fix startup bootstrap recovery and local verification

2026-04-23 10:27:13 +08:00
parent 32b2c23a04
commit fa0aacc559
9 changed files with 211 additions and 59 deletions
--- a/backend/internal/setup/setup_security_test.go
+++ b/backend/internal/setup/setup_security_test.go
@@ -126,8 +126,12 @@ func TestQuoteIdentifier_SafetyInvariant(t *testing.T) {
 			quoted := quoteIdentifier(attack)

 			// Invariant 1: Output always starts and ends with exactly one double quote
-			if !strings.HasPrefix(quoted, `"`) { t.Errorf("must start with double quote") }
-			if !strings.HasSuffix(quoted, `"`) { t.Errorf("must end with double quote") }
+			if !strings.HasPrefix(quoted, `"`) {
+				t.Errorf("must start with double quote")
+			}
+			if !strings.HasSuffix(quoted, `"`) {
+				t.Errorf("must end with double quote")
+			}

 			// Invariant 2: All internal double quotes are escaped (doubled)
 			inner := quoted[1 : len(quoted)-1]
@@ -139,19 +143,28 @@ func TestQuoteIdentifier_SafetyInvariant(t *testing.T) {

 			// Invariant 3: When used in SQL, the result is a single valid identifier
 			sql := fmt.Sprintf("CREATE DATABASE %s", quoted)
-			if !strings.Contains(sql, quoted) { t.Error("SQL must contain the exact quoted identifier") }
+			if !strings.Contains(sql, quoted) {
+				t.Error("SQL must contain the exact quoted identifier")
+			}
 		})
 	}
 }

-func min(a, b int) int { if a < b { return a }; return b }
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}

 func hashString(s string) int {
 	h := 0
 	for _, c := range s {
 		h = h*31 + int(c)
 	}
-	if h < 0 { h = -h }
+	if h < 0 {
+		h = -h
+	}
 	return h % 10000
 }