@code2rich/jpage 1.5.0

package/test/integration/cli.test.js

@@ -0,0 +1,310 @@
+// CLI 集成测试：通过注入 fetch shim，把 bin/ 的 HTTP 客户端接到 in-process 的 Express app。
+//
+// 不 spawn 子进程（项目既有测试都是 in-process 模式）。
+// 关键：bin/client.js 用 fetch(url, init)，url 是完整 URL（http://host:port/api/...）。
+// 这里写一个 fetchImpl，解析 url 的路径，转给 supertest 的 request(app)。
+//
+// 覆盖：upload（含 overwrite 分支）/ ls / cat / url / mv / rm / star+unstar / tags add+set+clear /
+//       skills ls+get+download / whoami（有效 + 401）。
+
+const test = require('node:test');
+const assert = require('node:assert');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const request = require('supertest');
+const { createTestEnv } = require('../helpers/setup');
+const { run } = require('../../bin/jpage');
+const { resetIo } = require('../../bin/commands/_shared');
+
+// fetch → supertest 桥。
+// supertest 的 request(app) 返回可链式调用的 Test（支持 .send/.set/.buffer().parse()），
+// 用 .then(res => makeResponse(res)) 包装成 Web Response（client.js 期望的形态）。
+function makeFetchImpl(app, binaryPaths = []) {
+  return async function fetchImpl(url, init = {}) {
+    const u = new URL(url);
+    const pathname = u.pathname + (u.search || '');
+    const method = (init.method || 'GET').toUpperCase();
+    const headers = init.headers || {};
+
+    let req = request(app)[method.toLowerCase()](pathname);
+    for (const [k, v] of Object.entries(headers)) {
+      req = req.set(k, v);
+    }
+    // body 处理：JSON 字符串 / FormData / undefined
+    if (init.body !== undefined && init.body !== null) {
+      if (typeof init.body === 'string') {
+        // JSON 字符串：supertest 用 .send(object) 才对；这里手动塞 body
+        // supertest 会按 content-type 解析，这里直接传字符串 + 设 content-type
+        req = req.set('content-type', 'application/json').send(init.body);
+      } else if (init.body instanceof FormData) {
+        // multipart：把 FormData 转成 supertest 的 .field / .attach
+        req = await formDataToSupertest(req, init.body);
+      }
+    }
+    const isBinary = binaryPaths.some((p) => pathname.startsWith(p));
+    let res;
+    if (isBinary) {
+      res = await req.buffer(true).parse(binaryParser);
+    } else {
+      res = await req;
+    }
+    return makeResponse(res);
+  };
+}
+
+// supertest 的 res（{status, headers, body, text}）→ Web Fetch Response 子集。
+// client.js 用到：res.status、res.text()、res.arrayBuffer()。
+function makeResponse(res) {
+  const bodyText = res.text !== undefined ? res.text
+    : (Buffer.isBuffer(res.body) ? res.body.toString('utf8') : JSON.stringify(res.body || ''));
+  const bodyBuf = Buffer.isBuffer(res.body) ? res.body
+    : (res.text !== undefined ? Buffer.from(res.text) : Buffer.from(bodyText));
+  return {
+    status: res.status,
+    ok: res.status >= 200 && res.status < 300,
+    headers: new Map(Object.entries(res.headers || {})),
+    async text() { return bodyText; },
+    async arrayBuffer() { return bodyBuf.buffer.slice(bodyBuf.byteOffset, bodyBuf.byteOffset + bodyBuf.byteLength); },
+  };
+}
+
+function binaryParser(res, cb) {
+  const data = [];
+  res.on('data', (chunk) => data.push(chunk));
+  res.on('end', () => cb(null, Buffer.concat(data)));
+}
+
+// FormData → supertest：遍历 entries，文件（Blob）用 .attach，文本用 .field。
+// supertest 的 .attach(field, buffer, filename) 和 .field(field, value)。
+async function formDataToSupertest(req, formData) {
+  for (const [key, value] of formData.entries()) {
+    if (value instanceof Blob) {
+      const buf = Buffer.from(await value.arrayBuffer());
+      const filename = value.name || 'file';
+      req = req.attach(key, buf, filename);
+    } else {
+      req = req.field(key, value);
+    }
+  }
+  return req;
+}
+
+// 捕获 stdout/stderr/exitCode：通过注入内存 sink 流，不 monkeypatch process.stdout
+// （那会破坏 node:test 自身的 TAP 输出）。run() 接受 { stdout, stderr, exit } 注入。
+function makeSinks() {
+  const outBuf = [];
+  const errBuf = [];
+  let exitCode = 0;
