nacadmin
/
NAC_Blockchain
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NAC_Blockchain/ops/nac-admin/server/secrets.test.ts

80 lines
3.1 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* 密钥安全管理模块测试
* 验证密钥必须来自环境变量缺失时拒绝启动绝不使用硬编码fallback
*/
import { describe, it, expect, beforeEach, afterEach } from "vitest";
describe("secrets - 密钥安全管理", () => {
const originalEnv = { ...process.env };
afterEach(() => {
// 恢复环境变量
process.env = { ...originalEnv };
});
it("所有必要密钥已配置时validateSecrets应通过", async () => {
process.env.NAC_MYSQL_URL = "mysql://user:pass@host:3306/db";
process.env.NAC_MONGO_URL = "mongodb://user:pass@host:27017/db";
process.env.NAC_JWT_SECRET = "test-jwt-secret-at-least-32-chars-long";
const { validateSecrets } = await import("./secrets");
expect(() => validateSecrets()).not.toThrow();
});
it("NAC_MYSQL_URL缺失时validateSecrets应抛出错误", async () => {
delete process.env.NAC_MYSQL_URL;
process.env.NAC_MONGO_URL = "mongodb://user:pass@host:27017/db";
process.env.NAC_JWT_SECRET = "test-jwt-secret-at-least-32-chars-long";
// 动态重新导入以绕过模块缓存
const mod = await import("./secrets?t=" + Date.now());
expect(() => mod.validateSecrets()).toThrow(/NAC_MYSQL_URL/);
});
it("NAC_MONGO_URL缺失时validateSecrets应抛出错误", async () => {
process.env.NAC_MYSQL_URL = "mysql://user:pass@host:3306/db";
delete process.env.NAC_MONGO_URL;
process.env.NAC_JWT_SECRET = "test-jwt-secret-at-least-32-chars-long";
const mod = await import("./secrets?t=" + Date.now());
expect(() => mod.validateSecrets()).toThrow(/NAC_MONGO_URL/);
});
it("NAC_JWT_SECRET缺失时validateSecrets应抛出错误", async () => {
process.env.NAC_MYSQL_URL = "mysql://user:pass@host:3306/db";
process.env.NAC_MONGO_URL = "mongodb://user:pass@host:27017/db";
delete process.env.NAC_JWT_SECRET;
const mod = await import("./secrets?t=" + Date.now());
expect(() => mod.validateSecrets()).toThrow(/NAC_JWT_SECRET/);
});
it("getNacMysqlUrl在密钥未配置时应抛出错误而非返回硬编码值", async () => {
delete process.env.NAC_MYSQL_URL;
const mod = await import("./secrets?t=" + Date.now());
expect(() => mod.getNacMysqlUrl()).toThrow(/NAC_MYSQL_URL/);
});
it("getNacJwtSecret在密钥未配置时应抛出错误而非返回硬编码值", async () => {
delete process.env.NAC_JWT_SECRET;
const mod = await import("./secrets?t=" + Date.now());
expect(() => mod.getNacJwtSecret()).toThrow(/NAC_JWT_SECRET/);
});
it("密钥值不应出现在错误消息中(防止密钥泄露)", async () => {
const secretValue = "super-secret-password-12345";
process.env.NAC_MYSQL_URL = `mysql://user:${secretValue}@host:3306/db`;
delete process.env.NAC_MONGO_URL;
process.env.NAC_JWT_SECRET = "test-secret";
const mod = await import("./secrets?t=" + Date.now());
try {
mod.validateSecrets();
} catch (e) {
const errorMsg = (e as Error).message;
// 错误消息中不应包含任何密钥值
expect(errorMsg).not.toContain(secretValue);
}
});
});
Reference in New Issue View Git Blame Copy Permalink