wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update api key manage

Browse Source
This commit is contained in:
Nick Zeng
2026-04-02 10:40:47 +08:00
parent 9a8431de81
commit 3a2b175028
9 changed files with 1034 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/test/Cases/Integration/Auth/ApiKeyGlobalSwitchTest.php
+109
View File
@@ -0,0 +1,109 @@
<?php
declare(strict_types=1);
namespace HyperfTest\Cases\Integration\Auth;
use App\Model\ApiKey;
use App\Model\User;
use HyperfTest\TestCase;
/**
* api_key_enabled 全局开关集成测试
*
* @internal
* @coversNothing
*/
class ApiKeyGlobalSwitchTest extends TestCase
{
protected function createTestUser(string $suffix, array $overrides = []): User
{
return User::query()->create(array_merge([
'username' => 'gs_test_' . $suffix,
'password' => 'Pass_' . $suffix,
'email' => 'gs_test_' . $suffix . '@example.com',
'status' => 1,
'api_key_enabled' => true,
], $overrides));
}
public function test_api_key_auth_rejected_when_global_switch_off(): void
{
$user = $this->createTestUser('off_' . uniqid(), ['api_key_enabled' => false]);
$result = ApiKey::generate($user->id, 'Global Off Key');
// 手动启用 keygenerate 默认 enabled=true),但全局开关关闭
$response = $this->get('/api/v1/me', [], [
'X-API-Key' => $result['plain_key'],
]);
$response->assertStatus(403);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertStringContainsString('API Key 功能未启用', $body['message']);
$user->forceDelete();
}
public function test_api_key_auth_works_when_global_switch_on(): void
{
$user = $this->createTestUser('on_' . uniqid(), ['api_key_enabled' => true]);
$result = ApiKey::generate($user->id, 'Global On Key');
$response = $this->get('/api/v1/me', [], [
'X-API-Key' => $result['plain_key'],
]);
$response->assertStatus(200);
$response->assertJsonPath('code', 0);
$response->assertJsonPath('data.id', $user->id);
$user->forceDelete();
}
public function test_api_key_auth_restored_after_reenable(): void
{
$user = $this->createTestUser('restore_' . uniqid(), ['api_key_enabled' => true]);
$result = ApiKey::generate($user->id, 'Restore Key');
// 关闭全局开关
$user->api_key_enabled = false;
$user->save();
$response = $this->get('/api/v1/me', [], [
'X-API-Key' => $result['plain_key'],
]);
$response->assertStatus(403);
// 重新开启
$user->api_key_enabled = true;
$user->save();
$response = $this->get('/api/v1/me', [], [
'X-API-Key' => $result['plain_key'],
]);
$response->assertStatus(200);
$response->assertJsonPath('data.id', $user->id);
$user->forceDelete();
}
public function test_disabled_key_still_rejected_after_global_reenable(): void
{
$user = $this->createTestUser('disabled_key_' . uniqid(), ['api_key_enabled' => true]);
$result = ApiKey::generate($user->id, 'Disabled Key');
// 禁用单个 Key
$result['api_key']->enabled = false;
$result['api_key']->save();
// 全局开关开启,但单 Key 已禁用
$response = $this->get('/api/v1/me', [], [
'X-API-Key' => $result['plain_key'],
]);
// ApiKey::findByPlainKey() 查询条件包含 enabled=true,所以禁用的 Key 返回 401(无效 Key
$response->assertStatus(401);
$user->forceDelete();
}
}
backend/test/Cases/Integration/Auth/ApiKeyToggleTest.php
+164
View File
@@ -0,0 +1,164 @@
<?php
declare(strict_types=1);
namespace HyperfTest\Cases\Integration\Auth;
use App\Model\ApiKey;
use App\Model\User;
use HyperfTest\TestCase;
use Qbhy\HyperfAuth\AuthManager;
use function Hyperf\Support\make;
/**
* ApiKeyController toggle + store 增强校验集成测试
*
* @internal
* @coversNothing
*/
class ApiKeyToggleTest extends TestCase
{
protected function createTestUser(string $suffix, array $overrides = []): User
{
return User::query()->create(array_merge([
'username' => 'toggle_test_' . $suffix,
'password' => 'Pass_' . $suffix,
'email' => 'toggle_test_' . $suffix . '@example.com',
'status' => 1,
'api_key_enabled' => true,
], $overrides));
}
protected function getAuthToken(User $user): string
{
$auth = make(AuthManager::class);
