[bugfix/backend] use roles in middleware

2025-02-21 05:58:42 +08:00 · 2025-02-21 05:58:42 +08:00 · 287895347b
commit 287895347b
parent e5fc8691bf
2 changed files with 61 additions and 42 deletions
--- a/backend/internal/middleware/auth_test.go
+++ b/backend/internal/middleware/auth_test.go
@ -34,7 +34,7 @@ func TestAuthMiddleware(t *testing.T) {
 		expectedBody   map[string]string
 		checkUserData  bool
 		expectedUserID string
-		expectedRole   string
+		expectedRoles  []string
 	}{
 		{
 			name:           "No Authorization header",
@ -62,9 +62,9 @@ func TestAuthMiddleware(t *testing.T) {
 			name: "Valid token",
 			setupAuth: func(req *http.Request) {
 				claims := jwt.MapClaims{
-					"sub":  "123",
-					"role": "user",
-					"exp":  time.Now().Add(time.Hour).Unix(),
+					"sub":   "123",
+					"roles": []string{"admin", "editor"},
+					"exp":   time.Now().Add(time.Hour).Unix(),
 				}
 				token := createTestToken(jwtSecret, claims)
 				req.Header.Set("Authorization", "Bearer "+token)
@ -72,15 +72,15 @@ func TestAuthMiddleware(t *testing.T) {
 			expectedStatus: http.StatusOK,
 			checkUserData:  true,
 			expectedUserID: "123",
-			expectedRole:   "user",
+			expectedRoles:  []string{"admin", "editor"},
 		},
 		{
 			name: "Expired token",
 			setupAuth: func(req *http.Request) {
 				claims := jwt.MapClaims{
-					"sub":  "123",
-					"role": "user",
-					"exp":  time.Now().Add(-time.Hour).Unix(),
+					"sub":   "123",
+					"roles": []string{"user"},
+					"exp":   time.Now().Add(-time.Hour).Unix(),
 				}
 				token := createTestToken(jwtSecret, claims)
 				req.Header.Set("Authorization", "Bearer "+token)
@ -109,9 +109,9 @@ func TestAuthMiddleware(t *testing.T) {
 					assert.True(t, exists, "user_id should exist in context")
 					assert.Equal(t, tc.expectedUserID, userID, "user_id should match")

-					role, exists := c.Get("user_role")
-					assert.True(t, exists, "user_role should exist in context")
-					assert.Equal(t, tc.expectedRole, role, "user_role should match")
+					roles, exists := c.Get("user_roles")
+					assert.True(t, exists, "user_roles should exist in context")
+					assert.Equal(t, tc.expectedRoles, roles, "user_roles should match")
 				}
 				c.Status(http.StatusOK)
 			})
@ -146,27 +146,27 @@ func TestRoleMiddleware(t *testing.T) {
 		expectedBody   map[string]string
 	}{
 		{
-			name: "No user role",
+			name: "No user roles",
 			setupContext: func(c *gin.Context) {
 				// 不设置用户角色
 			},
 			allowedRoles:   []string{"admin"},
 			expectedStatus: http.StatusUnauthorized,
-			expectedBody:   map[string]string{"error": "User role not found"},
+			expectedBody:   map[string]string{"error": "User roles not found"},
 		},
 		{
-			name: "Invalid role type",
+			name: "Invalid roles type",
 			setupContext: func(c *gin.Context) {
-				c.Set("user_role", 123) // 设置错误类型的角色
+				c.Set("user_roles", 123) // 设置错误类型的角色
 			},
 			allowedRoles:   []string{"admin"},
 			expectedStatus: http.StatusInternalServerError,
-			expectedBody:   map[string]string{"error": "Invalid user role type"},
+			expectedBody:   map[string]string{"error": "Invalid user roles type"},
 		},
 		{
 			name: "Insufficient permissions",
 			setupContext: func(c *gin.Context) {
-				c.Set("user_role", "user")
+				c.Set("user_roles", []string{"user"})
 			},
 			allowedRoles:   []string{"admin"},
 			expectedStatus: http.StatusForbidden,
@ -175,7 +175,7 @@ func TestRoleMiddleware(t *testing.T) {
 		{
 			name: "Allowed role",
 			setupContext: func(c *gin.Context) {
-				c.Set("user_role", "admin")
+				c.Set("user_roles", []string{"admin"})
 			},
 			allowedRoles:   []string{"admin"},
 			expectedStatus: http.StatusOK,
@ -183,7 +183,7 @@ func TestRoleMiddleware(t *testing.T) {
 		{
 			name: "One of multiple allowed roles",
 			setupContext: func(c *gin.Context) {
-				c.Set("user_role", "editor")
+				c.Set("user_roles", []string{"user", "editor"})
 			},
 			allowedRoles:   []string{"admin", "editor", "moderator"},
 			expectedStatus: http.StatusOK,
@ -199,8 +199,7 @@ func TestRoleMiddleware(t *testing.T) {
 			router.Use(func(c *gin.Context) {
 				tc.setupContext(c)
 				c.Next()
-			})
-			router.Use(RoleMiddleware(tc.allowedRoles...))
+			}, RoleMiddleware(tc.allowedRoles...))

 			// 测试路由
 			router.GET("/test", func(c *gin.Context) {
@ -215,13 +214,13 @@ func TestRoleMiddleware(t *testing.T) {
 			router.ServeHTTP(rec, req)

 			// 验证响应
-			assert.Equal(t, tc.expectedStatus, rec.Code)
+			assert.Equal(t, tc.expectedStatus, rec.Code, "HTTP status code should match")

 			if tc.expectedBody != nil {
 				var response map[string]string
 				err := json.NewDecoder(rec.Body).Decode(&response)
-				assert.NoError(t, err)
-				assert.Equal(t, tc.expectedBody, response)
+				assert.NoError(t, err, "Response body should be valid JSON")
+				assert.Equal(t, tc.expectedBody, response, "Response body should match")
 			}
 		})
 	}