huangjiajun
/
community_team
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
附近小店
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 Commits
1 Branch
2.4 MiB
Tree: 7fb014c702
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7fb014c702'
${ noResults }
community_team/app/lib/weapp/sec_check_test.go

sec_check_test.go 5.3 KiB
Raw Normal View History

1
2 months ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. package weapp

  2. 

  3. import (

  4. 	"encoding/base64"

  5. 	"encoding/json"

  6. 	"fmt"

  7. 	"io"

  8. 	"net/http"

  9. 	"net/http/httptest"

  10. 	"os"

  11. 	"path"

  12. 	"strings"

  13. 	"testing"

  14. )

  15. 

  16. func TestIMGSecCheck(t *testing.T) {

  17. 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  18. 

  19. 		if r.Method != "POST" {

  20. 			t.Fatalf("Expect 'POST' get '%s'", r.Method)

  21. 		}

  22. 

  23. 		path := r.URL.EscapedPath()

  24. 		if path != apiIMGSecCheck {

  25. 			t.Fatalf("Except to path '%s',get '%s'", apiIMGSecCheck, path)

  26. 		}

  27. 

  28. 		if err := r.ParseForm(); err != nil {

  29. 			t.Fatal(err)

  30. 		}

  31. 

  32. 		if r.Form.Get("access_token") == "" {

  33. 			t.Fatalf("access_token can not be empty")

  34. 		}

  35. 

  36. 		if _, _, err := r.FormFile("media"); err != nil {

  37. 			t.Fatal(err)

  38. 

  39. 		}

  40. 		w.WriteHeader(http.StatusOK)

  41. 		w.Header().Set("Content-Type", "application/json")

  42. 		raw := `{

  43. 			"errcode": 0,

  44. 			"errmsg": "ok"

  45. 		}`

  46. 		if _, err := w.Write([]byte(raw)); err != nil {

  47. 			t.Fatal(err)

  48. 		}

  49. 	}))

  50. 	defer ts.Close()

  51. 

  52. 	_, err := imgSecCheck(ts.URL+apiIMGSecCheck, "mock-access-token", testIMGName)

  53. 	if err != nil {

  54. 		t.Fatal(err)

  55. 	}

  56. }

  57. 

  58. func TestMediaCheckAsync(t *testing.T) {

  59. 

  60. 	localServer := http.NewServeMux()

  61. 	localServer.HandleFunc("/notify", func(w http.ResponseWriter, r *http.Request) {

  62. 		aesKey := base64.StdEncoding.EncodeToString([]byte("mock-aes-key"))

  63. 		srv, err := NewServer("mock-app-id", "mock-access-token", aesKey, "mock-mch-id", "mock-api-key", false)

  64. 		if err != nil {

  65. 			t.Fatal(err)

  66. 		}

  67. 

  68. 		srv.OnMediaCheckAsync(func(mix *MediaCheckAsyncResult) {

  69. 			if mix.ToUserName == "" {

  70. 				t.Error("ToUserName can not be empty")

  71. 			}

  72. 

  73. 			if mix.FromUserName == "" {

  74. 				t.Error("FromUserName can not be empty")

  75. 			}

  76. 			if mix.CreateTime == 0 {

  77. 				t.Error("CreateTime can not be empty")

  78. 			}

  79. 			if mix.MsgType != "event" {

  80. 				t.Error("Unexpected message type")

  81. 			}

  82. 			if mix.Event != "wxa_media_check" {

  83. 				t.Error("Unexpected message event")

  84. 			}

  85. 			if mix.AppID == "" {

  86. 				t.Error("AppID can not be empty")

  87. 			}

  88. 			if mix.TraceID == "" {

  89. 				t.Error("TraceID can not be empty")

  90. 			}

  91. 

  92. 		})

  93. 

  94. 		if err := srv.Serve(w, r); err != nil {

  95. 			t.Fatal(err)

  96. 		}

  97. 	})

  98. 

  99. 	tls := httptest.NewServer(localServer)

  100. 	defer tls.Close()

  101. 

  102. 	remoteServer := http.NewServeMux()

  103. 	remoteServer.HandleFunc(apiMediaCheckAsync, func(w http.ResponseWriter, r *http.Request) {

  104. 		if r.Method != "POST" {

  105. 			t.Fatalf("Expect 'POST' get '%s'", r.Method)

  106. 		}

  107. 

  108. 		path := r.URL.EscapedPath()

  109. 		if path != apiMediaCheckAsync {

  110. 			t.Fatalf("Except to path '%s',get '%s'", apiMediaCheckAsync, path)

  111. 		}

  112. 

  113. 		if err := r.ParseForm(); err != nil {

  114. 			t.Fatal(err)

  115. 		}

  116. 

