ANGJustinl/whale-town-end
1
0
Fork 0
forked from datawhale/whale-town-end
Code Pull Requests Activity

Compare commits

base: ANGJustinl:zulip_dev
Branches Tags
ANGJustinl:master ANGJustinl:zulip_dev datawhale:main datawhale:fix/chat-module-improvements-20260119 datawhale:refactor/auth-zulip-memory-link-20260119 datawhale:feature/chat-map-switching-20260119
..
compare: ANGJustinl:4165a4c03abe0475635e22b65b56d3264e8dcea6
Branches Tags
ANGJustinl:master ANGJustinl:zulip_dev datawhale:main datawhale:fix/chat-module-improvements-20260119 datawhale:refactor/auth-zulip-memory-link-20260119 datawhale:feature/chat-map-switching-20260119

2 Commits
zulip_dev ... 4165a4c03a

Author SHA1 Message Date
angjustinl
4165a4c03a Merge branch 'master' of https://gitea.xinghangee.icu/ANGJustinl/whale-town-end 
* 'master' of https://gitea.xinghangee.icu/ANGJustinl/whale-town-end:
  feat(zulip): Add Zulip account management and integrate with auth system
 2026-01-05 17:52:02 +08:00
angjustinl
2b87eac495 feat(zulip): Add Zulip account management and integrate with auth system 
- Add ZulipAccountsEntity, repository, and module for persistent Zulip account storage
- Create ZulipAccountService in core layer for managing Zulip account lifecycle
- Integrate Zulip account creation into login flow via LoginService
- Add comprehensive test suite for Zulip account creation during user registration
- Create quick test script for validating registered user Zulip integration
- Update UsersEntity to support Zulip account associations
- Update auth module to include Zulip and ZulipAccounts dependencies
- Fix WebSocket connection protocol from ws:// to wss:// in API documentation
- Enhance LoginCoreService to coordinate Zulip account provisioning during authentication
 2026-01-05 17:50:58 +08:00
27 changed files with 251 additions and 4426 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -44,5 +44,3 @@ coverage/
# Redis数据文件本地开发用
redis-data/
.kiro/

11
docs/systems/zulip/README.md
View File

@@ -358,16 +358,7 @@ node test-stream-initialization.js
## 更新日志
### v1.1.0 (2026-01-06)
- **修复 JWT Token 验证和 API Key 管理**
- 修复 `LoginService.generateTokenPair()` 的 JWT 签名冲突问题
- `ZulipService` 现在复用 `LoginService.verifyToken()` 进行 Token 验证
- 修复消息发送时使用错误的硬编码 API Key 问题
- 现在正确从 Redis 读取用户注册时存储的真实 API Key
- 添加 `AuthModule``ZulipModule` 的依赖注入
- 消息发送功能现已完全正常工作 ✅
### v1.0.1 (2025-12-25)
### v2.0.0 (2025-12-25)
- 更新地图配置为 9 区域系统
- 添加 Stream Initializer Service 自动初始化服务
- 更新默认出生点为鲸之港 (Whale Port)

147
docs/systems/zulip/guide.md
View File

@@ -68,149 +68,4 @@ C. 接收消息 (Downstream: Zulip -> Node -> Godot)
- Zulip API Key 永不下发: 用户的 Zulip 凭证永远只保存在服务器端。如果客户端直接拿 Key黑客可以通过解包 Godot 拿到 Key 然后去 Zulip 乱发消息。
- 位置欺诈完全消除: 因为 Stream 的选择权在 Node 手里,玩家无法做到“人在新手村,却往高等级区域频道发消息”。
3. 协议统一:
- 不再需要处理 HTTP (Zulip) 和 WebSocket (Game) 两种并发逻辑。网络层代码减少一半。
---
## 3. JWT Token 验证和 API Key 管理 (v1.1.0 更新)
### 3.1 用户注册和 API Key 生成流程
当用户注册游戏账号时,系统会自动创建对应的 Zulip 账号并获取 API Key
```
用户注册 (POST /auth/register)
1. 创建游戏账号 (LoginService.register)
2. 初始化 Zulip 管理员客户端
3. 创建 Zulip 账号 (ZulipAccountService.createZulipAccount)
- 使用相同的邮箱和密码
- 调用 Zulip API: POST /api/v1/users
4. 获取 API Key (ZulipAccountService.generateApiKeyForUser)
- 使用 fetch_api_key 端点(固定的、基于密码的 Key
- 注意:不使用 regenerate_api_key会生成新 Key
5. 加密存储 API Key (ApiKeySecurityService.storeApiKey)
- 使用 AES-256-GCM 加密
- 存储到 Redis: zulip:api_key:{userId}
6. 创建账号关联记录 (ZulipAccountsRepository)
- 存储 gameUserId ↔ zulipUserId 映射
7. 生成 JWT Token (LoginService.generateTokenPair)
- 包含用户信息sub, username, email, role
- 返回 access_token 和 refresh_token
```
### 3.2 JWT Token 验证流程
当用户通过 WebSocket 登录游戏时,系统会验证 JWT Token 并获取 API Key
```
WebSocket 登录 (login 消息)
1. ZulipService.validateGameToken(token)
2. 调用 LoginService.verifyToken(token, 'access')
- 验证签名、过期时间、载荷
- 提取用户信息userId, username, email
3. 从 Redis 获取 API Key (ApiKeySecurityService.getApiKey)
- 解密存储的 API Key
- 更新访问计数和时间
4. 创建 Zulip 客户端 (ZulipClientPoolService.createUserClient)
- 使用真实的用户 API Key
- 注册事件队列
5. 创建游戏会话 (SessionManagerService.createSession)
- 绑定 socketId ↔ zulipQueueId
- 记录用户位置信息
6. 返回登录成功
```
### 3.3 消息发送流程(使用正确的 API Key
```
发送聊天消息 (chat 消息)
1. ZulipService.sendChatMessage()
2. 获取会话信息 (SessionManagerService.getSession)
- 获取 userId 和当前位置
3. 上下文注入 (SessionManagerService.injectContext)
- 根据位置确定目标 Stream/Topic
4. 消息验证 (MessageFilterService.validateMessage)
- 内容过滤、频率限制
5. 发送到 Zulip (ZulipClientPoolService.sendMessage)
- 使用用户的真实 API Key
- 调用 Zulip API: POST /api/v1/messages
6. 返回发送结果
```
### 3.4 关键修复说明
**问题 1: JWT Token 签名冲突**
- **原因**: payload 中包含 `iss``aud`,但 `jwtService.signAsync()` 也通过 options 传递这些值
- **修复**: 从 payload 中移除 `iss``aud`,只通过 options 传递
- **文件**: `src/business/auth/services/login.service.ts`
**问题 2: 使用硬编码的旧 API Key**
- **原因**: `ZulipService.validateGameToken()` 使用硬编码的测试 API Key
- **修复**: 从 Redis 读取用户注册时存储的真实 API Key
- **文件**: `src/business/zulip/zulip.service.ts`
**问题 3: 重复实现 JWT 验证逻辑**
- **原因**: `ZulipService` 自己实现了 JWT 解析
- **修复**: 复用 `LoginService.verifyToken()` 方法
- **文件**: `src/business/zulip/zulip.service.ts`, `src/business/zulip/zulip.module.ts`
### 3.5 API Key 安全机制
**加密存储**:
- 使用 AES-256-GCM 算法加密
- 加密密钥从环境变量 `ZULIP_API_KEY_ENCRYPTION_KEY` 读取
- 存储格式:`{encryptedKey, iv, authTag, createdAt, updatedAt, accessCount}`
**访问控制**:
- 频率限制:每分钟最多 60 次访问
- 访问日志:记录每次访问的时间和次数
- 安全事件:记录所有关键操作(存储、访问、更新、删除)
**环境变量配置**:
```bash
# 生成 64 字符的十六进制密钥32 字节 = 256 位)
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
# 在 .env 文件中配置
ZULIP_API_KEY_ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
```
### 3.6 测试验证
使用测试脚本验证功能:
```bash
# 测试注册用户的 Zulip 集成
node docs/systems/zulip/quick_tests/test-registered-user.js
# 验证 API Key 一致性
node docs/systems/zulip/quick_tests/verify-api-key.js
```
**预期结果**:
- ✅ WebSocket 连接成功
- ✅ JWT Token 验证通过
- ✅ 从 Redis 获取正确的 API Key
- ✅ 消息成功发送到 Zulip
---
- 不再需要处理 HTTP (Zulip) 和 WebSocket (Game) 两种并发逻辑。网络层代码减少一半。

260
docs/systems/zulip/quick_tests/test-get-messages.js
View File

@@ -1,260 +0,0 @@
/**
* 测试通过 WebSocket 接收 Zulip 消息
*
* 设计理念:
* - Zulip API Key 永不下发到客户端
* - 所有 Zulip 交互通过游戏服务器的 WebSocket 进行
* - 客户端只接收 chat_render 消息,不直接调用 Zulip API
*
* 功能:
* 1. 登录游戏服务器获取 JWT Token
* 2. 通过 WebSocket 连接游戏服务器
* 3. 在当前地图 (Whale Port) 接收消息
* 4. 切换到 Pumpkin Valley 接收消息
* 5. 统计接收到的消息数量
*
* 使用方法:
* node docs/systems/zulip/quick_tests/test-get-messages.js
*/
const axios = require('axios');
const io = require('socket.io-client');
// 配置
const GAME_SERVER = 'http://localhost:3000';
const TEST_USER = {
username: 'angtest123',
password: 'angtest123',
email: 'angjustinl@163.com'
};
// 测试配置
const TEST_CONFIG = {
whalePortWaitTime: 10000, // 在 Whale Port 等待 10 秒
pumpkinValleyWaitTime: 10000, // 在 Pumpkin Valley 等待 10 秒
totalTimeout: 30000 // 总超时时间 30 秒
};
/**
* 登录游戏服务器获取用户信息
*/
async function loginToGameServer() {
console.log('📝 步骤 1: 登录游戏服务器');
console.log(` 用户名: ${TEST_USER.username}`);
try {
const response = await axios.post(`${GAME_SERVER}/auth/login`, {
identifier: TEST_USER.username,
password: TEST_USER.password
});
if (response.data.success) {
console.log('✅ 登录成功');
console.log(` 用户ID: ${response.data.data.user.id}`);
console.log(` 邮箱: ${response.data.data.user.email}`);
return {
userId: response.data.data.user.id,
username: response.data.data.user.username,
email: response.data.data.user.email,
token: response.data.data.access_token
};
} else {
throw new Error(response.data.message || '登录失败');
}
} catch (error) {
console.error('❌ 登录失败:', error.response?.data?.message || error.message);
throw error;
}
}
/**
* 通过 WebSocket 接收消息
*/
async function receiveMessagesViaWebSocket(userInfo) {
console.log('\n📡 步骤 2: 通过 WebSocket 连接并接收消息');
console.log(` 连接到: ${GAME_SERVER}/game`);
return new Promise((resolve, reject) => {
const socket = io(`${GAME_SERVER}/game`, {
transports: ['websocket'],
timeout: 20000
});
const receivedMessages = {
whalePort: [],
pumpkinValley: []
};
let currentMap = 'whale_port';
let testPhase = 0; // 0: 连接中, 1: Whale Port, 2: Pumpkin Valley, 3: 完成
// 连接成功
socket.on('connect', () => {
console.log('✅ WebSocket 连接成功');
// 发送登录消息
const loginMessage = {
type: 'login',
token: userInfo.token
};
console.log('📤 发送登录消息...');
socket.emit('login', loginMessage);
});
// 登录成功
socket.on('login_success', (data) => {
console.log('✅ 登录成功');
console.log(` 会话ID: ${data.sessionId}`);
console.log(` 用户ID: ${data.userId}`);
console.log(` 当前地图: ${data.currentMap}`);
testPhase = 1;
currentMap = data.currentMap || 'whale_port';
console.log(`\n📬 步骤 3: 在 Whale Port 接收消息 (等待 ${TEST_CONFIG.whalePortWaitTime / 1000} 秒)`);
console.log(' 💡 提示: 请在 Zulip 的 "Whale Port" Stream 发送测试消息');
// 在 Whale Port 等待一段时间
setTimeout(() => {
console.log(`\n📊 Whale Port 接收到 ${receivedMessages.whalePort.length} 条消息`);
// 切换到 Pumpkin Valley
console.log(`\n📤 步骤 4: 切换到 Pumpkin Valley`);
const positionUpdate = {
t: 'position',
x: 150,
y: 400,
mapId: 'pumpkin_valley'
};
socket.emit('position_update', positionUpdate);
testPhase = 2;
currentMap = 'pumpkin_valley';
console.log(`\n📬 步骤 5: 在 Pumpkin Valley 接收消息 (等待 ${TEST_CONFIG.pumpkinValleyWaitTime / 1000} 秒)`);
console.log(' 💡 提示: 请在 Zulip 的 "Pumpkin Valley" Stream 发送测试消息');
// 在 Pumpkin Valley 等待一段时间
setTimeout(() => {
console.log(`\n📊 Pumpkin Valley 接收到 ${receivedMessages.pumpkinValley.length} 条消息`);
testPhase = 3;
console.log('\n📊 测试完成,断开连接...');
socket.disconnect();
}, TEST_CONFIG.pumpkinValleyWaitTime);
}, TEST_CONFIG.whalePortWaitTime);
});
// 接收到消息 (chat_render)
socket.on('chat_render', (data) => {
const timestamp = new Date().toLocaleTimeString('zh-CN');
console.log(`\n📨 [${timestamp}] 收到消息:`);
console.log(` ├─ 发送者: ${data.from}`);
console.log(` ├─ 内容: ${data.txt}`);
console.log(` ├─ Stream: ${data.stream || '未知'}`);
console.log(` ├─ Topic: ${data.topic || '未知'}`);
console.log(` └─ 当前地图: ${currentMap}`);
// 记录消息
const message = {
from: data.from,
content: data.txt,
stream: data.stream,
topic: data.topic,
timestamp: new Date(),
map: currentMap
};
if (testPhase === 1) {
receivedMessages.whalePort.push(message);
} else if (testPhase === 2) {
receivedMessages.pumpkinValley.push(message);
}
});
// 错误处理
socket.on('error', (error) => {
console.error('❌ 收到错误:', JSON.stringify(error, null, 2));
});
// 连接断开
socket.on('disconnect', () => {
console.log('\n🔌 WebSocket 连接已关闭');
resolve(receivedMessages);
});
// 连接错误
socket.on('connect_error', (error) => {
console.error('❌ 连接错误:', error.message);
reject(error);
});
// 总超时保护
setTimeout(() => {
if (socket.connected) {
console.log('\n⏰ 测试超时,关闭连接');
socket.disconnect();
}
}, TEST_CONFIG.totalTimeout);
});
}
/**
* 主测试流程
*/
async function runTest() {
console.log('🚀 开始测试通过 WebSocket 接收 Zulip 消息');
console.log('='.repeat(60));
console.log('📋 设计理念: Zulip API Key 永不下发到客户端');
console.log('📋 所有消息通过游戏服务器的 WebSocket (chat_render) 接收');
console.log('='.repeat(60));
try {
// 步骤1: 登录游戏服务器
const userInfo = await loginToGameServer();
// 步骤2-5: 通过 WebSocket 接收消息
const receivedMessages = await receiveMessagesViaWebSocket(userInfo);
// 步骤6: 统计信息
console.log('\n' + '='.repeat(60));
console.log('📊 测试结果汇总');
console.log('='.repeat(60));
console.log(`✅ Whale Port: ${receivedMessages.whalePort.length} 条消息`);
console.log(`✅ Pumpkin Valley: ${receivedMessages.pumpkinValley.length} 条消息`);
console.log(`📝 总计: ${receivedMessages.whalePort.length + receivedMessages.pumpkinValley.length} 条消息`);
// 显示详细消息列表
if (receivedMessages.whalePort.length > 0) {
console.log('\n📬 Whale Port 消息列表:');
receivedMessages.whalePort.forEach((msg, index) => {
console.log(` ${index + 1}. [${msg.timestamp.toLocaleTimeString()}] ${msg.from}: ${msg.content.substring(0, 50)}${msg.content.length > 50 ? '...' : ''}`);
});
}
if (receivedMessages.pumpkinValley.length > 0) {
console.log('\n📬 Pumpkin Valley 消息列表:');
receivedMessages.pumpkinValley.forEach((msg, index) => {
console.log(` ${index + 1}. [${msg.timestamp.toLocaleTimeString()}] ${msg.from}: ${msg.content.substring(0, 50)}${msg.content.length > 50 ? '...' : ''}`);
});
}
console.log('='.repeat(60));
console.log('\n🎉 测试完成!');
console.log('💡 提示: 客户端通过 WebSocket 接收消息,无需直接访问 Zulip API');
console.log('💡 提示: 访问 https://zulip.xinghangee.icu 查看完整消息历史');
process.exit(0);
} catch (error) {
console.error('\n❌ 测试失败:', error.message);
process.exit(1);
}
}
// 运行测试
runTest();