+  return {
+    stdout: { write: (chunk) => { outBuf.push(chunk); return true; } },
+    stderr: { write: (chunk) => { errBuf.push(chunk); return true; } },
+    exit: (code) => { exitCode = code; },
+    out: () => outBuf.join(''),
+    err: () => errBuf.join(''),
+    code: () => exitCode,
+  };
+}
+
+let env;
+let agent;
+let token;
+
+test.before(async () => {
+  env = createTestEnv();
+  await env.ready();
+  agent = request.agent(env.app);
+  await agent.post('/api/auth/login').send({ username: 'admin', password: 'testpassword123' });
+  // 建一个 jp_ token 供 CLI 用
+  const created = await agent.post('/api/tokens').send({ name: 'CLI Test' });
+  token = created.body.token;
+});
+
+test.after(() => {
+  resetIo();
+  env.cleanup();
+});
+
+function ctx(sinks, extra = {}) {
+  const fetchImpl = makeFetchImpl(env.app, ['/api/skills/', '/download']);
+  return {
+    fetchImpl,
+    env: {},
+    cwd: env.dataDir,
+    stdout: sinks.stdout,
+    stderr: sinks.stderr,
+    exit: sinks.exit,
+    ...extra,
+  };
+}
+
+// --- upload ---
+test('CLI upload: 上传 HTML 文件成功', async () => {
+  const tmp = path.join(env.dataDir, 'report.html');
+  fs.writeFileSync(tmp, '<h1>季度报告</h1>');
+  const s = makeSinks();
+  await run(['upload', tmp, '--public', '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 0, '不应非零退出');
+  assert.match(s.out(), /上传成功/);
+  assert.match(s.out(), /\/s\//);
+});
+
+test('CLI upload: 无文件参数 → UsageError 退出 2', async () => {
+  const s = makeSinks();
+  await run(['upload', '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 2);
+  assert.match(s.err(), /用法/);
+});
+
+test('CLI upload: --overwrite 走覆盖端点', async () => {
+  // 先上传一个
+  const a = path.join(env.dataDir, 'ow.html');
+  fs.writeFileSync(a, '<p>v1</p>');
+  const s1 = makeSinks();
+  await run(['upload', a, '--public', '--token', token], ctx(s1));
+  const m = s1.out().match(/#(\d+)/);
+  const id = m && m[1];
+  assert.ok(id, '应拿到上传后的 id');
+
+  // 覆盖（同名 → 自动版本备份）
+  fs.writeFileSync(a, '<p>v2</p>');
+  const s2 = makeSinks();
+  await run(['upload', a, '--overwrite', id, '--token', token], ctx(s2));
+  assert.strictEqual(s2.code(), 0);
+  assert.match(s2.out(), /已更新|覆盖/);
+});
+
+// --- ls ---
+test('CLI ls: 列出文件', async () => {
+  const s = makeSinks();
+  await run(['ls', '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 0);
+  assert.match(s.out(), /#\d+/);
+});
+
+// 取一个文件 id 供后续命令用
+let sharedId;
+test('CLI ls: 取一个 id 备用', async () => {
+  const s = makeSinks();
+  await run(['ls', '--token', token], ctx(s));
+  const m = s.out().match(/#(\d+)/);
+  sharedId = m && m[1];
+  assert.ok(sharedId);
+});
+
+// --- cat ---
+test('CLI cat: 输出内容', async () => {
+  const s = makeSinks();
+  await run(['cat', sharedId, '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 0);
+  assert.ok(s.out().length > 0);
+});
+
+// --- url ---
+test('CLI url: 打印 /s/:key', async () => {
+  const s = makeSinks();
+  await run(['url', sharedId, '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 0);
+  assert.match(s.out(), /\/s\//);
+});
+
+// --- star + unstar ---
+test('CLI star/unstar', async () => {
+  const s1 = makeSinks();
+  await run(['star', sharedId, '--token', token], ctx(s1));
+  assert.strictEqual(s1.code(), 0);
+  assert.match(s1.out(), /收藏/);
+
+  const s2 = makeSinks();
+  await run(['unstar', sharedId, '--token', token], ctx(s2));
+  assert.strictEqual(s2.code(), 0);
+  assert.match(s2.out(), /取消收藏/);
+});
+
+// --- tags add/set/clear ---
+test('CLI tags: add → set → clear', async () => {
+  const add = makeSinks();
+  await run(['tags', sharedId, 'add', '季度,财报', '--token', token], ctx(add));
+  assert.strictEqual(add.code(), 0);
+  assert.match(add.out(), /追加/);
+
+  const set = makeSinks();
+  await run(['tags', sharedId, 'set', 'only-one', '--token', token], ctx(set));
+  assert.strictEqual(set.code(), 0);
