befly 3.9.40 → 3.10.1

package/tests/_mocks/mockSqliteDb.ts

@@ -0,0 +1,204 @@
+export type MockColumn = { name: string; type: string; notnull: 0 | 1; dflt_value: any };
+
+export type MockSqliteState = {
+    executedSql: string[];
+    tables: Record<
+        string,
+        {
+            columns: Record<string, MockColumn>;
+            indexes: Record<string, string[]>;
+        }
+    >;
+};
+
+function normalizeQuotedIdent(input: string): string {
+    return String(input).trim().replace(/^`/, "").replace(/`$/, "").replace(/^"/, "").replace(/"$/, "");
+}
+
+function parseCreateTable(sql: string): { tableName: string; columnDefs: string } | null {
+    const m = /^CREATE\s+TABLE\s+(.+?)\s*\((.*)\)\s*$/is.exec(sql.trim());
+    if (!m) return null;
+    return {
+        tableName: normalizeQuotedIdent(m[1].trim()),
+        columnDefs: m[2]
+    };
+}
+
+function parseAlterAddColumn(sql: string): { tableName: string; colName: string; colType: string; notnull: 0 | 1; dflt: any } | null {
+    const m = /^ALTER\s+TABLE\s+(.+?)\s+ADD\s+COLUMN\s+(?:IF\s+NOT\s+EXISTS\s+)?(.+?)\s+(.*)$/i.exec(sql.trim());
+    if (!m) return null;
+
+    const tableName = normalizeQuotedIdent(m[1].trim());
+    const colName = normalizeQuotedIdent(m[2].trim());
+    const rest = m[3];
+
+    const upper = rest.toUpperCase();
+    const colType = upper.includes("INTEGER") ? "INTEGER" : "TEXT";
+    const notnull: 0 | 1 = upper.includes("NOT NULL") ? 1 : 0;
+
+    let dflt: any = null;
+    const dfltMatch = /\bDEFAULT\s+(.+?)(\s|$)/i.exec(rest);
+    if (dfltMatch) {
+        const raw = dfltMatch[1].trim();
+        if (raw === "''") dflt = "";
+        else if (raw.startsWith("'") && raw.endsWith("'")) dflt = raw.slice(1, -1).replace(/''/g, "'");
+        else if (/^\d+$/.test(raw)) dflt = Number(raw);
+        else dflt = raw;
+    }
+
+    return { tableName: tableName, colName: colName, colType: colType, notnull: notnull, dflt: dflt };
+}
+
+function parseCreateIndex(sql: string): { indexName: string; tableName: string; columns: string[] } | null {
+    const m = /^CREATE\s+INDEX\s+(?:CONCURRENTLY\s+)?(?:IF\s+NOT\s+EXISTS\s+)?(.+?)\s+ON\s+(.+?)\s*\((.+)\)\s*$/is.exec(sql.trim());
+    if (!m) return null;
+
+    const indexName = normalizeQuotedIdent(m[1].trim());
+    const tableName = normalizeQuotedIdent(m[2].trim());
+    const columns = m[3]
+        .split(",")
+        .map((s) => normalizeQuotedIdent(s.trim()))
+        .filter((s) => s.length > 0);
+
+    return { indexName: indexName, tableName: tableName, columns: columns };
+}
+
+function parseDropIndex(sql: string): { indexName: string } | null {
+    const m = /^DROP\s+INDEX\s+(?:CONCURRENTLY\s+)?(?:IF\s+EXISTS\s+)?(.+?)\s*$/i.exec(sql.trim());
+    if (!m) return null;
+    return { indexName: normalizeQuotedIdent(m[1].trim()) };
+}
+
+function extractPragmaIdent(sqlStr: string): string {
+    const m = /\((.+)\)\s*$/i.exec(String(sqlStr).trim());
+    return normalizeQuotedIdent(m ? m[1] : "");
+}
+
+export function createMockSqliteDb(state: MockSqliteState) {
+    return {
+        unsafe: async (sqlStr: string, params?: unknown[]) => {
+            const sql = String(sqlStr);
+            state.executedSql.push(sql);
+
+            if (sql.includes("sqlite_version()")) {
+                return [{ version: "3.50.1" }];
+            }
+
+            if (sql.includes("sqlite_master")) {
+                const tableName = String(params?.[0] || "");
+                return [{ count: state.tables[tableName] ? 1 : 0 }];
+            }
+
+            if (/^PRAGMA\s+table_info\s*\(/i.test(sql)) {
+                const tableName = extractPragmaIdent(sql);
+                const t = state.tables[tableName];
+                if (!t) return [];
+                return Object.values(t.columns).map((c) => {
+                    return {
+                        name: c.name,
+                        type: c.type,
+                        notnull: c.notnull,
+                        dflt_value: c.dflt_value
+                    };
+                });
+            }
+
+            if (/^PRAGMA\s+index_list\s*\(/i.test(sql)) {
+                const tableName = extractPragmaIdent(sql);
+                const t = state.tables[tableName];
+                if (!t) return [];
+                return Object.keys(t.indexes).map((name) => {
+                    return { name: name };
+                });
+            }
+
+            if (/^PRAGMA\s+index_info\s*\(/i.test(sql)) {
+                const indexName = extractPragmaIdent(sql);
+                for (const table of Object.values(state.tables)) {
+                    if (table.indexes[indexName]) {
+                        return table.indexes[indexName].map((col) => {
+                            return { name: col };
+                        });
+                    }
+                }
+                return [];
+            }
+
+            const createTable = parseCreateTable(sql);
+            if (createTable) {
+                const colMap: Record<string, MockColumn> = {};
+                const parts = createTable.columnDefs
+                    .split(",")
+                    .map((s) => s.trim())
+                    .filter((s) => s.length > 0);
+
+                for (const p of parts) {
+                    const colMatch = /^(.+?)\s+(.+)$/s.exec(p);
+                    if (!colMatch) continue;
+                    const colName = normalizeQuotedIdent(colMatch[1].trim());
+                    const rest = colMatch[2];
+
+                    const upper = rest.toUpperCase();
+                    const colType = upper.includes("INTEGER") ? "INTEGER" : upper.includes("BIGINT") ? "INTEGER" : "TEXT";
+                    const notnull: 0 | 1 = upper.includes("NOT NULL") || upper.includes("PRIMARY KEY") ? 1 : 0;
+
+                    let dflt: any = null;
+                    const dfltMatch = /\bDEFAULT\s+(.+?)(\s|$)/i.exec(rest);
+                    if (dfltMatch) {
+                        const raw = dfltMatch[1].trim();
+                        if (raw === "''") dflt = "";
+                        else if (raw.startsWith("'") && raw.endsWith("'")) dflt = raw.slice(1, -1).replace(/''/g, "'");
+                        else if (/^\d+$/.test(raw)) dflt = Number(raw);
+                        else dflt = raw;
+                    }
+
+                    colMap[colName] = { name: colName, type: colType, notnull: notnull, dflt_value: dflt };
+                }
+
+                state.tables[createTable.tableName] = {
+                    columns: colMap,
+                    indexes: {}
+                };
+
+                return [];
+            }
+
+            const addColumn = parseAlterAddColumn(sql);
+            if (addColumn) {
+                const t = state.tables[addColumn.tableName];
+                if (!t) throw new Error(`mock sqlite db: 表不存在，无法 ADD COLUMN: ${addColumn.tableName}`);
+                if (!t.columns[addColumn.colName]) {
+                    t.columns[addColumn.colName] = {
+                        name: addColumn.colName,
+                        type: addColumn.colType,
+                        notnull: addColumn.notnull,
+                        dflt_value: addColumn.dflt
+                    };
+                }
+                return [];
+            }
+
+            const createIndex = parseCreateIndex(sql);
+            if (createIndex) {
+                const t = state.tables[createIndex.tableName];
+                if (!t) throw new Error(`mock sqlite db: 表不存在，无法 CREATE INDEX: ${createIndex.tableName}`);
+                t.indexes[createIndex.indexName] = createIndex.columns;
+                return [];
+            }
+
+            const dropIndex = parseDropIndex(sql);
+            if (dropIndex) {
+                for (const t of Object.values(state.tables)) {
+                    delete t.indexes[dropIndex.indexName];
+                }
+                return [];
+            }
+
+            if (/^DROP\s+TABLE/i.test(sql)) {
+                return [];
+            }
+
+            throw new Error(`mock sqlite db: 未处理的 SQL: ${sql}`);
+        }
+    };
+}