111
docs/systems/zulip/quick_tests/test-list-subscriptions.js
View File

@@ -1,102 +1,15 @@
const zulip = require('zulip-js');
const axios = require('axios');
// 配置
const GAME_SERVER = 'http://localhost:3000';
const TEST_USER = {
username: 'angtest123',
password: 'angtest123',
email: 'angjustinl@163.com'
};
/**
* 登录游戏服务器获取用户信息
*/
async function loginToGameServer() {
console.log('📝 步骤 1: 登录游戏服务器');
console.log(` 用户名: ${TEST_USER.username}`);
try {
const response = await axios.post(`${GAME_SERVER}/auth/login`, {
identifier: TEST_USER.username,
password: TEST_USER.password
});
if (response.data.success) {
console.log('✅ 登录成功');
console.log(` 用户ID: ${response.data.data.user.id}`);
console.log(` 邮箱: ${response.data.data.user.email}`);
return {
userId: response.data.data.user.id,
username: response.data.data.user.username,
email: response.data.data.user.email,
token: response.data.data.access_token
};
} else {
throw new Error(response.data.message || '登录失败');
}
} catch (error) {
console.error('❌ 登录失败:', error.response?.data?.message || error.message);
throw error;
}
}
/**
* 使用密码获取 Zulip API Key
*/
async function getZulipApiKey(email, password) {
console.log('\n📝 步骤 2: 获取 Zulip API Key');
console.log(` 邮箱: ${email}`);
try {
// Zulip API 使用 Basic Auth 和 form data
const response = await axios.post(
'https://zulip.xinghangee.icu/api/v1/fetch_api_key',
`username=${encodeURIComponent(email)}&password=${encodeURIComponent(password)}`,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}
);
if (response.data.result === 'success') {
console.log('✅ 成功获取 API Key');
console.log(` API Key: ${response.data.api_key.substring(0, 10)}...`);
console.log(` 用户ID: ${response.data.user_id}`);
return {
apiKey: response.data.api_key,
email: response.data.email,
userId: response.data.user_id
};
} else {
throw new Error(response.data.msg || '获取 API Key 失败');
}
} catch (error) {
console.error('❌ 获取 API Key 失败:', error.response?.data?.msg || error.message);
throw error;
}
}
async function listSubscriptions() {
console.log('🚀 开始测试用户订阅的 Streams');
console.log('='.repeat(60));
console.log('🔧 检查用户订阅的 Streams...');
const config = {
username: 'angjustinl@mail.angforever.top',
apiKey: 'lCPWC...pqNfGF8',
realm: 'https://zulip.xinghangee.icu/'
};
try {
// 步骤1: 登录游戏服务器
const userInfo = await loginToGameServer();
// 步骤2: 获取 Zulip API Key
const zulipAuth = await getZulipApiKey(userInfo.email, TEST_USER.password);
console.log('\n📝 步骤 3: 检查用户订阅的 Streams');
const config = {
username: zulipAuth.email,
apiKey: zulipAuth.apiKey,
realm: 'https://zulip.xinghangee.icu/'
};
const client = await zulip(config);
// 获取用户信息
@@ -116,15 +29,15 @@ async function listSubscriptions() {
});
// 检查是否有 "Novice Village"
const noviceVillage = subscriptions.subscriptions.find(s => s.name === 'Pumpkin Valley');
const noviceVillage = subscriptions.subscriptions.find(s => s.name === 'Novice Village');
if (noviceVillage) {
console.log('\n✅ "Pumpkin Valley" Stream 已存在!');
console.log('\n✅ "Novice Village" Stream 已存在!');
// 测试发送消息
console.log('\n📤 测试发送消息...');
const result = await client.messages.send({
type: 'stream',
to: 'Pumpkin Valley',
to: 'Novice Village',
subject: 'General',
content: '测试消息:系统集成测试成功 🎮'
});
@@ -135,7 +48,7 @@ async function listSubscriptions() {
console.log('❌ 消息发送失败:', result.msg);
}
} else {
console.log('\n⚠ "Pumpkin Valley" Stream 不存在');
console.log('\n⚠ "Novice Village" Stream 不存在');
console.log('💡 请在 Zulip 网页界面手动创建该 Stream或使用管理员账号创建');
// 尝试发送到第一个可用的 Stream
@@ -166,9 +79,7 @@ async function listSubscriptions() {
if (error.response) {
console.error('响应数据:', error.response.data);
}
process.exit(1);
}
}
// 运行测试
listSubscriptions();

266
docs/systems/zulip/quick_tests/test-user-api-key.js
View File

@@ -1,183 +1,127 @@
const io = require('socket.io-client');
const axios = require('axios');
// 配置
const GAME_SERVER = 'http://localhost:3000';
const TEST_USER = {
username: 'angtest123',
password: 'angtest123',
email: 'angjustinl@163.com'
};
/**
* 登录游戏服务器获取token
*/
async function loginToGameServer() {
console.log('📝 步骤 1: 登录游戏服务器');
console.log(` 用户名: ${TEST_USER.username}`);
try {
const response = await axios.post(`${GAME_SERVER}/auth/login`, {
identifier: TEST_USER.username,
password: TEST_USER.password
});
if (response.data.success) {
console.log('✅ 登录成功');
console.log(` 用户ID: ${response.data.data.user.id}`);
console.log(` 昵称: ${response.data.data.user.nickname}`);
console.log(` 邮箱: ${response.data.data.user.email}`);
console.log(` Token: ${response.data.data.access_token.substring(0, 20)}...`);
return {
userId: response.data.data.user.id,
username: response.data.data.user.username,
token: response.data.data.access_token
};
} else {
throw new Error(response.data.message || '登录失败');
}
} catch (error) {
console.error('❌ 登录失败:', error.response?.data?.message || error.message);
throw error;
}
}
// 使用用户 API Key 测试 Zulip 集成
async function testWithUserApiKey() {
console.log('🚀 开始测试用户 API Key Zulip 集成');
console.log('='.repeat(60));
console.log('🚀 使用用户 API Key 测试 Zulip 集成...');
console.log('📡 用户 API Key: lCPWCPfGh7WU...pqNfGF8');
console.log('📡 Zulip 服务器: https://zulip.xinghangee.icu/');
console.log('📡 游戏服务器: http://localhost:3000/game');
try {
// 登录获取 token
const userInfo = await loginToGameServer();
console.log('\n📡 步骤 2: 连接 WebSocket 并测试 Zulip 集成');
console.log(` 连接到: ${GAME_SERVER}/game`);
const socket = io('http://localhost:3000/game', {
transports: ['websocket'],
timeout: 20000
});
const socket = io(`${GAME_SERVER}/game`, {
transports: ['websocket'],
timeout: 20000
});
let testStep = 0;
socket.on('connect', () => {
console.log('✅ WebSocket 连接成功');
testStep = 1;
let testStep = 0;
// 使用包含用户 API Key 的 token
const loginMessage = {
type: 'login',
token: 'lCPWCPfGh7...fGF8_user_token'
};
socket.on('connect', () => {
console.log('✅ WebSocket 连接成功');
testStep = 1;
// 使用真实的 JWT token
const loginMessage = {
type: 'login',
token: userInfo.token
console.log('📤 步骤 1: 发送登录消息(使用用户 API Key');
socket.emit('login', loginMessage);
});
socket.on('login_success', (data) => {
console.log('✅ 步骤 1 完成: 登录成功');
console.log(' 会话ID:', data.sessionId);
console.log(' 用户ID:', data.userId);
console.log(' 用户名:', data.username);
console.log(' 当前地图:', data.currentMap);
testStep = 2;
// 等待 Zulip 客户端初始化
console.log('⏳ 等待 3 秒让 Zulip 客户端初始化...');
setTimeout(() => {
const chatMessage = {
t: 'chat',
content: '🎮 【用户API Key测试】来自游戏的消息\\n' +
'时间: ' + new Date().toLocaleString() + '\\n' +
'使用用户 API Key 发送此消息。',
scope: 'local'
};
console.log('📤 步骤 3: 发送登录消息(使用 JWT Token');
socket.emit('login', loginMessage);
});
console.log('📤 步骤 2: 发送消息到 Zulip使用用户 API Key');
console.log(' 目标 Stream: Whale Port');
socket.emit('chat', chatMessage);
}, 3000);
});
socket.on('login_success', (data) => {
console.log('✅ 步骤 3 完成: 登录成功');
console.log(' 会话ID:', data.sessionId);
console.log(' 用户ID:', data.userId);
console.log(' 用户名:', data.username);
console.log(' 当前地图:', data.currentMap);
testStep = 2;
socket.on('chat_sent', (data) => {
console.log('✅ 步骤 2 完成: 消息发送成功');
console.log(' 响应:', JSON.stringify(data, null, 2));
// 只在第一次收到 chat_sent 时发送第二条消息
if (testStep === 2) {
testStep = 3;
// 等待 Zulip 客户端初始化
console.log('\n⏳ 等待 3 秒让 Zulip 客户端初始化...');
setTimeout(() => {
const chatMessage = {
t: 'chat',
content: `🎮 【用户API Key测试】来自 ${userInfo.username} 的消息!\n` +
`时间: ${new Date().toLocaleString()}\n` +
`使用真实 API Key 发送此消息。`,
scope: 'local'
// 先切换到 Pumpkin Valley 地图
console.log('📤 步骤 3: 切换到 Pumpkin Valley 地图');
const positionUpdate = {
t: 'position',
x: 150,
y: 400,
mapId: 'pumpkin_valley'
};
socket.emit('position_update', positionUpdate);
console.log('📤 步骤 4: 发送消息到 Zulip使用真实 API Key');
console.log(' 目标 Stream: Whale Port');
socket.emit('chat', chatMessage);
}, 3000);
});
socket.on('chat_sent', (data) => {
console.log('✅ 步骤 4 完成: 消息发送成功');
console.log(' 响应:', JSON.stringify(data, null, 2));
// 只在第一次收到 chat_sent 时发送第二条消息
if (testStep === 2) {
testStep = 3;
// 等待位置更新后发送消息
setTimeout(() => {
// 先切换到 Pumpkin Valley 地图
console.log('\n📤 步骤 5: 切换到 Pumpkin Valley 地图');
const positionUpdate = {
t: 'position',
x: 150,
y: 400,
mapId: 'pumpkin_valley'
const chatMessage2 = {
t: 'chat',
content: '🎃 在南瓜谷发送的测试消息!',
scope: 'local'
};
socket.emit('position_update', positionUpdate);
// 等待位置更新后发送消息
setTimeout(() => {
const chatMessage2 = {
t: 'chat',
content: '🎃 在南瓜谷发送的测试消息!',
scope: 'local'
};
console.log('📤 步骤 6: 在 Pumpkin Valley 发送消息');
socket.emit('chat', chatMessage2);
}, 1000);
}, 2000);
}
});
console.log('📤 步骤 4: 在 Pumpkin Valley 发送消息');
socket.emit('chat', chatMessage2);
}, 1000);
}, 2000);
}
});
socket.on('chat_render', (data) => {
console.log('\n📨 收到来自 Zulip 的消息:');
console.log(' 发送者:', data.from);
console.log(' 内容:', data.txt);
console.log(' Stream:', data.stream || '未知');
console.log(' Topic:', data.topic || '未知');
});
socket.on('error', (error) => {
console.log('❌ 收到错误:', JSON.stringify(error, null, 2));
});
socket.on('disconnect', () => {
console.log('\n🔌 WebSocket 连接已关闭');
console.log('\n' + '='.repeat(60));
console.log('📊 测试结果汇总');
console.log('='.repeat(60));
console.log(' 完成步骤:', testStep, '/ 3');
if (testStep >= 3) {
console.log(' ✅ 核心功能正常!');
console.log(' 💡 请检查 Zulip 中的 "Whale Port" 和 "Pumpkin Valley" Streams 查看消息');
} else {
console.log(' ⚠️ 部分测试未完成');
}
console.log('='.repeat(60));
process.exit(testStep >= 3 ? 0 : 1);
});
socket.on('connect_error', (error) => {
console.error('❌ 连接错误:', error.message);
process.exit(1);
});
// 20秒后自动关闭给足够时间完成测试
setTimeout(() => {
console.log('\n⏰ 测试时间到,关闭连接');
socket.disconnect();
}, 20000);
} catch (error) {
console.error('\n❌ 测试失败:', error.message);
socket.on('chat_render', (data) => {
console.log('📨 收到来自 Zulip 的消息:');
console.log(' 发送者:', data.from);
console.log(' 内容:', data.txt);
console.log(' Stream:', data.stream || '未知');
console.log(' Topic:', data.topic || '未知');
});
socket.on('error', (error) => {
console.log('❌ 收到错误:', JSON.stringify(error, null, 2));
});
socket.on('disconnect', () => {
console.log('🔌 WebSocket 连接已关闭');
console.log('');
console.log('📊 测试结果:');
console.log(' 完成步骤:', testStep, '/ 4');
if (testStep >= 3) {
console.log(' ✅ 核心功能正常!');
console.log(' 💡 请检查 Zulip 中的 "Whale Port" 和 "Pumpkin Valley" Streams 查看消息');
}
process.exit(0);
});
socket.on('connect_error', (error) => {
console.error('❌ 连接错误:', error.message);
process.exit(1);
}
});
// 20秒后自动关闭给足够时间完成测试
setTimeout(() => {
console.log('⏰ 测试时间到,关闭连接');
socket.disconnect();
}, 20000);
}
// 运行测试
testWithUserApiKey();
console.log('🔧 准备测试环境...');
testWithUserApiKey().catch(console.error);

3
package.json
View File

@@ -28,7 +28,6 @@
"@nestjs/common": "^11.1.9",
"@nestjs/config": "^4.0.2",
"@nestjs/core": "^11.1.9",
"@nestjs/jwt": "^11.0.2",
"@nestjs/platform-express": "^10.4.20",
"@nestjs/platform-socket.io": "^10.4.20",
"@nestjs/schedule": "^4.1.2",
@@ -44,7 +43,6 @@
"class-transformer": "^0.5.1",
"class-validator": "^0.14.3",
"ioredis": "^5.8.2",
"jsonwebtoken": "^9.0.3",
"mysql2": "^3.16.0",
"nestjs-pino": "^4.5.0",
"nodemailer": "^6.10.1",
@@ -64,7 +62,6 @@
"@nestjs/testing": "^10.4.20",
"@types/express": "^5.0.6",
"@types/jest": "^29.5.14",
"@types/jsonwebtoken": "^9.0.10",
"@types/node": "^20.19.27",
"@types/nodemailer": "^6.4.14",
"@types/supertest": "^6.0.3",

22
src/business/auth/auth.module.ts
View File

@@ -6,7 +6,6 @@
* - 用户登录、注册、密码管理
* - GitHub OAuth集成
* - 邮箱验证功能
* - JWT令牌管理和验证
*
* @author kiro-ai
* @version 1.0.0
@@ -14,41 +13,22 @@
*/
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { LoginController } from './controllers/login.controller';
import { LoginService } from './services/login.service';
import { LoginCoreModule } from '../../core/login_core/login_core.module';
import { ZulipCoreModule } from '../../core/zulip/zulip-core.module';
import { ZulipAccountsModule } from '../../core/db/zulip_accounts/zulip_accounts.module';
import { UsersModule } from '../../core/db/users/users.module';
@Module({
imports: [
LoginCoreModule,
ZulipCoreModule,
ZulipAccountsModule.forRoot(),
UsersModule,
JwtModule.registerAsync({
imports: [ConfigModule],
useFactory: (configService: ConfigService) => {
const expiresIn = configService.get<string>('JWT_EXPIRES_IN', '7d');
return {
secret: configService.get<string>('JWT_SECRET'),
signOptions: {
expiresIn: expiresIn as any, // JWT库支持字符串格式如 '7d'
issuer: 'whale-town',
audience: 'whale-town-users',
},
};
},
inject: [ConfigService],
}),
],
controllers: [LoginController],
providers: [
LoginService,
],
exports: [LoginService, JwtModule],
exports: [LoginService],
})
export class AuthModule {}

