fix: v6 code review P0 auth/IDOR fixes + frontend regression patches

Backend fixes:
- auth_handler: P0 认证逻辑修复
- ratelimit: 限速中间件增强 + 新增单元测试
- auth_service: 认证服务逻辑完善 + 新增测试
- server: server 配置增强 + 新增测试
- handler_test: 新增 handler 层集成测试
- auth_bootstrap_test: bootstrap 路径测试

Frontend patches:
- LoginPage/RegisterPage: CSRF + 表单交互修复
- BootstrapAdminPage: 引导流程修复
- DevicesPage: 设备管理页修复
- auth/social-accounts/users/webhooks services: 类型修正
- csrf.ts: CSRF token 处理修正
- E2E 脚本: CDP smoke + auth e2e 增强

Docs:
- FULL_CODE_REVIEW_REPORT_2026-04-20
- report-v6 执行计划
- REAL_PROJECT_STATUS 更新
- .gitignore: 新增 .gocache-*/config.yaml 排除

验证: go build/vet 0错误, go test 42/42 PASS, 0 FAIL
This commit is contained in:
2026-04-23 07:14:12 +08:00
parent 82109ec216
commit 3f3bb82f1d
41 changed files with 2681 additions and 283 deletions

View File

@@ -375,6 +375,51 @@ func TestAuthService_RegisterWithActivation(t *testing.T) {
})
}
func TestAuthService_Register_UsesEmailActivationFlowWhenConfigured(t *testing.T) {
svc, db := setupAuthEmailTestEnv(t)
ctx := context.Background()
l1Cache := cache.NewL1Cache()
l2Cache := cache.NewRedisCache(false)
cacheManager := cache.NewCacheManager(l1Cache, l2Cache)
emailActivationSvc := service.NewEmailActivationService(
&service.MockEmailProvider{},
cacheManager,
"http://localhost:8080",
"TestSite",
)
svc.SetEmailActivationService(emailActivationSvc)
userInfo, err := svc.Register(ctx, &service.RegisterRequest{
Username: "register_activation_enabled",
Password: "Password123!",
Email: "register-activation-enabled@test.com",
})
if err != nil {
t.Fatalf("Register failed: %v", err)
}
if userInfo == nil {
t.Fatal("Register returned nil user info")
}
if userInfo.Status != domain.UserStatusInactive {
t.Fatalf("Register status = %d, want %d", userInfo.Status, domain.UserStatusInactive)
}
if userInfo.Nickname != "register_activation_enabled" {
t.Fatalf("Register nickname = %q, want %q", userInfo.Nickname, "register_activation_enabled")
}
var storedUser domain.User
if err := db.WithContext(ctx).Where("username = ?", "register_activation_enabled").First(&storedUser).Error; err != nil {
t.Fatalf("load stored user: %v", err)
}
if storedUser.Status != domain.UserStatusInactive {
t.Fatalf("stored user status = %d, want %d", storedUser.Status, domain.UserStatusInactive)
}
if storedUser.Nickname != "register_activation_enabled" {
t.Fatalf("stored user nickname = %q, want %q", storedUser.Nickname, "register_activation_enabled")
}
}
// =============================================================================
// Login By Email Code Extended Tests
// =============================================================================