qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 增强云端 Supabase 认证可靠性,修复验证码失败可观测性

Browse Source 
- JWT 验证器新增 apikey 参数,支持云端 JWKS 认证头
- Auth 网关新增上游超时/错误映射为 503 状态码
- Auth 网关新增重定向 URL 校验,阻断开放重定向风险
- 用户依赖传递 anon_key 给 JWT 验证器
- 新增相关单元测试覆盖 JWKS 头、503 映射、重定向校验
- 新增实现计划文档
This commit is contained in:
zl-q
2026-03-10 09:11:27 +08:00
parent 6fe2e7b6c3
commit c9a2c75c35
10 changed files with 384 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/unit/services/base/test_supabase_service.py
+18 -6
View File
@@ -11,7 +11,9 @@ from services.base.supabase import SupabaseService
@pytest.mark.asyncio
async def test_initialize_success(monkeypatch: pytest.MonkeyPatch) -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
anon_client = MagicMock()
admin_client = MagicMock()
@@ -34,7 +36,9 @@ async def test_initialize_success(monkeypatch: pytest.MonkeyPatch) -> None:
@pytest.mark.asyncio
async def test_initialize_failure(monkeypatch: pytest.MonkeyPatch) -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
def _fake_create_client(_: str, __: str) -> object:
raise RuntimeError("boom")
@@ -51,7 +55,9 @@ async def test_initialize_failure(monkeypatch: pytest.MonkeyPatch) -> None:
@pytest.mark.asyncio
async def test_close_clears_clients(monkeypatch: pytest.MonkeyPatch) -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
def _fake_create_client(_: str, __: str) -> object:
return MagicMock()
@@ -69,7 +75,9 @@ async def test_close_clears_clients(monkeypatch: pytest.MonkeyPatch) -> None:
@pytest.mark.asyncio
async def test_health_check_uninitialized() -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
health = await service.health_check()
@@ -78,7 +86,9 @@ async def test_health_check_uninitialized() -> None:
@pytest.mark.asyncio
async def test_health_check_initialized(monkeypatch: pytest.MonkeyPatch) -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
anon_client = MagicMock()
anon_client.auth.get_session = MagicMock(return_value=None)
@@ -103,7 +113,9 @@ async def test_health_check_initialized(monkeypatch: pytest.MonkeyPatch) -> None
def test_get_client_raises_before_init() -> None:
service = SupabaseService(settings=SupabaseSettings())
service = SupabaseService(
settings=SupabaseSettings(public_url="https://test.supabase.co")
)
with pytest.raises(RuntimeError):
service.get_client()