steven_li
66f1f089c5
feat: 增强URL基础地址验证功能 - 在app-instance/frontend/lib/api.ts中实现更严格的URL验证逻辑, 包括检查是否以斜杠开头、包含空格字符,以及使用URL构造函数进行验证 - 在app-instance/frontend/lib/auth-portal.ts中应用相同的URL验证改进, 提升认证门户的基础地址处理安全性 - 在auth-portal/src/lib/auth-client.ts中增强前端跳转URL构建功能, 添加错误处理机制并在URL构造失败时抛出相应异常 - 统一三个文件中的normalizeBaseUrl函数实现,确保一致的输入验证行为 ```
52 lines
1.5 KiB
TypeScript
52 lines
1.5 KiB
TypeScript
import { afterEach, describe, expect, it, vi } from 'vitest';
|
|
|
|
import { buildAuthHandoffUrl } from './api';
|
|
|
|
afterEach(() => {
|
|
vi.unstubAllEnvs();
|
|
vi.resetModules();
|
|
});
|
|
|
|
describe('auth URL handling', () => {
|
|
it('builds auth portal URLs when configured portal host has no scheme', async () => {
|
|
vi.stubEnv('NEXT_PUBLIC_AUTH_PORTAL_URL', 'auth.example.com');
|
|
const { buildAuthPortalUrl } = await import('./auth-portal');
|
|
|
|
expect(buildAuthPortalUrl('/login', '/mcp')).toBe('http://auth.example.com/login?next=%2Fmcp');
|
|
});
|
|
|
|
it('builds a handoff URL when backend returns a hostname without scheme', () => {
|
|
const url = buildAuthHandoffUrl({
|
|
access_token: 'token',
|
|
refresh_token: '',
|
|
token_type: 'bearer',
|
|
user_id: 'u1',
|
|
username: 'u1',
|
|
role: 'owner',
|
|
handoff_code: 'handoff-1',
|
|
backend_connection: {
|
|
frontend_base_url: 'workspace.example.com:8088',
|
|
},
|
|
}, '/mcp');
|
|
|
|
expect(url).toBe('http://workspace.example.com:8088/handoff?code=handoff-1&next=%2Fmcp');
|
|
});
|
|
|
|
it('rejects malformed handoff base URLs instead of throwing URL constructor errors', () => {
|
|
const url = buildAuthHandoffUrl({
|
|
access_token: 'token',
|
|
refresh_token: '',
|
|
token_type: 'bearer',
|
|
user_id: 'u1',
|
|
username: 'u1',
|
|
role: 'owner',
|
|
handoff_code: 'handoff-1',
|
|
backend_connection: {
|
|
frontend_base_url: 'http://',
|
|
},
|
|
}, '/mcp');
|
|
|
|
expect(url).toBeNull();
|
|
});
|
|
});
|