109
src/business/auth/controllers/login.controller.ts
View File

@@ -13,7 +13,6 @@
* - POST /auth/forgot-password - 发送密码重置验证码
* - POST /auth/reset-password - 重置密码
* - PUT /auth/change-password - 修改密码
* - POST /auth/refresh-token - 刷新访问令牌
*
* @author moyin angjustinl
* @version 1.0.0
@@ -24,7 +23,7 @@ import { Controller, Post, Put, Body, HttpCode, HttpStatus, ValidationPipe, UseP
import { ApiTags, ApiOperation, ApiResponse as SwaggerApiResponse, ApiBody } from '@nestjs/swagger';
import { Response } from 'express';
import { LoginService, ApiResponse, LoginResponse } from '../services/login.service';
import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto, VerificationCodeLoginDto, SendLoginVerificationCodeDto, RefreshTokenDto } from '../dto/login.dto';
import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto, VerificationCodeLoginDto, SendLoginVerificationCodeDto } from '../dto/login.dto';
import {
LoginResponseDto,
RegisterResponseDto,
@@ -32,8 +31,7 @@ import {
ForgotPasswordResponseDto,
CommonResponseDto,
TestModeEmailVerificationResponseDto,
SuccessEmailVerificationResponseDto,
RefreshTokenResponseDto
SuccessEmailVerificationResponseDto
} from '../dto/login_response.dto';
import { Throttle, ThrottlePresets } from '../../../core/security_core/decorators/throttle.decorator';
import { Timeout, TimeoutPresets } from '../../../core/security_core/decorators/timeout.decorator';
@@ -611,107 +609,4 @@ export class LoginController {
message: '限流记录已清除'
});
}
/**
* 刷新访问令牌
*
* 功能描述:
* 使用有效的刷新令牌生成新的访问令牌,实现无感知的令牌续期
*
* 业务逻辑:
* 1. 验证刷新令牌的有效性和格式
* 2. 检查用户状态是否正常
* 3. 生成新的JWT令牌对
* 4. 返回新的访问令牌和刷新令牌
*
* @param refreshTokenDto 刷新令牌数据
* @param res Express响应对象
* @returns 新的令牌对
*/
@ApiOperation({
summary: '刷新访问令牌',
description: '使用有效的刷新令牌生成新的访问令牌,实现无感知的令牌续期。建议在访问令牌即将过期时调用此接口。'
})
@ApiBody({ type: RefreshTokenDto })
@SwaggerApiResponse({
status: 200,
description: '令牌刷新成功',
type: RefreshTokenResponseDto
})
@SwaggerApiResponse({
status: 400,
description: '请求参数错误'
})
@SwaggerApiResponse({
status: 401,
description: '刷新令牌无效或已过期'
})
@SwaggerApiResponse({
status: 404,
description: '用户不存在或已被禁用'
})
@SwaggerApiResponse({
status: 429,
description: '刷新请求过于频繁'
})
@Throttle(ThrottlePresets.REFRESH_TOKEN)
@Timeout(TimeoutPresets.NORMAL)
@Post('refresh-token')
@UsePipes(new ValidationPipe({ transform: true }))
async refreshToken(@Body() refreshTokenDto: RefreshTokenDto, @Res() res: Response): Promise<void> {
const startTime = Date.now();
try {
this.logger.log('令牌刷新请求', {
operation: 'refreshToken',
timestamp: new Date().toISOString(),
});
const result = await this.loginService.refreshAccessToken(refreshTokenDto.refresh_token);
const duration = Date.now() - startTime;
if (result.success) {
this.logger.log('令牌刷新成功', {
operation: 'refreshToken',
duration,
timestamp: new Date().toISOString(),
});
res.status(HttpStatus.OK).json(result);
} else {
this.logger.warn('令牌刷新失败', {
operation: 'refreshToken',
error: result.message,
errorCode: result.error_code,
duration,
timestamp: new Date().toISOString(),
});
// 根据错误类型设置不同的状态码
if (result.message?.includes('令牌验证失败') || result.message?.includes('已过期')) {
res.status(HttpStatus.UNAUTHORIZED).json(result);
} else if (result.message?.includes('用户不存在')) {
res.status(HttpStatus.NOT_FOUND).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
}
} catch (error) {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('令牌刷新异常', {
operation: 'refreshToken',
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
success: false,
message: '服务器内部错误',
error_code: 'INTERNAL_SERVER_ERROR'
});
}
}
}

39
src/business/auth/decorators/current-user.decorator.ts
View File

@@ -1,39 +0,0 @@
/**
* 当前用户装饰器
*
* 功能描述:
* - 从请求上下文中提取当前认证用户信息
* - 简化控制器中获取用户信息的操作
*
* 使用示例:
* ```typescript
* @Get('profile')
* @UseGuards(JwtAuthGuard)
* getProfile(@CurrentUser() user: JwtPayload) {
* return { user };
* }
* ```
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-05
*/
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { AuthenticatedRequest, JwtPayload } from '../guards/jwt-auth.guard';
/**
* 当前用户装饰器
*
* @param data 可选的属性名,用于获取用户对象的特定属性
* @param ctx 执行上下文
* @returns 用户信息或用户的特定属性
*/
export const CurrentUser = createParamDecorator(
(data: keyof JwtPayload | undefined, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest<AuthenticatedRequest>();
const user = request.user;
return data ? user?.[data] : user;
},
);

17
src/business/auth/dto/login.dto.ts
View File

@@ -424,21 +424,4 @@ export class SendLoginVerificationCodeDto {
@IsNotEmpty({ message: '登录标识符不能为空' })
@Length(1, 100, { message: '登录标识符长度需在1-100字符之间' })
identifier: string;
}
/**
* 刷新令牌请求DTO
*/
export class RefreshTokenDto {
/**
* 刷新令牌
*/
@ApiProperty({
description: 'JWT刷新令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
minLength: 1
})
@IsString({ message: '刷新令牌必须是字符串' })
@IsNotEmpty({ message: '刷新令牌不能为空' })
refresh_token: string;
}

81
src/business/auth/dto/login_response.dto.ts
View File

@@ -80,28 +80,17 @@ export class LoginResponseDataDto {
user: UserInfoDto;
@ApiProperty({
description: 'JWT访问令牌',
description: '访问令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
})
access_token: string;
@ApiProperty({
description: 'JWT刷新令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
description: '刷新令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
required: false
})
refresh_token: string;
@ApiProperty({
description: '访问令牌过期时间(秒)',
example: 604800
})
expires_in: number;
@ApiProperty({
description: '令牌类型',
example: 'Bearer'
})
token_type: string;
refresh_token?: string;
@ApiProperty({
description: '是否为新用户',
@@ -403,64 +392,4 @@ export class SuccessEmailVerificationResponseDto {
required: false
})
error_code?: string;
}
/**
* 令牌刷新响应数据DTO
*/
export class RefreshTokenResponseDataDto {
@ApiProperty({
description: 'JWT访问令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
})
access_token: string;
@ApiProperty({
description: 'JWT刷新令牌',
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
})
refresh_token: string;
@ApiProperty({
description: '访问令牌过期时间(秒)',
example: 604800
})
expires_in: number;
@ApiProperty({
description: '令牌类型',
example: 'Bearer'
})
token_type: string;
}
/**
* 令牌刷新响应DTO
*/
export class RefreshTokenResponseDto {
@ApiProperty({
description: '请求是否成功',
example: true
})
success: boolean;
@ApiProperty({
description: '响应数据',
type: RefreshTokenResponseDataDto,
required: false
})
data?: RefreshTokenResponseDataDto;
@ApiProperty({
description: '响应消息',
example: '令牌刷新成功'
})
message: string;
@ApiProperty({
description: '错误代码',
example: 'TOKEN_REFRESH_FAILED',
required: false
})
error_code?: string;
}

128
src/business/auth/examples/jwt-usage-example.ts
View File

@@ -1,128 +0,0 @@
/**
* JWT 使用示例
*
* 展示如何在控制器中使用 JWT 认证守卫和当前用户装饰器
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-05
*/
import { Controller, Get, UseGuards, Post, Body } from '@nestjs/common';
import { JwtAuthGuard, JwtPayload } from '../guards/jwt-auth.guard';
import { CurrentUser } from '../decorators/current-user.decorator';
/**
* 示例控制器 - 展示 JWT 认证的使用方法
*/
@Controller('example')
export class ExampleController {
/**
* 公开接口 - 无需认证
*/
@Get('public')
getPublicData() {
return {
message: '这是一个公开接口,无需认证',
timestamp: new Date().toISOString(),
};
}
/**
* 受保护的接口 - 需要 JWT 认证
*
* 请求头示例:
* Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
*/
@Get('protected')
@UseGuards(JwtAuthGuard)
getProtectedData(@CurrentUser() user: JwtPayload) {
return {
message: '这是一个受保护的接口,需要有效的 JWT 令牌',
user: {
id: user.sub,
username: user.username,
role: user.role,
},
timestamp: new Date().toISOString(),
};
}
/**
* 获取当前用户信息
*/
@Get('profile')
@UseGuards(JwtAuthGuard)
getUserProfile(@CurrentUser() user: JwtPayload) {
return {
profile: {
userId: user.sub,
username: user.username,
role: user.role,
tokenIssuedAt: new Date(user.iat * 1000).toISOString(),
tokenExpiresAt: new Date(user.exp * 1000).toISOString(),
},
};
}
/**
* 获取用户的特定属性
*/
@Get('username')
@UseGuards(JwtAuthGuard)
getUsername(@CurrentUser('username') username: string) {
return {
username,
message: `你好,${username}`,
};
}
/**
* 需要特定角色的接口
*/
@Post('admin-only')
@UseGuards(JwtAuthGuard)
adminOnlyAction(@CurrentUser() user: JwtPayload, @Body() data: any) {
// 检查用户角色
if (user.role !== 1) { // 假设 1 是管理员角色
return {
success: false,
message: '权限不足,仅管理员可访问',
};
}
return {
success: true,
message: '管理员操作执行成功',
data,
operator: user.username,
};
}
}
/**
* 使用说明:
*
* 1. 首先调用登录接口获取 JWT 令牌:
* POST /auth/login
* {
* "identifier": "username",
* "password": "password"
* }
*
* 2. 从响应中获取 access_token
*
* 3. 在后续请求中添加 Authorization 头:
* Authorization: Bearer <access_token>
*
* 4. 访问受保护的接口:
* GET /example/protected
* GET /example/profile
* GET /example/username
* POST /example/admin-only
*
* 错误处理:
* - 401 Unauthorized: 令牌缺失或无效
* - 403 Forbidden: 令牌有效但权限不足
*/

83
src/business/auth/guards/jwt-auth.guard.ts
View File

@@ -1,83 +0,0 @@
/**
* JWT 认证守卫
*
* 功能描述:
* - 验证请求中的 JWT 令牌
* - 提取用户信息并添加到请求上下文
* - 保护需要认证的路由
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-05
*/
import {
Injectable,
CanActivate,
ExecutionContext,
UnauthorizedException,
Logger,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { Request } from 'express';
/**
* JWT 载荷接口
*/
export interface JwtPayload {
sub: string; // 用户ID
username: string;
role: number;
iat: number; // 签发时间
exp: number; // 过期时间
}
/**
* 扩展的请求接口,包含用户信息
*/
export interface AuthenticatedRequest extends Request {
user: JwtPayload;
}
@Injectable()
export class JwtAuthGuard implements CanActivate {
private readonly logger = new Logger(JwtAuthGuard.name);
constructor(private readonly jwtService: JwtService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const token = this.extractTokenFromHeader(request);
if (!token) {
this.logger.warn('访问被拒绝:缺少认证令牌');
throw new UnauthorizedException('缺少认证令牌');
}
try {
// 验证并解码 JWT 令牌
const payload = await this.jwtService.verifyAsync<JwtPayload>(token);
// 将用户信息添加到请求对象
(request as AuthenticatedRequest).user = payload;
this.logger.log(`用户认证成功: ${payload.username} (ID: ${payload.sub})`);
return true;
} catch (error) {
const errorMessage = error instanceof Error ? error.message : '未知错误';
this.logger.warn(`JWT 令牌验证失败: ${errorMessage}`);
throw new UnauthorizedException('无效的认证令牌');
}
}
/**
* 从请求头中提取 JWT 令牌
*
* @param request 请求对象
* @returns JWT 令牌或 undefined
*/
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}

