Merge pull request #118 from xunxun1982/xxdev

feat: 站点管理签到支持多认证方式

Author: xunxun1982

internal/sitemanagement/auth_config.go

@@ -0,0 +1,99 @@
+package sitemanagement
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+// AuthConfig represents parsed authentication configuration with multiple auth methods.
+// Supports both legacy single-auth format and new multi-auth format.
+type AuthConfig struct {
+	// AuthTypes contains the list of authentication types to try (e.g., ["access_token", "cookie"])
+	AuthTypes []string
+	// AuthValues maps auth type to its value (e.g., {"access_token": "xxx", "cookie": "yyy"})
+	AuthValues map[string]string
+}
+
+// parseAuthConfig parses auth_type and auth_value fields into AuthConfig.
+// Supports both legacy single-auth format and new multi-auth JSON format.
+//
+// Legacy format (backward compatible):
+//   - auth_type: "access_token" or "cookie" or "none"
+//   - auth_value: single encrypted value
+//
+// New format (multi-auth):
+//   - auth_type: "access_token,cookie" (comma-separated)
+//   - auth_value: JSON string {"access_token":"xxx","cookie":"yyy"}
+//
+// Returns AuthConfig with parsed types and values.
+// If auth_type is "none" or empty, returns empty config.
+func parseAuthConfig(authType, decryptedAuthValue string) AuthConfig {
+	config := AuthConfig{
+		AuthTypes:  []string{},
+		AuthValues: make(map[string]string),
+	}
+
+	// Parse auth types (comma-separated)
+	authType = strings.TrimSpace(authType)
+	if authType == "" || authType == AuthTypeNone {
+		return config
+	}
+
+	for _, t := range strings.Split(authType, ",") {
+		t = strings.TrimSpace(t)
+		if t != "" && t != AuthTypeNone {
+			config.AuthTypes = append(config.AuthTypes, t)
+		}
+	}
+
+	if len(config.AuthTypes) == 0 {
+		return config
+	}
+
+	// Parse auth values
+	decryptedAuthValue = strings.TrimSpace(decryptedAuthValue)
+	if decryptedAuthValue == "" {
+		return config
+	}
+
+	// Try to parse as JSON (new multi-auth format)
+	var jsonValues map[string]string
+	if err := json.Unmarshal([]byte(decryptedAuthValue), &jsonValues); err == nil {
+		// Successfully parsed as JSON - only keep values for configured auth types
+		for _, t := range config.AuthTypes {
+			if v, ok := jsonValues[t]; ok {
+				config.AuthValues[t] = v
+			}
+		}
+		return config
+	}
+
+	// Fallback to legacy single-auth format
+	// Assign the raw value to the first auth type as a legacy fallback.
+	// If multiple types were configured but the value isn't JSON, this is
+	// a best-effort recovery - only the first type gets a credential.
+	config.AuthValues[config.AuthTypes[0]] = decryptedAuthValue
+
+	return config
+}
+
+// HasAuthType checks if the config contains the specified auth type.
+func (c *AuthConfig) HasAuthType(authType string) bool {
+	for _, t := range c.AuthTypes {
+		if t == authType {
+			return true
+		}
+	}
+	return false
+}
+
+// GetAuthValue returns the auth value for the specified type.
+// Returns empty string if the type is not found.
+func (c *AuthConfig) GetAuthValue(authType string) string {
+	return c.AuthValues[authType]
+}
+
+// IsEmpty returns true if the config has no auth types.
+func (c *AuthConfig) IsEmpty() bool {
+	return len(c.AuthTypes) == 0
+}