package/tests/addonHelper-cache.test.ts

@@ -0,0 +1,32 @@
+import { test, expect } from "bun:test";
+import { mkdirSync, rmSync, writeFileSync } from "node:fs";
+
+import { join } from "pathe";
+
+test("scanAddons - should scan node_modules @befly-addon", async () => {
+    const originalCwd = process.cwd();
+    const projectDir = join(originalCwd, "temp", `addonHelper-cache-test-${Date.now()}`);
+
+    try {
+        // 构造一个最小可扫描的项目结构
+        mkdirSync(join(projectDir, "node_modules", "@befly-addon", "demo"), { recursive: true });
+        mkdirSync(join(projectDir, "node_modules", "@befly-addon", "_ignore"), { recursive: true });
+
+        // 放一个非目录项，确保扫描逻辑不会误判
+        writeFileSync(join(projectDir, "node_modules", "@befly-addon", "README.md"), "x", { encoding: "utf8" });
+
+        // scanAddons 依赖 appDir=process.cwd()（模块初始化时取值），所以先切 cwd 再动态 import
+        process.chdir(projectDir);
+
+        const mod = await import(`../utils/scanAddons.js?cacheTest=${Date.now()}`);
+        const scanAddons = mod.scanAddons as () => any[];
+
+        const addons = scanAddons();
+        expect(addons.map((a) => a.name)).toEqual(["demo"]);
+        expect(addons[0].fullPath.endsWith("node_modules/@befly-addon/demo")).toBe(true);
+        expect(addons[0].camelName).toBe("demo");
+    } finally {
+        process.chdir(originalCwd);
+        rmSync(projectDir, { recursive: true, force: true });
+    }
+});

package/tests/apiHandler-routePath-only.test.ts

@@ -0,0 +1,32 @@
+import { describe, expect, test } from "bun:test";
+
+import { apiHandler } from "../router/api.js";
+
+describe("apiHandler - route matching", () => {
+    test("接口存在性判断应仅使用 url.pathname（不附加 method）", async () => {
+        const apis = new Map<string, any>();
+
+        apis.set("/api/hello", {
+            name: "hello",
+            method: "POST",
+            handler: async () => {
+                return {
+                    msg: "ok"
+                };
+            }
+        });
+
+        const hooks: any[] = [];
+        const context: any = {};
+
+        const handler = apiHandler(apis as any, hooks as any, context as any);
+
+        // 如果 key 里拼了 method，这里会变成 "POST /api/hello" 之类，从而导致接口不存在
+        const res = await handler(new Request("http://localhost/api/hello", { method: "POST" }));
+        expect(res.status).toBe(200);
+
+        const body = await res.json();
+        expect(body.code).toBe(0);
+        expect(body.msg).toBe("ok");
+    });
+});

package/tests/cacheHelper.test.ts

@@ -2,8 +2,6 @@
  * CacheHelper 单元测试
  */
 
-import type { BeflyContext } from "../types/befly.js";
-
 import { describe, it, expect, beforeEach, afterEach, mock } from "bun:test";
 
 import { CacheHelper } from "../lib/cacheHelper.js";
@@ -25,7 +23,6 @@ const mockPino = {
 
 describe("CacheHelper", () => {
     let cacheHelper: CacheHelper;
-    let mockBefly: BeflyContext;
     let mockDb: any;
     let mockRedis: any;
 
@@ -52,13 +49,7 @@ describe("CacheHelper", () => {
             exists: mock(() => Promise.resolve(true))
         };
 
