backend/tests/unit/test_settings_supabase_env.py

from __future__ import annotations

import pytest
from pydantic import ValidationError
from pytest import MonkeyPatch

from core.config.settings import Settings, SupabaseSettings


def test_social_prefixed_supabase_env_populates_settings(
    monkeypatch: MonkeyPatch,
) -> None:
    monkeypatch.setenv("SOCIAL_SUPABASE__PUBLIC_URL", "https://public.example:8443")
    monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")
    monkeypatch.setenv("SOCIAL_DATABASE__HOST", "db")
    monkeypatch.setenv("SOCIAL_DATABASE__PORT", "5432")
    monkeypatch.setenv("SOCIAL_DATABASE__NAME", "app")
    monkeypatch.setenv("SOCIAL_DATABASE__USER", "user")
    monkeypatch.setenv("SOCIAL_DATABASE__PASSWORD", "pass")

    settings = Settings()

    assert str(settings.supabase.public_url) == "https://public.example:8443/"
    assert settings.supabase.anon_key == "anon-key"
    assert settings.supabase.service_role_key == "service-key"
    assert settings.supabase.jwt_secret is not None
    assert settings.supabase.jwt_secret.get_secret_value() == "jwt-secret"
    assert settings.supabase.jwt_algorithm == "HS256"

    supabase_settings = settings.model_dump()["supabase"]
    assert str(supabase_settings["public_url"]) == "https://public.example:8443/"
    assert supabase_settings["anon_key"] == "anon-key"
    assert supabase_settings["service_role_key"] == "service-key"
    assert "jwt_secret" not in supabase_settings
    assert "public_scheme" not in supabase_settings
    assert "public_host" not in supabase_settings
    assert "kong_http_port" not in supabase_settings
    assert settings.database_url == "postgresql+asyncpg://user:pass@db:5432/app"


def test_cloud_supabase_env_populates_settings(monkeypatch: MonkeyPatch) -> None:
    monkeypatch.setenv(
        "SOCIAL_SUPABASE__PUBLIC_URL", "https://project.example.supabase.co"
    )
    monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")

    settings = Settings()

    assert str(settings.supabase.public_url) == "https://project.example.supabase.co/"
    assert settings.supabase.jwt_algorithm == "HS256"
    assert settings.supabase.jwt_issuer == "https://project.example.supabase.co/auth/v1"

    supabase_settings = settings.model_dump()["supabase"]
    assert "jwt_secret" not in supabase_settings


def test_missing_public_url_raises_validation_error() -> None:
    with pytest.raises(ValidationError) as exc_info:
        SupabaseSettings()

    assert "public_url" in str(exc_info.value)


def test_public_url_with_trailing_slash_normalizes_correctly(
    monkeypatch: MonkeyPatch,
) -> None:
    monkeypatch.setenv("SOCIAL_SUPABASE__PUBLIC_URL", "https://example.supabase.co/")
    monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")
    monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")
    monkeypatch.setenv("SOCIAL_DATABASE__HOST", "db")
    monkeypatch.setenv("SOCIAL_DATABASE__PORT", "5432")
    monkeypatch.setenv("SOCIAL_DATABASE__NAME", "app")
    monkeypatch.setenv("SOCIAL_DATABASE__USER", "user")
    monkeypatch.setenv("SOCIAL_DATABASE__PASSWORD", "pass")

    settings = Settings()

    assert settings.supabase.jwt_issuer == "https://example.supabase.co/auth/v1"
    assert settings.supabase.url == "https://example.supabase.co/"
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`from __future__ import annotations`

refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`import pytest`
			`from pydantic import ValidationError`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`from pytest import MonkeyPatch`

refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`from core.config.settings import Settings, SupabaseSettings`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00

			`def test_social_prefixed_supabase_env_populates_settings(`
			`monkeypatch: MonkeyPatch,`
			`) -> None:`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`monkeypatch.setenv("SOCIAL_SUPABASE__PUBLIC_URL", "https://public.example:8443")`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")`
fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`monkeypatch.setenv("SOCIAL_DATABASE__HOST", "db")`
			`monkeypatch.setenv("SOCIAL_DATABASE__PORT", "5432")`
			`monkeypatch.setenv("SOCIAL_DATABASE__NAME", "app")`
			`monkeypatch.setenv("SOCIAL_DATABASE__USER", "user")`
			`monkeypatch.setenv("SOCIAL_DATABASE__PASSWORD", "pass")`

			`settings = Settings()`

refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`assert str(settings.supabase.public_url) == "https://public.example:8443/"`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`assert settings.supabase.anon_key == "anon-key"`
			`assert settings.supabase.service_role_key == "service-key"`
fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00			`assert settings.supabase.jwt_secret is not None`
			`assert settings.supabase.jwt_secret.get_secret_value() == "jwt-secret"`
			`assert settings.supabase.jwt_algorithm == "HS256"`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00
			`supabase_settings = settings.model_dump()["supabase"]`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`assert str(supabase_settings["public_url"]) == "https://public.example:8443/"`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`assert supabase_settings["anon_key"] == "anon-key"`
			`assert supabase_settings["service_role_key"] == "service-key"`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`assert "jwt_secret" not in supabase_settings`
			`assert "public_scheme" not in supabase_settings`
			`assert "public_host" not in supabase_settings`
			`assert "kong_http_port" not in supabase_settings`
refactor: align backend layout and supabase infra 2026-02-05 15:13:06 +08:00			`assert settings.database_url == "postgresql+asyncpg://user:pass@db:5432/app"`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00

			`def test_cloud_supabase_env_populates_settings(monkeypatch: MonkeyPatch) -> None:`
			`monkeypatch.setenv(`
			`"SOCIAL_SUPABASE__PUBLIC_URL", "https://project.example.supabase.co"`
			`)`
			`monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")`
fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00
			`settings = Settings()`

			`assert str(settings.supabase.public_url) == "https://project.example.supabase.co/"`
fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00			`assert settings.supabase.jwt_algorithm == "HS256"`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`assert settings.supabase.jwt_issuer == "https://project.example.supabase.co/auth/v1"`

			`supabase_settings = settings.model_dump()["supabase"]`
			`assert "jwt_secret" not in supabase_settings`


			`def test_missing_public_url_raises_validation_error() -> None:`
			`with pytest.raises(ValidationError) as exc_info:`
			`SupabaseSettings()`

			`assert "public_url" in str(exc_info.value)`


			`def test_public_url_with_trailing_slash_normalizes_correctly(`
			`monkeypatch: MonkeyPatch,`
			`) -> None:`
			`monkeypatch.setenv("SOCIAL_SUPABASE__PUBLIC_URL", "https://example.supabase.co/")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")`
fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")`
			`monkeypatch.setenv("SOCIAL_SUPABASE__JWT_ALGORITHM", "HS256")`
refactor: 迁移本地 Supabase 到云端，使用 JWKS 进行 JWT 验证 2026-03-09 18:03:04 +08:00			`monkeypatch.setenv("SOCIAL_DATABASE__HOST", "db")`
			`monkeypatch.setenv("SOCIAL_DATABASE__PORT", "5432")`
			`monkeypatch.setenv("SOCIAL_DATABASE__NAME", "app")`
			`monkeypatch.setenv("SOCIAL_DATABASE__USER", "user")`
			`monkeypatch.setenv("SOCIAL_DATABASE__PASSWORD", "pass")`

			`settings = Settings()`

			`assert settings.supabase.jwt_issuer == "https://example.supabase.co/auth/v1"`
			`assert settings.supabase.url == "https://example.supabase.co/"`