636
src/business/auth/services/login.service.spec.ts
View File

@@ -1,43 +1,14 @@
/**
* 登录业务服务测试
*
* 功能描述:
* - 测试登录相关的业务逻辑
* - 测试JWT令牌生成和验证
* - 测试令牌刷新功能
* - 测试各种异常情况处理
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-06
*/
import { Test, TestingModule } from '@nestjs/testing';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import { LoginService } from './login.service';
import { LoginCoreService } from '../../../core/login_core/login_core.service';
import { UsersService } from '../../../core/db/users/users.service';
import { ZulipAccountService } from '../../../core/zulip/services/zulip_account.service';
import { ZulipAccountsRepository } from '../../../core/db/zulip_accounts/zulip_accounts.repository';
import { ApiKeySecurityService } from '../../../core/zulip/services/api_key_security.service';
import * as jwt from 'jsonwebtoken';
// Mock jwt module
jest.mock('jsonwebtoken', () => ({
sign: jest.fn(),
verify: jest.fn(),
}));
describe('LoginService', () => {
let service: LoginService;
let loginCoreService: jest.Mocked<LoginCoreService>;
let jwtService: jest.Mocked<JwtService>;
let configService: jest.Mocked<ConfigService>;
let usersService: jest.Mocked<UsersService>;
let zulipAccountService: jest.Mocked<ZulipAccountService>;
let zulipAccountsRepository: jest.Mocked<ZulipAccountsRepository>;
let apiKeySecurityService: jest.Mocked<ApiKeySecurityService>;
const mockUser = {
id: BigInt(1),
@@ -55,20 +26,7 @@ describe('LoginService', () => {
updated_at: new Date()
};
const mockJwtSecret = 'test_jwt_secret_key_for_testing_32chars';
const mockAccessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwidXNlcm5hbWUiOiJ0ZXN0dXNlciIsInJvbGUiOjEsInR5cGUiOiJhY2Nlc3MiLCJpYXQiOjE2NDA5OTUyMDAsImlzcyI6IndoYWxlLXRvd24iLCJhdWQiOiJ3aGFsZS10b3duLXVzZXJzIn0.test';
const mockRefreshToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwidXNlcm5hbWUiOiJ0ZXN0dXNlciIsInJvbGUiOjEsInR5cGUiOiJyZWZyZXNoIiwiaWF0IjoxNjQwOTk1MjAwLCJpc3MiOiJ3aGFsZS10b3duIiwiYXVkIjoid2hhbGUtdG93bi11c2VycyJ9.test';
beforeEach(async () => {
// Mock environment variables for Zulip
const originalEnv = process.env;
process.env = {
...originalEnv,
ZULIP_SERVER_URL: 'https://test.zulipchat.com',
ZULIP_BOT_EMAIL: 'test-bot@test.zulipchat.com',
ZULIP_BOT_API_KEY: 'test_api_key_12345',
};
const mockLoginCoreService = {
login: jest.fn(),
register: jest.fn(),
@@ -82,36 +40,6 @@ describe('LoginService', () => {
verificationCodeLogin: jest.fn(),
sendLoginVerificationCode: jest.fn(),
debugVerificationCode: jest.fn(),
deleteUser: jest.fn(),
};
const mockJwtService = {
signAsync: jest.fn(),
verifyAsync: jest.fn(),
};
const mockConfigService = {
get: jest.fn(),
};
const mockUsersService = {
findOne: jest.fn(),
};
const mockZulipAccountService = {
initializeAdminClient: jest.fn(),
createZulipAccount: jest.fn(),
linkGameAccount: jest.fn(),
};
const mockZulipAccountsRepository = {
findByGameUserId: jest.fn(),
create: jest.fn(),
deleteByGameUserId: jest.fn(),
};
const mockApiKeySecurityService = {
storeApiKey: jest.fn(),
};
const module: TestingModule = await Test.createTestingModule({
@@ -121,72 +49,11 @@ describe('LoginService', () => {
provide: LoginCoreService,
useValue: mockLoginCoreService,
},
{
provide: JwtService,
useValue: mockJwtService,
},
{
provide: ConfigService,
useValue: mockConfigService,
},
{
provide: 'UsersService',
useValue: mockUsersService,
},
{
provide: ZulipAccountService,
useValue: mockZulipAccountService,
},
{
provide: 'ZulipAccountsRepository',
useValue: mockZulipAccountsRepository,
},
{
provide: ApiKeySecurityService,
useValue: mockApiKeySecurityService,
},
],
}).compile();
service = module.get<LoginService>(LoginService);
loginCoreService = module.get(LoginCoreService);
jwtService = module.get(JwtService);
configService = module.get(ConfigService);
usersService = module.get('UsersService');
zulipAccountService = module.get(ZulipAccountService);
zulipAccountsRepository = module.get('ZulipAccountsRepository');
apiKeySecurityService = module.get(ApiKeySecurityService);
// Setup default config service mocks
configService.get.mockImplementation((key: string, defaultValue?: any) => {
const config = {
'JWT_SECRET': mockJwtSecret,
'JWT_EXPIRES_IN': '7d',
};
return config[key] || defaultValue;
});
// Setup default JWT service mocks
jwtService.signAsync.mockResolvedValue(mockAccessToken);
(jwt.sign as jest.Mock).mockReturnValue(mockRefreshToken);
// Setup default Zulip mocks
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
zulipAccountService.createZulipAccount.mockResolvedValue({
success: true,
userId: 123,
email: 'test@example.com',
apiKey: 'mock_api_key'
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(null);
zulipAccountsRepository.create.mockResolvedValue({} as any);
apiKeySecurityService.storeApiKey.mockResolvedValue(undefined);
});
afterEach(() => {
jest.clearAllMocks();
// Restore original environment variables
jest.restoreAllMocks();
});
it('should be defined', () => {
@@ -194,7 +61,7 @@ describe('LoginService', () => {
});
describe('login', () => {
it('should login successfully and return JWT tokens', async () => {
it('should login successfully', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
@@ -207,40 +74,7 @@ describe('LoginService', () => {
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800); // 7 days in seconds
expect(result.data?.token_type).toBe('Bearer');
expect(result.data?.is_new_user).toBe(false);
expect(result.message).toBe('登录成功');
// Verify JWT service was called correctly
expect(jwtService.signAsync).toHaveBeenCalledWith({
sub: '1',
username: 'testuser',
role: 1,
email: 'test@example.com',
type: 'access',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
});
expect(jwt.sign).toHaveBeenCalledWith(
{
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
},
mockJwtSecret,
{
expiresIn: '30d',
}
);
expect(result.data?.access_token).toBeDefined();
});
it('should handle login failure', async () => {
@@ -253,52 +87,11 @@ describe('LoginService', () => {
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toBe('用户名或密码错误');
});
it('should handle JWT generation failure', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
jwtService.signAsync.mockRejectedValue(new Error('JWT generation failed'));
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toContain('JWT generation failed');
});
it('should handle missing JWT secret', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
if (key === 'JWT_EXPIRES_IN') return '7d';
return undefined;
});
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toContain('JWT_SECRET未配置');
});
});
describe('register', () => {
it('should register successfully with JWT tokens', async () => {
it('should register successfully', async () => {
loginCoreService.register.mockResolvedValue({
user: mockUser,
isNewUser: true
@@ -307,350 +100,17 @@ describe('LoginService', () => {
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户',
email: 'test@example.com'
nickname: '测试用户'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800);
expect(result.data?.token_type).toBe('Bearer');
expect(result.data?.is_new_user).toBe(true);
expect(result.message).toBe('注册成功Zulip账号已同步创建');
});
it('should register successfully without email', async () => {
loginCoreService.register.mockResolvedValue({
user: { ...mockUser, email: null },
isNewUser: true
});
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户'
});
expect(result.success).toBe(true);
expect(result.data?.message).toBe('注册成功');
// Should not try to create Zulip account without email
expect(zulipAccountService.createZulipAccount).not.toHaveBeenCalled();
});
it('should handle Zulip account creation failure and rollback', async () => {
loginCoreService.register.mockResolvedValue({
user: mockUser,
isNewUser: true
});
zulipAccountService.createZulipAccount.mockResolvedValue({
success: false,
error: 'Zulip creation failed'
});
loginCoreService.deleteUser.mockResolvedValue(undefined);
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户',
email: 'test@example.com'
});
expect(result.success).toBe(false);
expect(result.message).toContain('Zulip账号创建失败');
expect(loginCoreService.deleteUser).toHaveBeenCalledWith(mockUser.id);
});
it('should handle register failure', async () => {
loginCoreService.register.mockRejectedValue(new Error('用户名已存在'));
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('REGISTER_FAILED');
expect(result.message).toBe('用户名已存在');
});
});
describe('verifyToken', () => {
const mockPayload = {
sub: '1',
username: 'testuser',
role: 1,
type: 'access' as const,
iat: Math.floor(Date.now() / 1000),
iss: 'whale-town',
aud: 'whale-town-users',
};
it('should verify access token successfully', async () => {
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
const result = await service.verifyToken(mockAccessToken, 'access');
expect(result).toEqual(mockPayload);
expect(jwt.verify).toHaveBeenCalledWith(
mockAccessToken,
mockJwtSecret,
{
issuer: 'whale-town',
audience: 'whale-town-users',
}
);
});
it('should verify refresh token successfully', async () => {
const refreshPayload = { ...mockPayload, type: 'refresh' as const };
(jwt.verify as jest.Mock).mockReturnValue(refreshPayload);
const result = await service.verifyToken(mockRefreshToken, 'refresh');
expect(result).toEqual(refreshPayload);
});
it('should throw error for invalid token', async () => {
(jwt.verify as jest.Mock).mockImplementation(() => {
throw new Error('invalid token');
});
await expect(service.verifyToken('invalid_token')).rejects.toThrow('令牌验证失败: invalid token');
});
it('should throw error for token type mismatch', async () => {
const refreshPayload = { ...mockPayload, type: 'refresh' as const };
(jwt.verify as jest.Mock).mockReturnValue(refreshPayload);
await expect(service.verifyToken(mockRefreshToken, 'access')).rejects.toThrow('令牌类型不匹配');
});
it('should throw error for incomplete payload', async () => {
const incompletePayload = { sub: '1', type: 'access' }; // missing username and role
(jwt.verify as jest.Mock).mockReturnValue(incompletePayload);
await expect(service.verifyToken(mockAccessToken)).rejects.toThrow('令牌载荷数据不完整');
});
it('should throw error when JWT secret is missing', async () => {
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
return undefined;
});
await expect(service.verifyToken(mockAccessToken)).rejects.toThrow('JWT_SECRET未配置');
});
});
describe('refreshAccessToken', () => {
const mockRefreshPayload = {
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh' as const,
iat: Math.floor(Date.now() / 1000),
iss: 'whale-town',
aud: 'whale-town-users',
};
beforeEach(() => {
(jwt.verify as jest.Mock).mockReturnValue(mockRefreshPayload);
usersService.findOne.mockResolvedValue(mockUser);
});
it('should refresh access token successfully', async () => {
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(true);
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800);
expect(result.data?.token_type).toBe('Bearer');
expect(result.message).toBe('令牌刷新成功');
expect(jwt.verify).toHaveBeenCalledWith(
mockRefreshToken,
mockJwtSecret,
{
issuer: 'whale-town',
audience: 'whale-town-users',
}
);
expect(usersService.findOne).toHaveBeenCalledWith(BigInt(1));
});
it('should handle invalid refresh token', async () => {
(jwt.verify as jest.Mock).mockImplementation(() => {
throw new Error('invalid token');
});
const result = await service.refreshAccessToken('invalid_token');
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('invalid token');
});
it('should handle user not found', async () => {
usersService.findOne.mockResolvedValue(null);
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toBe('用户不存在或已被禁用');
});
it('should handle user service error', async () => {
usersService.findOne.mockRejectedValue(new Error('Database error'));
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('Database error');
});
it('should handle JWT generation error during refresh', async () => {
jwtService.signAsync.mockRejectedValue(new Error('JWT generation failed'));
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('JWT generation failed');
});
});
describe('parseExpirationTime', () => {
it('should parse seconds correctly', () => {
const result = (service as any).parseExpirationTime('30s');
expect(result).toBe(30);
});
it('should parse minutes correctly', () => {
const result = (service as any).parseExpirationTime('5m');
expect(result).toBe(300);
});
it('should parse hours correctly', () => {
const result = (service as any).parseExpirationTime('2h');
expect(result).toBe(7200);
});
it('should parse days correctly', () => {
const result = (service as any).parseExpirationTime('7d');
expect(result).toBe(604800);
});
it('should parse weeks correctly', () => {
const result = (service as any).parseExpirationTime('2w');
expect(result).toBe(1209600);
});
it('should return default for invalid format', () => {
const result = (service as any).parseExpirationTime('invalid');
expect(result).toBe(604800); // 7 days default
});
});
describe('generateTokenPair', () => {
it('should generate token pair successfully', async () => {
const result = await (service as any).generateTokenPair(mockUser);
expect(result.access_token).toBe(mockAccessToken);
expect(result.refresh_token).toBe(mockRefreshToken);
expect(result.expires_in).toBe(604800);
expect(result.token_type).toBe('Bearer');
expect(jwtService.signAsync).toHaveBeenCalledWith({
sub: '1',
username: 'testuser',
role: 1,
email: 'test@example.com',
type: 'access',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
});
expect(jwt.sign).toHaveBeenCalledWith(
{
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
},
mockJwtSecret,
{
expiresIn: '30d',
}
);
});
it('should handle missing JWT secret', async () => {
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
if (key === 'JWT_EXPIRES_IN') return '7d';
return undefined;
});
await expect((service as any).generateTokenPair(mockUser)).rejects.toThrow('令牌生成失败: JWT_SECRET未配置');
});
it('should handle JWT service error', async () => {
jwtService.signAsync.mockRejectedValue(new Error('JWT service error'));
await expect((service as any).generateTokenPair(mockUser)).rejects.toThrow('令牌生成失败: JWT service error');
});
});
describe('formatUserInfo', () => {
it('should format user info correctly', () => {
const formattedUser = (service as any).formatUserInfo(mockUser);
expect(formattedUser).toEqual({
id: '1',
username: 'testuser',
nickname: '测试用户',
email: 'test@example.com',
phone: '+8613800138000',
avatar_url: null,
role: 1,
created_at: mockUser.created_at
});
});
});
describe('other methods', () => {
it('should handle githubOAuth successfully', async () => {
loginCoreService.githubOAuth.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.githubOAuth({
github_id: '12345',
username: 'testuser',
nickname: '测试用户',
email: 'test@example.com'
});
expect(result.success).toBe(true);
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.message).toBe('GitHub登录成功');
});
it('should handle verificationCodeLogin successfully', async () => {
describe('verificationCodeLogin', () => {
it('should login with verification code successfully', async () => {
loginCoreService.verificationCodeLogin.mockResolvedValue({
user: mockUser,
isNewUser: false
@@ -663,74 +123,23 @@ describe('LoginService', () => {
expect(result.success).toBe(true);
expect(result.data?.user.email).toBe('test@example.com');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.message).toBe('验证码登录成功');
});
it('should handle sendPasswordResetCode in test mode', async () => {
loginCoreService.sendPasswordResetCode.mockResolvedValue({
code: '123456',
isTestMode: true
});
it('should handle verification code login failure', async () => {
loginCoreService.verificationCodeLogin.mockRejectedValue(new Error('验证码错误'));
const result = await service.sendPasswordResetCode('test@example.com');
expect(result.success).toBe(false); // Test mode returns false
expect(result.data?.verification_code).toBe('123456');
expect(result.data?.is_test_mode).toBe(true);
expect(result.error_code).toBe('TEST_MODE_ONLY');
});
it('should handle resetPassword successfully', async () => {
loginCoreService.resetPassword.mockResolvedValue(undefined);
const result = await service.resetPassword({
const result = await service.verificationCodeLogin({
identifier: 'test@example.com',
verificationCode: '123456',
newPassword: 'newpassword123'
verificationCode: '999999'
});
expect(result.success).toBe(true);
expect(result.message).toBe('密码重置成功');
});
it('should handle changePassword successfully', async () => {
loginCoreService.changePassword.mockResolvedValue(undefined);
const result = await service.changePassword(
BigInt(1),
'oldpassword',
'newpassword123'
);
expect(result.success).toBe(true);
expect(result.message).toBe('密码修改成功');
});
it('should handle sendEmailVerification in test mode', async () => {
loginCoreService.sendEmailVerification.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendEmailVerification('test@example.com');
expect(result.success).toBe(false);
expect(result.data?.verification_code).toBe('123456');
expect(result.error_code).toBe('TEST_MODE_ONLY');
expect(result.error_code).toBe('VERIFICATION_CODE_LOGIN_FAILED');
});
});
it('should handle verifyEmailCode successfully', async () => {
loginCoreService.verifyEmailCode.mockResolvedValue(true);
const result = await service.verifyEmailCode('test@example.com', '123456');
expect(result.success).toBe(true);
expect(result.message).toBe('邮箱验证成功');
});
it('should handle sendLoginVerificationCode successfully', async () => {
describe('sendLoginVerificationCode', () => {
it('should send login verification code successfully', async () => {
loginCoreService.sendLoginVerificationCode.mockResolvedValue({
code: '123456',
isTestMode: true
@@ -742,22 +151,5 @@ describe('LoginService', () => {
expect(result.data?.verification_code).toBe('123456');
expect(result.error_code).toBe('TEST_MODE_ONLY');
});
it('should handle debugVerificationCode successfully', async () => {
const mockDebugInfo = {
email: 'test@example.com',
code: '123456',
expiresAt: new Date(),
attempts: 0
};
loginCoreService.debugVerificationCode.mockResolvedValue(mockDebugInfo);
const result = await service.debugVerificationCode('test@example.com');
expect(result.success).toBe(true);
expect(result.data).toEqual(mockDebugInfo);
expect(result.message).toBe('调试信息获取成功');
});
});
});

