mirror of
https://github.com/Syngnat/GoNavi.git
synced 2026-05-06 20:03:05 +08:00
c7cf9526de
- 密文存储:新增 dailysecret 本地存储引擎,连接/代理/AI 密钥不再依赖系统钥匙串 - 启动迁移:自动将已有钥匙串密文迁移到本地 JSON,用户无感知 - WebKit 迁移:从旧版 Wails WebKit LocalStorage 中恢复连接与代理数据 - DMG 修复:移除 --sandbox-safe 避免扩展属性污染签名,新增 xattr 清理与签名校验 - 安全适配:钥匙串不可用时标记完成而非回滚,消除无钥匙串环境下的阻塞 - 出口脱敏:所有连接/代理 API 返回前统一 sanitize 防止密文泄漏
99 lines
2.6 KiB
Go
99 lines
2.6 KiB
Go
package app
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"GoNavi-Wails/internal/connection"
|
|
)
|
|
|
|
func TestSaveGlobalProxyStripsPasswordFromView(t *testing.T) {
|
|
store := newFakeAppSecretStore()
|
|
app := NewAppWithSecretStore(store)
|
|
app.configDir = t.TempDir()
|
|
|
|
view, err := app.saveGlobalProxy(connection.SaveGlobalProxyInput{
|
|
Enabled: true,
|
|
Type: "http",
|
|
Host: "127.0.0.1",
|
|
Port: 8080,
|
|
User: "ops",
|
|
Password: "proxy-secret",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("saveGlobalProxy returned error: %v", err)
|
|
}
|
|
if view.Password != "" {
|
|
t.Fatal("global proxy view must not expose plaintext password")
|
|
}
|
|
if !view.HasPassword {
|
|
t.Fatal("expected hasPassword=true")
|
|
}
|
|
|
|
snapshot := currentGlobalProxyConfig()
|
|
if snapshot.Proxy.Password != "proxy-secret" {
|
|
t.Fatalf("expected runtime proxy password to be preserved, got %q", snapshot.Proxy.Password)
|
|
}
|
|
}
|
|
|
|
func TestGetGlobalProxyConfigReturnsSecretlessView(t *testing.T) {
|
|
store := newFakeAppSecretStore()
|
|
app := NewAppWithSecretStore(store)
|
|
app.configDir = t.TempDir()
|
|
|
|
if _, err := app.saveGlobalProxy(connection.SaveGlobalProxyInput{
|
|
Enabled: true,
|
|
Type: "http",
|
|
Host: "127.0.0.1",
|
|
Port: 8080,
|
|
User: "ops",
|
|
Password: "proxy-secret",
|
|
}); err != nil {
|
|
t.Fatalf("saveGlobalProxy returned error: %v", err)
|
|
}
|
|
|
|
result := app.GetGlobalProxyConfig()
|
|
view, ok := result.Data.(connection.GlobalProxyView)
|
|
if !ok {
|
|
t.Fatalf("expected GlobalProxyView, got %T", result.Data)
|
|
}
|
|
if view.Password != "" {
|
|
t.Fatal("GetGlobalProxyConfig must not expose plaintext password")
|
|
}
|
|
if !view.HasPassword {
|
|
t.Fatal("expected hasPassword=true")
|
|
}
|
|
}
|
|
|
|
func TestLoadPersistedGlobalProxyOnDarwinUsesInlinePassword(t *testing.T) {
|
|
if _, err := setGlobalProxyConfig(false, connection.ProxyConfig{}); err != nil {
|
|
t.Fatalf("setGlobalProxyConfig returned error: %v", err)
|
|
}
|
|
|
|
app := NewAppWithSecretStore(failOnUseSecretStore{})
|
|
app.configDir = t.TempDir()
|
|
|
|
if _, err := app.saveGlobalProxy(connection.SaveGlobalProxyInput{
|
|
Enabled: true,
|
|
Type: "http",
|
|
Host: "127.0.0.1",
|
|
Port: 8080,
|
|
User: "ops",
|
|
Password: "proxy-secret",
|
|
}); err != nil {
|
|
t.Fatalf("saveGlobalProxy returned error: %v", err)
|
|
}
|
|
|
|
if _, err := setGlobalProxyConfig(false, connection.ProxyConfig{}); err != nil {
|
|
t.Fatalf("setGlobalProxyConfig reset returned error: %v", err)
|
|
}
|
|
|
|
app.loadPersistedGlobalProxy()
|
|
snapshot := currentGlobalProxyConfig()
|
|
if !snapshot.Enabled {
|
|
t.Fatal("expected persisted global proxy to be restored")
|
|
}
|
|
if snapshot.Proxy.Password != "proxy-secret" {
|
|
t.Fatalf("expected daily-stored global proxy password to be restored, got %q", snapshot.Proxy.Password)
|
|
}
|
|
}
|