  117. 		if r.Form.Get("access_token") == "" {

  118. 			t.Fatalf("access_token can not be empty")

  119. 		}

  120. 

  121. 		params := struct {

  122. 			MediaURL  string `json:"media_url"`

  123. 			MediaType uint8  `json:"media_type"`

  124. 		}{}

  125. 

  126. 		if err := json.NewDecoder(r.Body).Decode(&params); err != nil {

  127. 			t.Fatal(err)

  128. 		}

  129. 

  130. 		if params.MediaURL == "" {

  131. 			t.Error("Response column media_url can not be empty")

  132. 		}

  133. 

  134. 		if params.MediaType == 0 {

  135. 			t.Error("Response column media_type can not be zero")

  136. 		}

  137. 

  138. 		w.WriteHeader(http.StatusOK)

  139. 

  140. 		raw := `{

  141. 			"errcode"  : 0,

  142. 			"errmsg"   : "ok",

  143. 			"trace_id" : "967e945cd8a3e458f3c74dcb886068e9"

  144. 		}`

  145. 		if _, err := w.Write([]byte(raw)); err != nil {

  146. 			t.Fatal(err)

  147. 		}

  148. 

  149. 		raw = `{

  150. 			"ToUserName"      : "gh_38cc49f9733b",

  151. 			"FromUserName"    : "oH1fu0FdHqpToe2T6gBj0WyB8iS1",

  152. 			"CreateTime"      : 1552465698,

  153. 			"MsgType"         : "event",

  154. 			"Event"           : "wxa_media_check",

  155. 			"isrisky"         : 0,

  156. 			"extra_info_json" : "",

  157. 			"appid"           : "wxd8c59133dfcbfc71",

  158. 			"trace_id"        : "967e945cd8a3e458f3c74dcb886068e9",

  159. 			"status_code"     : 0

  160. 		 }`

  161. 		reader := strings.NewReader(raw)

  162. 		http.Post(tls.URL+"/notify", "application/json", reader)

  163. 	})

  164. 

  165. 	remoteServer.HandleFunc("/mediaurl", func(w http.ResponseWriter, r *http.Request) {

  166. 		filename := testIMGName

  167. 		file, err := os.Open(filename)

  168. 		if err != nil {

  169. 			t.Fatal((err))

  170. 		}

  171. 		defer file.Close()

  172. 

  173. 		ext := path.Ext(filename)

  174. 		ext = ext[1:len(ext)]

  175. 		w.Header().Set("Content-Type", "image/"+ext)

  176. 		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", path.Base(filename)))

  177. 		w.WriteHeader(http.StatusOK)

  178. 

  179. 		if _, err := io.Copy(w, file); err != nil {

  180. 			t.Fatal(err)

  181. 		}

  182. 	})

  183. 

  184. 	trs := httptest.NewServer(remoteServer)

  185. 	defer trs.Close()

  186. 

  187. 	_, err := mediaCheckAsync(trs.URL+apiMediaCheckAsync, "mock-access-token", trs.URL+"/mediaurl", MediaTypeImage)

  188. 	if err != nil {

  189. 		t.Fatal(err)

  190. 	}

  191. }

  192. 

  193. func TestMSGSecCheck(t *testing.T) {

  194. 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  195. 		if r.Method != "POST" {

  196. 			t.Fatalf("Expect 'POST' get '%s'", r.Method)

  197. 		}

  198. 

  199. 		path := r.URL.EscapedPath()

  200. 		if path != "/wxa/img_sec_check" {

  201. 			t.Error("Invalid request path")

  202. 		}

  203. 

  204. 		if err := r.ParseForm(); err != nil {

  205. 			t.Fatal(err)

  206. 		}

  207. 

  208. 		if r.Form.Get("access_token") == "" {

  209. 			t.Fatalf("access_token can not be empty")

  210. 		}

  211. 

  212. 		params := struct {

  213. 			Content string `json:"content"`

  214. 		}{}

  215. 

  216. 		if err := json.NewDecoder(r.Body).Decode(&params); err != nil {

  217. 			t.Fatal(err)

  218. 		}

  219. 

  220. 		if params.Content == "" {

  221. 			t.Error("Response column content can not be empty")

  222. 		}

  223. 

  224. 		w.WriteHeader(http.StatusOK)

  225. 

  226. 		raw := `{

  227. 			"errcode": 0,

  228. 			"errmsg": "ok"

  229. 		  }`

  230. 		if _, err := w.Write([]byte(raw)); err != nil {

  231. 			t.Fatal(err)

  232. 		}

  233. 	}))

  234. 	defer ts.Close()

  235. 

  236. 	_, err := msgSecCheck(ts.URL+apiIMGSecCheck, "mock-access-token", "mock-content")

  237. 	if err != nil {

  238. 		t.Fatal(err)

  239. 	}

  240. }