jim800121chen
3f0175f1a9
從 local-tool 複製出獨立的「visionA Agent」桌面應用(A3 純橋樑: tunnel client + 配對 UI + 設定,不開 HTTP port、不做本機裝置/推論 UI)。 Bundle ID 與 local-tool 不同(com.innovedus.visiona-agent vs visiona-local), 雙 app 可共存。fork 後不主動 sync,需要時手動 cherry-pick。 Backend / Wails Go(AB1-AB13): - internal/tunnel:6 狀態機(Idle/Connecting/Connected/Reconnecting/Failed/Stopped) + Pair/Unpair/Reconnect/Disconnect binding + ClientHooks event - internal/auth:encrypted file token store(AES-GCM + scrypt + machineID fallback salt + 13 tests) - internal/config:YAML validation + atomic write + 11 tests - internal/log:ring buffer + ExportLog 升級 zip - visionA-backend /api/pairing/exchange:SessionTokenStore + 17 new tests - 三平台 build 驗證(macOS DMG 160 MB / Windows EXE / Linux AppImage) - end-to-end 5 milestone 全綠(pairing → tunnel → forward → reuse 防護 → tunnel drop failover) Frontend / Next.js(AF1-AF7,沿用 visionA-frontend 基礎): - AppShell + Header + TabNav(StatusView / PairView / SettingsView 三 tab) - ConnectionStatusBadge 5 種狀態 - TokenInput regex 驗證 + 7 種錯誤 + 0.5s auto-switch 到狀態頁 - 設定頁 4 區塊(含重新配對 AlertDialog) - agent-api.ts 封裝 Wails bindings(mock/real 雙實作)+ 90 tests Phase 0.7 review-driven fix(Round 2): - A1 Session fixation 防護(RotateSessionID) - A3 mock pairing 預設改 false(必須明確 opt-in)+ startup log - A4 Pair 失敗後 state 清理矩陣(exchange/Save/Start fail 各自終態) - A5 Pair/Unpair/Reconnect lifecycleMu + 50 goroutine race test - F1 重新配對次按鈕 / F2 PairView Esc cancel / F3 Wails BrowserOpenURL / F4 Settings draft 持久 + 未儲存 badge 驗證:agent backend go test -race -count=3 ./... 4 packages 全綠 / agent frontend pnpm test 119 tests 全綠 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
39 lines
1.0 KiB
Go
39 lines
1.0 KiB
Go
package ws
|
||
|
||
import (
|
||
"net/http"
|
||
"testing"
|
||
)
|
||
|
||
// TestCheckOrigin 驗證 WebSocket upgrade 的 origin 白名單(M8-8 / TDD §5)。
|
||
func TestCheckOrigin(t *testing.T) {
|
||
cases := []struct {
|
||
name string
|
||
origin string
|
||
want bool
|
||
}{
|
||
{"empty same-origin", "", true},
|
||
{"loopback 127.0.0.1", "http://127.0.0.1:3721", true},
|
||
{"loopback localhost", "http://localhost:3000", true},
|
||
{"loopback ipv6", "http://[::1]:3721", true},
|
||
{"https 不允許", "https://127.0.0.1:3721", false},
|
||
{"非 loopback hostname", "http://192.168.1.5:3721", false},
|
||
{"惡意網站", "http://evil.com", false},
|
||
{"null origin", "null", false},
|
||
{"suffix 攻擊", "http://127.0.0.1.evil.com", false},
|
||
}
|
||
|
||
for _, tc := range cases {
|
||
t.Run(tc.name, func(t *testing.T) {
|
||
req, _ := http.NewRequest(http.MethodGet, "http://127.0.0.1:3721/ws/devices/events", nil)
|
||
if tc.origin != "" {
|
||
req.Header.Set("Origin", tc.origin)
|
||
}
|
||
got := CheckOrigin(req)
|
||
if got != tc.want {
|
||
t.Errorf("CheckOrigin(%q) = %v, want %v", tc.origin, got, tc.want)
|
||
}
|
||
})
|
||
}
|
||
}
|