feat: support real browser auth import

2026-06-02 13:51:29 +08:00
parent f4d16a4c01
commit 84148f4a69
22 changed files with 1651 additions and 111 deletions
@@ -36,11 +36,17 @@ def test_dot_prefix_exact_match():
    assert _cookie_matches_hostname(".saki.lat", "saki.lat")


-def test_no_domain_matches_all():
-    """空 domain 视为不限制。"""
+def test_no_domain_cookie_matches_any_hostname():
+    """空 cookie domain（无限制）应对任意 hostname 返回 True。"""
    assert _cookie_matches_hostname("", "anything.example.com")


+def test_empty_hostname_rejects_all():
+    """hostname 为空时，所有有 domain 的 cookie 都应被保守拒绝。"""
+    assert not _cookie_matches_hostname(".saki.lat", "")
+    assert not _cookie_matches_hostname("saki.lat", "")
+
+
 def test_different_domain_no_match():
    assert not _cookie_matches_hostname(".example.com", "saki.lat")

@@ -210,3 +216,57 @@ def test_new_api_user_propagated_to_bundle():
    )
    bundle = next(c for c in candidates if c["type"] == "cookie_bundle")
    assert bundle.get("new_api_user") == "42"
+
+
+def test_browser_import_payload_builds_cookie_bundle_with_new_api_user():
+    from app.services.browser_import_service import build_import_result
+
+    result = build_import_result({
+        "page_url": "https://meow.example.com/panel",
+        "cookies": [
+            {"name": "cf_clearance", "value": "cf", "domain": ".example.com", "httpOnly": True},
+            {"name": "session", "value": "sess", "domain": ".example.com", "httpOnly": True},
+        ],
+        "local_storage": {"uid": "7"},
+        "session_storage": {},
+        "auth_headers": [],
+    })
+
+    bundle = next(c for c in result["candidates"] if c["type"] == "cookie_bundle")
+    assert "cf_clearance=cf" in bundle["value"]
+    assert "session=sess" in bundle["value"]
+    assert bundle["new_api_user"] == "7"
+
+
+def test_browser_import_payload_includes_auth_headers():
+    from app.services.browser_import_service import build_import_result
+
+    result = build_import_result({
+        "page_url": "https://sub2api.example.com/dashboard",
+        "cookies": [],
+        "local_storage": {},
+        "session_storage": {},
+        "auth_headers": [
+            {"type": "authorization", "value": "Bearer abc.def.ghi", "url": "https://sub2api.example.com/api/v1/groups"}
+        ],
+    })
+
+    assert result["candidates"][0]["type"] == "bearer_token"
+    assert result["candidates"][0]["value"] == "Bearer abc.def.ghi"
+
+
+def test_browser_import_session_secret_and_one_time_submit():
+    from app.services.browser_import_service import BrowserImportService, ImportSessionError
+
+    service = BrowserImportService()
+    session, secret = service.create("https://example.com/login", "admin@example.com")
+
+    with pytest.raises(ImportSessionError):
+        service.submit(session.id, "wrong", {"page_url": "https://example.com/"})
+
+    submitted = service.submit(session.id, secret, {"page_url": "https://example.com/"})
+    assert submitted.consumed is True
+    assert submitted.payload == {"page_url": "https://example.com/"}
+
+    with pytest.raises(ImportSessionError):
+        service.submit(session.id, secret, {"page_url": "https://example.com/again"})