418
src/business/auth/services/login.service.ts
View File

@@ -17,54 +17,12 @@
*/
import { Injectable, Logger, Inject } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import * as jwt from 'jsonwebtoken';
import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, AuthResult, VerificationCodeLoginRequest } from '../../../core/login_core/login_core.service';
import { Users } from '../../../core/db/users/users.entity';
import { UsersService } from '../../../core/db/users/users.service';
import { ZulipAccountService } from '../../../core/zulip/services/zulip_account.service';
import { ZulipAccountsRepository } from '../../../core/db/zulip_accounts/zulip_accounts.repository';
import { ApiKeySecurityService } from '../../../core/zulip/services/api_key_security.service';
/**
* JWT载荷接口
*/
export interface JwtPayload {
/** 用户ID */
sub: string;
/** 用户名 */
username: string;
/** 用户角色 */
role: number;
/** 邮箱 */
email?: string;
/** 令牌类型 */
type: 'access' | 'refresh';
/** 签发时间 */
iat?: number;
/** 过期时间 */
exp?: number;
/** 签发者 */
iss?: string;
/** 受众 */
aud?: string;
}
/**
* 令牌对接口
*/
export interface TokenPair {
/** 访问令牌 */
access_token: string;
/** 刷新令牌 */
refresh_token: string;
/** 访问令牌过期时间(秒) */
expires_in: number;
/** 令牌类型 */
token_type: string;
}
/**
* 登录响应数据接口
*/
@@ -80,14 +38,10 @@ export interface LoginResponse {
role: number;
created_at: Date;
};
/** 访问令牌 */
/** 访问令牌实际应用中应生成JWT */
access_token: string;
/** 刷新令牌 */
refresh_token: string;
/** 访问令牌过期时间(秒) */
expires_in: number;
/** 令牌类型 */
token_type: string;
refresh_token?: string;
/** 是否为新用户 */
is_new_user?: boolean;
/** 消息 */
@@ -118,68 +72,33 @@ export class LoginService {
@Inject('ZulipAccountsRepository')
private readonly zulipAccountsRepository: ZulipAccountsRepository,
private readonly apiKeySecurityService: ApiKeySecurityService,
private readonly jwtService: JwtService,
private readonly configService: ConfigService,
@Inject('UsersService')
private readonly usersService: UsersService,
) {}
/**
* 用户登录
*
* 功能描述:
* 处理用户登录请求验证用户凭据并生成JWT令牌
*
* 业务逻辑:
* 1. 调用核心服务进行用户认证
* 2. 生成JWT访问令牌和刷新令牌
* 3. 记录登录日志和安全审计
* 4. 返回用户信息和令牌
*
* @param loginRequest 登录请求数据
* @returns Promise<ApiResponse<LoginResponse>> 登录响应
*
* @throws BadRequestException 当登录参数无效时
* @throws UnauthorizedException 当用户凭据错误时
* @throws InternalServerErrorException 当系统错误时
* @param loginRequest 登录请求
* @returns 登录响应
*/
async login(loginRequest: LoginRequest): Promise<ApiResponse<LoginResponse>> {
const startTime = Date.now();
try {
this.logger.log('用户登录尝试', {
operation: 'login',
identifier: loginRequest.identifier,
timestamp: new Date().toISOString(),
});
this.logger.log(`用户登录尝试: ${loginRequest.identifier}`);
// 1. 调用核心服务进行认证
// 调用核心服务进行认证
const authResult = await this.loginCoreService.login(loginRequest);
// 2. 生成JWT令牌对
const tokenPair = await this.generateTokenPair(authResult.user);
// 生成访问令牌实际应用中应使用JWT
const accessToken = this.generateAccessToken(authResult.user);
// 3. 格式化响应数据
// 格式化响应数据
const response: LoginResponse = {
user: this.formatUserInfo(authResult.user),
access_token: tokenPair.access_token,
refresh_token: tokenPair.refresh_token,
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
access_token: accessToken,
is_new_user: authResult.isNewUser,
message: '登录成功'
};
const duration = Date.now() - startTime;
this.logger.log('用户登录成功', {
operation: 'login',
userId: authResult.user.id.toString(),
username: authResult.user.username,
isNewUser: authResult.isNewUser,
duration,
timestamp: new Date().toISOString(),
});
this.logger.log(`用户登录成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
return {
success: true,
@@ -187,20 +106,11 @@ export class LoginService {
message: '登录成功'
};
} catch (error) {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('用户登录失败', {
operation: 'login',
identifier: loginRequest.identifier,
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
this.logger.error(`用户登录失败: ${loginRequest.identifier}`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: err.message || '登录失败',
message: error instanceof Error ? error.message : '登录失败',
error_code: 'LOGIN_FAILED'
};
}
@@ -271,16 +181,13 @@ export class LoginService {
throw new Error(`注册失败Zulip账号创建失败 - ${err.message}`);
}
// 4. 生成JWT令牌
const tokenPair = await this.generateTokenPair(authResult.user);
// 4. 生成访问令牌
const accessToken = this.generateAccessToken(authResult.user);
// 5. 格式化响应数据
const response: LoginResponse = {
user: this.formatUserInfo(authResult.user),
access_token: tokenPair.access_token,
refresh_token: tokenPair.refresh_token,
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
access_token: accessToken,
is_new_user: true,
message: zulipAccountCreated ? '注册成功Zulip账号已同步创建' : '注册成功'
};
@@ -334,16 +241,13 @@ export class LoginService {
// 调用核心服务进行OAuth认证
const authResult = await this.loginCoreService.githubOAuth(oauthRequest);
// 生成JWT令牌
const tokenPair = await this.generateTokenPair(authResult.user);
// 生成访问令牌
const accessToken = this.generateAccessToken(authResult.user);
// 格式化响应数据
const response: LoginResponse = {
user: this.formatUserInfo(authResult.user),
access_token: tokenPair.access_token,
refresh_token: tokenPair.refresh_token,
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
access_token: accessToken,
is_new_user: authResult.isNewUser,
message: authResult.isNewUser ? 'GitHub账户绑定成功' : 'GitHub登录成功'
};
@@ -630,272 +534,23 @@ export class LoginService {
}
/**
* 生成JWT令牌
*
* 功能描述:
* 为用户生成访问令牌和刷新令牌符合JWT标准和安全最佳实践
*
* 业务逻辑:
* 1. 创建访问令牌载荷(短期有效)
* 2. 创建刷新令牌载荷(长期有效)
* 3. 使用配置的密钥签名令牌
* 4. 返回完整的令牌对信息
* 生成访问令牌
*
* @param user 用户信息
* @returns Promise<TokenPair> JWT令牌
*
* @throws InternalServerErrorException 当令牌生成失败时
*
* @example
* ```typescript
* const tokenPair = await this.generateTokenPair(user);
* console.log(tokenPair.access_token); // JWT访问令牌
* console.log(tokenPair.refresh_token); // JWT刷新令牌
* ```
* @returns 访问令牌
*/
private async generateTokenPair(user: Users): Promise<TokenPair> {
try {
const currentTime = Math.floor(Date.now() / 1000);
const jwtSecret = this.configService.get<string>('JWT_SECRET');
const expiresIn = this.configService.get<string>('JWT_EXPIRES_IN', '7d');
if (!jwtSecret) {
throw new Error('JWT_SECRET未配置');
}
private generateAccessToken(user: Users): string {
// 实际应用中应使用JWT库生成真正的JWT令牌
// 这里仅用于演示,生成一个简单的令牌
const payload = {
userId: user.id.toString(),
username: user.username,
role: user.role,
timestamp: Date.now()
};
// 1. 创建访问令牌载荷不包含iss和aud这些通过options传递
const accessPayload: Omit<JwtPayload, 'iss' | 'aud' | 'iat' | 'exp'> = {
sub: user.id.toString(),
username: user.username,
role: user.role,
email: user.email,
type: 'access',
};
// 2. 创建刷新令牌载荷(有效期更长)
const refreshPayload: Omit<JwtPayload, 'iss' | 'aud' | 'iat' | 'exp'> = {
sub: user.id.toString(),
username: user.username,
role: user.role,
type: 'refresh',
};
// 3. 生成访问令牌使用NestJS JwtService通过options传递iss和aud
const accessToken = await this.jwtService.signAsync(accessPayload, {
issuer: 'whale-town',
audience: 'whale-town-users',
});
// 4. 生成刷新令牌有效期30天
const refreshToken = jwt.sign(refreshPayload, jwtSecret, {
expiresIn: '30d',
issuer: 'whale-town',
audience: 'whale-town-users',
});
// 5. 计算过期时间(秒)
const expiresInSeconds = this.parseExpirationTime(expiresIn);
this.logger.log('JWT令牌对生成成功', {
operation: 'generateTokenPair',
userId: user.id.toString(),
username: user.username,
expiresIn: expiresInSeconds,
timestamp: new Date().toISOString(),
});
return {
access_token: accessToken,
refresh_token: refreshToken,
expires_in: expiresInSeconds,
token_type: 'Bearer',
};
} catch (error) {
const err = error as Error;
this.logger.error('JWT令牌对生成失败', {
operation: 'generateTokenPair',
userId: user.id.toString(),
error: err.message,
timestamp: new Date().toISOString(),
}, err.stack);
throw new Error(`令牌生成失败: ${err.message}`);
}
}
/**
* 验证JWT令牌
*
* 功能描述:
* 验证JWT令牌的有效性包括签名、过期时间和载荷格式
*
* 业务逻辑:
* 1. 验证令牌签名和格式
* 2. 检查令牌是否过期
* 3. 验证载荷数据完整性
* 4. 返回解码后的载荷信息
*
* @param token JWT令牌字符串
* @param tokenType 令牌类型access 或 refresh
* @returns Promise<JwtPayload> 解码后的载荷
*
* @throws UnauthorizedException 当令牌无效时
* @throws Error 当验证过程出错时
*/
async verifyToken(token: string, tokenType: 'access' | 'refresh' = 'access'): Promise<JwtPayload> {
try {
const jwtSecret = this.configService.get<string>('JWT_SECRET');
if (!jwtSecret) {
throw new Error('JWT_SECRET未配置');
}
// 1. 验证令牌并解码载荷
const payload = jwt.verify(token, jwtSecret, {
issuer: 'whale-town',
audience: 'whale-town-users',
}) as JwtPayload;
// 2. 验证令牌类型
if (payload.type !== tokenType) {
throw new Error(`令牌类型不匹配,期望: ${tokenType},实际: ${payload.type}`);
}
// 3. 验证载荷完整性
if (!payload.sub || !payload.username || payload.role === undefined) {
throw new Error('令牌载荷数据不完整');
}
this.logger.log('JWT令牌验证成功', {
operation: 'verifyToken',
userId: payload.sub,
username: payload.username,
tokenType: payload.type,
timestamp: new Date().toISOString(),
});
return payload;
} catch (error) {
const err = error as Error;
this.logger.warn('JWT令牌验证失败', {
operation: 'verifyToken',
tokenType,
error: err.message,
timestamp: new Date().toISOString(),
});
throw new Error(`令牌验证失败: ${err.message}`);
}
}
/**
* 刷新访问令牌
*
* 功能描述:
* 使用有效的刷新令牌生成新的访问令牌,实现无感知的令牌续期
*
* 业务逻辑:
* 1. 验证刷新令牌的有效性
* 2. 从数据库获取最新用户信息
* 3. 生成新的访问令牌
* 4. 可选择性地轮换刷新令牌
*
* @param refreshToken 刷新令牌
* @returns Promise<ApiResponse<TokenPair>> 新的令牌对
*
* @throws UnauthorizedException 当刷新令牌无效时
* @throws NotFoundException 当用户不存在时
*/
async refreshAccessToken(refreshToken: string): Promise<ApiResponse<TokenPair>> {
const startTime = Date.now();
try {
this.logger.log('开始刷新访问令牌', {
operation: 'refreshAccessToken',
timestamp: new Date().toISOString(),
});
// 1. 验证刷新令牌
const payload = await this.verifyToken(refreshToken, 'refresh');
// 2. 获取最新用户信息
const user = await this.usersService.findOne(BigInt(payload.sub));
if (!user) {
throw new Error('用户不存在或已被禁用');
}
// 3. 生成新的令牌对
const newTokenPair = await this.generateTokenPair(user);
const duration = Date.now() - startTime;
this.logger.log('访问令牌刷新成功', {
operation: 'refreshAccessToken',
userId: user.id.toString(),
username: user.username,
duration,
timestamp: new Date().toISOString(),
});
return {
success: true,
data: newTokenPair,
message: '令牌刷新成功'
};
} catch (error) {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('访问令牌刷新失败', {
operation: 'refreshAccessToken',
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
message: err.message || '令牌刷新失败',
error_code: 'TOKEN_REFRESH_FAILED'
};
}
}
/**
* 解析过期时间字符串
*
* 功能描述:
* 将时间字符串(如 '7d', '24h', '60m')转换为秒数
*
* @param expiresIn 过期时间字符串
* @returns number 过期时间(秒)
* @private
*/
private parseExpirationTime(expiresIn: string): number {
if (!expiresIn || typeof expiresIn !== 'string') {
return 7 * 24 * 60 * 60; // 默认7天
}
const timeUnit = expiresIn.slice(-1);
const timeValue = parseInt(expiresIn.slice(0, -1));
if (isNaN(timeValue)) {
return 7 * 24 * 60 * 60; // 默认7天
}
switch (timeUnit) {
case 's': return timeValue;
case 'm': return timeValue * 60;
case 'h': return timeValue * 60 * 60;
case 'd': return timeValue * 24 * 60 * 60;
case 'w': return timeValue * 7 * 24 * 60 * 60;
default: return 7 * 24 * 60 * 60; // 默认7天
}
// 简单的Base64编码实际应用中应使用JWT
return Buffer.from(JSON.stringify(payload)).toString('base64');
}
/**
* 验证码登录
@@ -910,16 +565,13 @@ export class LoginService {
// 调用核心服务进行验证码认证
const authResult = await this.loginCoreService.verificationCodeLogin(loginRequest);
// 生成JWT令牌
const tokenPair = await this.generateTokenPair(authResult.user);
// 生成访问令牌
const accessToken = this.generateAccessToken(authResult.user);
// 格式化响应数据
const response: LoginResponse = {
user: this.formatUserInfo(authResult.user),
access_token: tokenPair.access_token,
refresh_token: tokenPair.refresh_token,
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
access_token: accessToken,
is_new_user: authResult.isNewUser,
message: '验证码登录成功'
};

64
src/business/auth/services/login.service.zulip-account.spec.ts
View File

@@ -18,8 +18,6 @@
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import * as fc from 'fast-check';
import { LoginService } from './login.service';
import { LoginCoreService, RegisterRequest } from '../../../core/login_core/login_core.service';
@@ -99,41 +97,6 @@ describe('LoginService - Zulip账号创建属性测试', () => {
provide: ApiKeySecurityService,
useValue: mockApiKeySecurityService,
},
{
provide: JwtService,
useValue: {
sign: jest.fn().mockReturnValue('mock_jwt_token'),
signAsync: jest.fn().mockResolvedValue('mock_jwt_token'),
verify: jest.fn(),
decode: jest.fn(),
},
},
{
provide: ConfigService,
useValue: {
get: jest.fn((key: string) => {
switch (key) {
case 'JWT_SECRET':
return 'test_jwt_secret_key_for_testing';
case 'JWT_EXPIRES_IN':
return '7d';
default:
return undefined;
}
}),
},
},
{
provide: 'UsersService',
useValue: {
findById: jest.fn(),
findByUsername: jest.fn(),
findByEmail: jest.fn(),
create: jest.fn(),
update: jest.fn(),
delete: jest.fn(),
},
},
],
}).compile();
@@ -143,9 +106,6 @@ describe('LoginService - Zulip账号创建属性测试', () => {
zulipAccountsRepository = module.get('ZulipAccountsRepository');
apiKeySecurityService = module.get(ApiKeySecurityService);
// Mock LoginService 的 initializeZulipAdminClient 方法
jest.spyOn(loginService as any, 'initializeZulipAdminClient').mockResolvedValue(undefined);
// 设置环境变量模拟
process.env.ZULIP_SERVER_URL = 'https://test.zulip.com';
process.env.ZULIP_BOT_EMAIL = 'bot@test.zulip.com';
@@ -207,6 +167,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
} as ZulipAccounts;
// 设置模拟行为
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
@@ -228,7 +189,11 @@ describe('LoginService - Zulip账号创建属性测试', () => {
expect(result.data?.is_new_user).toBe(true);
// 验证Zulip管理员客户端初始化
expect(loginService['initializeZulipAdminClient']).toHaveBeenCalled();
expect(zulipAccountService.initializeAdminClient).toHaveBeenCalledWith({
realm: 'https://test.zulip.com',
username: 'bot@test.zulip.com',
apiKey: 'test_api_key_123',
});
// 验证游戏用户注册
expect(loginCoreService.register).toHaveBeenCalledWith(registerRequest);
@@ -284,6 +249,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
} as Users;
// 设置模拟行为 - Zulip账号创建失败
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
@@ -352,6 +318,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
} as ZulipAccounts;
// 设置模拟行为 - 已存在Zulip账号关联
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
@@ -407,6 +374,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
} as Users;
// 设置模拟行为
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
@@ -436,8 +404,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
await fc.assert(
fc.asyncProperty(registerRequestArb, async (registerRequest) => {
// 设置模拟行为 - 管理员客户端初始化失败
jest.spyOn(loginService as any, 'initializeZulipAdminClient')
.mockRejectedValue(new Error('Zulip管理员客户端初始化失败'));
zulipAccountService.initializeAdminClient.mockResolvedValue(false);
// 执行注册
const result = await loginService.register(registerRequest);
@@ -451,9 +418,6 @@ describe('LoginService - Zulip账号创建属性测试', () => {
// 验证没有尝试创建Zulip账号
expect(zulipAccountService.createZulipAccount).not.toHaveBeenCalled();
// 恢复 mock
jest.spyOn(loginService as any, 'initializeZulipAdminClient').mockResolvedValue(undefined);
}),
{ numRuns: 50 }
);
@@ -467,10 +431,6 @@ describe('LoginService - Zulip账号创建属性测试', () => {
delete process.env.ZULIP_BOT_EMAIL;
delete process.env.ZULIP_BOT_API_KEY;
// 重新设置 mock 以模拟环境变量缺失的错误
jest.spyOn(loginService as any, 'initializeZulipAdminClient')
.mockRejectedValue(new Error('Zulip管理员配置不完整请检查环境变量 ZULIP_SERVER_URL, ZULIP_BOT_EMAIL, ZULIP_BOT_API_KEY'));
// 执行注册
const result = await loginService.register(registerRequest);
@@ -481,11 +441,10 @@ describe('LoginService - Zulip账号创建属性测试', () => {
// 验证没有尝试创建游戏用户
expect(loginCoreService.register).not.toHaveBeenCalled();
// 恢复环境变量和 mock
// 恢复环境变量
process.env.ZULIP_SERVER_URL = 'https://test.zulip.com';
process.env.ZULIP_BOT_EMAIL = 'bot@test.zulip.com';
process.env.ZULIP_BOT_API_KEY = 'test_api_key_123';
jest.spyOn(loginService as any, 'initializeZulipAdminClient').mockResolvedValue(undefined);
}),
{ numRuns: 30 }
);
@@ -521,6 +480,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
};
// 设置模拟行为
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,

7
src/business/zulip/zulip.module.ts
View File

@@ -38,8 +38,8 @@
* - 业务规则驱动的消息过滤和权限控制
*
* @author angjustinl
* @version 1.1.0
* @since 2026-01-06
* @version 2.0.0
* @since 2025-12-31
*/
import { Module } from '@nestjs/common';
@@ -53,7 +53,6 @@ import { ZulipCoreModule } from '../../core/zulip/zulip-core.module';
import { RedisModule } from '../../core/redis/redis.module';
import { LoggerModule } from '../../core/utils/logger/logger.module';
import { LoginCoreModule } from '../../core/login_core/login_core.module';
import { AuthModule } from '../auth/auth.module';
@Module({
imports: [
@@ -65,8 +64,6 @@ import { AuthModule } from '../auth/auth.module';
LoggerModule,
// 登录模块 - 提供用户认证和Token验证
LoginCoreModule,
// 认证模块 - 提供JWT验证和用户认证服务
AuthModule,
],
providers: [
// 主协调服务 - 整合各子服务,提供统一业务接口

14
src/business/zulip/zulip.service.spec.ts
View File

@@ -40,7 +40,6 @@ import {
ZulipClientInstance,
SendMessageResult,
} from '../../core/zulip/interfaces/zulip-core.interfaces';
import { ApiKeySecurityService } from '../../core/zulip/services/api_key_security.service';
describe('ZulipService', () => {
let service: ZulipService;
@@ -159,19 +158,6 @@ describe('ZulipService', () => {
provide: 'ZULIP_CONFIG_SERVICE',
useValue: mockConfigManager,
},
{
provide: ApiKeySecurityService,
useValue: {
extractApiKey: jest.fn(),
validateApiKey: jest.fn(),
encryptApiKey: jest.fn(),
decryptApiKey: jest.fn(),
getApiKey: jest.fn().mockResolvedValue({
success: true,
apiKey: 'lCPWCPfGh7WUHxwN56GF8oYXOpqNfGF8',
}),
},
},
],
}).compile();