return $auth->guard('jwt')->login($user);
}
protected function authHeaders(User $user): array
{
return ['Authorization' => 'Bearer ' . $this->getAuthToken($user)];
}
public function test_user_can_toggle_own_key(): void
{
$user = $this->createTestUser('own_' . uniqid());
$result = ApiKey::generate($user->id, 'Own Toggle Key');
$key_id = $result['api_key']->id;
// 禁用
$response = $this->patch('/api/v1/me/api-keys/' . $key_id . '/toggle', ['enabled' => false], $this->authHeaders($user));
$response->assertStatus(200);
$response->assertJsonPath('code', 0);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertFalse($body['data']['enabled']);
// 重新启用
$response = $this->patch('/api/v1/me/api-keys/' . $key_id . '/toggle', ['enabled' => true], $this->authHeaders($user));
$response->assertStatus(200);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertTrue($body['data']['enabled']);
$user->forceDelete();
}
public function test_user_cannot_toggle_others_key(): void
{
$user_a = $this->createTestUser('a_' . uniqid());
$user_b = $this->createTestUser('b_' . uniqid());
$result = ApiKey::generate($user_b->id, 'Other User Key');
$response = $this->patch('/api/v1/me/api-keys/' . $result['api_key']->id . '/toggle', ['enabled' => false], $this->authHeaders($user_a));
$response->assertStatus(404);
$user_a->forceDelete();
$user_b->forceDelete();
}
public function test_toggle_nonexistent_key_returns_404(): void
{
$user = $this->createTestUser('nokey_' . uniqid());
$response = $this->patch('/api/v1/me/api-keys/999999/toggle', ['enabled' => false], $this->authHeaders($user));
$response->assertStatus(404);
$user->forceDelete();
}
public function test_user_cannot_create_duplicate_name(): void
{
$user = $this->createTestUser('dup_' . uniqid());
// 创建第一个 Key
$response = $this->post('/api/v1/me/api-keys', ['name' => 'Duplicate Name'], $this->authHeaders($user));
$response->assertStatus(200);
// 创建同名 Key
$response = $this->post('/api/v1/me/api-keys', ['name' => 'Duplicate Name'], $this->authHeaders($user));
$response->assertStatus(400);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertStringContainsString('已存在同名', $body['message']);
$user->forceDelete();
}
public function test_user_can_reuse_name_after_delete(): void
{
$user = $this->createTestUser('reuse_' . uniqid());
// 创建 Key
$response = $this->post('/api/v1/me/api-keys', ['name' => 'Reuse Name'], $this->authHeaders($user));
$response->assertStatus(200);
$body = json_decode($response->getBody()->getContents(), true);
$key_id = $body['data']['api_key']['id'];
// 删除
$response = $this->delete('/api/v1/me/api-keys/' . $key_id, [], $this->authHeaders($user));
$response->assertStatus(200);
// 复用名称创建新 Key
$response = $this->post('/api/v1/me/api-keys', ['name' => 'Reuse Name'], $this->authHeaders($user));
$response->assertStatus(200);
$user->forceDelete();
}
public function test_user_cannot_create_more_than_10_keys(): void
{
$user = $this->createTestUser('limit_' . uniqid());
// 通过模型直接创建 10 个 Key
for ($i = 1; $i <= 10; $i++) {
ApiKey::generate($user->id, 'Key ' . $i);
}
// 尝试创建第 11 个
$response = $this->post('/api/v1/me/api-keys', ['name' => 'Key 11'], $this->authHeaders($user));
$response->assertStatus(400);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertStringContainsString('最多创建 10 个', $body['message']);
$user->forceDelete();
}
public function test_user_can_create_after_deleting_to_below_limit(): void
{
$user = $this->createTestUser('dellimit_' . uniqid());
// 创建 10 个 Key
$results = [];
for ($i = 1; $i <= 10; $i++) {
$results[] = ApiKey::generate($user->id, 'Key ' . $i);
}
// 删除一个
$this->delete('/api/v1/me/api-keys/' . $results[0]['api_key']->id, [], $this->authHeaders($user));
// 现在可以创建新的
$response = $this->post('/api/v1/me/api-keys', ['name' => 'New Key'], $this->authHeaders($user));
$response->assertStatus(200);
$user->forceDelete();
}
}