fix: 修复 GitHub actiosn BackEnd UnitTest 执行失败

[vaebe]

PR

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our Commit Message Guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• Other... Please describe:

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• Yes
• No

Other information

Summary by CodeRabbit

• Refactor

  • Reorganized server configuration initialization logic with improved validation checks.
  • Improved authentication token management mechanism.

• Tests

  • Updated authentication tests to reflect token handling improvements.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request refactors initialization code in src/lib/init.ts with configuration validation and editor API consistency improvements, updates test mocks in the NestJS authentication module to use a new getTokenByJti method, and applies minor formatting adjustments across files.

Changes

Cohort / File(s)	Summary
Initialization & Configuration src/lib/init.ts	Refactored Spring Boot server configuration block with existence check guard before reading and updating properties file. Reorganized editor API calls into a cohesive flow. Minor formatting adjustments to log messages and destructured variable spacing.
Interface Definitions src/lib/interfaces.ts	Added trailing comma to SpringBoot enum member in ServerFrameworks for consistent formatting.
NestJS Authentication Tests template/nestJs/src/auth/__tests__/auth.service.spec.ts	Updated logout flow test to use new getTokenByJti(uid, jti, type) method from TokenService mock instead of previous token deletion approach. Added test expectations for getTokenByJti invocation and updated revokeToken call sequence.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A cleanup hops through files so neat,
Guards protect what should complete,
Tests now dance the token way,
Formatting shines bright today,
Refactored code—a job so sweet! 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title mentions fixing GitHub Actions BackEnd unit test failures, which aligns with the test changes in the PR (auth service test spec updates), but uses mixed Chinese-English phrasing and contains a typo ('actiosn' instead of 'actions').
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/init.ts (1)

241-249: Remove duplicate existence check.

Lines 246-249 are an exact duplicate of the check at lines 241-244. This appears to be a copy-paste error.

🔧 Proposed fix

     if (!existsSync(propertiesFilePath)) {
       log.error(`❌ 未找到 Spring Boot 配置文件：${propertiesFilePath}`);
       return;
     }
 
-    if (!existsSync(propertiesFilePath)) {
-      log.error(`❌ 未找到 Spring Boot 配置文件：${propertiesFilePath}`);
-      return;
-    }
-
     // ✅ 1. 使用 createEditor 读取 properties 文件
     const editor = createEditor(propertiesFilePath);

🤖 Fix all issues with AI agents

In `@src/lib/init.ts`:
- Around line 312-314: Replace the hardcoded weak JWT secret used in
editor.set('jwt.secret', '0Zi4SA==') with the stronger secret provided by
config.AUTH_SECRET; if config.AUTH_SECRET is not set, generate a
cryptographically secure 32-byte (256-bit) secret (e.g., from
crypto.randomBytes(32) and base64-encode it) and persist that value to
editor.set('jwt.secret', <secureSecret>), ensuring you do not commit any
generated secret to source control.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Hardcoded weak JWT secret poses a security risk.

The JWT secret '0Zi4SA==' is hardcoded and extremely weak (only ~4 bytes of entropy when base64 decoded). Consider:

1. Generating a stronger default secret (at least 32 bytes / 256 bits)
2. Using config.AUTH_SECRET which is already defined in the config object at line 225

🔒 Proposed fix using existing config

     // JWT
-    editor.set('jwt.secret', '0Zi4SA==');
+    editor.set('jwt.secret', config.AUTH_SECRET);

Additionally, consider generating a more secure default secret:

-      AUTH_SECRET: 'secret',
+      AUTH_SECRET: require('crypto').randomBytes(32).toString('base64'),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// JWT
	editor.set('jwt.secret', '0Zi4SA==');
	// JWT
	editor.set('jwt.secret', config.AUTH_SECRET);

🤖 Prompt for AI Agents

In `@src/lib/init.ts` around lines 312 - 314, Replace the hardcoded weak JWT
secret used in editor.set('jwt.secret', '0Zi4SA==') with the stronger secret
provided by config.AUTH_SECRET; if config.AUTH_SECRET is not set, generate a
cryptographically secure 32-byte (256-bit) secret (e.g., from
crypto.randomBytes(32) and base64-encode it) and persist that value to
editor.set('jwt.secret', <secureSecret>), ensuring you do not commit any
generated secret to source control.