139
src/business/zulip/zulip.service.ts
View File

@@ -18,8 +18,8 @@
* - 消息格式转换和过滤
*
* @author angjustinl
* @version 1.1.0
* @since 2026-01-06
* @version 1.0.0
* @since 2025-12-25
*/
import { Injectable, Logger, Inject } from '@nestjs/common';
@@ -32,7 +32,6 @@ import {
IZulipConfigService,
} from '../../core/zulip/interfaces/zulip-core.interfaces';
import { ApiKeySecurityService } from '../../core/zulip/services/api_key_security.service';
import { LoginService } from '../auth/services/login.service';
/**
* 玩家登录请求接口
@@ -117,7 +116,6 @@ export class ZulipService {
@Inject('ZULIP_CONFIG_SERVICE')
private readonly configManager: IZulipConfigService,
private readonly apiKeySecurityService: ApiKeySecurityService,
private readonly loginService: LoginService,
) {
this.logger.log('ZulipService初始化完成');
@@ -177,7 +175,9 @@ export class ZulipService {
};
}
// 2. 验证游戏Token并获取用户信息 调用认证服务验证Token
// 2. 验证游戏Token并获取用户信息
// TODO: 实际项目中应该调用认证服务验证Token
// 这里暂时使用模拟数据
const userInfo = await this.validateGameToken(request.token);
if (!userInfo) {
this.logger.warn('登录失败Token验证失败', {
@@ -291,7 +291,7 @@ export class ZulipService {
* 功能描述:
* 验证游戏Token的有效性返回用户信息
*
* @param token 游戏Token (JWT)
* @param token 游戏Token
* @returns Promise<UserInfo | null> 用户信息验证失败返回null
* @private
*/
@@ -302,84 +302,69 @@ export class ZulipService {
zulipEmail?: string;
zulipApiKey?: string;
} | null> {
// TODO: 实际项目中应该调用认证服务验证Token (登录godot所获取的JWT token)
// 这里暂时使用模拟数据进行开发测试
this.logger.debug('验证游戏Token', {
operation: 'validateGameToken',
tokenLength: token.length,
});
try {
// 1. 使用LoginService验证JWT token
const payload = await this.loginService.verifyToken(token, 'access');
if (!payload || !payload.sub) {
this.logger.warn('Token载荷无效', {
operation: 'validateGameToken',
});
return null;
}
const userId = payload.sub;
const username = payload.username || `user_${userId}`;
const email = payload.email || `${userId}@example.com`;
this.logger.debug('Token解析成功', {
operation: 'validateGameToken',
userId,
username,
email,
});
// 2. 从ApiKeySecurityService获取真实的Zulip API Key
let zulipApiKey = undefined;
let zulipEmail = undefined;
try {
// 尝试从Redis获取存储的API Key
const apiKeyResult = await this.apiKeySecurityService.getApiKey(userId);
if (apiKeyResult.success && apiKeyResult.apiKey) {
zulipApiKey = apiKeyResult.apiKey;
// 使用游戏账号的邮箱
zulipEmail = email;
this.logger.log('从存储获取到Zulip API Key', {
operation: 'validateGameToken',
userId,
hasApiKey: true,
apiKeyLength: zulipApiKey.length,
});
} else {
this.logger.debug('用户没有存储的Zulip API Key', {
operation: 'validateGameToken',
userId,
reason: apiKeyResult.message,
});
}
} catch (error) {
const err = error as Error;
this.logger.warn('获取Zulip API Key失败', {
operation: 'validateGameToken',
userId,
error: err.message,
});
}
return {
userId,
username,
email,
zulipEmail,
zulipApiKey,
};
} catch (error) {
const err = error as Error;
this.logger.warn('Token验证失败', {
operation: 'validateGameToken',
error: err.message,
});
// 模拟Token验证
// 实际实现应该:
// 1. 调用LoginService验证Token
// 2. 从数据库获取用户的Zulip API Key
// 3. 返回完整的用户信息
if (token.startsWith('invalid')) {
return null;
}
// 从Token中提取用户ID模拟
const userId = `user_${token.substring(0, 8)}`;
// 从ApiKeySecurityService获取真实的Zulip API Key
let zulipApiKey = undefined;
let zulipEmail = undefined;
try {
// 尝试从Redis获取存储的API Key
const apiKeyResult = await this.apiKeySecurityService.getApiKey(userId);
if (apiKeyResult.success && apiKeyResult.apiKey) {
zulipApiKey = apiKeyResult.apiKey;
// TODO: 从数据库获取用户的Zulip邮箱
// 暂时使用模拟数据
zulipEmail = 'angjustinl@163.com';
this.logger.log('从存储获取到Zulip API Key', {
operation: 'validateGameToken',
userId,
hasApiKey: true,
zulipEmail,
});
} else {
this.logger.debug('用户没有存储的Zulip API Key', {
operation: 'validateGameToken',
userId,
});
}
} catch (error) {
const err = error as Error;
this.logger.warn('获取Zulip API Key失败', {
operation: 'validateGameToken',
userId,
error: err.message,
});
}
return {
userId,
username: `Player_${userId.substring(5, 10)}`,
email: `${userId}@example.com`,
zulipEmail,
zulipApiKey,
};
}
/**

3
src/core/security_core/decorators/throttle.decorator.ts
View File

@@ -81,9 +81,6 @@ export const ThrottlePresets = {
/** 密码重置每小时3次 */
RESET_PASSWORD: { limit: 3, ttl: 3600, message: '密码重置请求过于频繁请1小时后再试' },
/** 令牌刷新每分钟10次 */
REFRESH_TOKEN: { limit: 10, ttl: 60, message: '令牌刷新请求过于频繁,请稍后再试' },
/** 管理员操作每分钟10次 */
ADMIN_OPERATION: { limit: 10, ttl: 60, message: '管理员操作过于频繁,请稍后再试' },

388
src/core/zulip/services/user_management.service.spec.ts
View File

@@ -1,388 +0,0 @@
/**
* Zulip用户管理服务测试
*
* 功能描述:
* - 测试UserManagementService的核心功能
* - 测试用户查询和验证逻辑
* - 测试错误处理和边界情况
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
import { Test, TestingModule } from '@nestjs/testing';
import { UserManagementService, UserQueryRequest, UserValidationRequest } from './user_management.service';
import { IZulipConfigService } from '../interfaces/zulip-core.interfaces';
// 模拟fetch
global.fetch = jest.fn();
describe('UserManagementService', () => {
let service: UserManagementService;
let mockConfigService: jest.Mocked<IZulipConfigService>;
let mockFetch: jest.MockedFunction<typeof fetch>;
beforeEach(async () => {
// 重置fetch模拟
mockFetch = fetch as jest.MockedFunction<typeof fetch>;
mockFetch.mockClear();
// 创建模拟的配置服务
mockConfigService = {
getZulipConfig: jest.fn().mockReturnValue({
zulipServerUrl: 'https://test.zulip.com',
zulipBotEmail: 'bot@test.com',
zulipBotApiKey: 'test-api-key',
}),
getMapIdByStream: jest.fn(),
getStreamByMap: jest.fn(),
getMapConfig: jest.fn(),
hasMap: jest.fn(),
getAllMapIds: jest.fn(),
getMapConfigByStream: jest.fn(),
getAllStreams: jest.fn(),
hasStream: jest.fn(),
findObjectByTopic: jest.fn(),
getObjectsInMap: jest.fn(),
getTopicByObject: jest.fn(),
findNearbyObject: jest.fn(),
reloadConfig: jest.fn(),
validateConfig: jest.fn(),
getAllMapConfigs: jest.fn(),
getConfigStats: jest.fn(),
getConfigFilePath: jest.fn(),
configFileExists: jest.fn(),
enableConfigWatcher: jest.fn(),
disableConfigWatcher: jest.fn(),
isConfigWatcherEnabled: jest.fn(),
getFullConfiguration: jest.fn(),
updateConfigValue: jest.fn(),
exportMapConfig: jest.fn(),
} as jest.Mocked<IZulipConfigService>;
const module: TestingModule = await Test.createTestingModule({
providers: [
UserManagementService,
{
provide: 'ZULIP_CONFIG_SERVICE',
useValue: mockConfigService,
},
],
}).compile();
service = module.get<UserManagementService>(UserManagementService);
});
it('应该正确初始化服务', () => {
expect(service).toBeDefined();
});
describe('checkUserExists - 检查用户是否存在', () => {
it('应该正确检查存在的用户', async () => {
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [
{
user_id: 1,
email: 'test@example.com',
full_name: 'Test User',
is_active: true,
is_admin: false,
is_bot: false,
},
],
}),
} as Response);
const result = await service.checkUserExists('test@example.com');
expect(result).toBe(true);
expect(mockFetch).toHaveBeenCalledWith(
'https://test.zulip.com/api/v1/users',
expect.objectContaining({
method: 'GET',
headers: expect.objectContaining({
'Authorization': expect.stringContaining('Basic'),
}),
})
);
});
it('应该正确检查不存在的用户', async () => {
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [
{
user_id: 1,
email: 'other@example.com',
full_name: 'Other User',
is_active: true,
is_admin: false,
is_bot: false,
},
],
}),
} as Response);
const result = await service.checkUserExists('test@example.com');
expect(result).toBe(false);
});
it('应该处理无效邮箱', async () => {
const result = await service.checkUserExists('invalid-email');
expect(result).toBe(false);
expect(mockFetch).not.toHaveBeenCalled();
});
it('应该处理API调用失败', async () => {
// 模拟API失败
mockFetch.mockResolvedValueOnce({
ok: false,
status: 500,
statusText: 'Internal Server Error',
} as Response);
const result = await service.checkUserExists('test@example.com');
expect(result).toBe(false);
});
it('应该处理网络异常', async () => {
// 模拟网络异常
mockFetch.mockRejectedValueOnce(new Error('Network error'));
const result = await service.checkUserExists('test@example.com');
expect(result).toBe(false);
});
});
describe('getUserInfo - 获取用户信息', () => {
it('应该成功获取用户信息', async () => {
const request: UserQueryRequest = {
email: 'test@example.com',
};
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [
{
user_id: 1,
email: 'test@example.com',
full_name: 'Test User',
is_active: true,
is_admin: false,
is_bot: false,
},
],
}),
} as Response);
const result = await service.getUserInfo(request);
expect(result.success).toBe(true);
expect(result.userId).toBe(1);
expect(result.email).toBe('test@example.com');
expect(result.fullName).toBe('Test User');
expect(result.isActive).toBe(true);
expect(result.isAdmin).toBe(false);
expect(result.isBot).toBe(false);
});
it('应该处理用户不存在的情况', async () => {
const request: UserQueryRequest = {
email: 'nonexistent@example.com',
};
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [],
}),
} as Response);
const result = await service.getUserInfo(request);
expect(result.success).toBe(false);
expect(result.error).toBe('用户不存在');
});
it('应该拒绝无效邮箱', async () => {
const request: UserQueryRequest = {
email: 'invalid-email',
};
const result = await service.getUserInfo(request);
expect(result.success).toBe(false);
expect(result.error).toBe('邮箱格式无效');
expect(mockFetch).not.toHaveBeenCalled();
});
});
describe('validateUserCredentials - 验证用户凭据', () => {
it('应该成功验证有效的API Key', async () => {
const request: UserValidationRequest = {
email: 'test@example.com',
apiKey: 'valid-api-key',
};
// 模拟API Key验证响应第一个调用
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({}),
} as Response);
// 模拟用户列表API响应第二个调用
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [
{
user_id: 1,
email: 'test@example.com',
full_name: 'Test User',
is_active: true,
is_admin: false,
is_bot: false,
},
],
}),
} as Response);
const result = await service.validateUserCredentials(request);
expect(result.success).toBe(true);
expect(result.isValid).toBe(true);
expect(result.userId).toBe(1);
});
it('应该拒绝无效的API Key', async () => {
const request: UserValidationRequest = {
email: 'test@example.com',
apiKey: 'invalid-api-key',
};
// 模拟API Key验证失败第一个调用
mockFetch.mockResolvedValueOnce({
ok: false,
status: 401,
statusText: 'Unauthorized',
} as Response);
const result = await service.validateUserCredentials(request);
expect(result.success).toBe(true);
expect(result.isValid).toBe(false);
});
it('应该拒绝空的API Key', async () => {
const request: UserValidationRequest = {
email: 'test@example.com',
apiKey: '',
};
const result = await service.validateUserCredentials(request);
expect(result.success).toBe(false);
expect(result.error).toBe('API Key不能为空');
expect(mockFetch).not.toHaveBeenCalled();
});
it('应该拒绝无效邮箱', async () => {
const request: UserValidationRequest = {
email: 'invalid-email',
apiKey: 'some-api-key',
};
const result = await service.validateUserCredentials(request);
expect(result.success).toBe(false);
expect(result.error).toBe('邮箱格式无效');
expect(mockFetch).not.toHaveBeenCalled();
});
});
describe('getAllUsers - 获取所有用户', () => {
it('应该成功获取用户列表', async () => {
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [
{
user_id: 1,
email: 'user1@example.com',
full_name: 'User One',
is_active: true,
is_admin: false,
is_bot: false,
},
{
user_id: 2,
email: 'user2@example.com',
full_name: 'User Two',
is_active: true,
is_admin: true,
is_bot: false,
},
],
}),
} as Response);
const result = await service.getAllUsers();
expect(result.success).toBe(true);
expect(result.users).toHaveLength(2);
expect(result.totalCount).toBe(2);
expect(result.users?.[0]).toEqual({
userId: 1,
email: 'user1@example.com',
fullName: 'User One',
isActive: true,
isAdmin: false,
isBot: false,
});
});
it('应该处理空用户列表', async () => {
// 模拟API响应
mockFetch.mockResolvedValueOnce({
ok: true,
json: async () => ({
members: [],
}),
} as Response);
const result = await service.getAllUsers();
expect(result.success).toBe(true);
expect(result.users).toHaveLength(0);
expect(result.totalCount).toBe(0);
});
it('应该处理API调用失败', async () => {
// 模拟API失败
mockFetch.mockResolvedValueOnce({
ok: false,
status: 403,
statusText: 'Forbidden',
} as Response);
const result = await service.getAllUsers();
expect(result.success).toBe(false);
expect(result.error).toContain('API调用失败');
});
});
});