-        // 创建 mock befly context
-        mockBefly = {
-            db: mockDb,
-            redis: mockRedis
-        } as unknown as BeflyContext;
-
-        cacheHelper = new CacheHelper(mockBefly);
+        cacheHelper = new CacheHelper({ db: mockDb, redis: mockRedis });
     });
 
     afterEach(() => {
@@ -78,8 +69,8 @@ describe("CacheHelper", () => {
 
         it("正常缓存接口列表", async () => {
             const apis = [
-                { id: 1, name: "登录", path: "/api/login", method: "POST" },
-                { id: 2, name: "用户列表", path: "/api/user/list", method: "GET" }
+                { id: 1, name: "登录", routePath: "/api/login" },
+                { id: 2, name: "用户列表", routePath: "/api/user/list" }
             ];
             mockDb.getAll = mock(() => Promise.resolve({ lists: apis, total: apis.length }));
 
@@ -131,7 +122,6 @@ describe("CacheHelper", () => {
     describe("rebuildRoleApiPermissions", () => {
         it("表不存在时跳过缓存", async () => {
             mockDb.tableExists = mock((table: string) => {
-                if (table === "addon_admin_api") return Promise.resolve(true);
                 if (table === "addon_admin_role") return Promise.resolve(false);
                 return Promise.resolve(false);
             });
@@ -143,21 +133,12 @@ describe("CacheHelper", () => {
 
         it("正常重建角色权限（覆盖更新）", async () => {
             const roles = [
-                { id: 1, code: "admin", apis: [1, "2", 3] },
-                { id: 2, code: "user", apis: [1] }
-            ];
-            const apis = [
-                { id: 1, path: "/api/login", method: "POST" },
-                { id: 2, path: "/api/user/list", method: "GET" },
-                { id: 3, path: "/api/user/del", method: "POST" }
+                { id: 1, code: "admin", apis: ["/api/login", "/api/user/list", "/api/user/del"] },
+                { id: 2, code: "user", apis: ["/api/login"] }
             ];
 
             mockDb.getAll = mock((opts: any) => {
                 if (opts.table === "addon_admin_role") return Promise.resolve({ lists: roles, total: roles.length });
-                if (opts.table === "addon_admin_api") {
-                    // rebuildRoleApiPermissions 会通过 where: { id$in: [...] } 分块查询
-                    return Promise.resolve({ lists: apis, total: apis.length });
-                }
                 return Promise.resolve({ lists: [], total: 0 });
             });
 
@@ -177,19 +158,17 @@ describe("CacheHelper", () => {
             expect(saddBatchArgs).toEqual([
                 {
                     key: CacheKeys.roleApis("admin"),
-                    members: ["GET/api/user/list", "POST/api/login", "POST/api/user/del"]
+                    members: ["/api/login", "/api/user/del", "/api/user/list"]
                 },
-                { key: CacheKeys.roleApis("user"), members: ["POST/api/login"] }
+                { key: CacheKeys.roleApis("user"), members: ["/api/login"] }
             ]);
         });
 
         it("无权限时仍会清理旧缓存，但不写入成员", async () => {
             const roles = [{ id: 1, code: "empty", apis: [] }];
-            const apis = [{ id: 1, path: "/api/login", method: "POST" }];
 
             mockDb.getAll = mock((opts: any) => {
                 if (opts.table === "addon_admin_role") return Promise.resolve({ lists: roles, total: roles.length });
-                if (opts.table === "addon_admin_api") return Promise.resolve({ lists: apis, total: apis.length });
                 return Promise.resolve({ lists: [], total: 0 });
             });
 
@@ -201,34 +180,20 @@ describe("CacheHelper", () => {
     });
 
     describe("refreshRoleApiPermissions", () => {
-        it("apiIds 为空数组时只清理缓存，不查询 API 表", async () => {
+        it("apiPaths 为空数组时只清理缓存，不查询 DB", async () => {
             mockDb.getAll = mock(() => Promise.resolve({ lists: [], total: 0 }));
 
             await cacheHelper.refreshRoleApiPermissions("admin", []);
 
             expect(mockRedis.del).toHaveBeenCalledWith(CacheKeys.roleApis("admin"));
-            expect(mockDb.getAll).not.toHaveBeenCalledWith(
-                expect.objectContaining({
-                    table: "addon_admin_api"
-                })
-            );
+            expect(mockDb.getAll).not.toHaveBeenCalled();
         });
 