internal/sitemanagement/auth_config_test.go

@@ -0,0 +1,260 @@
+package sitemanagement
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParseAuthConfig_LegacySingleAuth(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name              string
+		authType          string
+		decryptedValue    string
+		expectedTypes     []string
+		expectedValues    map[string]string
+		expectedIsEmpty   bool
+		expectedHasAccess bool
+		expectedHasCookie bool
+	}{
+		{
+			name:              "legacy access_token",
+			authType:          "access_token",
+			decryptedValue:    "sk-1234567890",
+			expectedTypes:     []string{"access_token"},
+			expectedValues:    map[string]string{"access_token": "sk-1234567890"},
+			expectedIsEmpty:   false,
+			expectedHasAccess: true,
+			expectedHasCookie: false,
+		},
+		{
+			name:              "legacy cookie",
+			authType:          "cookie",
+			decryptedValue:    "session=abc123; token=xyz",
+			expectedTypes:     []string{"cookie"},
+			expectedValues:    map[string]string{"cookie": "session=abc123; token=xyz"},
+			expectedIsEmpty:   false,
+			expectedHasAccess: false,
+			expectedHasCookie: true,
+		},
+		{
+			name:              "none auth type",
+			authType:          "none",
+			decryptedValue:    "",
+			expectedTypes:     []string{},
+			expectedValues:    map[string]string{},
+			expectedIsEmpty:   true,
+			expectedHasAccess: false,
+			expectedHasCookie: false,
+		},
+		{
+			name:              "empty auth type",
+			authType:          "",
+			decryptedValue:    "some-value",
+			expectedTypes:     []string{},
+			expectedValues:    map[string]string{},
+			expectedIsEmpty:   true,
+			expectedHasAccess: false,
+			expectedHasCookie: false,
+		},
+		{
+			name:              "empty value",
+			authType:          "access_token",
+			decryptedValue:    "",
+			expectedTypes:     []string{"access_token"},
+			expectedValues:    map[string]string{},
+			expectedIsEmpty:   false,
+			expectedHasAccess: true,
+			expectedHasCookie: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			config := parseAuthConfig(tt.authType, tt.decryptedValue)
+
+			assert.Equal(t, tt.expectedTypes, config.AuthTypes)
+			assert.Equal(t, tt.expectedValues, config.AuthValues)
+			assert.Equal(t, tt.expectedIsEmpty, config.IsEmpty())
+			assert.Equal(t, tt.expectedHasAccess, config.HasAuthType("access_token"))
+			assert.Equal(t, tt.expectedHasCookie, config.HasAuthType("cookie"))
+
+			// Test GetAuthValue
+			for authType, expectedValue := range tt.expectedValues {
+				assert.Equal(t, expectedValue, config.GetAuthValue(authType))
+			}
+		})
+	}
+}
+
+func TestParseAuthConfig_MultiAuth(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name              string
+		authType          string
+		decryptedValue    string
+		expectedTypes     []string
+		expectedValues    map[string]string
+		expectedIsEmpty   bool
+		expectedHasAccess bool
+		expectedHasCookie bool
+	}{
+		{
+			name:     "multi-auth with both access_token and cookie",
+			authType: "access_token,cookie",
+			decryptedValue: func() string {
+				data := map[string]string{
+					"access_token": "sk-1234567890",
+					"cookie":       "session=abc123; cf_clearance=xyz",
+				}
+				b, _ := json.Marshal(data)
+				return string(b)
+			}(),
+			expectedTypes: []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "sk-1234567890",
+				"cookie":       "session=abc123; cf_clearance=xyz",
+			},
+			expectedIsEmpty:   false,
+			expectedHasAccess: true,
+			expectedHasCookie: true,
+		},
+		{
+			name:     "multi-auth with spaces in auth_type",
+			authType: " access_token , cookie ",
+			decryptedValue: func() string {
+				data := map[string]string{
+					"access_token": "sk-test",
+					"cookie":       "session=test",
+				}
+				b, _ := json.Marshal(data)
+				return string(b)
+			}(),
+			expectedTypes: []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "sk-test",
+				"cookie":       "session=test",
+			},
+			expectedIsEmpty:   false,
+			expectedHasAccess: true,
+			expectedHasCookie: true,
+		},
+		{
+			name:     "multi-auth with only one value in JSON",
+			authType: "access_token,cookie",
+			decryptedValue: func() string {
+				data := map[string]string{
+					"access_token": "sk-only-token",
+				}
+				b, _ := json.Marshal(data)
+				return string(b)
+			}(),
+			expectedTypes: []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "sk-only-token",
+			},
+			expectedIsEmpty:   false,
+			expectedHasAccess: true,
+			expectedHasCookie: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			config := parseAuthConfig(tt.authType, tt.decryptedValue)
+
+			assert.Equal(t, tt.expectedTypes, config.AuthTypes)
+			assert.Equal(t, tt.expectedValues, config.AuthValues)
+			assert.Equal(t, tt.expectedIsEmpty, config.IsEmpty())
+			assert.Equal(t, tt.expectedHasAccess, config.HasAuthType("access_token"))
+			assert.Equal(t, tt.expectedHasCookie, config.HasAuthType("cookie"))
+
+			// Test GetAuthValue
+			for authType, expectedValue := range tt.expectedValues {
+				assert.Equal(t, expectedValue, config.GetAuthValue(authType))
+			}
+		})
+	}
+}
+
+func TestParseAuthConfig_EdgeCases(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name           string
+		authType       string
+		decryptedValue string
+		expectedTypes  []string
+		expectedValues map[string]string
+	}{
+		{
+			name:           "auth_type with none mixed in",
+			authType:       "access_token,none,cookie",
+			decryptedValue: `{"access_token":"sk-test","cookie":"session=test"}`,
+			expectedTypes:  []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "sk-test",
+				"cookie":       "session=test",
+			},
+		},
+		{
+			name:           "invalid JSON fallback to first auth type",
+			authType:       "access_token,cookie",
+			decryptedValue: "not-a-json-value",
+			expectedTypes:  []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "not-a-json-value",
+			},
+		},
+		{
+			name:           "empty JSON object",
+			authType:       "access_token,cookie",
+			decryptedValue: "{}",
+			expectedTypes:  []string{"access_token", "cookie"},
+			expectedValues: map[string]string{},
+		},
+		{
+			name:           "multi-auth with empty value",
+			authType:       "access_token,cookie",
+			decryptedValue: "",
+			expectedTypes:  []string{"access_token", "cookie"},
+			expectedValues: map[string]string{},
+		},
+		{
+			name:           "only whitespace in auth_type",
+			authType:       "  ,  ,  ",
+			decryptedValue: "some-value",
+			expectedTypes:  []string{},
+			expectedValues: map[string]string{},
+		},
+		{
+			name:           "auth_type with trailing comma",
+			authType:       "access_token,cookie,",
+			decryptedValue: `{"access_token":"sk-test","cookie":"session=test"}`,
+			expectedTypes:  []string{"access_token", "cookie"},
+			expectedValues: map[string]string{
+				"access_token": "sk-test",
+				"cookie":       "session=test",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			config := parseAuthConfig(tt.authType, tt.decryptedValue)
+
+			assert.Equal(t, tt.expectedTypes, config.AuthTypes)
+			assert.Equal(t, tt.expectedValues, config.AuthValues)
+		})
+	}
+}