539
src/core/zulip/services/user_management.service.ts
View File

@@ -1,539 +0,0 @@
/**
* Zulip用户管理服务
*
* 功能描述:
* - 查询和验证Zulip用户信息
* - 检查用户是否存在
* - 获取用户详细信息
* - 验证用户凭据和权限
*
* 主要方法:
* - checkUserExists(): 检查用户是否存在
* - getUserInfo(): 获取用户详细信息
* - validateUserCredentials(): 验证用户凭据
* - getAllUsers(): 获取所有用户列表
*
* 使用场景:
* - 用户登录时验证用户存在性
* - 获取用户基本信息
* - 验证用户权限和状态
* - 管理员查看用户列表
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
import { Injectable, Logger, Inject } from '@nestjs/common';
import { IZulipConfigService } from '../interfaces/zulip-core.interfaces';
/**
* Zulip API响应接口
*/
interface ZulipApiResponse {
result?: 'success' | 'error';
msg?: string;
message?: string;
}
/**
* 用户信息接口
*/
interface ZulipUser {
user_id: number;
email: string;
full_name: string;
is_active: boolean;
is_admin: boolean;
is_owner: boolean;
is_bot: boolean;
date_joined: string;
}
/**
* 用户列表响应接口
*/
interface ZulipUsersResponse extends ZulipApiResponse {
members?: ZulipUser[];
}
/**
* 用户查询请求接口
*/
export interface UserQueryRequest {
email: string;
}
/**
* 用户信息响应接口
*/
export interface UserInfoResponse {
success: boolean;
userId?: number;
email?: string;
fullName?: string;
isActive?: boolean;
isAdmin?: boolean;
isBot?: boolean;
dateJoined?: string;
error?: string;
}
/**
* 用户验证请求接口
*/
export interface UserValidationRequest {
email: string;
apiKey?: string;
}
/**
* 用户验证响应接口
*/
export interface UserValidationResponse {
success: boolean;
isValid?: boolean;
userId?: number;
error?: string;
}
/**
* 用户列表响应接口
*/
export interface UsersListResponse {
success: boolean;
users?: Array<{
userId: number;
email: string;
fullName: string;
isActive: boolean;
isAdmin: boolean;
isBot: boolean;
}>;
totalCount?: number;
error?: string;
}
/**
* Zulip用户管理服务类
*
* 职责:
* - 查询和验证Zulip用户信息
* - 检查用户是否存在于Zulip服务器
* - 获取用户详细信息和权限状态
* - 提供用户管理相关的API接口
*/
@Injectable()
export class UserManagementService {
private readonly logger = new Logger(UserManagementService.name);
constructor(
@Inject('ZULIP_CONFIG_SERVICE')
private readonly configService: IZulipConfigService,
) {
this.logger.log('UserManagementService初始化完成');
}
/**
* 检查用户是否存在
*
* 功能描述:
* 通过Zulip API检查指定邮箱的用户是否存在
*
* 业务逻辑:
* 1. 获取所有用户列表
* 2. 在列表中查找指定邮箱
* 3. 返回用户存在性结果
*
* @param email 用户邮箱
* @returns Promise<boolean> 是否存在
*/
async checkUserExists(email: string): Promise<boolean> {
const startTime = Date.now();
this.logger.log('开始检查用户是否存在', {
operation: 'checkUserExists',
email,
timestamp: new Date().toISOString(),
});
try {
// 1. 验证邮箱格式
if (!email || !this.isValidEmail(email)) {
this.logger.warn('邮箱格式无效', {
operation: 'checkUserExists',
email,
});
return false;
}
// 2. 获取用户列表
const usersResult = await this.getAllUsers();
if (!usersResult.success) {
this.logger.warn('获取用户列表失败', {
operation: 'checkUserExists',
email,
error: usersResult.error,
});
return false;
}
// 3. 检查用户是否存在
const userExists = usersResult.users?.some(user =>
user.email.toLowerCase() === email.toLowerCase()
) || false;
const duration = Date.now() - startTime;
this.logger.log('用户存在性检查完成', {
operation: 'checkUserExists',
email,
exists: userExists,
duration,
timestamp: new Date().toISOString(),
});
return userExists;
} catch (error) {
const err = error as Error;
const duration = Date.now() - startTime;
this.logger.error('检查用户存在性失败', {
operation: 'checkUserExists',
email,
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return false;
}
}
/**
* 获取用户详细信息
*
* 功能描述:
* 根据邮箱获取用户的详细信息
*
* @param request 用户查询请求
* @returns Promise<UserInfoResponse>
*/
async getUserInfo(request: UserQueryRequest): Promise<UserInfoResponse> {
const startTime = Date.now();
this.logger.log('开始获取用户信息', {
operation: 'getUserInfo',
email: request.email,
timestamp: new Date().toISOString(),
});
try {
// 1. 验证请求参数
if (!request.email || !this.isValidEmail(request.email)) {
return {
success: false,
error: '邮箱格式无效',
};
}
// 2. 获取用户列表
const usersResult = await this.getAllUsers();
if (!usersResult.success) {
return {
success: false,
error: usersResult.error || '获取用户列表失败',
};
}
// 3. 查找指定用户
const user = usersResult.users?.find(u =>
u.email.toLowerCase() === request.email.toLowerCase()
);
if (!user) {
return {
success: false,
error: '用户不存在',
};
}
const duration = Date.now() - startTime;
this.logger.log('用户信息获取完成', {
operation: 'getUserInfo',
email: request.email,
userId: user.userId,
duration,
timestamp: new Date().toISOString(),
});
return {
success: true,
userId: user.userId,
email: user.email,
fullName: user.fullName,
isActive: user.isActive,
isAdmin: user.isAdmin,
isBot: user.isBot,
};
} catch (error) {
const err = error as Error;
const duration = Date.now() - startTime;
this.logger.error('获取用户信息失败', {
operation: 'getUserInfo',
email: request.email,
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
error: '系统错误,请稍后重试',
};
}
}
/**
* 验证用户凭据
*
* 功能描述:
* 验证用户的API Key是否有效
*
* @param request 用户验证请求
* @returns Promise<UserValidationResponse>
*/
async validateUserCredentials(request: UserValidationRequest): Promise<UserValidationResponse> {
const startTime = Date.now();
this.logger.log('开始验证用户凭据', {
operation: 'validateUserCredentials',
email: request.email,
hasApiKey: !!request.apiKey,
timestamp: new Date().toISOString(),
});
try {
// 1. 验证请求参数
if (!request.email || !this.isValidEmail(request.email)) {
return {
success: false,
error: '邮箱格式无效',
};
}
if (!request.apiKey) {
return {
success: false,
error: 'API Key不能为空',
};
}
// 2. 使用用户的API Key测试连接
const isValid = await this.testUserApiKey(request.email, request.apiKey);
// 3. 如果API Key有效获取用户ID
let userId = undefined;
if (isValid) {
const userInfo = await this.getUserInfo({ email: request.email });
if (userInfo.success) {
userId = userInfo.userId;
}
}
const duration = Date.now() - startTime;
this.logger.log('用户凭据验证完成', {
operation: 'validateUserCredentials',
email: request.email,
isValid,
userId,
duration,
timestamp: new Date().toISOString(),
});
return {
success: true,
isValid,
userId,
};
} catch (error) {
const err = error as Error;
const duration = Date.now() - startTime;
this.logger.error('验证用户凭据失败', {
operation: 'validateUserCredentials',
email: request.email,
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
error: '系统错误,请稍后重试',
};
}
}
/**
* 获取所有用户列表
*
* 功能描述:
* 从Zulip服务器获取所有用户的列表
*
* @returns Promise<UsersListResponse>
*/
async getAllUsers(): Promise<UsersListResponse> {
this.logger.debug('开始获取用户列表', {
operation: 'getAllUsers',
timestamp: new Date().toISOString(),
});
try {
// 获取Zulip配置
const config = this.configService.getZulipConfig();
// 构建API URL
const apiUrl = `${config.zulipServerUrl}/api/v1/users`;
// 构建认证头
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
// 发送请求
const response = await fetch(apiUrl, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
this.logger.warn('获取用户列表失败', {
operation: 'getAllUsers',
status: response.status,
statusText: response.statusText,
});
return {
success: false,
error: `API调用失败: ${response.status} ${response.statusText}`,
};
}
const data: ZulipUsersResponse = await response.json();
// 转换数据格式
const users = data.members?.map(user => ({
userId: user.user_id,
email: user.email,
fullName: user.full_name,
isActive: user.is_active,
isAdmin: user.is_admin,
isBot: user.is_bot,
})) || [];
this.logger.debug('用户列表获取完成', {
operation: 'getAllUsers',
userCount: users.length,
timestamp: new Date().toISOString(),
});
return {
success: true,
users,
totalCount: users.length,
};
} catch (error) {
const err = error as Error;
this.logger.error('获取用户列表异常', {
operation: 'getAllUsers',
error: err.message,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
error: '系统错误,请稍后重试',
};
}
}
/**
* 测试用户API Key是否有效
*
* 功能描述:
* 使用用户的API Key测试是否能够成功调用Zulip API
*
* @param email 用户邮箱
* @param apiKey 用户API Key
* @returns Promise<boolean> 是否有效
* @private
*/
private async testUserApiKey(email: string, apiKey: string): Promise<boolean> {
this.logger.debug('测试用户API Key', {
operation: 'testUserApiKey',
email,
});
try {
// 获取Zulip配置
const config = this.configService.getZulipConfig();
// 构建API URL - 使用获取用户自己信息的接口
const apiUrl = `${config.zulipServerUrl}/api/v1/users/me`;
// 使用用户的API Key构建认证头
const auth = Buffer.from(`${email}:${apiKey}`).toString('base64');
// 发送请求
const response = await fetch(apiUrl, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
const isValid = response.ok;
this.logger.debug('API Key测试完成', {
operation: 'testUserApiKey',
email,
isValid,
status: response.status,
});
return isValid;
} catch (error) {
const err = error as Error;
this.logger.error('测试API Key异常', {
operation: 'testUserApiKey',
email,
error: err.message,
});
return false;
}
}
/**
* 验证邮箱格式
*
* @param email 邮箱地址
* @returns boolean 是否有效
* @private
*/
private isValidEmail(email: string): boolean {
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
return emailRegex.test(email);
}
}

188
src/core/zulip/services/user_registration.service.spec.ts
View File

@@ -1,188 +0,0 @@
/**
* Zulip用户注册服务测试
*
* 功能描述:
* - 测试UserRegistrationService的核心功能
* - 测试用户注册流程和验证逻辑
* - 测试错误处理和边界情况
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
import { Test, TestingModule } from '@nestjs/testing';
import { UserRegistrationService, UserRegistrationRequest } from './user_registration.service';
import { IZulipConfigService } from '../interfaces/zulip-core.interfaces';
describe('UserRegistrationService', () => {
let service: UserRegistrationService;
let mockConfigService: jest.Mocked<IZulipConfigService>;
beforeEach(async () => {
// 创建模拟的配置服务
mockConfigService = {
getZulipConfig: jest.fn().mockReturnValue({
zulipServerUrl: 'https://test.zulip.com',
zulipBotEmail: 'bot@test.com',
zulipBotApiKey: 'test-api-key',
}),
getMapIdByStream: jest.fn(),
getStreamByMap: jest.fn(),
getMapConfig: jest.fn(),
hasMap: jest.fn(),
getAllMapIds: jest.fn(),
getMapConfigByStream: jest.fn(),
getAllStreams: jest.fn(),
hasStream: jest.fn(),
findObjectByTopic: jest.fn(),
getObjectsInMap: jest.fn(),
getTopicByObject: jest.fn(),
findNearbyObject: jest.fn(),
reloadConfig: jest.fn(),
validateConfig: jest.fn(),
getAllMapConfigs: jest.fn(),
getConfigStats: jest.fn(),
getConfigFilePath: jest.fn(),
configFileExists: jest.fn(),
enableConfigWatcher: jest.fn(),
disableConfigWatcher: jest.fn(),
isConfigWatcherEnabled: jest.fn(),
getFullConfiguration: jest.fn(),
updateConfigValue: jest.fn(),
exportMapConfig: jest.fn(),
} as jest.Mocked<IZulipConfigService>;
const module: TestingModule = await Test.createTestingModule({
providers: [
UserRegistrationService,
{
provide: 'ZULIP_CONFIG_SERVICE',
useValue: mockConfigService,
},
],
}).compile();
service = module.get<UserRegistrationService>(UserRegistrationService);
});
it('应该正确初始化服务', () => {
expect(service).toBeDefined();
});
describe('registerUser - 用户注册', () => {
it('应该成功注册有效用户', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'Test User',
password: 'password123',
};
const result = await service.registerUser(request);
expect(result.success).toBe(true);
expect(result.email).toBe(request.email);
expect(result.userId).toBeDefined();
expect(result.apiKey).toBeDefined();
expect(result.error).toBeUndefined();
});
it('应该拒绝无效邮箱', async () => {
const request: UserRegistrationRequest = {
email: 'invalid-email',
fullName: 'Test User',
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('邮箱格式无效');
});
it('应该拒绝空邮箱', async () => {
const request: UserRegistrationRequest = {
email: '',
fullName: 'Test User',
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('邮箱不能为空');
});
it('应该拒绝空用户名', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: '',
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('用户全名不能为空');
});
it('应该拒绝过短的用户名', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'A',
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('用户全名至少需要2个字符');
});
it('应该拒绝过长的用户名', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'A'.repeat(101), // 101个字符
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('用户全名不能超过100个字符');
});
it('应该拒绝过短的密码', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'Test User',
password: '123', // 只有3个字符
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('密码至少需要6个字符');
});
it('应该接受没有密码的注册', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'Test User',
// 不提供密码
};
const result = await service.registerUser(request);
expect(result.success).toBe(true);
});
it('应该拒绝过长的短名称', async () => {
const request: UserRegistrationRequest = {
email: 'test@example.com',
fullName: 'Test User',
shortName: 'A'.repeat(51), // 51个字符
};
const result = await service.registerUser(request);
expect(result.success).toBe(false);
expect(result.error).toContain('短名称不能超过50个字符');
});
});
});

531
src/core/zulip/services/user_registration.service.ts
View File

@@ -1,531 +0,0 @@
/**
* Zulip用户管理服务
*
* 功能描述:
* - 查询和验证Zulip用户信息
* - 检查用户是否存在
* - 获取用户详细信息
* - 管理用户API Key如果有权限
*
* 主要方法:
* - checkUserExists(): 检查用户是否存在
* - getUserInfo(): 获取用户详细信息
* - validateUserCredentials(): 验证用户凭据
* - getUserApiKey(): 获取用户API Key需要管理员权限
*
* 使用场景:
* - 用户登录时验证用户存在性
* - 获取用户基本信息
* - 验证用户权限和状态
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
import { Injectable, Logger, Inject } from '@nestjs/common';
import { IZulipConfigService } from '../interfaces/zulip-core.interfaces';
/**
* Zulip API响应接口
*/
interface ZulipApiResponse {
result?: 'success' | 'error';
msg?: string;
message?: string;
}
/**
* 用户列表响应接口
*/
interface ZulipUsersResponse extends ZulipApiResponse {
members?: Array<{
email: string;
user_id: number;
full_name: string;
}>;
}
/**
* 创建用户响应接口
*/
interface ZulipCreateUserResponse extends ZulipApiResponse {
user_id?: number;
}
/**
* API Key响应接口
*/
interface ZulipApiKeyResponse extends ZulipApiResponse {
api_key?: string;
}
export interface UserRegistrationRequest {
email: string;
fullName: string;
password?: string;
shortName?: string;
}
/**
* 用户注册响应接口
*/
export interface UserRegistrationResponse {
success: boolean;
userId?: number;
email?: string;
apiKey?: string;
error?: string;
details?: any;
}
/**
* Zulip用户注册服务类
*
* 职责:
* - 处理新用户在Zulip服务器上的注册
* - 验证用户信息的有效性
* - 与Zulip API交互创建用户账户
* - 管理注册流程和错误处理
*/
@Injectable()
export class UserRegistrationService {
private readonly logger = new Logger(UserRegistrationService.name);
constructor(
@Inject('ZULIP_CONFIG_SERVICE')
private readonly configService: IZulipConfigService,
) {
this.logger.log('UserRegistrationService初始化完成');
}
/**
* 注册新用户到Zulip服务器
*
* 功能描述:
* 在Zulip服务器上创建新用户账户
*
* 业务逻辑:
* 1. 验证用户注册信息
* 2. 检查用户是否已存在
* 3. 调用Zulip API创建用户
* 4. 获取用户API Key
* 5. 返回注册结果
*
* @param request 用户注册请求数据
* @returns Promise<UserRegistrationResponse>
*/
async registerUser(request: UserRegistrationRequest): Promise<UserRegistrationResponse> {
const startTime = Date.now();
this.logger.log('开始注册Zulip用户', {
operation: 'registerUser',
email: request.email,
fullName: request.fullName,
timestamp: new Date().toISOString(),
});
try {
// 1. 验证用户注册信息
const validationResult = this.validateUserInfo(request);
if (!validationResult.valid) {
this.logger.warn('用户注册信息验证失败', {
operation: 'registerUser',
email: request.email,
errors: validationResult.errors,
});
return {
success: false,
error: validationResult.errors.join(', '),
};
}
// TODO: 实现实际的Zulip用户注册逻辑
// 这里先返回模拟结果后续步骤中实现真实的API调用
// 2. 检查用户是否已存在
const userExists = await this.checkUserExists(request.email);
if (userExists) {
this.logger.warn('用户注册失败:用户已存在', {
operation: 'registerUser',
email: request.email,
});
return {
success: false,
error: '用户已存在',
};
}
// 3. 调用Zulip API创建用户
const createResult = await this.createZulipUser(request);
if (!createResult.success) {
return {
success: false,
error: createResult.error || '创建用户失败',
};
}
// 4. 获取用户API Key如果需要
let apiKey = undefined;
if (createResult.userId) {
const apiKeyResult = await this.generateApiKey(createResult.userId, request.email);
if (apiKeyResult.success) {
apiKey = apiKeyResult.apiKey;
}
}
const duration = Date.now() - startTime;
this.logger.log('Zulip用户注册完成模拟', {
operation: 'registerUser',
email: request.email,
duration,
timestamp: new Date().toISOString(),
});
return {
success: true,
userId: createResult.userId,
email: request.email,
apiKey: apiKey,
};
} catch (error) {
const err = error as Error;
const duration = Date.now() - startTime;
this.logger.error('Zulip用户注册失败', {
operation: 'registerUser',
email: request.email,
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
error: '注册失败,请稍后重试',
};
}
}
/**
* 验证用户注册信息
*
* 功能描述:
* 验证用户提供的注册信息是否有效
*
* @param request 用户注册请求
* @returns {valid: boolean, errors: string[]} 验证结果
* @private
*/
private validateUserInfo(request: UserRegistrationRequest): {
valid: boolean;
errors: string[];
} {
const errors: string[] = [];
// 验证邮箱
if (!request.email || !request.email.trim()) {
errors.push('邮箱不能为空');
} else if (!this.isValidEmail(request.email)) {
errors.push('邮箱格式无效');
}
// 验证全名
if (!request.fullName || !request.fullName.trim()) {
errors.push('用户全名不能为空');
} else if (request.fullName.trim().length < 2) {
errors.push('用户全名至少需要2个字符');
} else if (request.fullName.trim().length > 100) {
errors.push('用户全名不能超过100个字符');
}
// 验证密码(如果提供)
if (request.password && request.password.length < 6) {
errors.push('密码至少需要6个字符');
}
// 验证短名称(如果提供)
if (request.shortName && request.shortName.trim().length > 50) {
errors.push('短名称不能超过50个字符');
}
return {
valid: errors.length === 0,
errors,
};
}
/**
* 验证邮箱格式
*
* @param email 邮箱地址
* @returns boolean 是否有效
* @private
*/
private isValidEmail(email: string): boolean {
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
return emailRegex.test(email);
}
/**
* 检查用户是否已存在
*
* 功能描述:
* 通过Zulip API检查指定邮箱的用户是否已存在
*
* @param email 用户邮箱
* @returns Promise<boolean> 是否存在
* @private
*/
private async checkUserExists(email: string): Promise<boolean> {
this.logger.debug('检查用户是否存在', {
operation: 'checkUserExists',
email,
});
try {
// 获取Zulip配置
const config = this.configService.getZulipConfig();
// 构建API URL
const apiUrl = `${config.zulipServerUrl}/api/v1/users`;
// 构建认证头
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
// 发送请求
const response = await fetch(apiUrl, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
this.logger.warn('获取用户列表失败', {
operation: 'checkUserExists',
status: response.status,
statusText: response.statusText,
});
return false; // 如果API调用失败假设用户不存在
}
const data: ZulipUsersResponse = await response.json();
// 检查用户是否在列表中
if (data.members && Array.isArray(data.members)) {
const userExists = data.members.some((user: any) =>
user.email && user.email.toLowerCase() === email.toLowerCase()
);
this.logger.debug('用户存在性检查完成', {
operation: 'checkUserExists',
email,
exists: userExists,
});
return userExists;
}
return false;
} catch (error) {
const err = error as Error;
this.logger.error('检查用户存在性失败', {
operation: 'checkUserExists',
email,
error: err.message,
});
// 如果检查失败,假设用户不存在,允许继续注册
return false;
}
}
/**
* 创建Zulip用户
*
* 功能描述:
* 通过Zulip API创建新用户账户
*
* @param request 用户注册请求
* @returns Promise<{success: boolean, userId?: number, error?: string}>
* @private
*/
private async createZulipUser(request: UserRegistrationRequest): Promise<{
success: boolean;
userId?: number;
error?: string;
}> {
this.logger.log('开始创建Zulip用户', {
operation: 'createZulipUser',
email: request.email,
fullName: request.fullName,
});
try {
// 获取Zulip配置
const config = this.configService.getZulipConfig();
// 构建API URL
const apiUrl = `${config.zulipServerUrl}/api/v1/users`;
// 构建认证头
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
// 构建请求体
const requestBody = new URLSearchParams();
requestBody.append('email', request.email);
requestBody.append('full_name', request.fullName);
if (request.password) {
requestBody.append('password', request.password);
}
if (request.shortName) {
requestBody.append('short_name', request.shortName);
}
// 发送请求
const response = await fetch(apiUrl, {
method: 'POST',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/x-www-form-urlencoded',
},
body: requestBody.toString(),
});
const data: ZulipCreateUserResponse = await response.json();
if (!response.ok) {
this.logger.warn('Zulip用户创建失败', {
operation: 'createZulipUser',
email: request.email,
status: response.status,
statusText: response.statusText,
error: data.msg || data.message,
});
return {
success: false,
error: data.msg || data.message || '创建用户失败',
};
}
this.logger.log('Zulip用户创建成功', {
operation: 'createZulipUser',
email: request.email,
userId: data.user_id,
});
return {
success: true,
userId: data.user_id,
};
} catch (error) {
const err = error as Error;
this.logger.error('创建Zulip用户异常', {
operation: 'createZulipUser',
email: request.email,
error: err.message,
}, err.stack);
return {
success: false,
error: '系统错误,请稍后重试',
};
}
}
/**
* 为用户生成API Key
*
* 功能描述:
* 为新创建的用户生成API Key用于后续的Zulip API调用
*
* @param userId 用户ID
* @param email 用户邮箱
* @returns Promise<{success: boolean, apiKey?: string, error?: string}>
* @private
*/
private async generateApiKey(userId: number, email: string): Promise<{
success: boolean;
apiKey?: string;
error?: string;
}> {
this.logger.log('开始生成用户API Key', {
operation: 'generateApiKey',
userId,
email,
});
try {
// 获取Zulip配置
const config = this.configService.getZulipConfig();
// 构建API URL
const apiUrl = `${config.zulipServerUrl}/api/v1/users/${userId}/api_key/regenerate`;
// 构建认证头
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
// 发送请求
const response = await fetch(apiUrl, {
method: 'POST',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
const data: ZulipApiKeyResponse = await response.json();
if (!response.ok) {
this.logger.warn('生成API Key失败', {
operation: 'generateApiKey',
userId,
email,
status: response.status,
statusText: response.statusText,
error: data.msg || data.message,
});
return {
success: false,
error: data.msg || data.message || '生成API Key失败',
};
}
this.logger.log('API Key生成成功', {
operation: 'generateApiKey',
userId,
email,
});
return {
success: true,
apiKey: data.api_key,
};
} catch (error) {
const err = error as Error;
this.logger.error('生成API Key异常', {
operation: 'generateApiKey',
userId,
email,
error: err.message,
}, err.stack);
return {
success: false,
error: '系统错误,请稍后重试',
};
}
}
}

