mirror of
https://github.com/NanmiCoder/cc-haha
synced 2026-07-17 13:13:35 +08:00
The desktop chat store was dropping the previous assistant draft when a new user turn began because streaming text was cleared before it was flushed into message history. At the same time, the desktop OAuth flow was using an unregistered /api/haha-oauth/callback redirect URI, which caused provider authorization failures. This change flushes visible assistant drafts before starting a new turn, restores the OAuth redirect to the registered localhost callback, and adds a root callback handler while keeping the legacy API callback path compatible. Constraint: The OAuth provider only accepts the registered localhost /callback redirect URI Rejected: Keep the desktop-specific /api/haha-oauth/callback path | provider rejects unsupported redirect URIs Rejected: Rely on message_complete to persist visible assistant text | next user turn can begin before that event arrives Confidence: high Scope-risk: moderate Directive: Any UI-visible assistant draft must be flushed into messages before a new user turn resets streaming state Tested: bun test src/server/__tests__/haha-oauth-service.test.ts src/server/__tests__/haha-oauth-api.test.ts src/server/__tests__/conversation-service.test.ts Tested: cd desktop && bun run test src/stores/chatStore.test.ts Tested: cd desktop && bun run lint Not-tested: Manual end-to-end desktop OAuth login after reinstall
147 lines
4.7 KiB
TypeScript
147 lines
4.7 KiB
TypeScript
/**
|
|
* Integration tests for /api/haha-oauth/* endpoints.
|
|
*/
|
|
|
|
import { describe, test, expect, beforeEach, afterEach } from 'bun:test'
|
|
import * as fs from 'fs/promises'
|
|
import * as path from 'path'
|
|
import * as os from 'os'
|
|
import { handleHahaOAuthApi } from '../api/haha-oauth.js'
|
|
import { hahaOAuthService } from '../services/hahaOAuthService.js'
|
|
|
|
let tmpDir: string
|
|
let originalConfigDir: string | undefined
|
|
|
|
async function setup() {
|
|
tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'haha-oauth-api-test-'))
|
|
originalConfigDir = process.env.CLAUDE_CONFIG_DIR
|
|
process.env.CLAUDE_CONFIG_DIR = tmpDir
|
|
}
|
|
|
|
async function teardown() {
|
|
if (originalConfigDir === undefined) {
|
|
delete process.env.CLAUDE_CONFIG_DIR
|
|
} else {
|
|
process.env.CLAUDE_CONFIG_DIR = originalConfigDir
|
|
}
|
|
await fs.rm(tmpDir, { recursive: true, force: true })
|
|
}
|
|
|
|
function buildReq(
|
|
method: string,
|
|
pathname: string,
|
|
body?: unknown,
|
|
): { req: Request; url: URL; segments: string[] } {
|
|
const url = new URL(`http://localhost:3456${pathname}`)
|
|
const req = new Request(url.toString(), {
|
|
method,
|
|
headers: body ? { 'Content-Type': 'application/json' } : undefined,
|
|
body: body ? JSON.stringify(body) : undefined,
|
|
})
|
|
const segments = url.pathname.split('/').filter(Boolean)
|
|
return { req, url, segments }
|
|
}
|
|
|
|
describe('POST /api/haha-oauth/start', () => {
|
|
beforeEach(setup)
|
|
afterEach(teardown)
|
|
|
|
test('returns authorize URL with PKCE challenge', async () => {
|
|
const { req, url, segments } = buildReq('POST', '/api/haha-oauth/start', {
|
|
serverPort: 54321,
|
|
})
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
expect(res.status).toBe(200)
|
|
const data = (await res.json()) as { authorizeUrl: string; state: string }
|
|
expect(data.authorizeUrl).toContain('code_challenge_method=S256')
|
|
expect(data.authorizeUrl).toContain(
|
|
encodeURIComponent('http://localhost:54321/callback'),
|
|
)
|
|
expect(data.state).toMatch(/^[A-Za-z0-9_-]+$/)
|
|
})
|
|
|
|
test('400 if serverPort missing', async () => {
|
|
const { req, url, segments } = buildReq('POST', '/api/haha-oauth/start', {})
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
expect(res.status).toBe(400)
|
|
const body = (await res.json()) as { error: string; message?: string }
|
|
expect(body.error).toBe('BAD_REQUEST')
|
|
})
|
|
})
|
|
|
|
describe('GET /api/haha-oauth/status', () => {
|
|
beforeEach(setup)
|
|
afterEach(teardown)
|
|
|
|
test('returns loggedIn=false when no token file', async () => {
|
|
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
expect(res.status).toBe(200)
|
|
const data = (await res.json()) as { loggedIn: boolean }
|
|
expect(data.loggedIn).toBe(false)
|
|
})
|
|
|
|
test('returns loggedIn=true + metadata when token saved', async () => {
|
|
await hahaOAuthService.saveTokens({
|
|
accessToken: 'sk-ant-oat01-xxx',
|
|
refreshToken: 'sk-ant-ort01-xxx',
|
|
expiresAt: Date.now() + 3600_000,
|
|
scopes: ['user:inference'],
|
|
subscriptionType: 'max',
|
|
})
|
|
|
|
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
expect(res.status).toBe(200)
|
|
const data = (await res.json()) as {
|
|
loggedIn: boolean
|
|
subscriptionType: string | null
|
|
scopes: string[]
|
|
}
|
|
expect(data.loggedIn).toBe(true)
|
|
expect(data.subscriptionType).toBe('max')
|
|
expect(data.scopes).toEqual(['user:inference'])
|
|
expect(JSON.stringify(data)).not.toContain('sk-ant-oat01')
|
|
expect(JSON.stringify(data)).not.toContain('sk-ant-ort01')
|
|
})
|
|
|
|
test('returns loggedIn=false when stored token is expired and refresh fails', async () => {
|
|
await hahaOAuthService.saveTokens({
|
|
accessToken: 'expired-token',
|
|
refreshToken: 'revoked-refresh-token',
|
|
expiresAt: Date.now() - 1_000,
|
|
scopes: ['user:inference'],
|
|
subscriptionType: 'max',
|
|
})
|
|
hahaOAuthService.setRefreshFn(async () => {
|
|
throw new Error('refresh revoked')
|
|
})
|
|
|
|
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
|
|
expect(res.status).toBe(200)
|
|
expect(await res.json()).toEqual({ loggedIn: false })
|
|
})
|
|
})
|
|
|
|
describe('DELETE /api/haha-oauth', () => {
|
|
beforeEach(setup)
|
|
afterEach(teardown)
|
|
|
|
test('clears token file', async () => {
|
|
await hahaOAuthService.saveTokens({
|
|
accessToken: 'a',
|
|
refreshToken: null,
|
|
expiresAt: null,
|
|
scopes: [],
|
|
subscriptionType: null,
|
|
})
|
|
|
|
const { req, url, segments } = buildReq('DELETE', '/api/haha-oauth')
|
|
const res = await handleHahaOAuthApi(req, url, segments)
|
|
expect(res.status).toBe(200)
|
|
expect(await hahaOAuthService.loadTokens()).toBeNull()
|
|
})
|
|
})
|