatewayAccessToken != "gate_tok_123" { t.Fatalf("unexpected gateway binding in session: %#v", current) } } func TestHandleBillingSubscriptionUsesGatewayBinding(t *testing.T) { upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/subscription/self" { http.NotFound(w, r) return } if r.Header.Get("Authorization") != "Bearer gate_tok_123" { t.Fatalf("unexpected authorization: %q", r.Header.Get("Authorization")) } if r.Header.Get("New-Api-User") != "123" { t.Fatalf("unexpected New-Api-User: %q", r.Header.Get("New-Api-User")) } w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(`{"success":true,"message":"","data":{"billing_preference":"subscription","subscriptions":[{"subscription":{"id":10,"status":"active"}}],"all_subscriptions":[],"subscription_points":{"10":{"available_points":500}}}}`)) })) defer upstream.Close() server, err := NewWithConfig(Config{ NewAPIBaseURL: upstream.URL, SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } if err := server.store.bindGatewaySession(sessionToken, 123, "gate_tok_123"); err != nil { t.Fatalf("bindGatewaySession: %v", err) } req := httptest.NewRequest(http.MethodGet, "/v1/billing/subscription", nil) req.Header.Set("Authorization", "Bearer "+sessionToken) rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusOK { t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } var resp struct { OK bool `json:"ok"` Data struct { BillingPreference string `json:"billing_preference"` } `json:"data"` } if err := json.Unmarshal(rec.Body.Bytes(), &resp); err != nil { t.Fatalf("decode response: %v", err) } if !resp.OK || resp.Data.BillingPreference != "subscription" { t.Fatalf("unexpected response: %s", rec.Body.String()) } } func TestHandleBillingCreditsReturnsPreconditionWithoutGatewayBinding(t *testing.T) { server, err := NewWithConfig(Config{ SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } req := httptest.NewRequest(http.MethodGet, "/v1/billing/credits", nil) req.Header.Set("Authorization", "Bearer "+sessionToken) rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusPreconditionFailed { t.Fatalf("expected 412, got %d: %s", rec.Code, rec.Body.String()) } } func TestHandleBillingSubscriptionPlansUsesGatewayBinding(t *testing.T) { upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/subscription/plans" { http.NotFound(w, r) return } w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(`{"success":true,"message":"","data":[{"plan":{"id":1,"title":"Pro Monthly","subtitle":"月付订阅","description":"说明","price_amount":29.9,"currency":"USD","points_amount":1000,"duration_unit":"month","duration_value":1,"recommended":true,"member_level":"pro","total_amount":500000,"quota_reset_period":"monthly"}}]}`)) })) defer upstream.Close() server, err := NewWithConfig(Config{ NewAPIBaseURL: upstream.URL, SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } if err := server.store.bindGatewaySession(sessionToken, 123, "gate_tok_123"); err != nil { t.Fatalf("bindGatewaySession: %v", err) } req := httptest.NewRequest(http.MethodGet, "/v1/billing/subscription/plans", nil) req.Header.Set("Authorization", "Bearer "+sessionToken) rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusOK { t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } } func TestHandleBillingCheckoutPointsUsesGatewayBinding(t *testing.T) { upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/points/alipay/pay" { http.NotFound(w, r) return } if r.Header.Get("Authorization") != "Bearer gate_tok_123" { t.Fatalf("unexpected authorization: %q", r.Header.Get("Authorization")) } if r.Header.Get("New-Api-User") != "123" { t.Fatalf("unexpected New-Api-User: %q", r.Header.Get("New-Api-User")) } w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(`{"success":true,"message":"","data":{"message":"success","trade_no":"PTSUSR1NOxxxx","url":"https://openapi.alipay.com/gateway.do?..."}}`)) })) defer upstream.Close() server, err := NewWithConfig(Config{ NewAPIBaseURL: upstream.URL, SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } if err := server.store.bindGatewaySession(sessionToken, 123, "gate_tok_123"); err != nil { t.Fatalf("bindGatewaySession: %v", err) } req := httptest.NewRequest(http.MethodPost, "/v1/billing/checkout/points", strings.NewReader(`{"package_id":1,"provider":"alipay","return_url":"https://example.com/pay-return"}`)) req.Header.Set("Authorization", "Bearer "+sessionToken) req.Header.Set("Content-Type", "application/json") rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusOK { t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } } func TestHandleBillingCheckoutStatusUsesGatewayBinding(t *testing.T) { upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/points/alipay/query" { http.NotFound(w, r) return } if got := r.URL.Query().Get("trade_no"); got != "PTSUSR1NOxxxx" { t.Fatalf("unexpected trade_no: %q", got) } if r.Header.Get("Authorization") != "Bearer gate_tok_123" { t.Fatalf("unexpected authorization: %q", r.Header.Get("Authorization")) } if r.Header.Get("New-Api-User") != "123" { t.Fatalf("unexpected New-Api-User: %q", r.Header.Get("New-Api-User")) } w.Header().Set("Content-Type", "application/json") _, _ = w.Write([]byte(`{"success":true,"message":"","data":{"message":"success","status":"TRADE_SUCCESS","data":{}}}`)) })) defer upstream.Close() server, err := NewWithConfig(Config{ NewAPIBaseURL: upstream.URL, SQLitePath: filepath.Join(t.TempDir(), "popiart.db"), SkillhubDir: makeEmptySkillhub(t), SessionSecret: "test-secret", }) if err != nil { t.Fatalf("NewWithConfig: %v", err) } sessionToken, _, ok, err := server.store.createSession("sk-billing-user") if err != nil { t.Fatalf("createSession: %v", err) } if !ok { t.Fatal("expected session creation to succeed") } if err := server.store.bindGatewaySession(sessionToken, 123, "gate_tok_123"); err != nil { t.Fatalf("bindGatewaySession: %v", err) } req := httptest.NewRequest(http.MethodGet, "/v1/billing/checkout/status?kind=points&provider=alipay&trade_no=PTSUSR1NOxxxx", nil) req.Header.Set("Authorization", "Bearer "+sessionToken) rec := httptest.NewRecorder() server.Handler().ServeHTTP(rec, req) if rec.Code != http.StatusOK { t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } }