datawhale/whale-town-end
3
4
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor:项目架构重构和命名规范化

Browse Source 
- 统一文件命名为snake_case格式(kebab-case  snake_case)
- 重构zulip模块为zulip_core,明确Core层职责
- 重构user-mgmt模块为user_mgmt,统一命名规范
- 调整模块依赖关系,优化架构分层
- 删除过时的文件和目录结构
- 更新相关文档和配置文件

本次重构涉及大量文件重命名和模块重组,
旨在建立更清晰的项目架构和统一的命名规范。
This commit is contained in:
moyin
2026-01-08 00:14:14 +08:00
parent 4fa4bd1a70
commit bb796a2469
178 changed files with 24767 additions and 3484 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
src/business/auth/README.md Normal file
View File

@@ -0,0 +1,223 @@
# Auth 用户认证业务模块
Auth 是应用的核心用户认证业务模块提供完整的用户登录、注册、密码管理、JWT令牌认证和GitHub OAuth集成功能支持邮箱验证、验证码登录、安全防护和Zulip账号同步具备完善的业务流程控制、错误处理和安全审计能力。
## 用户认证功能
### login()
处理用户登录请求,支持用户名/邮箱/手机号登录验证用户凭据并生成JWT令牌。
### register()
处理用户注册请求支持邮箱验证自动创建Zulip账号并建立关联。
### githubOAuth()
处理GitHub OAuth登录支持新用户自动注册和现有用户绑定。
### verificationCodeLogin()
支持邮箱或手机号验证码登录,提供无密码登录方式。
## 密码管理功能
### sendPasswordResetCode()
发送密码重置验证码到用户邮箱或手机号,支持测试模式和真实发送模式。
### resetPassword()
使用验证码重置用户密码,包含密码强度验证和安全检查。
### changePassword()
修改用户密码,验证旧密码并应用新密码强度规则。
## 邮箱验证功能
### sendEmailVerification()
发送邮箱验证码,用于注册时的邮箱验证和账户安全验证。
### verifyEmailCode()
验证邮箱验证码,确认邮箱所有权并更新用户验证状态。
### resendEmailVerification()
重新发送邮箱验证码,处理验证码过期或丢失的情况。
### sendLoginVerificationCode()
发送登录验证码,支持验证码登录功能。
## 调试和管理功能
### debugVerificationCode()
获取验证码调试信息,用于开发环境的测试和调试。
## HTTP API接口
### POST /auth/login
用户登录接口,接受用户名/邮箱/手机号和密码返回JWT令牌和用户信息。
### POST /auth/register
用户注册接口创建新用户账户并可选择性创建Zulip账号。
### POST /auth/github
GitHub OAuth登录接口处理GitHub第三方登录和账户绑定。
### POST /auth/forgot-password
发送密码重置验证码接口,支持邮箱和手机号找回密码。
### POST /auth/reset-password
重置密码接口,使用验证码验证身份并设置新密码。
### PUT /auth/change-password
修改密码接口,需要验证旧密码并设置新密码。
### POST /auth/send-email-verification
发送邮箱验证码接口,用于邮箱验证流程。
### POST /auth/verify-email
验证邮箱验证码接口,确认邮箱所有权。
### POST /auth/resend-email-verification
重新发送邮箱验证码接口,处理验证码重发需求。
### POST /auth/verification-code-login
验证码登录接口,支持无密码登录方式。
### POST /auth/send-login-verification-code
发送登录验证码接口,为验证码登录提供验证码。
### POST /auth/refresh-token
刷新JWT令牌接口使用刷新令牌获取新的访问令牌。
### POST /auth/debug-verification-code
调试验证码接口,获取验证码状态和调试信息。
### POST /auth/debug-clear-throttle
清除限流记录接口,仅用于开发环境调试。
## 认证和授权组件
### JwtAuthGuard
JWT认证守卫验证请求中的Bearer令牌并提取用户信息到请求上下文。
### CurrentUser
当前用户装饰器,从请求上下文中提取认证用户信息,支持获取完整用户对象或特定属性。
## 使用的项目内部依赖
### LoginCoreService (来自 core/login_core/login_core.service)
登录核心服务提供用户认证、密码管理、JWT令牌生成验证等核心功能实现。
### ZulipAccountService (来自 core/zulip_core/services/zulip_account.service)
Zulip账号服务处理Zulip账号的创建、管理和API Key安全存储。
### ZulipAccountsService (来自 core/db/zulip_accounts/zulip_accounts.service)
Zulip账号数据服务管理游戏用户与Zulip账号的关联关系数据。
### ApiKeySecurityService (来自 core/zulip_core/services/api_key_security.service)
API Key安全服务负责Zulip API Key的加密存储和安全管理。
### Users (来自 core/db/users/users.entity)
用户实体类,定义用户数据结构和数据库映射关系。
### UserStatus (来自 business/user_mgmt/user_status.enum)
用户状态枚举,定义用户的激活、禁用、待验证等状态值。
### LoginDto, RegisterDto (本模块)
登录和注册数据传输对象,提供完整的数据验证规则和类型定义。
### LoginResponseDto, RegisterResponseDto (本模块)
登录和注册响应数据传输对象定义API响应的数据结构和格式。
### ThrottlePresets, TimeoutPresets (来自 core/security_core/decorators)
安全防护预设配置,提供限流和超时控制的标准配置。
## 核心特性
### 多种登录方式支持
- 用户名/邮箱/手机号密码登录
- GitHub OAuth第三方登录
- 邮箱/手机号验证码登录
- 自动识别登录标识符类型
### JWT令牌管理
- 访问令牌和刷新令牌双令牌机制
- 令牌自动刷新和过期处理
- 安全的令牌签名和验证
- 用户信息载荷和权限控制
### Zulip集成支持
- 注册时自动创建Zulip账号
- 游戏用户与Zulip账号关联管理
- API Key安全存储和加密
- 注册失败时的回滚机制
### 邮箱验证系统
- 注册时邮箱验证流程
- 密码重置邮箱验证
- 验证码生成和过期管理
- 测试模式和生产模式支持
### 安全防护机制
- 请求频率限制和防暴力破解
- 密码强度验证和安全存储
- 用户状态检查和权限控制
- 详细的安全审计日志
### 业务流程控制
- 完整的错误处理和异常管理
- 统一的响应格式和状态码
- 业务规则验证和数据完整性
- 操作日志和性能监控
## 潜在风险
### Zulip账号创建失败风险
- Zulip服务不可用时注册流程可能失败
- 网络异常导致账号创建不完整
- 建议实现重试机制和降级策略允许跳过Zulip账号创建
### 验证码发送依赖风险
- 邮件服务配置错误导致验证码无法发送
- 测试模式下验证码泄露到日志中
- 建议完善邮件服务监控和测试模式安全控制
### JWT令牌安全风险
- 令牌泄露可能导致账户被盗用
- 刷新令牌长期有效增加安全风险
- 建议实现令牌黑名单机制和异常登录检测
### 并发操作风险
- 同时注册相同用户名可能导致数据冲突
- 高并发场景下验证码生成可能重复
- 建议加强数据库唯一性约束和分布式锁机制
### 第三方服务依赖风险
- GitHub OAuth服务不可用影响第三方登录
- Zulip服务异常影响账号同步功能
- 建议实现服务降级和故障转移机制
### 密码安全风险
- 弱密码策略可能导致账户安全问题
- 密码重置流程可能被恶意利用
- 建议加强密码策略和增加二次验证机制
## 补充信息
### 版本信息
- 模块版本1.0.2
- 最后修改2026-01-07
- 作者moyin
- 创建时间2025-12-17
### 架构优化记录
- 2026-01-07将JWT技术实现从Business层移至Core层符合分层架构原则
- 2026-01-07完成代码规范优化统一注释格式和文件命名规范
- 2026-01-07完善测试覆盖确保所有公共方法都有对应的单元测试
### 已知限制
- 短信验证码功能尚未实现,目前仅支持邮箱验证码
- Zulip账号创建失败时的重试机制有待完善
- 多设备登录管理和会话控制功能待开发
### 改进建议
- 实现短信验证码发送功能,完善多渠道验证
- 增加社交登录支持微信、QQ等
- 实现多因素认证MFA提升账户安全
- 添加登录设备管理和异常登录检测
- 完善Zulip集成的错误处理和重试机制

39
src/business/auth/auth.module.ts
View File

@@ -8,18 +8,26 @@
* - 邮箱验证功能
* - JWT令牌管理和验证
*
* @author kiro-ai
* @version 1.0.0
* 职责分离:
* - 专注于认证业务模块的依赖注入和配置
* - 整合核心服务和业务服务
* - 提供JWT模块的统一配置
*
* 最近修改:
* - 2026-01-07: 代码规范优化 - 文件夹扁平化,移除单文件文件夹结构
* - 2026-01-07: 代码规范优化 - 更新注释规范,修正文件引用路径
*
* @author moyin
* @version 1.0.2
* @since 2025-12-24
* @lastModified 2026-01-07
*/
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { LoginController } from './controllers/login.controller';
import { LoginService } from './services/login.service';
import { LoginController } from './login.controller';
import { LoginService } from './login.service';
import { LoginCoreModule } from '../../core/login_core/login_core.module';
import { ZulipCoreModule } from '../../core/zulip/zulip-core.module';
import { ZulipCoreModule } from '../../core/zulip_core/zulip_core.module';
import { ZulipAccountsModule } from '../../core/db/zulip_accounts/zulip_accounts.module';
import { UsersModule } from '../../core/db/users/users.module';
@@ -29,26 +37,11 @@ import { UsersModule } from '../../core/db/users/users.module';
ZulipCoreModule,
ZulipAccountsModule.forRoot(),
UsersModule,
JwtModule.registerAsync({
imports: [ConfigModule],
useFactory: (configService: ConfigService) => {
const expiresIn = configService.get<string>('JWT_EXPIRES_IN', '7d');
return {
secret: configService.get<string>('JWT_SECRET'),
signOptions: {
expiresIn: expiresIn as any, // JWT库支持字符串格式如 '7d'
issuer: 'whale-town',
audience: 'whale-town-users',
},
};
},
inject: [ConfigService],
}),
],
controllers: [LoginController],
providers: [
LoginService,
],
exports: [LoginService, JwtModule],
exports: [LoginService],
})
export class AuthModule {}

69
src/business/auth/current_user.decorator.ts Normal file
View File

@@ -0,0 +1,69 @@
/**
* 当前用户装饰器
*
* 功能描述:
* - 从请求上下文中提取当前认证用户信息
* - 简化控制器中获取用户信息的操作
* - 支持获取用户对象的特定属性
*
* 职责分离:
* - 专注于用户信息提取和参数装饰
* - 提供类型安全的用户信息访问
* - 简化控制器方法的参数处理
*
* 使用示例:
* ```typescript
* @Get('profile')
* @UseGuards(JwtAuthGuard)
* getProfile(@CurrentUser() user: JwtPayload) {
* return { user };
* }
* ```
*
* 最近修改:
* - 2026-01-07: 代码规范优化 - 文件夹扁平化,移除单文件文件夹结构
* - 2026-01-07: 代码规范优化 - 文件重命名为snake_case格式更新注释规范
*
* @author moyin
* @version 1.0.2
* @since 2025-01-05
* @lastModified 2026-01-07
*/
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { JwtPayload } from '../../core/login_core/login_core.service';
import { AuthenticatedRequest } from './jwt_auth.guard';
/**
* 当前用户装饰器实现
*
* 业务逻辑:
* 1. 从执行上下文获取HTTP请求对象
* 2. 提取请求中的用户信息由JwtAuthGuard注入
* 3. 根据data参数返回完整用户对象或特定属性
* 4. 提供类型安全的用户信息访问
*
* @param data 可选的属性名,用于获取用户对象的特定属性
* @param ctx 执行上下文包含HTTP请求信息
* @returns JwtPayload | any 用户信息或用户的特定属性
* @throws 无异常抛出依赖JwtAuthGuard确保用户信息存在
*
* @example
* ```typescript
* // 获取完整用户对象
* @Get('profile')
* getProfile(@CurrentUser() user: JwtPayload) { }
*
* // 获取特定属性
* @Get('username')
* getUsername(@CurrentUser('username') username: string) { }
* ```
*/
export const CurrentUser = createParamDecorator(
(data: keyof JwtPayload | undefined, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest<AuthenticatedRequest>();
const user = request.user;
return data ? user?.[data] : user;
},
);

39
src/business/auth/decorators/current-user.decorator.ts
View File

@@ -1,39 +0,0 @@
/**
* 当前用户装饰器
*
* 功能描述:
* - 从请求上下文中提取当前认证用户信息
* - 简化控制器中获取用户信息的操作
*
* 使用示例:
* ```typescript
* @Get('profile')
* @UseGuards(JwtAuthGuard)
* getProfile(@CurrentUser() user: JwtPayload) {
* return { user };
* }
* ```
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-05
*/
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { AuthenticatedRequest, JwtPayload } from '../guards/jwt-auth.guard';
/**
* 当前用户装饰器
*
* @param data 可选的属性名,用于获取用户对象的特定属性
* @param ctx 执行上下文
* @returns 用户信息或用户的特定属性
*/
export const CurrentUser = createParamDecorator(
(data: keyof JwtPayload | undefined, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest<AuthenticatedRequest>();
const user = request.user;
return data ? user?.[data] : user;
},
);

83
src/business/auth/guards/jwt-auth.guard.ts
View File

@@ -1,83 +0,0 @@
/**
* JWT 认证守卫
*
* 功能描述:
* - 验证请求中的 JWT 令牌
* - 提取用户信息并添加到请求上下文
* - 保护需要认证的路由
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-05
*/
import {
Injectable,
CanActivate,
ExecutionContext,
UnauthorizedException,
Logger,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { Request } from 'express';
/**
* JWT 载荷接口
*/
export interface JwtPayload {
sub: string; // 用户ID
username: string;
role: number;
iat: number; // 签发时间
exp: number; // 过期时间
}
/**
* 扩展的请求接口,包含用户信息
*/
export interface AuthenticatedRequest extends Request {
user: JwtPayload;
}
@Injectable()
export class JwtAuthGuard implements CanActivate {
private readonly logger = new Logger(JwtAuthGuard.name);
constructor(private readonly jwtService: JwtService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const token = this.extractTokenFromHeader(request);
if (!token) {
this.logger.warn('访问被拒绝:缺少认证令牌');
throw new UnauthorizedException('缺少认证令牌');
}
try {
// 验证并解码 JWT 令牌
const payload = await this.jwtService.verifyAsync<JwtPayload>(token);
// 将用户信息添加到请求对象
(request as AuthenticatedRequest).user = payload;
this.logger.log(`用户认证成功: ${payload.username} (ID: ${payload.sub})`);
return true;
} catch (error) {
const errorMessage = error instanceof Error ? error.message : '未知错误';
this.logger.warn(`JWT 令牌验证失败: ${errorMessage}`);
throw new UnauthorizedException('无效的认证令牌');
}
}
/**
* 从请求头中提取 JWT 令牌
*
* @param request 请求对象
* @returns JWT 令牌或 undefined
*/
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}

22
src/business/auth/index.ts
View File

@@ -7,17 +7,31 @@
* - 密码管理(忘记密码、重置密码、修改密码)
* - 邮箱验证功能
* - JWT Token管理
*
* 职责分离:
* - 专注于模块导出和接口暴露
* - 提供统一的模块入口点
* - 简化外部模块的引用方式
*
* 最近修改:
* - 2026-01-07: 代码规范优化 - 文件夹扁平化,移除单文件文件夹结构
* - 2026-01-07: 代码规范优化 - 更新注释规范
*
* @author moyin
* @version 1.0.2
* @since 2025-12-17
* @lastModified 2026-01-07
*/
// 模块
export * from './auth.module';
// 控制器
export * from './controllers/login.controller';
export * from './login.controller';
// 服务
export * from './services/login.service';
export * from './login.service';
// DTO
export * from './dto/login.dto';
export * from './dto/login_response.dto';
export * from './login.dto';
export * from './login_response.dto';

119
src/business/auth/jwt_auth.guard.ts Normal file
View File

@@ -0,0 +1,119 @@
/**
* JWT 认证守卫
*
* 功能描述:
* - 验证请求中的 JWT 令牌
* - 提取用户信息并添加到请求上下文
* - 保护需要认证的路由
*
* 职责分离:
* - 专注于JWT令牌验证和用户认证
* - 提供统一的认证守卫机制
* - 处理认证失败的异常情况
*
* 最近修改:
* - 2026-01-07: 代码规范优化 - 文件夹扁平化,移除单文件文件夹结构
* - 2026-01-07: 代码规范优化 - 文件重命名为snake_case格式更新注释规范
*
* @author moyin
* @version 1.0.2
* @since 2025-01-05
* @lastModified 2026-01-07
*/
import {
Injectable,
CanActivate,
ExecutionContext,
UnauthorizedException,
Logger,
} from '@nestjs/common';
import { Request } from 'express';
import { LoginCoreService, JwtPayload } from '../../core/login_core/login_core.service';
/**
* 扩展的请求接口,包含用户信息
*/
export interface AuthenticatedRequest extends Request {
user: JwtPayload;
}
@Injectable()
export class JwtAuthGuard implements CanActivate {
private readonly logger = new Logger(JwtAuthGuard.name);
constructor(private readonly loginCoreService: LoginCoreService) {}
/**
* JWT令牌验证和用户认证
*
* 业务逻辑:
* 1. 从请求头中提取Bearer令牌
* 2. 验证令牌的有效性和签名
* 3. 解码令牌获取用户信息
* 4. 将用户信息添加到请求上下文
* 5. 记录认证成功或失败的日志
* 6. 返回认证结果
*
* @param context 执行上下文包含HTTP请求信息
* @returns Promise<boolean> 认证是否成功
* @throws UnauthorizedException 当令牌缺失或无效时
*
* @example
* ```typescript
* @Get('protected')
* @UseGuards(JwtAuthGuard)
* getProtectedData() {
* // 此方法需要有效的JWT令牌才能访问
* }
* ```
*/
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const token = this.extractTokenFromHeader(request);
if (!token) {
this.logger.warn('访问被拒绝:缺少认证令牌');
throw new UnauthorizedException('缺少认证令牌');
}
try {
// 使用Core层服务验证JWT令牌
const payload = await this.loginCoreService.verifyToken(token, 'access');
// 将用户信息添加到请求对象
(request as AuthenticatedRequest).user = payload;
this.logger.log(`用户认证成功: ${payload.username} (ID: ${payload.sub})`);
return true;
} catch (error) {
const errorMessage = error instanceof Error ? error.message : '未知错误';
this.logger.warn(`JWT 令牌验证失败: ${errorMessage}`);
throw new UnauthorizedException('无效的认证令牌');
}
}
/**
* 从请求头中提取JWT令牌
*
* 业务逻辑:
* 1. 获取Authorization请求头
* 2. 解析Bearer令牌格式
* 3. 验证令牌类型是否为Bearer
* 4. 返回提取的令牌字符串
*
* @param request HTTP请求对象
* @returns string | undefined JWT令牌字符串或undefined
* @throws 无异常抛出返回undefined表示令牌不存在
*
* @example
* ```typescript
* // 请求头格式Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
* const token = this.extractTokenFromHeader(request);
* ```
*/
private extractTokenFromHeader(request: Request): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}

24
src/business/auth/examples/jwt-usage-example.ts → src/business/auth/jwt_usage_example.ts
View File

@@ -1,16 +1,30 @@
/**
* JWT 使
*
* 使 JWT
*
* - 使 JWT
* - JWT认证使用示例和最佳实践
* -
*
* @author kiro-ai
* @version 1.0.0
*
* - JWT认证功能的使用演示
* -
* -
*
*
* - 2026-01-07: 代码规范优化 -
* - 2026-01-07: 代码规范优化 - snake_case格式
*
* @author moyin
* @version 1.0.2
* @since 2025-01-05
* @lastModified 2026-01-07
*/
import { Controller, Get, UseGuards, Post, Body } from '@nestjs/common';
import { JwtAuthGuard, JwtPayload } from '../guards/jwt-auth.guard';
import { CurrentUser } from '../decorators/current-user.decorator';
import { JwtAuthGuard } from './jwt_auth.guard';
import { JwtPayload } from '../../core/login_core/login_core.service';
import { CurrentUser } from './current_user.decorator';
/**
* - JWT 使

302
src/business/auth/controllers/login.controller.ts → src/business/auth/login.controller.ts
View File

@@ -6,6 +6,11 @@
* - RESTful API接口
* -
*
*
* - HTTP请求处理和响应格式化
* -
* - API文档和参数验证
*
* API端点
* - POST /auth/login -
* - POST /auth/register -
@@ -15,16 +20,21 @@
* - PUT /auth/change-password -
* - POST /auth/refresh-token - 访
*
* @author moyin angjustinl
* @version 1.0.0
*
* - 2026-01-07: 代码规范优化 -
* - 2026-01-07: 代码规范优化 -
*
* @author moyin
* @version 1.0.2
* @since 2025-12-17
* @lastModified 2026-01-07
*/
import { Controller, Post, Put, Body, HttpCode, HttpStatus, ValidationPipe, UsePipes, Logger, Res } from '@nestjs/common';
import { ApiTags, ApiOperation, ApiResponse as SwaggerApiResponse, ApiBody } from '@nestjs/swagger';
import { Response } from 'express';
import { LoginService, ApiResponse, LoginResponse } from '../services/login.service';
import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto, VerificationCodeLoginDto, SendLoginVerificationCodeDto, RefreshTokenDto } from '../dto/login.dto';
import { LoginService, ApiResponse, LoginResponse } from './login.service';
import { LoginDto, RegisterDto, GitHubOAuthDto, ForgotPasswordDto, ResetPasswordDto, ChangePasswordDto, EmailVerificationDto, SendEmailVerificationDto, VerificationCodeLoginDto, SendLoginVerificationCodeDto, RefreshTokenDto } from './login.dto';
import {
LoginResponseDto,
RegisterResponseDto,
@@ -34,9 +44,24 @@ import {
TestModeEmailVerificationResponseDto,
SuccessEmailVerificationResponseDto,
RefreshTokenResponseDto
} from '../dto/login_response.dto';
import { Throttle, ThrottlePresets } from '../../../core/security_core/decorators/throttle.decorator';
import { Timeout, TimeoutPresets } from '../../../core/security_core/decorators/timeout.decorator';
} from './login_response.dto';
import { Throttle, ThrottlePresets } from '../../core/security_core/throttle.decorator';
import { Timeout, TimeoutPresets } from '../../core/security_core/timeout.decorator';
// 错误代码到HTTP状态码的映射
const ERROR_STATUS_MAP = {
LOGIN_FAILED: HttpStatus.UNAUTHORIZED,
REGISTER_FAILED: HttpStatus.BAD_REQUEST,
TEST_MODE_ONLY: HttpStatus.PARTIAL_CONTENT,
TOKEN_REFRESH_FAILED: HttpStatus.UNAUTHORIZED,
GITHUB_OAUTH_FAILED: HttpStatus.UNAUTHORIZED,
SEND_CODE_FAILED: HttpStatus.BAD_REQUEST,
RESET_PASSWORD_FAILED: HttpStatus.BAD_REQUEST,
CHANGE_PASSWORD_FAILED: HttpStatus.BAD_REQUEST,
EMAIL_VERIFICATION_FAILED: HttpStatus.BAD_REQUEST,
VERIFICATION_CODE_LOGIN_FAILED: HttpStatus.UNAUTHORIZED,
INVALID_VERIFICATION_CODE: HttpStatus.BAD_REQUEST,
} as const;
@ApiTags('auth')
@Controller('auth')
@@ -45,6 +70,60 @@ export class LoginController {
constructor(private readonly loginService: LoginService) {}
/**
*
*
*
* 1. HTTP状态码
* 2.
* 3.
*
* @param result
* @param res Express响应对象
* @param successStatus HTTP状态码200
* @private
*/
private handleResponse(result: any, res: Response, successStatus: HttpStatus = HttpStatus.OK): void {
if (result.success) {
res.status(successStatus).json(result);
return;
}
// 根据错误代码获取状态码
const statusCode = this.getErrorStatusCode(result);
res.status(statusCode).json(result);
}
/**
* HTTP状态码
*
* @param result
* @returns HTTP状态码
* @private
*/
private getErrorStatusCode(result: any): HttpStatus {
// 优先使用错误代码映射
if (result.error_code && ERROR_STATUS_MAP[result.error_code as keyof typeof ERROR_STATUS_MAP]) {
return ERROR_STATUS_MAP[result.error_code as keyof typeof ERROR_STATUS_MAP];
}
// 根据消息内容判断
if (result.message?.includes('已存在') || result.message?.includes('已被注册')) {
return HttpStatus.CONFLICT;
}
if (result.message?.includes('令牌验证失败') || result.message?.includes('已过期')) {
return HttpStatus.UNAUTHORIZED;
}
if (result.message?.includes('用户不存在')) {
return HttpStatus.NOT_FOUND;
}
// 默认返回400
return HttpStatus.BAD_REQUEST;
}
/**
*
*
@@ -87,17 +166,7 @@ export class LoginController {
password: loginDto.password
});
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else {
// 根据错误类型设置不同的状态码
if (result.error_code === 'LOGIN_FAILED') {
res.status(HttpStatus.UNAUTHORIZED).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
}
this.handleResponse(result, res);
}
/**
@@ -142,21 +211,7 @@ export class LoginController {
email_verification_code: registerDto.email_verification_code
});
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.CREATED).json(result);
} else {
// 根据错误类型设置不同的状态码
if (result.message?.includes('已存在')) {
// 资源冲突:用户名、邮箱、手机号已存在
res.status(HttpStatus.CONFLICT).json(result);
} else if (result.error_code === 'REGISTER_FAILED') {
// 其他注册失败:参数错误、验证码错误等
res.status(HttpStatus.BAD_REQUEST).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
}
this.handleResponse(result, res, HttpStatus.CREATED);
}
/**
@@ -194,12 +249,7 @@ export class LoginController {
avatar_url: githubDto.avatar_url
});
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -244,15 +294,7 @@ export class LoginController {
@Res() res: Response
): Promise<void> {
const result = await this.loginService.sendPasswordResetCode(forgotPasswordDto.identifier);
// 根据结果设置不同的状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else if (result.error_code === 'TEST_MODE_ONLY') {
res.status(HttpStatus.PARTIAL_CONTENT).json(result); // 206 Partial Content
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -293,12 +335,7 @@ export class LoginController {
newPassword: resetPasswordDto.new_password
});
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -338,12 +375,7 @@ export class LoginController {
changePasswordDto.new_password
);
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -385,18 +417,7 @@ export class LoginController {
@Res() res: Response
): Promise<void> {
const result = await this.loginService.sendEmailVerification(sendEmailVerificationDto.email);
// 根据结果设置不同的状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else if (result.error_code === 'TEST_MODE_ONLY') {
res.status(HttpStatus.PARTIAL_CONTENT).json(result); // 206 Partial Content
} else if (result.message?.includes('已被注册') || result.message?.includes('已存在')) {
// 邮箱已被注册
res.status(HttpStatus.CONFLICT).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -427,12 +448,7 @@ export class LoginController {
emailVerificationDto.verification_code
);
// 根据业务结果设置正确的HTTP状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -473,15 +489,7 @@ export class LoginController {
@Res() res: Response
): Promise<void> {
const result = await this.loginService.resendEmailVerification(sendEmailVerificationDto.email);
// 根据结果设置不同的状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else if (result.error_code === 'TEST_MODE_ONLY') {
res.status(HttpStatus.PARTIAL_CONTENT).json(result); // 206 Partial Content
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -563,15 +571,7 @@ export class LoginController {
@Res() res: Response
): Promise<void> {
const result = await this.loginService.sendLoginVerificationCode(sendLoginVerificationCodeDto.identifier);
// 根据结果设置不同的状态码
if (result.success) {
res.status(HttpStatus.OK).json(result);
} else if (result.error_code === 'TEST_MODE_ONLY') {
res.status(HttpStatus.PARTIAL_CONTENT).json(result); // 206 Partial Content
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
this.handleResponse(result, res);
}
/**
@@ -662,56 +662,70 @@ export class LoginController {
const startTime = Date.now();
try {
this.logger.log('令牌刷新请求', {
operation: 'refreshToken',
timestamp: new Date().toISOString(),
});
this.logRefreshTokenStart();
const result = await this.loginService.refreshAccessToken(refreshTokenDto.refresh_token);
const duration = Date.now() - startTime;
if (result.success) {
this.logger.log('令牌刷新成功', {
operation: 'refreshToken',
duration,
timestamp: new Date().toISOString(),
});
res.status(HttpStatus.OK).json(result);
} else {
this.logger.warn('令牌刷新失败', {
operation: 'refreshToken',
error: result.message,
errorCode: result.error_code,
duration,
timestamp: new Date().toISOString(),
});
// 根据错误类型设置不同的状态码
if (result.message?.includes('令牌验证失败') || result.message?.includes('已过期')) {
res.status(HttpStatus.UNAUTHORIZED).json(result);
} else if (result.message?.includes('用户不存在')) {
res.status(HttpStatus.NOT_FOUND).json(result);
} else {
res.status(HttpStatus.BAD_REQUEST).json(result);
}
}
this.handleRefreshTokenResponse(result, res, startTime);
} catch (error) {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('令牌刷新异常', {
operation: 'refreshToken',
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
success: false,
message: '服务器内部错误',
error_code: 'INTERNAL_SERVER_ERROR'
});
this.handleRefreshTokenError(error, res, startTime);
}
}
/**
*
* @private
*/
private logRefreshTokenStart(): void {
this.logger.log('令牌刷新请求', {
operation: 'refreshToken',
timestamp: new Date().toISOString(),
});
}
/**
*
* @private
*/
private handleRefreshTokenResponse(result: any, res: Response, startTime: number): void {
const duration = Date.now() - startTime;
if (result.success) {
this.logger.log('令牌刷新成功', {
operation: 'refreshToken',
duration,
timestamp: new Date().toISOString(),
});
res.status(HttpStatus.OK).json(result);
} else {
this.logger.warn('令牌刷新失败', {
operation: 'refreshToken',
error: result.message,
errorCode: result.error_code,
duration,
timestamp: new Date().toISOString(),
});
this.handleResponse(result, res);
}
}
/**
*
* @private
*/
private handleRefreshTokenError(error: unknown, res: Response, startTime: number): void {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('令牌刷新异常', {
operation: 'refreshToken',
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
success: false,
message: '服务器内部错误',
error_code: 'INTERNAL_SERVER_ERROR'
});
}
}

12
src/business/auth/dto/login.dto.ts → src/business/auth/login.dto.ts
View File

@@ -6,9 +6,19 @@
* -
* - API接口的数据格式一致性
*
*
* -
* - Swagger文档生成支持
* -
*
*
* - 2026-01-07: 代码规范优化 -
* - 2026-01-07: 代码规范优化 -
*
* @author moyin
* @version 1.0.0
* @version 1.0.2
* @since 2025-12-17
* @lastModified 2026-01-07
*/
import {

366
src/business/auth/login.service.spec.ts Normal file
View File

@@ -0,0 +1,366 @@
/**
* 登录业务服务测试
*
* 功能描述:
* - 测试登录相关的业务逻辑
* - 测试业务层与核心层的集成
* - 测试各种异常情况处理
*
* 注意JWT相关功能已移至Core层此测试专注于Business层逻辑
*
* @author moyin
* @version 1.0.1
* @since 2025-01-06
* @lastModified 2026-01-07
*/
import { Test, TestingModule } from '@nestjs/testing';
import { LoginService } from './login.service';
import { LoginCoreService } from '../../core/login_core/login_core.service';
import { ZulipAccountService } from '../../core/zulip_core/services/zulip_account.service';
import { ZulipAccountsService } from '../../core/db/zulip_accounts/zulip_accounts.service';
import { ApiKeySecurityService } from '../../core/zulip_core/services/api_key_security.service';
import { UserStatus } from '../../core/db/users/user_status.enum';
describe('LoginService', () => {
let service: LoginService;
let loginCoreService: jest.Mocked<LoginCoreService>;
let zulipAccountService: jest.Mocked<ZulipAccountService>;
let zulipAccountsService: jest.Mocked<ZulipAccountsService>;
let apiKeySecurityService: jest.Mocked<ApiKeySecurityService>;
const mockUser = {
id: BigInt(1),
username: 'testuser',
email: 'test@example.com',
phone: '+8613800138000',
password_hash: '$2b$12$hashedpassword',
nickname: '测试用户',
github_id: null as string | null,
avatar_url: null as string | null,
role: 1,
status: UserStatus.ACTIVE,
email_verified: true,
created_at: new Date(),
updated_at: new Date(),
};
const mockTokenPair = {
access_token: 'mock_access_token',
refresh_token: 'mock_refresh_token',
expires_in: 604800,
token_type: 'Bearer'
};
beforeEach(async () => {
// Mock environment variables for Zulip
process.env.ZULIP_SERVER_URL = 'https://test.zulipchat.com';
process.env.ZULIP_BOT_EMAIL = 'test-bot@test.zulipchat.com';
process.env.ZULIP_BOT_API_KEY = 'test_api_key_12345';
const mockLoginCoreService = {
login: jest.fn(),
register: jest.fn(),
githubOAuth: jest.fn(),
sendPasswordResetCode: jest.fn(),
resetPassword: jest.fn(),
changePassword: jest.fn(),
sendEmailVerification: jest.fn(),
verifyEmailCode: jest.fn(),
resendEmailVerification: jest.fn(),
verificationCodeLogin: jest.fn(),
sendLoginVerificationCode: jest.fn(),
debugVerificationCode: jest.fn(),
deleteUser: jest.fn(),
generateTokenPair: jest.fn(),
};
const mockZulipAccountService = {
initializeAdminClient: jest.fn(),
createZulipAccount: jest.fn(),
linkGameAccount: jest.fn(),
};
const mockZulipAccountsService = {
findByGameUserId: jest.fn(),
create: jest.fn(),
deleteByGameUserId: jest.fn(),
};
const mockApiKeySecurityService = {
storeApiKey: jest.fn(),
};
const module: TestingModule = await Test.createTestingModule({
providers: [
LoginService,
{
provide: LoginCoreService,
useValue: mockLoginCoreService,
},
{
provide: ZulipAccountService,
useValue: mockZulipAccountService,
},
{
provide: 'ZulipAccountsService',
useValue: mockZulipAccountsService,
},
{
provide: ApiKeySecurityService,
useValue: mockApiKeySecurityService,
},
],
}).compile();
service = module.get<LoginService>(LoginService);
loginCoreService = module.get(LoginCoreService);
zulipAccountService = module.get(ZulipAccountService);
zulipAccountsService = module.get('ZulipAccountsService');
apiKeySecurityService = module.get(ApiKeySecurityService);
// Setup default mocks
loginCoreService.generateTokenPair.mockResolvedValue(mockTokenPair);
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
zulipAccountService.createZulipAccount.mockResolvedValue({
success: true,
userId: 123,
email: 'test@example.com',
apiKey: 'mock_api_key'
});
zulipAccountsService.findByGameUserId.mockResolvedValue(null);
zulipAccountsService.create.mockResolvedValue({} as any);
apiKeySecurityService.storeApiKey.mockResolvedValue(undefined);
});
afterEach(() => {
jest.clearAllMocks();
});
it('should be defined', () => {
expect(service).toBeDefined();
});
describe('login', () => {
it('should login successfully and return JWT tokens', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockTokenPair.access_token);
expect(result.data?.refresh_token).toBe(mockTokenPair.refresh_token);
expect(loginCoreService.login).toHaveBeenCalledWith({
identifier: 'testuser',
password: 'password123'
});
expect(loginCoreService.generateTokenPair).toHaveBeenCalledWith(mockUser);
});
it('should handle login failure', async () => {
loginCoreService.login.mockRejectedValue(new Error('用户名或密码错误'));
const result = await service.login({
identifier: 'testuser',
password: 'wrongpassword'
});
expect(result.success).toBe(false);
expect(result.message).toBe('用户名或密码错误');
expect(result.error_code).toBe('LOGIN_FAILED');
});
});
describe('register', () => {
it('should register successfully with JWT tokens', async () => {
loginCoreService.register.mockResolvedValue({
user: mockUser,
isNewUser: true
});
const result = await service.register({
username: 'newuser',
password: 'password123',
nickname: '新用户',
email: 'newuser@example.com',
email_verification_code: '123456'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockTokenPair.access_token);
expect(result.data?.is_new_user).toBe(true);
expect(loginCoreService.register).toHaveBeenCalled();
expect(loginCoreService.generateTokenPair).toHaveBeenCalledWith(mockUser);
});
it('should handle register failure', async () => {
loginCoreService.register.mockRejectedValue(new Error('用户名已存在'));
const result = await service.register({
username: 'existinguser',
password: 'password123',
nickname: '用户'
});
expect(result.success).toBe(false);
expect(result.message).toBe('用户名已存在');
expect(result.error_code).toBe('REGISTER_FAILED');
});
});
describe('githubOAuth', () => {
it('should handle GitHub OAuth successfully', async () => {
loginCoreService.githubOAuth.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.githubOAuth({
github_id: '12345',
username: 'githubuser',
nickname: 'GitHub用户',
email: 'github@example.com'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockTokenPair.access_token);
expect(loginCoreService.githubOAuth).toHaveBeenCalled();
expect(loginCoreService.generateTokenPair).toHaveBeenCalledWith(mockUser);
});
});
describe('sendPasswordResetCode', () => {
it('should handle sendPasswordResetCode in test mode', async () => {
loginCoreService.sendPasswordResetCode.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendPasswordResetCode('test@example.com');
expect(result.success).toBe(false); // Test mode returns false
expect(result.data?.verification_code).toBe('123456');
expect(result.data?.is_test_mode).toBe(true);
expect(loginCoreService.sendPasswordResetCode).toHaveBeenCalledWith('test@example.com');
});
});
describe('resetPassword', () => {
it('should handle resetPassword successfully', async () => {
loginCoreService.resetPassword.mockResolvedValue(undefined);
const result = await service.resetPassword({
identifier: 'test@example.com',
verificationCode: '123456',
newPassword: 'newpassword123'
});
expect(result.success).toBe(true);
expect(result.message).toBe('密码重置成功');
expect(loginCoreService.resetPassword).toHaveBeenCalled();
});
});
describe('changePassword', () => {
it('should handle changePassword successfully', async () => {
loginCoreService.changePassword.mockResolvedValue(undefined);
const result = await service.changePassword(BigInt(1), 'oldpassword', 'newpassword');
expect(result.success).toBe(true);
expect(result.message).toBe('密码修改成功');
expect(loginCoreService.changePassword).toHaveBeenCalledWith(BigInt(1), 'oldpassword', 'newpassword');
});
});
describe('sendEmailVerification', () => {
it('should handle sendEmailVerification in test mode', async () => {
loginCoreService.sendEmailVerification.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendEmailVerification('test@example.com');
expect(result.success).toBe(false); // Test mode returns false
expect(result.data?.verification_code).toBe('123456');
expect(result.data?.is_test_mode).toBe(true);
expect(loginCoreService.sendEmailVerification).toHaveBeenCalledWith('test@example.com');
});
});
describe('verifyEmailCode', () => {
it('should handle verifyEmailCode successfully', async () => {
loginCoreService.verifyEmailCode.mockResolvedValue(true);
const result = await service.verifyEmailCode('test@example.com', '123456');
expect(result.success).toBe(true);
expect(result.message).toBe('邮箱验证成功');
expect(loginCoreService.verifyEmailCode).toHaveBeenCalledWith('test@example.com', '123456');
});
});
describe('verificationCodeLogin', () => {
it('should handle verificationCodeLogin successfully', async () => {
loginCoreService.verificationCodeLogin.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.verificationCodeLogin({
identifier: 'test@example.com',
verificationCode: '123456'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockTokenPair.access_token);
expect(loginCoreService.verificationCodeLogin).toHaveBeenCalled();
expect(loginCoreService.generateTokenPair).toHaveBeenCalledWith(mockUser);
});
});
describe('sendLoginVerificationCode', () => {
it('should handle sendLoginVerificationCode successfully', async () => {
loginCoreService.sendLoginVerificationCode.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendLoginVerificationCode('test@example.com');
expect(result.success).toBe(false); // Test mode returns false
expect(result.data?.verification_code).toBe('123456');
expect(result.data?.is_test_mode).toBe(true);
expect(loginCoreService.sendLoginVerificationCode).toHaveBeenCalledWith('test@example.com');
});
});
describe('debugVerificationCode', () => {
it('should handle debugVerificationCode successfully', async () => {
const mockDebugInfo = {
email: 'test@example.com',
hasCode: true,
codeExpiry: new Date()
};
loginCoreService.debugVerificationCode.mockResolvedValue(mockDebugInfo);
const result = await service.debugVerificationCode('test@example.com');
expect(result.success).toBe(true);
expect(result.data).toEqual(mockDebugInfo);
expect(loginCoreService.debugVerificationCode).toHaveBeenCalledWith('test@example.com');
});
});
});

609
src/business/auth/services/login.service.ts → src/business/auth/login.service.ts
View File

@@ -10,60 +10,65 @@
* -
* -
* -
* - JWT技术实现已移至Core层
*
* @author moyin angjustinl
* @version 1.0.0
*
* - 2026-01-07: 代码规范优化 -
* - 2026-01-07: 架构优化 - JWT技术实现移至login_core模块
*
* @author moyin
* @version 1.0.3
* @since 2025-12-17
* @lastModified 2026-01-07
*/
import { Injectable, Logger, Inject } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import * as jwt from 'jsonwebtoken';
import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, AuthResult, VerificationCodeLoginRequest } from '../../../core/login_core/login_core.service';
import { Users } from '../../../core/db/users/users.entity';
import { UsersService } from '../../../core/db/users/users.service';
import { ZulipAccountService } from '../../../core/zulip/services/zulip_account.service';
import { ZulipAccountsRepository } from '../../../core/db/zulip_accounts/zulip_accounts.repository';
import { ApiKeySecurityService } from '../../../core/zulip/services/api_key_security.service';
import { LoginCoreService, LoginRequest, RegisterRequest, GitHubOAuthRequest, PasswordResetRequest, VerificationCodeLoginRequest, TokenPair } from '../../core/login_core/login_core.service';
import { Users } from '../../core/db/users/users.entity';
import { ZulipAccountService } from '../../core/zulip_core/services/zulip_account.service';
import { ZulipAccountsService } from '../../core/db/zulip_accounts/zulip_accounts.service';
import { ZulipAccountsMemoryService } from '../../core/db/zulip_accounts/zulip_accounts_memory.service';
import { ApiKeySecurityService } from '../../core/zulip_core/services/api_key_security.service';
/**
* JWT载荷接口
*/
export interface JwtPayload {
/** 用户ID */
sub: string;
/** 用户名 */
username: string;
/** 用户角色 */
role: number;
/** 邮箱 */
email?: string;
/** 令牌类型 */
type: 'access' | 'refresh';
/** 签发时间 */
iat?: number;
/** 过期时间 */
exp?: number;
/** 签发者 */
iss?: string;
/** 受众 */
aud?: string;
}
// 常量定义
const ERROR_CODES = {
LOGIN_FAILED: 'LOGIN_FAILED',
REGISTER_FAILED: 'REGISTER_FAILED',
GITHUB_OAUTH_FAILED: 'GITHUB_OAUTH_FAILED',
SEND_CODE_FAILED: 'SEND_CODE_FAILED',
RESET_PASSWORD_FAILED: 'RESET_PASSWORD_FAILED',
CHANGE_PASSWORD_FAILED: 'CHANGE_PASSWORD_FAILED',
SEND_EMAIL_VERIFICATION_FAILED: 'SEND_EMAIL_VERIFICATION_FAILED',
EMAIL_VERIFICATION_FAILED: 'EMAIL_VERIFICATION_FAILED',
RESEND_EMAIL_VERIFICATION_FAILED: 'RESEND_EMAIL_VERIFICATION_FAILED',
VERIFICATION_CODE_LOGIN_FAILED: 'VERIFICATION_CODE_LOGIN_FAILED',
SEND_LOGIN_CODE_FAILED: 'SEND_LOGIN_CODE_FAILED',
TOKEN_REFRESH_FAILED: 'TOKEN_REFRESH_FAILED',
DEBUG_VERIFICATION_CODE_FAILED: 'DEBUG_VERIFICATION_CODE_FAILED',
TEST_MODE_ONLY: 'TEST_MODE_ONLY',
INVALID_VERIFICATION_CODE: 'INVALID_VERIFICATION_CODE',
} as const;
/**
*
*/
export interface TokenPair {
/** 访问令牌 */
access_token: string;
/** 刷新令牌 */
refresh_token: string;
/** 访问令牌过期时间(秒) */
expires_in: number;
/** 令牌类型 */
token_type: string;
}
const MESSAGES = {
LOGIN_SUCCESS: '登录成功',
REGISTER_SUCCESS: '注册成功',
REGISTER_SUCCESS_WITH_ZULIP: '注册成功Zulip账号已同步创建',
GITHUB_LOGIN_SUCCESS: 'GitHub登录成功',
GITHUB_BIND_SUCCESS: 'GitHub账户绑定成功',
PASSWORD_RESET_SUCCESS: '密码重置成功',
PASSWORD_CHANGE_SUCCESS: '密码修改成功',
EMAIL_VERIFICATION_SUCCESS: '邮箱验证成功',
VERIFICATION_CODE_LOGIN_SUCCESS: '验证码登录成功',
TOKEN_REFRESH_SUCCESS: '令牌刷新成功',
DEBUG_INFO_SUCCESS: '调试信息获取成功',
CODE_SENT: '验证码已发送,请查收',
EMAIL_CODE_SENT: '验证码已发送,请查收邮件',
EMAIL_CODE_RESENT: '验证码已重新发送,请查收邮件',
VERIFICATION_CODE_ERROR: '验证码错误',
TEST_MODE_WARNING: '⚠️ 测试模式:验证码已生成但未真实发送。请在控制台查看验证码,或配置邮件服务以启用真实发送。',
} as const;
// JWT相关接口已移至Core层通过import导入
/**
*
@@ -115,13 +120,9 @@ export class LoginService {
constructor(
private readonly loginCoreService: LoginCoreService,
private readonly zulipAccountService: ZulipAccountService,
@Inject('ZulipAccountsRepository')
private readonly zulipAccountsRepository: ZulipAccountsRepository,
@Inject('ZulipAccountsService')
private readonly zulipAccountsService: ZulipAccountsService | ZulipAccountsMemoryService,
private readonly apiKeySecurityService: ApiKeySecurityService,
private readonly jwtService: JwtService,
private readonly configService: ConfigService,
@Inject('UsersService')
private readonly usersService: UsersService,
) {}
/**
@@ -156,8 +157,8 @@ export class LoginService {
// 1. 调用核心服务进行认证
const authResult = await this.loginCoreService.login(loginRequest);
// 2. 生成JWT令牌对
const tokenPair = await this.generateTokenPair(authResult.user);
// 2. 生成JWT令牌对通过Core层
const tokenPair = await this.loginCoreService.generateTokenPair(authResult.user);
// 3. 格式化响应数据
const response: LoginResponse = {
@@ -167,7 +168,7 @@ export class LoginService {
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
is_new_user: authResult.isNewUser,
message: '登录成功'
message: MESSAGES.LOGIN_SUCCESS
};
const duration = Date.now() - startTime;
@@ -184,7 +185,7 @@ export class LoginService {
return {
success: true,
data: response,
message: '登录成功'
message: MESSAGES.LOGIN_SUCCESS
};
} catch (error) {
const duration = Date.now() - startTime;
@@ -201,7 +202,7 @@ export class LoginService {
return {
success: false,
message: err.message || '登录失败',
error_code: 'LOGIN_FAILED'
error_code: ERROR_CODES.LOGIN_FAILED
};
}
}
@@ -271,8 +272,8 @@ export class LoginService {
throw new Error(`注册失败Zulip账号创建失败 - ${err.message}`);
}
// 4. 生成JWT令牌对
const tokenPair = await this.generateTokenPair(authResult.user);
// 4. 生成JWT令牌对通过Core层
const tokenPair = await this.loginCoreService.generateTokenPair(authResult.user);
// 5. 格式化响应数据
const response: LoginResponse = {
@@ -282,7 +283,7 @@ export class LoginService {
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
is_new_user: true,
message: zulipAccountCreated ? '注册成功Zulip账号已同步创建' : '注册成功'
message: zulipAccountCreated ? MESSAGES.REGISTER_SUCCESS_WITH_ZULIP : MESSAGES.REGISTER_SUCCESS
};
const duration = Date.now() - startTime;
@@ -316,7 +317,7 @@ export class LoginService {
return {
success: false,
message: err.message || '注册失败',
error_code: 'REGISTER_FAILED'
error_code: ERROR_CODES.REGISTER_FAILED
};
}
}
@@ -334,8 +335,8 @@ export class LoginService {
// 调用核心服务进行OAuth认证
const authResult = await this.loginCoreService.githubOAuth(oauthRequest);
// 生成JWT令牌对
const tokenPair = await this.generateTokenPair(authResult.user);
// 生成JWT令牌对通过Core层
const tokenPair = await this.loginCoreService.generateTokenPair(authResult.user);
// 格式化响应数据
const response: LoginResponse = {
@@ -345,7 +346,7 @@ export class LoginService {
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
is_new_user: authResult.isNewUser,
message: authResult.isNewUser ? 'GitHub账户绑定成功' : 'GitHub登录成功'
message: authResult.isNewUser ? MESSAGES.GITHUB_BIND_SUCCESS : MESSAGES.GITHUB_LOGIN_SUCCESS
};
this.logger.log(`GitHub OAuth成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
@@ -361,7 +362,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : 'GitHub登录失败',
error_code: 'GITHUB_OAUTH_FAILED'
error_code: ERROR_CODES.GITHUB_OAUTH_FAILED
};
}
}
@@ -381,35 +382,14 @@ export class LoginService {
this.logger.log(`密码重置验证码已发送: ${identifier}`);
// 根据是否为测试模式返回不同的状态和消息 by angjustinl 2025-12-17
if (result.isTestMode) {
// 测试模式:验证码生成但未真实发送
return {
success: false, // 测试模式下不算真正成功
data: {
verification_code: result.code,
is_test_mode: true
},
message: '⚠️ 测试模式:验证码已生成但未真实发送。请在控制台查看验证码,或配置邮件服务以启用真实发送。',
error_code: 'TEST_MODE_ONLY'
};
} else {
// 真实发送模式
return {
success: true,
data: {
is_test_mode: false
},
message: '验证码已发送,请查收'
};
}
return this.handleTestModeResponse(result, MESSAGES.CODE_SENT);
} catch (error) {
this.logger.error(`发送密码重置验证码失败: ${identifier}`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: error instanceof Error ? error.message : '发送验证码失败',
error_code: 'SEND_CODE_FAILED'
error_code: ERROR_CODES.SEND_CODE_FAILED
};
}
}
@@ -431,7 +411,7 @@ export class LoginService {
return {
success: true,
message: '密码重置成功'
message: MESSAGES.PASSWORD_RESET_SUCCESS
};
} catch (error) {
this.logger.error(`密码重置失败: ${resetRequest.identifier}`, error instanceof Error ? error.stack : String(error));
@@ -439,7 +419,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : '密码重置失败',
error_code: 'RESET_PASSWORD_FAILED'
error_code: ERROR_CODES.RESET_PASSWORD_FAILED
};
}
}
@@ -463,7 +443,7 @@ export class LoginService {
return {
success: true,
message: '密码修改成功'
message: MESSAGES.PASSWORD_CHANGE_SUCCESS
};
} catch (error) {
this.logger.error(`修改密码失败: 用户ID ${userId}`, error instanceof Error ? error.stack : String(error));
@@ -471,7 +451,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : '密码修改失败',
error_code: 'CHANGE_PASSWORD_FAILED'
error_code: ERROR_CODES.CHANGE_PASSWORD_FAILED
};
}
}
@@ -491,35 +471,14 @@ export class LoginService {
this.logger.log(`邮箱验证码已发送: ${email}`);
// 根据是否为测试模式返回不同的状态和消息
if (result.isTestMode) {
// 测试模式:验证码生成但未真实发送
return {
success: false, // 测试模式下不算真正成功
data: {
verification_code: result.code,
is_test_mode: true
},
message: '⚠️ 测试模式:验证码已生成但未真实发送。请在控制台查看验证码,或配置邮件服务以启用真实发送。',
error_code: 'TEST_MODE_ONLY'
};
} else {
// 真实发送模式
return {
success: true,
data: {
is_test_mode: false
},
message: '验证码已发送,请查收邮件'
};
}
return this.handleTestModeResponse(result, MESSAGES.CODE_SENT, MESSAGES.EMAIL_CODE_SENT);
} catch (error) {
this.logger.error(`发送邮箱验证码失败: ${email}`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: error instanceof Error ? error.message : '发送验证码失败',
error_code: 'SEND_EMAIL_VERIFICATION_FAILED'
error_code: ERROR_CODES.SEND_EMAIL_VERIFICATION_FAILED
};
}
}
@@ -542,13 +501,13 @@ export class LoginService {
this.logger.log(`邮箱验证成功: ${email}`);
return {
success: true,
message: '邮箱验证成功'
message: MESSAGES.EMAIL_VERIFICATION_SUCCESS
};
} else {
return {
success: false,
message: '验证码错误',
error_code: 'INVALID_VERIFICATION_CODE'
message: MESSAGES.VERIFICATION_CODE_ERROR,
error_code: ERROR_CODES.INVALID_VERIFICATION_CODE
};
}
} catch (error) {
@@ -557,7 +516,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : '邮箱验证失败',
error_code: 'EMAIL_VERIFICATION_FAILED'
error_code: ERROR_CODES.EMAIL_VERIFICATION_FAILED
};
}
}
@@ -577,35 +536,14 @@ export class LoginService {
this.logger.log(`邮箱验证码已重新发送: ${email}`);
// 根据是否为测试模式返回不同的状态和消息
if (result.isTestMode) {
// 测试模式:验证码生成但未真实发送
return {
success: false, // 测试模式下不算真正成功
data: {
verification_code: result.code,
is_test_mode: true
},
message: '⚠️ 测试模式:验证码已生成但未真实发送。请在控制台查看验证码,或配置邮件服务以启用真实发送。',
error_code: 'TEST_MODE_ONLY'
};
} else {
// 真实发送模式
return {
success: true,
data: {
is_test_mode: false
},
message: '验证码已重新发送,请查收邮件'
};
}
return this.handleTestModeResponse(result, MESSAGES.CODE_SENT, MESSAGES.EMAIL_CODE_RESENT);
} catch (error) {
this.logger.error(`重新发送邮箱验证码失败: ${email}`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: error instanceof Error ? error.message : '重新发送验证码失败',
error_code: 'RESEND_EMAIL_VERIFICATION_FAILED'
error_code: ERROR_CODES.RESEND_EMAIL_VERIFICATION_FAILED
};
}
}
@@ -630,273 +568,40 @@ export class LoginService {
}
/**
* JWT令牌对
*
*
*
* 访JWT标准和安全最佳实践
*
*
* 1. 访
* 2.
* 3. 使
* 4.
*
* @param user
* @returns Promise<TokenPair> JWT令牌对
*
* @throws InternalServerErrorException
*
* @example
* ```typescript
* const tokenPair = await this.generateTokenPair(user);
* console.log(tokenPair.access_token); // JWT访问令牌
* console.log(tokenPair.refresh_token); // JWT刷新令牌
* ```
*/
private async generateTokenPair(user: Users): Promise<TokenPair> {
try {
const currentTime = Math.floor(Date.now() / 1000);
const jwtSecret = this.configService.get<string>('JWT_SECRET');
const expiresIn = this.configService.get<string>('JWT_EXPIRES_IN', '7d');
if (!jwtSecret) {
throw new Error('JWT_SECRET未配置');
}
// 1. 创建访问令牌载荷不包含iss和aud这些通过options传递
const accessPayload: Omit<JwtPayload, 'iss' | 'aud' | 'iat' | 'exp'> = {
sub: user.id.toString(),
username: user.username,
role: user.role,
email: user.email,
type: 'access',
};
// 2. 创建刷新令牌载荷(有效期更长)
const refreshPayload: Omit<JwtPayload, 'iss' | 'aud' | 'iat' | 'exp'> = {
sub: user.id.toString(),
username: user.username,
role: user.role,
type: 'refresh',
};
// 3. 生成访问令牌使用NestJS JwtService通过options传递iss和aud
const accessToken = await this.jwtService.signAsync(accessPayload, {
issuer: 'whale-town',
audience: 'whale-town-users',
});
// 4. 生成刷新令牌有效期30天
const refreshToken = jwt.sign(refreshPayload, jwtSecret, {
expiresIn: '30d',
issuer: 'whale-town',
audience: 'whale-town-users',
});
// 5. 计算过期时间(秒)
const expiresInSeconds = this.parseExpirationTime(expiresIn);
this.logger.log('JWT令牌对生成成功', {
operation: 'generateTokenPair',
userId: user.id.toString(),
username: user.username,
expiresIn: expiresInSeconds,
timestamp: new Date().toISOString(),
});
return {
access_token: accessToken,
refresh_token: refreshToken,
expires_in: expiresInSeconds,
token_type: 'Bearer',
};
} catch (error) {
const err = error as Error;
this.logger.error('JWT令牌对生成失败', {
operation: 'generateTokenPair',
userId: user.id.toString(),
error: err.message,
timestamp: new Date().toISOString(),
}, err.stack);
throw new Error(`令牌生成失败: ${err.message}`);
}
}
/**
* JWT令牌
*
*
* JWT令牌的有效性
*
*
* 1.
* 2.
* 3.
* 4.
*
* @param token JWT令牌字符串
* @param tokenType access refresh
* @returns Promise<JwtPayload>
*
* @throws UnauthorizedException
* @throws Error
*/
async verifyToken(token: string, tokenType: 'access' | 'refresh' = 'access'): Promise<JwtPayload> {
try {
const jwtSecret = this.configService.get<string>('JWT_SECRET');
if (!jwtSecret) {
throw new Error('JWT_SECRET未配置');
}
// 1. 验证令牌并解码载荷
const payload = jwt.verify(token, jwtSecret, {
issuer: 'whale-town',
audience: 'whale-town-users',
}) as JwtPayload;
// 2. 验证令牌类型
if (payload.type !== tokenType) {
throw new Error(`令牌类型不匹配,期望: ${tokenType},实际: ${payload.type}`);
}
// 3. 验证载荷完整性
if (!payload.sub || !payload.username || payload.role === undefined) {
throw new Error('令牌载荷数据不完整');
}
this.logger.log('JWT令牌验证成功', {
operation: 'verifyToken',
userId: payload.sub,
username: payload.username,
tokenType: payload.type,
timestamp: new Date().toISOString(),
});
return payload;
} catch (error) {
const err = error as Error;
this.logger.warn('JWT令牌验证失败', {
operation: 'verifyToken',
tokenType,
error: err.message,
timestamp: new Date().toISOString(),
});
throw new Error(`令牌验证失败: ${err.message}`);
}
}
/**
* 访
*
*
* 使访
*
*
* 1.
* 2.
* 3. 访
* 4.
*
* @param refreshToken
* @returns Promise<ApiResponse<TokenPair>>
*
* @throws UnauthorizedException
* @throws NotFoundException
*/
async refreshAccessToken(refreshToken: string): Promise<ApiResponse<TokenPair>> {
const startTime = Date.now();
try {
this.logger.log('开始刷新访问令牌', {
operation: 'refreshAccessToken',
timestamp: new Date().toISOString(),
});
// 1. 验证刷新令牌
const payload = await this.verifyToken(refreshToken, 'refresh');
// 2. 获取最新用户信息
const user = await this.usersService.findOne(BigInt(payload.sub));
if (!user) {
throw new Error('用户不存在或已被禁用');
}
// 3. 生成新的令牌对
const newTokenPair = await this.generateTokenPair(user);
const duration = Date.now() - startTime;
this.logger.log('访问令牌刷新成功', {
operation: 'refreshAccessToken',
userId: user.id.toString(),
username: user.username,
duration,
timestamp: new Date().toISOString(),
});
return {
success: true,
data: newTokenPair,
message: '令牌刷新成功'
};
} catch (error) {
const duration = Date.now() - startTime;
const err = error as Error;
this.logger.error('访问令牌刷新失败', {
operation: 'refreshAccessToken',
error: err.message,
duration,
timestamp: new Date().toISOString(),
}, err.stack);
return {
success: false,
message: err.message || '令牌刷新失败',
error_code: 'TOKEN_REFRESH_FAILED'
};
}
}
/**
*
*
*
* '7d', '24h', '60m'
*
* @param expiresIn
* @returns number
* @param result
* @param successMessage
* @param emailMessage
* @returns
* @private
*/
private parseExpirationTime(expiresIn: string): number {
if (!expiresIn || typeof expiresIn !== 'string') {
return 7 * 24 * 60 * 60; // 默认7天
}
const timeUnit = expiresIn.slice(-1);
const timeValue = parseInt(expiresIn.slice(0, -1));
if (isNaN(timeValue)) {
return 7 * 24 * 60 * 60; // 默认7天
}
switch (timeUnit) {
case 's': return timeValue;
case 'm': return timeValue * 60;
case 'h': return timeValue * 60 * 60;
case 'd': return timeValue * 24 * 60 * 60;
case 'w': return timeValue * 7 * 24 * 60 * 60;
default: return 7 * 24 * 60 * 60; // 默认7天
private handleTestModeResponse(
result: { code: string; isTestMode: boolean },
successMessage: string,
emailMessage?: string
): ApiResponse<{ verification_code?: string; is_test_mode?: boolean }> {
if (result.isTestMode) {
return {
success: false,
data: {
verification_code: result.code,
is_test_mode: true
},
message: MESSAGES.TEST_MODE_WARNING,
error_code: ERROR_CODES.TEST_MODE_ONLY
};
} else {
return {
success: true,
data: {
is_test_mode: false
},
message: emailMessage || successMessage
};
}
}
/**
*
*
@@ -910,8 +615,8 @@ export class LoginService {
// 调用核心服务进行验证码认证
const authResult = await this.loginCoreService.verificationCodeLogin(loginRequest);
// 生成JWT令牌对
const tokenPair = await this.generateTokenPair(authResult.user);
// 生成JWT令牌对通过Core层
const tokenPair = await this.loginCoreService.generateTokenPair(authResult.user);
// 格式化响应数据
const response: LoginResponse = {
@@ -921,7 +626,7 @@ export class LoginService {
expires_in: tokenPair.expires_in,
token_type: tokenPair.token_type,
is_new_user: authResult.isNewUser,
message: '验证码登录成功'
message: MESSAGES.VERIFICATION_CODE_LOGIN_SUCCESS
};
this.logger.log(`验证码登录成功: ${authResult.user.username} (ID: ${authResult.user.id})`);
@@ -929,7 +634,7 @@ export class LoginService {
return {
success: true,
data: response,
message: '验证码登录成功'
message: MESSAGES.VERIFICATION_CODE_LOGIN_SUCCESS
};
} catch (error) {
this.logger.error(`验证码登录失败: ${loginRequest.identifier}`, error instanceof Error ? error.stack : String(error));
@@ -937,7 +642,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : '验证码登录失败',
error_code: 'VERIFICATION_CODE_LOGIN_FAILED'
error_code: ERROR_CODES.VERIFICATION_CODE_LOGIN_FAILED
};
}
}
@@ -957,45 +662,65 @@ export class LoginService {
this.logger.log(`登录验证码已发送: ${identifier}`);
// 根据是否为测试模式返回不同的状态和消息
if (result.isTestMode) {
// 测试模式:验证码生成但未真实发送
return {
success: false, // 测试模式下不算真正成功
data: {
verification_code: result.code,
is_test_mode: true
},
message: '⚠️ 测试模式:验证码已生成但未真实发送。请在控制台查看验证码,或配置邮件服务以启用真实发送。',
error_code: 'TEST_MODE_ONLY'
};
} else {
// 真实发送模式
return {
success: true,
data: {
is_test_mode: false
},
message: '验证码已发送,请查收'
};
}
return this.handleTestModeResponse(result, MESSAGES.CODE_SENT);
} catch (error) {
this.logger.error(`发送登录验证码失败: ${identifier}`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: error instanceof Error ? error.message : '发送验证码失败',
error_code: 'SEND_LOGIN_CODE_FAILED'
error_code: ERROR_CODES.SEND_LOGIN_CODE_FAILED
};
}
}
/**
*
* 访
*
* @param email
* @returns
*
* 使访
*
*
* 1.
* 2.
* 3. JWT令牌对
* 4. 访
*
* @param refreshToken
* @returns Promise<ApiResponse<TokenPair>>
*
* @throws UnauthorizedException
* @throws NotFoundException
*
* @example
* ```typescript
* const result = await loginService.refreshAccessToken('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...');
* ```
*/
async refreshAccessToken(refreshToken: string): Promise<ApiResponse<TokenPair>> {
try {
this.logger.log(`刷新访问令牌尝试`);
// 调用核心服务刷新令牌
const tokenPair = await this.loginCoreService.refreshAccessToken(refreshToken);
this.logger.log(`访问令牌刷新成功`);
return {
success: true,
data: tokenPair,
message: MESSAGES.TOKEN_REFRESH_SUCCESS
};
} catch (error) {
this.logger.error(`访问令牌刷新失败`, error instanceof Error ? error.stack : String(error));
return {
success: false,
message: error instanceof Error ? error.message : '令牌刷新失败',
error_code: ERROR_CODES.TOKEN_REFRESH_FAILED
};
}
}
async debugVerificationCode(email: string): Promise<any> {
try {
this.logger.log(`调试验证码信息: ${email}`);
@@ -1005,7 +730,7 @@ export class LoginService {
return {
success: true,
data: debugInfo,
message: '调试信息获取成功'
message: MESSAGES.DEBUG_INFO_SUCCESS
};
} catch (error) {
this.logger.error(`获取验证码调试信息失败: ${email}`, error instanceof Error ? error.stack : String(error));
@@ -1013,7 +738,7 @@ export class LoginService {
return {
success: false,
message: error instanceof Error ? error.message : '获取调试信息失败',
error_code: 'DEBUG_VERIFICATION_CODE_FAILED'
error_code: ERROR_CODES.DEBUG_VERIFICATION_CODE_FAILED
};
}
}
@@ -1098,7 +823,7 @@ export class LoginService {
try {
// 1. 检查是否已存在Zulip账号关联
const existingAccount = await this.zulipAccountsRepository.findByGameUserId(gameUser.id);
const existingAccount = await this.zulipAccountsService.findByGameUserId(gameUser.id.toString());
if (existingAccount) {
this.logger.warn('用户已存在Zulip账号关联跳过创建', {
operation: 'createZulipAccountForUser',
@@ -1128,8 +853,8 @@ export class LoginService {
}
// 4. 在数据库中创建关联记录
await this.zulipAccountsRepository.create({
gameUserId: gameUser.id,
await this.zulipAccountsService.create({
gameUserId: gameUser.id.toString(),
zulipUserId: createResult.userId!,
zulipEmail: createResult.email!,
zulipFullName: gameUser.nickname,
@@ -1172,7 +897,7 @@ export class LoginService {
// 清理可能创建的部分数据
try {
await this.zulipAccountsRepository.deleteByGameUserId(gameUser.id);
await this.zulipAccountsService.deleteByGameUserId(gameUser.id.toString());
} catch (cleanupError) {
this.logger.warn('清理Zulip账号关联数据失败', {
operation: 'createZulipAccountForUser',

91
src/business/auth/services/login.service.zulip-account.spec.ts → src/business/auth/login.service.zulip-account.spec.ts
View File

@@ -16,24 +16,21 @@
*/
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import * as fc from 'fast-check';
import { LoginService } from './login.service';
import { LoginCoreService, RegisterRequest } from '../../../core/login_core/login_core.service';
import { ZulipAccountService } from '../../../core/zulip/services/zulip_account.service';
import { ZulipAccountsRepository } from '../../../core/db/zulip_accounts/zulip_accounts.repository';
import { ApiKeySecurityService } from '../../../core/zulip/services/api_key_security.service';
import { Users } from '../../../core/db/users/users.entity';
import { ZulipAccounts } from '../../../core/db/zulip_accounts/zulip_accounts.entity';
import { LoginCoreService, RegisterRequest } from '../../core/login_core/login_core.service';
import { ZulipAccountService } from '../../core/zulip_core/services/zulip_account.service';
import { ZulipAccountsService } from '../../core/db/zulip_accounts/zulip_accounts.service';
import { ApiKeySecurityService } from '../../core/zulip_core/services/api_key_security.service';
import { Users } from '../../core/db/users/users.entity';
describe('LoginService - Zulip账号创建属性测试', () => {
let loginService: LoginService;
let loginCoreService: jest.Mocked<LoginCoreService>;
let zulipAccountService: jest.Mocked<ZulipAccountService>;
let zulipAccountsRepository: jest.Mocked<ZulipAccountsRepository>;
let zulipAccountsService: jest.Mocked<ZulipAccountsService>;
let apiKeySecurityService: jest.Mocked<ApiKeySecurityService>;
// 测试用的模拟数据生成器
@@ -62,6 +59,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
const mockLoginCoreService = {
register: jest.fn(),
deleteUser: jest.fn(),
generateTokenPair: jest.fn(),
};
const mockZulipAccountService = {
@@ -70,7 +68,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
linkGameAccount: jest.fn(),
};
const mockZulipAccountsRepository = {
const mockZulipAccountsService = {
findByGameUserId: jest.fn(),
create: jest.fn(),
deleteByGameUserId: jest.fn(),
@@ -92,8 +90,8 @@ describe('LoginService - Zulip账号创建属性测试', () => {
useValue: mockZulipAccountService,
},
{
provide: 'ZulipAccountsRepository',
useValue: mockZulipAccountsRepository,
provide: 'ZulipAccountsService',
useValue: mockZulipAccountsService,
},
{
provide: ApiKeySecurityService,
@@ -140,9 +138,18 @@ describe('LoginService - Zulip账号创建属性测试', () => {
loginService = module.get<LoginService>(LoginService);
loginCoreService = module.get(LoginCoreService);
zulipAccountService = module.get(ZulipAccountService);
zulipAccountsRepository = module.get('ZulipAccountsRepository');
zulipAccountsService = module.get('ZulipAccountsService');
apiKeySecurityService = module.get(ApiKeySecurityService);
// 设置默认的mock返回值
const mockTokenPair = {
access_token: 'mock_access_token',
refresh_token: 'mock_refresh_token',
expires_in: 604800,
token_type: 'Bearer'
};
loginCoreService.generateTokenPair.mockResolvedValue(mockTokenPair);
// Mock LoginService 的 initializeZulipAdminClient 方法
jest.spyOn(loginService as any, 'initializeZulipAdminClient').mockResolvedValue(undefined);
@@ -194,27 +201,28 @@ describe('LoginService - Zulip账号创建属性测试', () => {
apiKey: 'zulip_api_key_' + Math.random().toString(36),
};
const mockZulipAccount: ZulipAccounts = {
id: BigInt(Math.floor(Math.random() * 1000000)),
gameUserId: mockGameUser.id,
const mockZulipAccount = {
id: mockGameUser.id.toString(),
gameUserId: mockGameUser.id.toString(),
zulipUserId: mockZulipResult.userId,
zulipEmail: mockZulipResult.email,
zulipFullName: registerRequest.nickname,
zulipApiKeyEncrypted: 'encrypted_' + mockZulipResult.apiKey,
status: 'active',
createdAt: new Date(),
updatedAt: new Date(),
} as ZulipAccounts;
status: 'active' as const,
retryCount: 0,
createdAt: new Date().toISOString(),
updatedAt: new Date().toISOString(),
};
// 设置模拟行为
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(null);
zulipAccountsService.findByGameUserId.mockResolvedValue(null);
zulipAccountService.createZulipAccount.mockResolvedValue(mockZulipResult);
apiKeySecurityService.storeApiKey.mockResolvedValue(undefined);
zulipAccountsRepository.create.mockResolvedValue(mockZulipAccount);
zulipAccountsService.create.mockResolvedValue(mockZulipAccount);
zulipAccountService.linkGameAccount.mockResolvedValue(true);
// 执行注册
@@ -247,8 +255,8 @@ describe('LoginService - Zulip账号创建属性测试', () => {
);
// 验证账号关联创建
expect(zulipAccountsRepository.create).toHaveBeenCalledWith({
gameUserId: mockGameUser.id,
expect(zulipAccountsService.create).toHaveBeenCalledWith({
gameUserId: mockGameUser.id.toString(),
zulipUserId: mockZulipResult.userId,
zulipEmail: mockZulipResult.email,
zulipFullName: registerRequest.nickname,
@@ -288,7 +296,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
user: mockGameUser,
isNewUser: true,
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(null);
zulipAccountsService.findByGameUserId.mockResolvedValue(null);
zulipAccountService.createZulipAccount.mockResolvedValue({
success: false,
error: 'Zulip服务器连接失败',
@@ -317,7 +325,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
expect(loginCoreService.deleteUser).toHaveBeenCalledWith(mockGameUser.id);
// 验证没有创建账号关联
expect(zulipAccountsRepository.create).not.toHaveBeenCalled();
expect(zulipAccountsService.create).not.toHaveBeenCalled();
expect(zulipAccountService.linkGameAccount).not.toHaveBeenCalled();
}),
{ numRuns: 100 }
@@ -339,24 +347,25 @@ describe('LoginService - Zulip账号创建属性测试', () => {
updated_at: new Date(),
} as Users;
const existingZulipAccount: ZulipAccounts = {
id: BigInt(Math.floor(Math.random() * 1000000)),
gameUserId: mockGameUser.id,
const existingZulipAccount = {
id: Math.floor(Math.random() * 1000000).toString(),
gameUserId: mockGameUser.id.toString(),
zulipUserId: 12345,
zulipEmail: registerRequest.email,
zulipFullName: registerRequest.nickname,
zulipApiKeyEncrypted: 'existing_encrypted_key',
status: 'active',
createdAt: new Date(),
updatedAt: new Date(),
} as ZulipAccounts;
status: 'active' as const,
retryCount: 0,
createdAt: new Date().toISOString(),
updatedAt: new Date().toISOString(),
};
// 设置模拟行为 - 已存在Zulip账号关联
loginCoreService.register.mockResolvedValue({
user: mockGameUser,
isNewUser: true,
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(existingZulipAccount);
zulipAccountsService.findByGameUserId.mockResolvedValue(existingZulipAccount);
// 执行注册
const result = await loginService.register(registerRequest);
@@ -369,11 +378,11 @@ describe('LoginService - Zulip账号创建属性测试', () => {
expect(loginCoreService.register).toHaveBeenCalledWith(registerRequest);
// 验证检查了现有关联
expect(zulipAccountsRepository.findByGameUserId).toHaveBeenCalledWith(mockGameUser.id);
expect(zulipAccountsService.findByGameUserId).toHaveBeenCalledWith(mockGameUser.id.toString());
// 验证没有尝试创建新的Zulip账号
expect(zulipAccountService.createZulipAccount).not.toHaveBeenCalled();
expect(zulipAccountsRepository.create).not.toHaveBeenCalled();
expect(zulipAccountsService.create).not.toHaveBeenCalled();
}),
{ numRuns: 100 }
);
@@ -425,7 +434,7 @@ describe('LoginService - Zulip账号创建属性测试', () => {
// 验证没有尝试创建Zulip账号
expect(zulipAccountService.createZulipAccount).not.toHaveBeenCalled();
expect(zulipAccountsRepository.create).not.toHaveBeenCalled();
expect(zulipAccountsService.create).not.toHaveBeenCalled();
}
),
{ numRuns: 50 }
@@ -525,10 +534,10 @@ describe('LoginService - Zulip账号创建属性测试', () => {
user: mockGameUser,
isNewUser: true,
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(null);
zulipAccountsService.findByGameUserId.mockResolvedValue(null);
zulipAccountService.createZulipAccount.mockResolvedValue(mockZulipResult);
apiKeySecurityService.storeApiKey.mockResolvedValue(undefined);
zulipAccountsRepository.create.mockResolvedValue({} as ZulipAccounts);
zulipAccountsService.create.mockResolvedValue({} as any);
zulipAccountService.linkGameAccount.mockResolvedValue(true);
// 执行注册
@@ -542,9 +551,9 @@ describe('LoginService - Zulip账号创建属性测试', () => {
});
// 验证账号关联存储了正确的数据
expect(zulipAccountsRepository.create).toHaveBeenCalledWith(
expect(zulipAccountsService.create).toHaveBeenCalledWith(
expect.objectContaining({
gameUserId: mockGameUser.id,
gameUserId: mockGameUser.id.toString(),
zulipUserId: mockZulipResult.userId,
zulipEmail: registerRequest.email, // 相同的邮箱
zulipFullName: registerRequest.nickname, // 相同的昵称

17
src/business/auth/dto/login_response.dto.ts → src/business/auth/login_response.dto.ts
View File

@@ -6,9 +6,19 @@
* - Swagger文档生成支持
* - API响应的数据格式一致性
*
*
* -
* - API文档支持
* -
*
*
* - 2026-01-07: 代码规范优化 -
* - 2026-01-07: 代码规范优化 -
*
* @author moyin
* @version 1.0.0
* @version 1.0.2
* @since 2025-12-17
* @lastModified 2026-01-07
*/
import { ApiProperty } from '@nestjs/swagger';
@@ -335,7 +345,10 @@ export class CommonResponseDto {
}
/**
* DTO by angjustinl 2025-12-17
* DTO
*
*
* - 2025-12-17: 功能新增 - DTO (修改者: angjustinl)
*/
export class TestModeEmailVerificationResponseDto {
@ApiProperty({

763
src/business/auth/services/login.service.spec.ts
View File

@@ -1,763 +0,0 @@
/**
* 登录业务服务测试
*
* 功能描述:
* - 测试登录相关的业务逻辑
* - 测试JWT令牌生成和验证
* - 测试令牌刷新功能
* - 测试各种异常情况处理
*
* @author kiro-ai
* @version 1.0.0
* @since 2025-01-06
*/
import { Test, TestingModule } from '@nestjs/testing';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import { LoginService } from './login.service';
import { LoginCoreService } from '../../../core/login_core/login_core.service';
import { UsersService } from '../../../core/db/users/users.service';
import { ZulipAccountService } from '../../../core/zulip/services/zulip_account.service';
import { ZulipAccountsRepository } from '../../../core/db/zulip_accounts/zulip_accounts.repository';
import { ApiKeySecurityService } from '../../../core/zulip/services/api_key_security.service';
import * as jwt from 'jsonwebtoken';
// Mock jwt module
jest.mock('jsonwebtoken', () => ({
sign: jest.fn(),
verify: jest.fn(),
}));
describe('LoginService', () => {
let service: LoginService;
let loginCoreService: jest.Mocked<LoginCoreService>;
let jwtService: jest.Mocked<JwtService>;
let configService: jest.Mocked<ConfigService>;
let usersService: jest.Mocked<UsersService>;
let zulipAccountService: jest.Mocked<ZulipAccountService>;
let zulipAccountsRepository: jest.Mocked<ZulipAccountsRepository>;
let apiKeySecurityService: jest.Mocked<ApiKeySecurityService>;
const mockUser = {
id: BigInt(1),
username: 'testuser',
email: 'test@example.com',
phone: '+8613800138000',
password_hash: '$2b$12$hashedpassword',
nickname: '测试用户',
github_id: null as string | null,
avatar_url: null as string | null,
role: 1,
email_verified: false,
status: 'active' as any,
created_at: new Date(),
updated_at: new Date()
};
const mockJwtSecret = 'test_jwt_secret_key_for_testing_32chars';
const mockAccessToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwidXNlcm5hbWUiOiJ0ZXN0dXNlciIsInJvbGUiOjEsInR5cGUiOiJhY2Nlc3MiLCJpYXQiOjE2NDA5OTUyMDAsImlzcyI6IndoYWxlLXRvd24iLCJhdWQiOiJ3aGFsZS10b3duLXVzZXJzIn0.test';
const mockRefreshToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwidXNlcm5hbWUiOiJ0ZXN0dXNlciIsInJvbGUiOjEsInR5cGUiOiJyZWZyZXNoIiwiaWF0IjoxNjQwOTk1MjAwLCJpc3MiOiJ3aGFsZS10b3duIiwiYXVkIjoid2hhbGUtdG93bi11c2VycyJ9.test';
beforeEach(async () => {
// Mock environment variables for Zulip
const originalEnv = process.env;
process.env = {
...originalEnv,
ZULIP_SERVER_URL: 'https://test.zulipchat.com',
ZULIP_BOT_EMAIL: 'test-bot@test.zulipchat.com',
ZULIP_BOT_API_KEY: 'test_api_key_12345',
};
const mockLoginCoreService = {
login: jest.fn(),
register: jest.fn(),
githubOAuth: jest.fn(),
sendPasswordResetCode: jest.fn(),
resetPassword: jest.fn(),
changePassword: jest.fn(),
sendEmailVerification: jest.fn(),
verifyEmailCode: jest.fn(),
resendEmailVerification: jest.fn(),
verificationCodeLogin: jest.fn(),
sendLoginVerificationCode: jest.fn(),
debugVerificationCode: jest.fn(),
deleteUser: jest.fn(),
};
const mockJwtService = {
signAsync: jest.fn(),
verifyAsync: jest.fn(),
};
const mockConfigService = {
get: jest.fn(),
};
const mockUsersService = {
findOne: jest.fn(),
};
const mockZulipAccountService = {
initializeAdminClient: jest.fn(),
createZulipAccount: jest.fn(),
linkGameAccount: jest.fn(),
};
const mockZulipAccountsRepository = {
findByGameUserId: jest.fn(),
create: jest.fn(),
deleteByGameUserId: jest.fn(),
};
const mockApiKeySecurityService = {
storeApiKey: jest.fn(),
};
const module: TestingModule = await Test.createTestingModule({
providers: [
LoginService,
{
provide: LoginCoreService,
useValue: mockLoginCoreService,
},
{
provide: JwtService,
useValue: mockJwtService,
},
{
provide: ConfigService,
useValue: mockConfigService,
},
{
provide: 'UsersService',
useValue: mockUsersService,
},
{
provide: ZulipAccountService,
useValue: mockZulipAccountService,
},
{
provide: 'ZulipAccountsRepository',
useValue: mockZulipAccountsRepository,
},
{
provide: ApiKeySecurityService,
useValue: mockApiKeySecurityService,
},
],
}).compile();
service = module.get<LoginService>(LoginService);
loginCoreService = module.get(LoginCoreService);
jwtService = module.get(JwtService);
configService = module.get(ConfigService);
usersService = module.get('UsersService');
zulipAccountService = module.get(ZulipAccountService);
zulipAccountsRepository = module.get('ZulipAccountsRepository');
apiKeySecurityService = module.get(ApiKeySecurityService);
// Setup default config service mocks
configService.get.mockImplementation((key: string, defaultValue?: any) => {
const config = {
'JWT_SECRET': mockJwtSecret,
'JWT_EXPIRES_IN': '7d',
};
return config[key] || defaultValue;
});
// Setup default JWT service mocks
jwtService.signAsync.mockResolvedValue(mockAccessToken);
(jwt.sign as jest.Mock).mockReturnValue(mockRefreshToken);
// Setup default Zulip mocks
zulipAccountService.initializeAdminClient.mockResolvedValue(true);
zulipAccountService.createZulipAccount.mockResolvedValue({
success: true,
userId: 123,
email: 'test@example.com',
apiKey: 'mock_api_key'
});
zulipAccountsRepository.findByGameUserId.mockResolvedValue(null);
zulipAccountsRepository.create.mockResolvedValue({} as any);
apiKeySecurityService.storeApiKey.mockResolvedValue(undefined);
});
afterEach(() => {
jest.clearAllMocks();
// Restore original environment variables
jest.restoreAllMocks();
});
it('should be defined', () => {
expect(service).toBeDefined();
});
describe('login', () => {
it('should login successfully and return JWT tokens', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800); // 7 days in seconds
expect(result.data?.token_type).toBe('Bearer');
expect(result.data?.is_new_user).toBe(false);
expect(result.message).toBe('登录成功');
// Verify JWT service was called correctly
expect(jwtService.signAsync).toHaveBeenCalledWith({
sub: '1',
username: 'testuser',
role: 1,
email: 'test@example.com',
type: 'access',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
});
expect(jwt.sign).toHaveBeenCalledWith(
{
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
},
mockJwtSecret,
{
expiresIn: '30d',
}
);
});
it('should handle login failure', async () => {
loginCoreService.login.mockRejectedValue(new Error('用户名或密码错误'));
const result = await service.login({
identifier: 'testuser',
password: 'wrongpassword'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toBe('用户名或密码错误');
});
it('should handle JWT generation failure', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
jwtService.signAsync.mockRejectedValue(new Error('JWT generation failed'));
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toContain('JWT generation failed');
});
it('should handle missing JWT secret', async () => {
loginCoreService.login.mockResolvedValue({
user: mockUser,
isNewUser: false
});
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
if (key === 'JWT_EXPIRES_IN') return '7d';
return undefined;
});
const result = await service.login({
identifier: 'testuser',
password: 'password123'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('LOGIN_FAILED');
expect(result.message).toContain('JWT_SECRET未配置');
});
});
describe('register', () => {
it('should register successfully with JWT tokens', async () => {
loginCoreService.register.mockResolvedValue({
user: mockUser,
isNewUser: true
});
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户',
email: 'test@example.com'
});
expect(result.success).toBe(true);
expect(result.data?.user.username).toBe('testuser');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800);
expect(result.data?.token_type).toBe('Bearer');
expect(result.data?.is_new_user).toBe(true);
expect(result.message).toBe('注册成功Zulip账号已同步创建');
});
it('should register successfully without email', async () => {
loginCoreService.register.mockResolvedValue({
user: { ...mockUser, email: null },
isNewUser: true
});
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户'
});
expect(result.success).toBe(true);
expect(result.data?.message).toBe('注册成功');
// Should not try to create Zulip account without email
expect(zulipAccountService.createZulipAccount).not.toHaveBeenCalled();
});
it('should handle Zulip account creation failure and rollback', async () => {
loginCoreService.register.mockResolvedValue({
user: mockUser,
isNewUser: true
});
zulipAccountService.createZulipAccount.mockResolvedValue({
success: false,
error: 'Zulip creation failed'
});
loginCoreService.deleteUser.mockResolvedValue(undefined);
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户',
email: 'test@example.com'
});
expect(result.success).toBe(false);
expect(result.message).toContain('Zulip账号创建失败');
expect(loginCoreService.deleteUser).toHaveBeenCalledWith(mockUser.id);
});
it('should handle register failure', async () => {
loginCoreService.register.mockRejectedValue(new Error('用户名已存在'));
const result = await service.register({
username: 'testuser',
password: 'password123',
nickname: '测试用户'
});
expect(result.success).toBe(false);
expect(result.error_code).toBe('REGISTER_FAILED');
expect(result.message).toBe('用户名已存在');
});
});
describe('verifyToken', () => {
const mockPayload = {
sub: '1',
username: 'testuser',
role: 1,
type: 'access' as const,
iat: Math.floor(Date.now() / 1000),
iss: 'whale-town',
aud: 'whale-town-users',
};
it('should verify access token successfully', async () => {
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
const result = await service.verifyToken(mockAccessToken, 'access');
expect(result).toEqual(mockPayload);
expect(jwt.verify).toHaveBeenCalledWith(
mockAccessToken,
mockJwtSecret,
{
issuer: 'whale-town',
audience: 'whale-town-users',
}
);
});
it('should verify refresh token successfully', async () => {
const refreshPayload = { ...mockPayload, type: 'refresh' as const };
(jwt.verify as jest.Mock).mockReturnValue(refreshPayload);
const result = await service.verifyToken(mockRefreshToken, 'refresh');
expect(result).toEqual(refreshPayload);
});
it('should throw error for invalid token', async () => {
(jwt.verify as jest.Mock).mockImplementation(() => {
throw new Error('invalid token');
});
await expect(service.verifyToken('invalid_token')).rejects.toThrow('令牌验证失败: invalid token');
});
it('should throw error for token type mismatch', async () => {
const refreshPayload = { ...mockPayload, type: 'refresh' as const };
(jwt.verify as jest.Mock).mockReturnValue(refreshPayload);
await expect(service.verifyToken(mockRefreshToken, 'access')).rejects.toThrow('令牌类型不匹配');
});
it('should throw error for incomplete payload', async () => {
const incompletePayload = { sub: '1', type: 'access' }; // missing username and role
(jwt.verify as jest.Mock).mockReturnValue(incompletePayload);
await expect(service.verifyToken(mockAccessToken)).rejects.toThrow('令牌载荷数据不完整');
});
it('should throw error when JWT secret is missing', async () => {
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
return undefined;
});
await expect(service.verifyToken(mockAccessToken)).rejects.toThrow('JWT_SECRET未配置');
});
});
describe('refreshAccessToken', () => {
const mockRefreshPayload = {
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh' as const,
iat: Math.floor(Date.now() / 1000),
iss: 'whale-town',
aud: 'whale-town-users',
};
beforeEach(() => {
(jwt.verify as jest.Mock).mockReturnValue(mockRefreshPayload);
usersService.findOne.mockResolvedValue(mockUser);
});
it('should refresh access token successfully', async () => {
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(true);
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.expires_in).toBe(604800);
expect(result.data?.token_type).toBe('Bearer');
expect(result.message).toBe('令牌刷新成功');
expect(jwt.verify).toHaveBeenCalledWith(
mockRefreshToken,
mockJwtSecret,
{
issuer: 'whale-town',
audience: 'whale-town-users',
}
);
expect(usersService.findOne).toHaveBeenCalledWith(BigInt(1));
});
it('should handle invalid refresh token', async () => {
(jwt.verify as jest.Mock).mockImplementation(() => {
throw new Error('invalid token');
});
const result = await service.refreshAccessToken('invalid_token');
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('invalid token');
});
it('should handle user not found', async () => {
usersService.findOne.mockResolvedValue(null);
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toBe('用户不存在或已被禁用');
});
it('should handle user service error', async () => {
usersService.findOne.mockRejectedValue(new Error('Database error'));
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('Database error');
});
it('should handle JWT generation error during refresh', async () => {
jwtService.signAsync.mockRejectedValue(new Error('JWT generation failed'));
const result = await service.refreshAccessToken(mockRefreshToken);
expect(result.success).toBe(false);
expect(result.error_code).toBe('TOKEN_REFRESH_FAILED');
expect(result.message).toContain('JWT generation failed');
});
});
describe('parseExpirationTime', () => {
it('should parse seconds correctly', () => {
const result = (service as any).parseExpirationTime('30s');
expect(result).toBe(30);
});
it('should parse minutes correctly', () => {
const result = (service as any).parseExpirationTime('5m');
expect(result).toBe(300);
});
it('should parse hours correctly', () => {
const result = (service as any).parseExpirationTime('2h');
expect(result).toBe(7200);
});
it('should parse days correctly', () => {
const result = (service as any).parseExpirationTime('7d');
expect(result).toBe(604800);
});
it('should parse weeks correctly', () => {
const result = (service as any).parseExpirationTime('2w');
expect(result).toBe(1209600);
});
it('should return default for invalid format', () => {
const result = (service as any).parseExpirationTime('invalid');
expect(result).toBe(604800); // 7 days default
});
});
describe('generateTokenPair', () => {
it('should generate token pair successfully', async () => {
const result = await (service as any).generateTokenPair(mockUser);
expect(result.access_token).toBe(mockAccessToken);
expect(result.refresh_token).toBe(mockRefreshToken);
expect(result.expires_in).toBe(604800);
expect(result.token_type).toBe('Bearer');
expect(jwtService.signAsync).toHaveBeenCalledWith({
sub: '1',
username: 'testuser',
role: 1,
email: 'test@example.com',
type: 'access',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
});
expect(jwt.sign).toHaveBeenCalledWith(
{
sub: '1',
username: 'testuser',
role: 1,
type: 'refresh',
iat: expect.any(Number),
iss: 'whale-town',
aud: 'whale-town-users',
},
mockJwtSecret,
{
expiresIn: '30d',
}
);
});
it('should handle missing JWT secret', async () => {
configService.get.mockImplementation((key: string) => {
if (key === 'JWT_SECRET') return undefined;
if (key === 'JWT_EXPIRES_IN') return '7d';
return undefined;
});
await expect((service as any).generateTokenPair(mockUser)).rejects.toThrow('令牌生成失败: JWT_SECRET未配置');
});
it('should handle JWT service error', async () => {
jwtService.signAsync.mockRejectedValue(new Error('JWT service error'));
await expect((service as any).generateTokenPair(mockUser)).rejects.toThrow('令牌生成失败: JWT service error');
});
});
describe('formatUserInfo', () => {
it('should format user info correctly', () => {
const formattedUser = (service as any).formatUserInfo(mockUser);
expect(formattedUser).toEqual({
id: '1',
username: 'testuser',
nickname: '测试用户',
email: 'test@example.com',
phone: '+8613800138000',
avatar_url: null,
role: 1,
created_at: mockUser.created_at
});
});
});
describe('other methods', () => {
it('should handle githubOAuth successfully', async () => {
loginCoreService.githubOAuth.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.githubOAuth({
github_id: '12345',
username: 'testuser',
nickname: '测试用户',
email: 'test@example.com'
});
expect(result.success).toBe(true);
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.message).toBe('GitHub登录成功');
});
it('should handle verificationCodeLogin successfully', async () => {
loginCoreService.verificationCodeLogin.mockResolvedValue({
user: mockUser,
isNewUser: false
});
const result = await service.verificationCodeLogin({
identifier: 'test@example.com',
verificationCode: '123456'
});
expect(result.success).toBe(true);
expect(result.data?.user.email).toBe('test@example.com');
expect(result.data?.access_token).toBe(mockAccessToken);
expect(result.data?.refresh_token).toBe(mockRefreshToken);
expect(result.data?.message).toBe('验证码登录成功');
});
it('should handle sendPasswordResetCode in test mode', async () => {
loginCoreService.sendPasswordResetCode.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendPasswordResetCode('test@example.com');
expect(result.success).toBe(false); // Test mode returns false
expect(result.data?.verification_code).toBe('123456');
expect(result.data?.is_test_mode).toBe(true);
expect(result.error_code).toBe('TEST_MODE_ONLY');
});
it('should handle resetPassword successfully', async () => {
loginCoreService.resetPassword.mockResolvedValue(undefined);
const result = await service.resetPassword({
identifier: 'test@example.com',
verificationCode: '123456',
newPassword: 'newpassword123'
});
expect(result.success).toBe(true);
expect(result.message).toBe('密码重置成功');
});
it('should handle changePassword successfully', async () => {
loginCoreService.changePassword.mockResolvedValue(undefined);
const result = await service.changePassword(
BigInt(1),
'oldpassword',
'newpassword123'
);
expect(result.success).toBe(true);
expect(result.message).toBe('密码修改成功');
});
it('should handle sendEmailVerification in test mode', async () => {
loginCoreService.sendEmailVerification.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendEmailVerification('test@example.com');
expect(result.success).toBe(false);
expect(result.data?.verification_code).toBe('123456');
expect(result.error_code).toBe('TEST_MODE_ONLY');
});
it('should handle verifyEmailCode successfully', async () => {
loginCoreService.verifyEmailCode.mockResolvedValue(true);
const result = await service.verifyEmailCode('test@example.com', '123456');
expect(result.success).toBe(true);
expect(result.message).toBe('邮箱验证成功');
});
it('should handle sendLoginVerificationCode successfully', async () => {
loginCoreService.sendLoginVerificationCode.mockResolvedValue({
code: '123456',
isTestMode: true
});
const result = await service.sendLoginVerificationCode('test@example.com');
expect(result.success).toBe(false); // 测试模式下返回false
expect(result.data?.verification_code).toBe('123456');
expect(result.error_code).toBe('TEST_MODE_ONLY');
});
it('should handle debugVerificationCode successfully', async () => {
const mockDebugInfo = {
email: 'test@example.com',
code: '123456',
expiresAt: new Date(),
attempts: 0
};
loginCoreService.debugVerificationCode.mockResolvedValue(mockDebugInfo);
const result = await service.debugVerificationCode('test@example.com');
expect(result.success).toBe(true);
expect(result.data).toEqual(mockDebugInfo);
expect(result.message).toBe('调试信息获取成功');
});
});
});