refactor: 移除前端 Mock API，新增共享组件，优化认证流程

- 删除 mock_api_client、mock_calendar_service、mock_history_service - 新增 fixed_length_code_input、link_button、message_composer 共享组件 - 优化登录/注册/密码重置页面使用新组件 - 简化 injection.dart 移除 mock 分支 - 更新 env.dart 配置（BACKEND_URL 替换 API_URL） - 后端 agentscope 工具和测试更新 - 重构 AGENTS.md 文档结构 - 新增 deploy/ 目录和 protocol 文档
2026-03-12 16:41:45 +08:00
parent d7fbb74bf8
commit 01c36eb32e
70 changed files with 5138 additions and 5829 deletions
@@ -5,6 +5,7 @@ from types import SimpleNamespace
 from uuid import uuid4

 from ag_ui.core import RunAgentInput
+from fastapi import HTTPException
 from fastapi.testclient import TestClient

 from app import app
@@ -150,6 +151,7 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
    app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
    client = TestClient(app)
    original_allow_run = agent_router._allow_run_request
+    original_verify_token = agent_router._verified_access_token_for_user

    async def _allow_run(*, user_id: str) -> bool:
        del user_id
@@ -157,6 +159,13 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:

    agent_router._allow_run_request = _allow_run  # type: ignore[assignment]

+    def _verify_token(**kwargs: object) -> str:
+        if kwargs.get("authorization"):
+            return "token-ok"
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    agent_router._verified_access_token_for_user = _verify_token  # type: ignore[assignment]
+
    try:
        unauthorized = client.post(
            "/api/v1/agent/runs",
@@ -177,6 +186,7 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
        )
        authorized = client.post(
            "/api/v1/agent/runs",
+            headers={"Authorization": "Bearer token-ok"},
            json={
                "threadId": "00000000-0000-0000-0000-000000000001",
                "runId": "run-1",
@@ -192,8 +202,23 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
        assert authorized.json()["threadId"] == "00000000-0000-0000-0000-000000000001"
        assert authorized.json()["runId"] == "run-1"
        assert authorized.json()["created"] is False
+
+        missing_header = client.post(
+            "/api/v1/agent/runs",
+            json={
+                "threadId": "00000000-0000-0000-0000-000000000001",
+                "runId": "run-2",
+                "state": {},
+                "messages": [{"id": "u2", "role": "user", "content": "hello"}],
+                "tools": [],
+                "context": [],
+                "forwardedProps": {},
+            },
+        )
+        assert missing_header.status_code == 401
    finally:
        agent_router._allow_run_request = original_allow_run  # type: ignore[assignment]
+        agent_router._verified_access_token_for_user = original_verify_token  # type: ignore[assignment]
        app.dependency_overrides = {}


@@ -390,10 +415,19 @@ def test_resume_accepts_tool_message_without_user_message() -> None:
        id=uuid4(), email="user@example.com"
    )
    client = TestClient(app)
+    original_verify_token = agent_router._verified_access_token_for_user
+
+    def _verify_token(**kwargs: object) -> str:
+        if kwargs.get("authorization"):
+            return "token-ok"
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    agent_router._verified_access_token_for_user = _verify_token  # type: ignore[assignment]

    try:
        response = client.post(
            "/api/v1/agent/runs/00000000-0000-0000-0000-000000000001/resume",
+            headers={"Authorization": "Bearer token-ok"},
            json={
                "threadId": "00000000-0000-0000-0000-000000000001",
                "runId": "run-resume-1",
@@ -413,7 +447,29 @@ def test_resume_accepts_tool_message_without_user_message() -> None:
        )
        assert response.status_code == 202
        assert response.json()["taskId"] == "task-resume-1"
+
+        missing_header = client.post(
+            "/api/v1/agent/runs/00000000-0000-0000-0000-000000000001/resume",
+            json={
+                "threadId": "00000000-0000-0000-0000-000000000001",
+                "runId": "run-resume-2",
+                "state": {},
+                "messages": [
+                    {
+                        "id": "tool-2",
+                        "role": "tool",
+                        "toolCallId": "call-2",
+                        "content": '{"toolName":"navigate_to_route","toolArgs":{"target":"/calendar/dayweek"},"nonce":"n2","result":{"ok":true}}',
+                    }
+                ],
+                "tools": [],
+                "context": [],
+                "forwardedProps": {},
+            },
+        )
+        assert missing_header.status_code == 401
    finally:
+        agent_router._verified_access_token_for_user = original_verify_token  # type: ignore[assignment]
        app.dependency_overrides = {}