196
test_zulip_registration.js
View File

@@ -1,196 +0,0 @@
/**
* Zulip用户注册真实环境测试脚本
*
* 功能描述:
* - 测试Zulip用户注册功能在真实环境下的表现
* - 验证API调用是否正常工作
* - 检查配置是否正确
*
* 使用方法:
* node test_zulip_registration.js
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
const https = require('https');
const { URLSearchParams } = require('url');
// 配置信息
const config = {
zulipServerUrl: 'https://zulip.xinghangee.icu',
zulipBotEmail: 'angjustinl@mail.angforever.top',
zulipBotApiKey: 'lCPWCPfGh7WUHxwN56GF8oYXOpqNfGF8',
};
/**
* 检查用户是否存在
*/
async function checkUserExists(email) {
console.log(`🔍 检查用户是否存在: ${email}`);
try {
const url = `${config.zulipServerUrl}/api/v1/users`;
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
const response = await fetch(url, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
console.log(`❌ 获取用户列表失败: ${response.status} ${response.statusText}`);
return false;
}
const data = await response.json();
console.log(`📊 获取到 ${data.members?.length || 0} 个用户`);
if (data.members && Array.isArray(data.members)) {
const userExists = data.members.some(user =>
user.email && user.email.toLowerCase() === email.toLowerCase()
);
console.log(`✅ 用户存在性检查完成: ${userExists ? '存在' : '不存在'}`);
return userExists;
}
return false;
} catch (error) {
console.error(`❌ 检查用户存在性失败:`, error.message);
return false;
}
}
/**
* 创建测试用户
*/
async function createTestUser(email, fullName, password) {
console.log(`🚀 开始创建用户: ${email}`);
try {
const url = `${config.zulipServerUrl}/api/v1/users`;
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
const requestBody = new URLSearchParams();
requestBody.append('email', email);
requestBody.append('full_name', fullName);
if (password) {
requestBody.append('password', password);
}
const response = await fetch(url, {
method: 'POST',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/x-www-form-urlencoded',
},
body: requestBody.toString(),
});
const data = await response.json();
if (!response.ok) {
console.log(`❌ 用户创建失败: ${response.status} ${response.statusText}`);
console.log(`📝 错误信息: ${data.msg || data.message || '未知错误'}`);
return { success: false, error: data.msg || data.message };
}
console.log(`✅ 用户创建成功! 用户ID: ${data.user_id}`);
return { success: true, userId: data.user_id };
} catch (error) {
console.error(`❌ 创建用户异常:`, error.message);
return { success: false, error: error.message };
}
}
/**
* 测试连接
*/
async function testConnection() {
console.log('🔗 测试Zulip服务器连接...');
try {
const url = `${config.zulipServerUrl}/api/v1/server_settings`;
const response = await fetch(url);
if (response.ok) {
const data = await response.json();
console.log(`✅ 连接成功! 服务器版本: ${data.zulip_version || '未知'}`);
return true;
} else {
console.log(`❌ 连接失败: ${response.status} ${response.statusText}`);
return false;
}
} catch (error) {
console.error(`❌ 连接异常:`, error.message);
return false;
}
}
/**
* 主测试函数
*/
async function main() {
console.log('🎯 开始Zulip用户注册测试');
console.log('=' * 50);
// 1. 测试连接
const connected = await testConnection();
if (!connected) {
console.log('❌ 无法连接到Zulip服务器测试终止');
return;
}
console.log('');
// 2. 生成测试用户信息
const timestamp = Date.now();
const testEmail = `test_user_${timestamp}@example.com`;
const testFullName = `Test User ${timestamp}`;
const testPassword = 'test123456';
console.log(`📋 测试用户信息:`);
console.log(` 邮箱: ${testEmail}`);
console.log(` 姓名: ${testFullName}`);
console.log(` 密码: ${testPassword}`);
console.log('');
// 3. 检查用户是否已存在
const userExists = await checkUserExists(testEmail);
if (userExists) {
console.log('⚠️ 用户已存在,跳过创建测试');
return;
}
console.log('');
// 4. 创建用户
const createResult = await createTestUser(testEmail, testFullName, testPassword);
console.log('');
console.log('📊 测试结果:');
if (createResult.success) {
console.log('✅ 用户注册功能正常工作');
console.log(` 新用户ID: ${createResult.userId}`);
} else {
console.log('❌ 用户注册功能存在问题');
console.log(` 错误信息: ${createResult.error}`);
}
console.log('');
console.log('🎉 测试完成');
}
// 运行测试
main().catch(error => {
console.error('💥 测试过程中发生未处理的错误:', error);
process.exit(1);
});

275
test_zulip_user_management.js
View File

@@ -1,275 +0,0 @@
/**
* Zulip用户管理真实环境测试脚本
*
* 功能描述:
* - 测试Zulip用户管理功能在真实环境下的表现
* - 验证用户查询、验证等API调用是否正常工作
* - 检查配置是否正确
*
* 使用方法:
* node test_zulip_user_management.js
*
* @author angjustinl
* @version 1.0.0
* @since 2025-01-06
*/
const https = require('https');
// 配置信息
const config = {
zulipServerUrl: 'https://zulip.xinghangee.icu',
zulipBotEmail: 'angjustinl@mail.angforever.top',
zulipBotApiKey: 'lCPWCPfGh7WUHxwN56GF8oYXOpqNfGF8',
};
/**
* 获取所有用户列表
*/
async function getAllUsers() {
console.log('📋 获取所有用户列表...');
try {
const url = `${config.zulipServerUrl}/api/v1/users`;
const auth = Buffer.from(`${config.zulipBotEmail}:${config.zulipBotApiKey}`).toString('base64');
const response = await fetch(url, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
console.log(`❌ 获取用户列表失败: ${response.status} ${response.statusText}`);
return { success: false, error: `${response.status} ${response.statusText}` };
}
const data = await response.json();
const users = data.members?.map(user => ({
userId: user.user_id,
email: user.email,
fullName: user.full_name,
isActive: user.is_active,
isAdmin: user.is_admin,
isBot: user.is_bot,
})) || [];
console.log(`✅ 成功获取 ${users.length} 个用户`);
// 显示前几个用户信息
console.log('👥 用户列表预览:');
users.slice(0, 5).forEach((user, index) => {
console.log(` ${index + 1}. ${user.fullName} (${user.email})`);
console.log(` ID: ${user.userId}, 活跃: ${user.isActive}, 管理员: ${user.isAdmin}, 机器人: ${user.isBot}`);
});
if (users.length > 5) {
console.log(` ... 还有 ${users.length - 5} 个用户`);
}
return { success: true, users, totalCount: users.length };
} catch (error) {
console.error(`❌ 获取用户列表异常:`, error.message);
return { success: false, error: error.message };
}
}
/**
* 检查指定用户是否存在
*/
async function checkUserExists(email) {
console.log(`🔍 检查用户是否存在: ${email}`);
try {
const usersResult = await getAllUsers();
if (!usersResult.success) {
console.log(`❌ 无法获取用户列表: ${usersResult.error}`);
return false;
}
const userExists = usersResult.users.some(user =>
user.email.toLowerCase() === email.toLowerCase()
);
console.log(`✅ 用户存在性检查完成: ${userExists ? '存在' : '不存在'}`);
return userExists;
} catch (error) {
console.error(`❌ 检查用户存在性失败:`, error.message);
return false;
}
}
/**
* 获取用户详细信息
*/
async function getUserInfo(email) {
console.log(`📝 获取用户信息: ${email}`);
try {
const usersResult = await getAllUsers();
if (!usersResult.success) {
console.log(`❌ 无法获取用户列表: ${usersResult.error}`);
return { success: false, error: usersResult.error };
}
const user = usersResult.users.find(u =>
u.email.toLowerCase() === email.toLowerCase()
);
if (!user) {
console.log(`❌ 用户不存在: ${email}`);
return { success: false, error: '用户不存在' };
}
console.log(`✅ 用户信息获取成功:`);
console.log(` 用户ID: ${user.userId}`);
console.log(` 邮箱: ${user.email}`);
console.log(` 姓名: ${user.fullName}`);
console.log(` 状态: ${user.isActive ? '活跃' : '非活跃'}`);
console.log(` 权限: ${user.isAdmin ? '管理员' : '普通用户'}`);
console.log(` 类型: ${user.isBot ? '机器人' : '真实用户'}`);
return { success: true, user };
} catch (error) {
console.error(`❌ 获取用户信息失败:`, error.message);
return { success: false, error: error.message };
}
}
/**
* 测试用户API Key
*/
async function testUserApiKey(email, apiKey) {
console.log(`🔑 测试用户API Key: ${email}`);
try {
const url = `${config.zulipServerUrl}/api/v1/users/me`;
const auth = Buffer.from(`${email}:${apiKey}`).toString('base64');
const response = await fetch(url, {
method: 'GET',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/json',
},
});
const isValid = response.ok;
if (isValid) {
const data = await response.json();
console.log(`✅ API Key有效! 用户信息:`);
console.log(` 用户ID: ${data.user_id}`);
console.log(` 邮箱: ${data.email}`);
console.log(` 姓名: ${data.full_name}`);
} else {
console.log(`❌ API Key无效: ${response.status} ${response.statusText}`);
}
return isValid;
} catch (error) {
console.error(`❌ 测试API Key异常:`, error.message);
return false;
}
}
/**
* 测试连接
*/
async function testConnection() {
console.log('🔗 测试Zulip服务器连接...');
try {
const url = `${config.zulipServerUrl}/api/v1/server_settings`;
const response = await fetch(url);
if (response.ok) {
const data = await response.json();
console.log(`✅ 连接成功! 服务器信息:`);
console.log(` 版本: ${data.zulip_version || '未知'}`);
console.log(` 服务器: ${data.realm_name || '未知'}`);
return true;
} else {
console.log(`❌ 连接失败: ${response.status} ${response.statusText}`);
return false;
}
} catch (error) {
console.error(`❌ 连接异常:`, error.message);
return false;
}
}
/**
* 主测试函数
*/
async function main() {
console.log('🎯 开始Zulip用户管理测试');
console.log('='.repeat(50));
// 1. 测试连接
const connected = await testConnection();
if (!connected) {
console.log('❌ 无法连接到Zulip服务器测试终止');
return;
}
console.log('');
// 2. 获取所有用户列表
const usersResult = await getAllUsers();
if (!usersResult.success) {
console.log('❌ 无法获取用户列表,测试终止');
return;
}
console.log('');
// 3. 测试用户存在性检查
const testEmails = [
'angjustinl@mail.angforever.top', // 应该存在
'nonexistent@example.com', // 应该不存在
];
console.log('🔍 测试用户存在性检查:');
for (const email of testEmails) {
const exists = await checkUserExists(email);
console.log(` ${email}: ${exists ? '✅ 存在' : '❌ 不存在'}`);
}
console.log('');
// 4. 测试获取用户信息
console.log('📝 测试获取用户信息:');
const existingEmail = 'angjustinl@mail.angforever.top';
const userInfoResult = await getUserInfo(existingEmail);
console.log('');
// 5. 测试API Key验证如果有的话
console.log('🔑 测试API Key验证:');
const testApiKey = 'lCPWCPfGh7WUHxwN56GF8oYXOpqNfGF8'; // 这是我们的测试API Key
const apiKeyValid = await testUserApiKey(existingEmail, testApiKey);
console.log('');
console.log('📊 测试结果总结:');
console.log(`✅ 服务器连接: 正常`);
console.log(`✅ 用户列表获取: 正常 (${usersResult.totalCount} 个用户)`);
console.log(`✅ 用户存在性检查: 正常`);
console.log(`✅ 用户信息获取: ${userInfoResult.success ? '正常' : '异常'}`);
console.log(`✅ API Key验证: ${apiKeyValid ? '正常' : '异常'}`);
console.log('');
console.log('🎉 用户管理功能测试完成');
}
// 运行测试
main().catch(error => {
console.error('💥 测试过程中发生未处理的错误:', error);
process.exit(1);
});