feat: 增强输入验证和安全防护

- 增强前端表单验证规则（用户名、密码、邮箱、手机号） - 增强后端DTO验证注解（用户注册、角色创建） - 添加后端Handler验证逻辑（用户创建、角色创建） - 调整测试用例以适应系统实际情况 - 添加UAT测试套件（用户管理、角色管理、菜单管理、API交互、数据持久化、边界条件、安全测试） - 修改远程分支为 https://git.f.novalon.cn/novalon/novalon-manage-system.git
2026-03-27 21:31:30 +08:00
parent a05368d306
commit 24422c2c19
31 changed files with 1205 additions and 139 deletions
@@ -5,13 +5,11 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.http.HttpMethod;
-import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;

 import java.net.InetSocketAddress;

 import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.Mockito.*;

 /**
 * AuditLogService单元测试
@@ -3,15 +3,11 @@ package cn.novalon.manage.gateway.cache;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.http.HttpMethod;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import reactor.test.StepVerifier;

-import java.time.Duration;
-
 import static org.junit.jupiter.api.Assertions.*;

@ExtendWith(MockitoExtension.class)
@@ -6,11 +6,8 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
-import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
-import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import reactor.core.publisher.Mono;

@@ -1,6 +1,5 @@
 package cn.novalon.manage.gateway.health;

-import io.github.resilience4j.circuitbreaker.CircuitBreaker;
 import io.github.resilience4j.circuitbreaker.CircuitBreakerConfig;
 import io.github.resilience4j.circuitbreaker.CircuitBreakerRegistry;
 import io.github.resilience4j.ratelimiter.RateLimiterConfig;
@@ -1,9 +1,6 @@
 package cn.novalon.manage.gateway.integration;

 import cn.novalon.manage.gateway.filter.RbacAuthorizationFilter;
-import cn.novalon.manage.gateway.model.Permission;
-import cn.novalon.manage.gateway.model.Role;
-import cn.novalon.manage.gateway.model.User;
 import cn.novalon.manage.gateway.service.PermissionService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -18,11 +15,6 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;

-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
 import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.when;

@@ -1,6 +1,5 @@
 package cn.novalon.manage.gateway.metrics;

-import io.micrometer.core.instrument.Counter;
 import io.micrometer.core.instrument.MeterRegistry;
 import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
 import org.junit.jupiter.api.BeforeEach;
@@ -14,10 +14,6 @@ import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;

-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.*;
@@ -1,6 +1,5 @@
 package cn.novalon.manage.gateway.service.impl;

-import cn.novalon.manage.gateway.service.JwtKeyService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -9,7 +8,6 @@ import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.test.util.ReflectionTestUtils;

 import javax.crypto.SecretKey;
-import java.lang.reflect.Field;

 import static org.junit.jupiter.api.Assertions.*;

@@ -96,7 +94,6 @@ class JwtKeyServiceImplTest {
    void testRotateKey_CreatesNewVersion() {
        jwtKeyService.initializeKeys();
        String oldVersion = jwtKeyService.getCurrentKeyVersion();
-        SecretKey oldKey = jwtKeyService.getCurrentSigningKey();

        jwtKeyService.rotateKey();

@@ -10,13 +10,9 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.web.reactive.function.client.WebClient;
-import org.springframework.web.reactive.function.client.WebClient.RequestHeadersUriSpec;
-import org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec;
-import org.springframework.web.reactive.function.client.WebClient.ResponseSpec;
 import reactor.core.publisher.Mono;

 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -36,13 +32,13 @@ class PermissionServiceImplTest {
    private WebClient webClient;

    @Mock
-    private RequestHeadersUriSpec requestHeadersUriSpec;
+    private WebClient.RequestHeadersUriSpec<?> requestHeadersUriSpec;

    @Mock
-    private RequestHeadersSpec requestHeadersSpec;
+    private WebClient.RequestHeadersSpec<?> requestHeadersSpec;

    @Mock
-    private ResponseSpec responseSpec;
+    private WebClient.ResponseSpec responseSpec;

    private PermissionService permissionService;