63d1860dc0
Add a full payment and subscription system supporting EasyPay (Alipay/WeChat), Stripe, and direct Alipay/WeChat Pay providers with multi-instance load balancing.
184 lines
4.0 KiB
Go
184 lines
4.0 KiB
Go
package payment
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func makeKey(t *testing.T) []byte {
|
|
t.Helper()
|
|
key := make([]byte, 32)
|
|
if _, err := rand.Read(key); err != nil {
|
|
t.Fatalf("generate random key: %v", err)
|
|
}
|
|
return key
|
|
}
|
|
|
|
func TestEncryptDecryptRoundTrip(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
plaintexts := []string{
|
|
"hello world",
|
|
"short",
|
|
"a longer string with special chars: !@#$%^&*()",
|
|
`{"key":"value","num":42}`,
|
|
"你好世界 unicode test 🎉",
|
|
strings.Repeat("x", 10000),
|
|
}
|
|
|
|
for _, pt := range plaintexts {
|
|
encrypted, err := Encrypt(pt, key)
|
|
if err != nil {
|
|
t.Fatalf("Encrypt(%q) error: %v", pt[:min(len(pt), 30)], err)
|
|
}
|
|
decrypted, err := Decrypt(encrypted, key)
|
|
if err != nil {
|
|
t.Fatalf("Decrypt error for plaintext %q: %v", pt[:min(len(pt), 30)], err)
|
|
}
|
|
if decrypted != pt {
|
|
t.Fatalf("round-trip failed: got %q, want %q", decrypted[:min(len(decrypted), 30)], pt[:min(len(pt), 30)])
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestEncryptProducesDifferentCiphertexts(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
ct1, err := Encrypt("same plaintext", key)
|
|
if err != nil {
|
|
t.Fatalf("first Encrypt error: %v", err)
|
|
}
|
|
ct2, err := Encrypt("same plaintext", key)
|
|
if err != nil {
|
|
t.Fatalf("second Encrypt error: %v", err)
|
|
}
|
|
if ct1 == ct2 {
|
|
t.Fatal("two encryptions of the same plaintext should produce different ciphertexts (random nonce)")
|
|
}
|
|
}
|
|
|
|
func TestDecryptWithWrongKeyFails(t *testing.T) {
|
|
t.Parallel()
|
|
key1 := makeKey(t)
|
|
key2 := makeKey(t)
|
|
|
|
encrypted, err := Encrypt("secret data", key1)
|
|
if err != nil {
|
|
t.Fatalf("Encrypt error: %v", err)
|
|
}
|
|
|
|
_, err = Decrypt(encrypted, key2)
|
|
if err == nil {
|
|
t.Fatal("Decrypt with wrong key should fail, but got nil error")
|
|
}
|
|
}
|
|
|
|
func TestEncryptRejectsInvalidKeyLength(t *testing.T) {
|
|
t.Parallel()
|
|
badKeys := [][]byte{
|
|
nil,
|
|
make([]byte, 0),
|
|
make([]byte, 16),
|
|
make([]byte, 31),
|
|
make([]byte, 33),
|
|
make([]byte, 64),
|
|
}
|
|
for _, key := range badKeys {
|
|
_, err := Encrypt("test", key)
|
|
if err == nil {
|
|
t.Fatalf("Encrypt should reject key of length %d", len(key))
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestDecryptRejectsInvalidKeyLength(t *testing.T) {
|
|
t.Parallel()
|
|
badKeys := [][]byte{
|
|
nil,
|
|
make([]byte, 16),
|
|
make([]byte, 33),
|
|
}
|
|
for _, key := range badKeys {
|
|
_, err := Decrypt("dummydata:dummydata:dummydata", key)
|
|
if err == nil {
|
|
t.Fatalf("Decrypt should reject key of length %d", len(key))
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestEncryptEmptyPlaintext(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
encrypted, err := Encrypt("", key)
|
|
if err != nil {
|
|
t.Fatalf("Encrypt empty plaintext error: %v", err)
|
|
}
|
|
decrypted, err := Decrypt(encrypted, key)
|
|
if err != nil {
|
|
t.Fatalf("Decrypt empty plaintext error: %v", err)
|
|
}
|
|
if decrypted != "" {
|
|
t.Fatalf("expected empty string, got %q", decrypted)
|
|
}
|
|
}
|
|
|
|
func TestEncryptDecryptUnicodeJSON(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
jsonContent := `{"name":"测试用户","email":"test@example.com","balance":100.50}`
|
|
encrypted, err := Encrypt(jsonContent, key)
|
|
if err != nil {
|
|
t.Fatalf("Encrypt JSON error: %v", err)
|
|
}
|
|
decrypted, err := Decrypt(encrypted, key)
|
|
if err != nil {
|
|
t.Fatalf("Decrypt JSON error: %v", err)
|
|
}
|
|
if decrypted != jsonContent {
|
|
t.Fatalf("JSON round-trip failed: got %q, want %q", decrypted, jsonContent)
|
|
}
|
|
}
|
|
|
|
func TestDecryptInvalidFormat(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
invalidInputs := []string{
|
|
"",
|
|
"nodelimiter",
|
|
"only:two",
|
|
"invalid:base64:!!!",
|
|
}
|
|
for _, input := range invalidInputs {
|
|
_, err := Decrypt(input, key)
|
|
if err == nil {
|
|
t.Fatalf("Decrypt(%q) should fail but got nil error", input)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestCiphertextFormat(t *testing.T) {
|
|
t.Parallel()
|
|
key := makeKey(t)
|
|
|
|
encrypted, err := Encrypt("test", key)
|
|
if err != nil {
|
|
t.Fatalf("Encrypt error: %v", err)
|
|
}
|
|
|
|
parts := strings.SplitN(encrypted, ":", 3)
|
|
if len(parts) != 3 {
|
|
t.Fatalf("ciphertext should have format iv:authTag:ciphertext, got %d parts", len(parts))
|
|
}
|
|
for i, part := range parts {
|
|
if part == "" {
|
|
t.Fatalf("ciphertext part %d is empty", i)
|
|
}
|
|
}
|
|
}
|