-        it("apiIds 非空时使用 $in 查询并重建该角色缓存（覆盖更新）", async () => {
-            const apis = [
-                { id: 1, path: "/api/login", method: "POST" },
-                { id: 2, path: "/api/user/list", method: "GET" }
-            ];
-
-            mockDb.getAll = mock((opts: any) => {
-                if (opts.table === "addon_admin_api") return Promise.resolve({ lists: apis, total: apis.length });
-                return Promise.resolve({ lists: [], total: 0 });
-            });
-
-            await cacheHelper.refreshRoleApiPermissions("admin", [1, 2]);
+        it("apiPaths 非空时直接覆盖更新该角色缓存（DEL + SADD）", async () => {
+            await cacheHelper.refreshRoleApiPermissions("admin", ["/api/login", "/api/user/list"]);
 
             expect(mockRedis.del).toHaveBeenCalledWith(CacheKeys.roleApis("admin"));
-            expect(mockRedis.sadd).toHaveBeenCalledWith(CacheKeys.roleApis("admin"), ["POST/api/login", "GET/api/user/list"]);
+            expect(mockRedis.sadd).toHaveBeenCalledWith(CacheKeys.roleApis("admin"), ["/api/login", "/api/user/list"]);
         });
     });
 
@@ -272,7 +237,7 @@ describe("CacheHelper", () => {
 
     describe("getRolePermissions", () => {
         it("返回角色的权限列表", async () => {
-            const permissions = ["POST/api/login", "GET/api/user/list"];
+            const permissions = ["/api/login", "/api/user/list"];
             mockRedis.smembers = mock(() => Promise.resolve(permissions));
 
             const result = await cacheHelper.getRolePermissions("admin");
@@ -294,16 +259,16 @@ describe("CacheHelper", () => {
         it("有权限时返回 true", async () => {
             mockRedis.sismember = mock(() => Promise.resolve(true));
 
-            const result = await cacheHelper.checkRolePermission("admin", "POST/api/login");
+            const result = await cacheHelper.checkRolePermission("admin", "/api/login");
 
-            expect(mockRedis.sismember).toHaveBeenCalledWith(CacheKeys.roleApis("admin"), "POST/api/login");
+            expect(mockRedis.sismember).toHaveBeenCalledWith(CacheKeys.roleApis("admin"), "/api/login");
             expect(result).toBe(true);
         });
 
         it("无权限时返回 false", async () => {
             mockRedis.sismember = mock(() => Promise.resolve(false));
 
-            const result = await cacheHelper.checkRolePermission("user", "POST/api/admin/del");
+            const result = await cacheHelper.checkRolePermission("user", "/api/admin/del");
 
             expect(result).toBe(false);
         });

package/tests/checkApi-routePath-strict.test.ts

@@ -0,0 +1,166 @@
+import { describe, expect, test } from "bun:test";
+
+import { checkApi } from "../checks/checkApi.js";
+
+describe("checkApi - routePath strict", () => {
+    test("合法 routePath 应通过", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => {
+                        return null;
+                    },
+                    routePath: "/api/hello",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeNull();
+    });
+
+    test("routePath 为空字符串应阻断启动", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 非字符串应阻断启动", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: 123,
+                    routePrefix: "/app"
+                } as any
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 不允许 method 前缀（POST/api/...）", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "POST/api/hello",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 不允许 method + 空格（POST /api/...）", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "POST /api/hello",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 必须以 /api/ 开头", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "/app/hello",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 不允许包含空格", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "/api/hello world",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+
+    test("routePath 不允许出现 /api//（重复斜杠）", async () => {
+        let thrown: any = null;
+
+        try {
+            await checkApi([
+                {
+                    name: "hello",
+                    handler: () => null,
+                    routePath: "/api//hello",
+                    routePrefix: "/app"
+                }
+            ]);
+        } catch (error: any) {
+            thrown = error;
+        }
+
+        expect(thrown).toBeTruthy();
+        expect(thrown.message).toBe("接口结构检查失败");
+    });
+});