cc-haha/src/server/__tests__/haha-oauth-api.test.ts
程序员阿江(Relakkes) 9d29d8e32c Keep desktop replies stable across turns and fix OAuth callback routing
The desktop chat store was dropping the previous assistant draft when a new user turn began because streaming text was cleared before it was flushed into message history. At the same time, the desktop OAuth flow was using an unregistered /api/haha-oauth/callback redirect URI, which caused provider authorization failures. This change flushes visible assistant drafts before starting a new turn, restores the OAuth redirect to the registered localhost callback, and adds a root callback handler while keeping the legacy API callback path compatible.

Constraint: The OAuth provider only accepts the registered localhost /callback redirect URI
Rejected: Keep the desktop-specific /api/haha-oauth/callback path | provider rejects unsupported redirect URIs
Rejected: Rely on message_complete to persist visible assistant text | next user turn can begin before that event arrives
Confidence: high
Scope-risk: moderate
Directive: Any UI-visible assistant draft must be flushed into messages before a new user turn resets streaming state
Tested: bun test src/server/__tests__/haha-oauth-service.test.ts src/server/__tests__/haha-oauth-api.test.ts src/server/__tests__/conversation-service.test.ts
Tested: cd desktop && bun run test src/stores/chatStore.test.ts
Tested: cd desktop && bun run lint
Not-tested: Manual end-to-end desktop OAuth login after reinstall
2026-04-18 17:01:53 +08:00

147 lines
4.7 KiB
TypeScript

/**
* Integration tests for /api/haha-oauth/* endpoints.
*/
import { describe, test, expect, beforeEach, afterEach } from 'bun:test'
import * as fs from 'fs/promises'
import * as path from 'path'
import * as os from 'os'
import { handleHahaOAuthApi } from '../api/haha-oauth.js'
import { hahaOAuthService } from '../services/hahaOAuthService.js'
let tmpDir: string
let originalConfigDir: string | undefined
async function setup() {
tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'haha-oauth-api-test-'))
originalConfigDir = process.env.CLAUDE_CONFIG_DIR
process.env.CLAUDE_CONFIG_DIR = tmpDir
}
async function teardown() {
if (originalConfigDir === undefined) {
delete process.env.CLAUDE_CONFIG_DIR
} else {
process.env.CLAUDE_CONFIG_DIR = originalConfigDir
}
await fs.rm(tmpDir, { recursive: true, force: true })
}
function buildReq(
method: string,
pathname: string,
body?: unknown,
): { req: Request; url: URL; segments: string[] } {
const url = new URL(`http://localhost:3456${pathname}`)
const req = new Request(url.toString(), {
method,
headers: body ? { 'Content-Type': 'application/json' } : undefined,
body: body ? JSON.stringify(body) : undefined,
})
const segments = url.pathname.split('/').filter(Boolean)
return { req, url, segments }
}
describe('POST /api/haha-oauth/start', () => {
beforeEach(setup)
afterEach(teardown)
test('returns authorize URL with PKCE challenge', async () => {
const { req, url, segments } = buildReq('POST', '/api/haha-oauth/start', {
serverPort: 54321,
})
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(200)
const data = (await res.json()) as { authorizeUrl: string; state: string }
expect(data.authorizeUrl).toContain('code_challenge_method=S256')
expect(data.authorizeUrl).toContain(
encodeURIComponent('http://localhost:54321/callback'),
)
expect(data.state).toMatch(/^[A-Za-z0-9_-]+$/)
})
test('400 if serverPort missing', async () => {
const { req, url, segments } = buildReq('POST', '/api/haha-oauth/start', {})
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(400)
const body = (await res.json()) as { error: string; message?: string }
expect(body.error).toBe('BAD_REQUEST')
})
})
describe('GET /api/haha-oauth/status', () => {
beforeEach(setup)
afterEach(teardown)
test('returns loggedIn=false when no token file', async () => {
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(200)
const data = (await res.json()) as { loggedIn: boolean }
expect(data.loggedIn).toBe(false)
})
test('returns loggedIn=true + metadata when token saved', async () => {
await hahaOAuthService.saveTokens({
accessToken: 'sk-ant-oat01-xxx',
refreshToken: 'sk-ant-ort01-xxx',
expiresAt: Date.now() + 3600_000,
scopes: ['user:inference'],
subscriptionType: 'max',
})
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(200)
const data = (await res.json()) as {
loggedIn: boolean
subscriptionType: string | null
scopes: string[]
}
expect(data.loggedIn).toBe(true)
expect(data.subscriptionType).toBe('max')
expect(data.scopes).toEqual(['user:inference'])
expect(JSON.stringify(data)).not.toContain('sk-ant-oat01')
expect(JSON.stringify(data)).not.toContain('sk-ant-ort01')
})
test('returns loggedIn=false when stored token is expired and refresh fails', async () => {
await hahaOAuthService.saveTokens({
accessToken: 'expired-token',
refreshToken: 'revoked-refresh-token',
expiresAt: Date.now() - 1_000,
scopes: ['user:inference'],
subscriptionType: 'max',
})
hahaOAuthService.setRefreshFn(async () => {
throw new Error('refresh revoked')
})
const { req, url, segments } = buildReq('GET', '/api/haha-oauth/status')
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(200)
expect(await res.json()).toEqual({ loggedIn: false })
})
})
describe('DELETE /api/haha-oauth', () => {
beforeEach(setup)
afterEach(teardown)
test('clears token file', async () => {
await hahaOAuthService.saveTokens({
accessToken: 'a',
refreshToken: null,
expiresAt: null,
scopes: [],
subscriptionType: null,
})
const { req, url, segments } = buildReq('DELETE', '/api/haha-oauth')
const res = await handleHahaOAuthApi(req, url, segments)
expect(res.status).toBe(200)
expect(await hahaOAuthService.loadTokens()).toBeNull()
})
})