mirror of
https://github.com/Syngnat/GoNavi.git
synced 2026-05-31 13:39:48 +08:00
c7cf9526de
- 密文存储:新增 dailysecret 本地存储引擎,连接/代理/AI 密钥不再依赖系统钥匙串 - 启动迁移:自动将已有钥匙串密文迁移到本地 JSON,用户无感知 - WebKit 迁移:从旧版 Wails WebKit LocalStorage 中恢复连接与代理数据 - DMG 修复:移除 --sandbox-safe 避免扩展属性污染签名,新增 xattr 清理与签名校验 - 安全适配:钥匙串不可用时标记完成而非回滚,消除无钥匙串环境下的阻塞 - 出口脱敏:所有连接/代理 API 返回前统一 sanitize 防止密文泄漏
96 lines
2.2 KiB
Go
96 lines
2.2 KiB
Go
package app
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
|
|
"GoNavi-Wails/internal/connection"
|
|
"GoNavi-Wails/internal/secretstore"
|
|
)
|
|
|
|
func TestSplitConnectionSecretsStripsPasswordsAndOpaqueDSN(t *testing.T) {
|
|
withTestGOOS(t, "linux")
|
|
|
|
input := connection.SavedConnectionInput{
|
|
ID: "conn-1",
|
|
Name: "Primary",
|
|
Config: connection.ConnectionConfig{
|
|
ID: "conn-1",
|
|
Type: "postgres",
|
|
Host: "db.local",
|
|
Password: "postgres-secret",
|
|
DSN: "postgres://user:pass@db.local/app",
|
|
},
|
|
}
|
|
|
|
view, bundle := splitConnectionSecrets(input)
|
|
if view.Config.Password != "" {
|
|
t.Fatal("metadata must not keep password")
|
|
}
|
|
if bundle.Password != "postgres-secret" {
|
|
t.Fatal("bundle should keep primary password")
|
|
}
|
|
if bundle.OpaqueDSN == "" {
|
|
t.Fatal("opaque DSN should be stored as secret")
|
|
}
|
|
if !view.HasPrimaryPassword {
|
|
t.Fatal("expected view to report primary password")
|
|
}
|
|
if !view.HasOpaqueDSN {
|
|
t.Fatal("expected view to report opaque DSN")
|
|
}
|
|
}
|
|
|
|
type fakeAppSecretStore struct {
|
|
items map[string][]byte
|
|
}
|
|
|
|
func newFakeAppSecretStore() *fakeAppSecretStore {
|
|
return &fakeAppSecretStore{items: make(map[string][]byte)}
|
|
}
|
|
|
|
func (s *fakeAppSecretStore) Put(ref string, payload []byte) error {
|
|
s.items[ref] = append([]byte(nil), payload...)
|
|
return nil
|
|
}
|
|
|
|
func (s *fakeAppSecretStore) Get(ref string) ([]byte, error) {
|
|
payload, ok := s.items[ref]
|
|
if !ok {
|
|
return nil, os.ErrNotExist
|
|
}
|
|
return append([]byte(nil), payload...), nil
|
|
}
|
|
|
|
func (s *fakeAppSecretStore) Delete(ref string) error {
|
|
delete(s.items, ref)
|
|
return nil
|
|
}
|
|
|
|
func (s *fakeAppSecretStore) HealthCheck() error {
|
|
return nil
|
|
}
|
|
|
|
var _ secretstore.SecretStore = (*fakeAppSecretStore)(nil)
|
|
|
|
type failOnUseSecretStore struct{}
|
|
|
|
func (s failOnUseSecretStore) Put(string, []byte) error {
|
|
return fmt.Errorf("secret store should not be used")
|
|
}
|
|
|
|
func (s failOnUseSecretStore) Get(string) ([]byte, error) {
|
|
return nil, fmt.Errorf("secret store should not be used")
|
|
}
|
|
|
|
func (s failOnUseSecretStore) Delete(string) error {
|
|
return fmt.Errorf("secret store should not be used")
|
|
}
|
|
|
|
func (s failOnUseSecretStore) HealthCheck() error {
|
|
return fmt.Errorf("secret store should not be used")
|
|
}
|
|
|
|
var _ secretstore.SecretStore = (*failOnUseSecretStore)(nil)
|