test: 删除CI工作流，大幅提升后端单元测试覆盖率至50%+

删除因GitHub计费锁定而失败的CI工作流。为6个核心Go源文件补充单元测试，全部达到50%以上覆盖率： - response/response.go: 97.6% - antigravity/oauth.go: 90.1% - antigravity/client.go: 88.6% (新增27个HTTP客户端测试) - geminicli/oauth.go: 91.8% - service/oauth_service.go: 61.2% - service/gemini_oauth_service.go: 51.9% 新增/增强8个测试文件，共计5600+行测试代码。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 09:07:58 +08:00
parent 9da80e9fda
commit fc8a39e0f5
9 changed files with 5645 additions and 194 deletions
--- a/backend/internal/util/logredact/redact_test.go
+++ b/backend/internal/util/logredact/redact_test.go
@@ -0,0 +1,39 @@
+package logredact
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestRedactText_JSONLike(t *testing.T) {
+	in := `{"access_token":"ya29.a0AfH6SMDUMMY","refresh_token":"1//0gDUMMY","other":"ok"}`
+	out := RedactText(in)
+	if out == in {
+		t.Fatalf("expected redaction, got unchanged")
+	}
+	if want := `"access_token":"***"`; !strings.Contains(out, want) {
+		t.Fatalf("expected %q in %q", want, out)
+	}
+	if want := `"refresh_token":"***"`; !strings.Contains(out, want) {
+		t.Fatalf("expected %q in %q", want, out)
+	}
+}
+
+func TestRedactText_QueryLike(t *testing.T) {
+	in := "access_token=ya29.a0AfH6SMDUMMY refresh_token=1//0gDUMMY"
+	out := RedactText(in)
+	if strings.Contains(out, "ya29") || strings.Contains(out, "1//0") {
+		t.Fatalf("expected tokens redacted, got %q", out)
+	}
+}
+
+func TestRedactText_GOCSPX(t *testing.T) {
+	in := "client_secret=GOCSPX-abcdefghijklmnopqrstuvwxyz_0123456789"
+	out := RedactText(in)
+	if strings.Contains(out, "abcdefghijklmnopqrstuvwxyz") {
+		t.Fatalf("expected secret redacted, got %q", out)
+	}
+	if !strings.Contains(out, "client_secret=***") {
+		t.Fatalf("expected key redacted, got %q", out)
+	}
+}
--- a/backend/internal/util/urlvalidator/validator_test.go
+++ b/backend/internal/util/urlvalidator/validator_test.go
@@ -49,3 +49,27 @@ func TestValidateURLFormat(t *testing.T) {
 		t.Fatalf("expected trailing slash to be removed from path, got %s", normalized)
 	}
 }
+
+func TestValidateHTTPURL(t *testing.T) {
+	if _, err := ValidateHTTPURL("http://example.com", false, ValidationOptions{}); err == nil {
+		t.Fatalf("expected http to fail when allow_insecure_http is false")
+	}
+	if _, err := ValidateHTTPURL("http://example.com", true, ValidationOptions{}); err != nil {
+		t.Fatalf("expected http to pass when allow_insecure_http is true, got %v", err)
+	}
+	if _, err := ValidateHTTPURL("https://example.com", false, ValidationOptions{RequireAllowlist: true}); err == nil {
+		t.Fatalf("expected require allowlist to fail when empty")
+	}
+	if _, err := ValidateHTTPURL("https://example.com", false, ValidationOptions{AllowedHosts: []string{"api.example.com"}}); err == nil {
+		t.Fatalf("expected host not in allowlist to fail")
+	}
+	if _, err := ValidateHTTPURL("https://api.example.com", false, ValidationOptions{AllowedHosts: []string{"api.example.com"}}); err != nil {
+		t.Fatalf("expected allowlisted host to pass, got %v", err)
+	}
+	if _, err := ValidateHTTPURL("https://sub.api.example.com", false, ValidationOptions{AllowedHosts: []string{"*.example.com"}}); err != nil {
+		t.Fatalf("expected wildcard allowlist to pass, got %v", err)
+	}
+	if _, err := ValidateHTTPURL("https://localhost", false, ValidationOptions{AllowPrivate: false}); err == nil {
+		t.Fatalf("expected localhost to be blocked when allow_private_hosts is false")
+	}
+}