+  assert.match(set.out(), /设置/);
+
+  // 验证现在只剩 only-one
+  const list = makeSinks();
+  await run(['tags', sharedId, '--token', token], ctx(list));
+  assert.strictEqual(list.code(), 0);
+  assert.match(list.out(), /only-one/);
+  assert.doesNotMatch(list.out(), /季度/); // set 后旧标签没了
+
+  const clr = makeSinks();
+  await run(['tags', sharedId, 'clear', '--token', token], ctx(clr));
+  assert.strictEqual(clr.code(), 0);
+  assert.match(clr.out(), /清空/);
+});
+
+// --- skills ls/get/download ---
+test('CLI skills: ls / get / download', async () => {
+  const lsS = makeSinks();
+  await run(['skills', 'ls', '--token', token], ctx(lsS));
+  assert.strictEqual(lsS.code(), 0);
+  assert.match(lsS.out(), /jpage-upload/);
+
+  const getS = makeSinks();
+  await run(['skills', 'get', 'jpage-upload', '--token', token], ctx(getS));
+  assert.strictEqual(getS.code(), 0);
+  assert.match(getS.out(), /jpage-upload/);
+
+  // download：写到 env.dataDir，避免污染仓库
+  const outFile = path.join(env.dataDir, 'skill.zip');
+  const dlS = makeSinks();
+  await run(['skills', 'download', 'jpage-upload', '--out', outFile, '--token', token], ctx(dlS));
+  assert.strictEqual(dlS.code(), 0);
+  assert.match(dlS.out(), /已下载/);
+  assert.ok(fs.existsSync(outFile));
+  const buf = fs.readFileSync(outFile);
+  assert.strictEqual(buf[0], 0x50); // 'P' zip 魔数
+});
+
+// --- whoami ---
+test('CLI whoami: 有效 token', async () => {
+  const s = makeSinks();
+  await run(['whoami', '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 0);
+  assert.match(s.out(), /token 有效/);
+});
+
+test('CLI whoami: 无效 token → 退出 1', async () => {
+  const s = makeSinks();
+  await run(['whoami', '--token', 'jp_invalid_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], ctx(s));
+  assert.strictEqual(s.code(), 1);
+  assert.match(s.err(), /无效|未设置|token/);
+});
+
+// --- 无 token ---
+test('CLI: 未提供 token → 退出 2', async () => {
+  const s = makeSinks();
+  // cwd 用 /tmp，避免 loadEnvUp 向上遍历到项目根的 .env（含 MCP_TOKEN）
+  await run(['ls'], ctx(s, { env: {}, cwd: os.tmpdir() }));
+  assert.strictEqual(s.code(), 2);
+  assert.match(s.err(), /token/);
+});
+
+// --- 未知命令 ---
+test('CLI: 未知命令 → 退出 2', async () => {
+  const s = makeSinks();
+  await run(['bogus-cmd', '--token', token], ctx(s));
+  assert.strictEqual(s.code(), 2);
+  assert.match(s.err(), /未知命令/);
+});
+
+// --- help ---
+test('CLI: --help 打印帮助', async () => {
+  const s = makeSinks();
+  await run(['--help'], ctx(s));
+  assert.match(s.out(), /jpage —— 即页命令行/);
+  assert.match(s.out(), /upload/);
+});

package/test/integration/content-templates.test.js

@@ -0,0 +1,147 @@
+// 内容模板市场集成测试：公开匿名访问 / 创建校验 / owner-or-admin 权限 / use 计数。
+// 挂载点 /api/content-templates。/public 与 /public/:id/preview 匿名可访问。
+const test = require('node:test');
+const assert = require('node:assert');
+const request = require('supertest');
+const { createTestEnv } = require('../helpers/setup');
+
+let env;
+let adminAgent;
+let userAgent;
+
+test.before(async () => {
+  env = createTestEnv();
+  await env.ready();
+  adminAgent = request.agent(env.app);
+  await adminAgent.post('/api/auth/login').send({ username: 'admin', password: 'testpassword123' });
+  await adminAgent.post('/api/users').send({ username: 'regular', password: 'regularpass123', role: 'user' });
+  userAgent = request.agent(env.app);
+  await userAgent.post('/api/auth/login').send({ username: 'regular', password: 'regularpass123' });
+});
+
+test.after(() => {
+  env.cleanup();
+});
+
+// --- 公开端点（匿名） ---
+test('匿名 GET /api/content-templates/public → 200', async () => {
+  const res = await request(env.app).get('/api/content-templates/public');
+  assert.strictEqual(res.status, 200);
+  assert.ok(Array.isArray(res.body.templates));
+});
+
+test('匿名 GET /api/content-templates/scenes → 401（需登录）', async () => {
+  const res = await request(env.app).get('/api/content-templates/scenes');
+  assert.strictEqual(res.status, 401);
+});
+
+test('登录 GET /api/content-templates/scenes → 200，返回场景列表', async () => {
+  const res = await adminAgent.get('/api/content-templates/scenes');
+  assert.strictEqual(res.status, 200);
+  assert.ok(Array.isArray(res.body.scenes));
+  assert.ok(res.body.scenes.includes('dashboard'));
+});
+
+// --- 列表（需登录） ---
+test('未登录 GET /api/content-templates → 401', async () => {
+  const res = await request(env.app).get('/api/content-templates');
+  assert.strictEqual(res.status, 401);
+});
+
+test('登录 GET /api/content-templates → 200', async () => {
+  const res = await adminAgent.get('/api/content-templates');
+  assert.strictEqual(res.status, 200);
+  assert.ok(Array.isArray(res.body.templates));
+});
+
+// --- 创建 + 校验 ---
+test('创建模板：缺标题 → 400', async () => {
+  const res = await adminAgent.post('/api/content-templates').send({ content: '<p>x</p>' });
+  assert.strictEqual(res.status, 400);
+});
+
+test('创建模板：缺内容 → 400', async () => {
+  const res = await adminAgent.post('/api/content-templates').send({ title: '无内容模板' });
+  assert.strictEqual(res.status, 400);
+});
+
+test('创建模板：非法 fileType → 400', async () => {
+  const res = await adminAgent.post('/api/content-templates').send({ title: 't', content: 'x', fileType: 'pdf' });
+  assert.strictEqual(res.status, 400);
+});
+
+test('创建模板：happy path → 200，返回 id', async () => {
+  const res = await adminAgent.post('/api/content-templates').send({
+    title: '仪表板模板',
+    description: '示例',
+    fileType: 'html',
+    scene: 'dashboard',
+    content: '<div class="dashboard">hello</div>',
+    isPublic: true,
+  });
+  assert.strictEqual(res.status, 200);
+  assert.ok(res.body.id);
+});
+
+// --- owner-or-admin 权限 ---
+test('普通用户不能访问他人私有模板 → 403', async () => {
+  // admin 建私有模板
+  const create = await adminAgent.post('/api/content-templates').send({
+    title: '私密模板',
+    fileType: 'html',
+    content: '<p>private</p>',
+    isPublic: false,
+  });
+  // 普通用户读详情 → 403
+  const res = await userAgent.get(`/api/content-templates/${create.body.id}`);
+  assert.strictEqual(res.status, 403);
+});
+
+test('所有者可读自己的私有模板 → 200', async () => {
+  const create = await adminAgent.post('/api/content-templates').send({
+    title: '我的私密',
+    fileType: 'html',
+    content: '<p>mine</p>',
+    isPublic: false,
+  });
+  const res = await adminAgent.get(`/api/content-templates/${create.body.id}`);
+  assert.strictEqual(res.status, 200);
+  assert.strictEqual(res.body.title, '我的私密');
+});
+
+test('普通用户不能改他人模板 → 403', async () => {
+  const create = await adminAgent.post('/api/content-templates').send({
+    title: '他人模板',
+    fileType: 'html',
+    content: '<p>x</p>',
+  });
+  const res = await userAgent.put(`/api/content-templates/${create.body.id}`).send({ title: '篡改' });
+  assert.strictEqual(res.status, 403);
+});
+
+// --- use 计数 ---
+test('POST /api/content-templates/:id/use → 200，use_count 递增', async () => {
+  const create = await adminAgent.post('/api/content-templates').send({
+    title: '使用计数模板',
+    fileType: 'html',
+    content: '<p>use me</p>',
+  });
+  const before = await adminAgent.get(`/api/content-templates/${create.body.id}`);
+  const useCountBefore = before.body.use_count || 0;
+  const use = await adminAgent.post(`/api/content-templates/${create.body.id}/use`);
+  assert.strictEqual(use.status, 200);
+  assert.ok(use.body.use_count > useCountBefore);
+});
+
+// --- 删除 ---
+test('所有者删除模板 → 200，再读 404', async () => {
+  const create = await adminAgent.post('/api/content-templates').send({
+    title: '待删模板',
+    fileType: 'html',
+    content: '<p>bye</p>',
+  });
+  const del = await adminAgent.delete(`/api/content-templates/${create.body.id}`);
+  assert.strictEqual(del.status, 200);
+  const after = await adminAgent.get(`/api/content-templates/${create.body.id}`);
+  assert.strictEqual(after.status, 404);
+});