feat: 实现微信小程序后端接口与用户认证系统

新增微信登录/注册合一接口、资料完善接口和token刷新接口重构用户服务层，支持自动维护用户类型和资料完整度引入JWT认证中间件和请求验证中间件更新文档与测试用例，支持dist构建部署
2026-03-20 18:32:58 +08:00
parent 6d713c22ed
commit 72e974672e
89 changed files with 18233 additions and 365 deletions
--- a/back-end/tests/integration/wechat.test.js
+++ b/back-end/tests/integration/wechat.test.js
@@ -0,0 +1,188 @@
+const test = require('node:test')
+const assert = require('node:assert/strict')
+const request = require('supertest')
+
+const env = require('../../src/config/env')
+const { createApp } = require('../../src/index')
+const userService = require('../../src/services/userService')
+
+test('POST /api/health 返回统一结构', async () => {
+    const app = createApp()
+    const response = await request(app).post('/api/health').send({})
+
+    assert.equal(response.status, 200)
+    assert.equal(response.body.code, 200)
+    assert.equal(response.body.msg, '服务运行正常')
+    assert.equal(response.body.data.status, 'healthy')
+})
+
+test('POST /api/test-helloworld 返回统一结构', async () => {
+    const app = createApp()
+    const response = await request(app).post('/api/test-helloworld').send({})
+
+    assert.equal(response.status, 200)
+    assert.equal(response.body.code, 200)
+    assert.equal(response.body.msg, '请求成功')
+    assert.equal(response.body.data.message, 'Hello, World!')
+})
+
+test('未匹配路由返回统一 404', async () => {
+    const app = createApp()
+    const response = await request(app).get('/not-found-route')
+
+    assert.equal(response.status, 404)
+    assert.equal(response.body.code, 404)
+    assert.equal(response.body.msg, 'Route not found')
+    assert.equal(response.body.data.path, '/not-found-route')
+})
+
+test('POST /api/wechat/login 未注册用户返回 404', async (t) => {
+    const origin = userService.authenticateWechatUser
+    userService.authenticateWechatUser = async () => {
+        const error = new Error('未注册用户')
+        error.statusCode = 404
+        throw error
+    }
+
+    t.after(() => {
+        userService.authenticateWechatUser = origin
+    })
+
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/login')
+        .send({ users_wx_code: 'mock-code-success' })
+
+    assert.equal(response.status, 404)
+    assert.equal(response.body.code, 404)
+    assert.equal(response.body.msg, '未注册用户')
+})
+
+test('POST /api/wechat/login 非 JSON 请求体返回 415', async () => {
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/login')
+        .set('Content-Type', 'application/x-www-form-urlencoded')
+        .send('users_wx_code=mock-code')
+
+    assert.equal(response.status, 415)
+    assert.equal(response.body.code, 415)
+    assert.equal(response.body.msg, '请求体必须为 application/json')
+})
+
+test('POST /api/wechat/login 成功时返回 is_info_complete', async (t) => {
+    const origin = userService.authenticateWechatUser
+    userService.authenticateWechatUser = async () => ({
+        is_info_complete: true,
+        status: 'login_success',
+        token: 'mock-token',
+        user: {
+            users_id: 'U1003',
+            users_type: '注册用户',
+            users_name: '李四',
+        },
+    })
+
+    t.after(() => {
+        userService.authenticateWechatUser = origin
+    })
+
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/login')
+        .send({ users_wx_code: 'mock-code' })
+
+    assert.equal(response.status, 200)
+    assert.equal(response.body.code, 200)
+    assert.equal(response.body.msg, '登录成功')
+    assert.equal(response.body.data.is_info_complete, true)
+    assert.equal(response.body.data.user.users_type, '注册用户')
+})
+
+test('POST /api/wechat/profile 更新成功后返回脱敏手机号', async (t) => {
+    const origin = userService.updateWechatUserProfile
+    userService.updateWechatUserProfile = async () => ({
+        status: 'update_success',
+        user: {
+            users_id: 'U1002',
+            users_type: '注册用户',
+            users_name: '张三',
+            users_phone: '13800138000',
+            users_phone_masked: '138****8000',
+            users_picture: 'https://example.com/a.png',
+        },
+    })
+
+    t.after(() => {
+        userService.updateWechatUserProfile = origin
+    })
+
+    const token = require('jsonwebtoken').sign({ users_id: 'U1002', users_wx_openid: 'openid-1' }, env.jwtSecret, {
+        expiresIn: env.jwtExpiresIn,
+    })
+
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/profile')
+        .set('users_wx_openid', 'openid-1')
+        .set('Authorization', `Bearer ${token}`)
+        .send({
+            users_name: '张三',
+            users_phone_code: 'phone-code',
+            users_picture: 'https://example.com/a.png',
+        })
+
+    assert.equal(response.status, 200)
+    assert.equal(response.body.code, 200)
+    assert.equal(response.body.msg, '信息更新成功')
+    assert.equal(response.body.data.user.users_phone_masked, '138****8000')
+    assert.equal(response.body.data.user.users_type, '注册用户')
+})
+
+test('POST /api/wechat/profile 缺少 token 返回 401', async () => {
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/profile')
+        .set('users_wx_openid', 'openid-1')
+        .send({
+            users_name: '张三',
+            users_phone_code: 'phone-code',
+            users_picture: 'https://example.com/a.png',
+        })
+
+    assert.equal(response.status, 401)
+    assert.equal(response.body.code, 401)
+})
+
+test('POST /api/wechat/refresh-token 返回 token', async (t) => {
+    const origin = userService.refreshWechatToken
+    userService.refreshWechatToken = async () => ({
+        token: 'new-token',
+    })
+
+    t.after(() => {
+        userService.refreshWechatToken = origin
+    })
+
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/refresh-token')
+        .set('users_wx_openid', 'openid-1')
+        .send({})
+
+    assert.equal(response.status, 200)
+    assert.equal(response.body.code, 200)
+    assert.equal(response.body.msg, '刷新成功')
+    assert.equal(response.body.data.token, 'new-token')
+})
+
+test('POST /api/wechat/refresh-token 缺少 users_wx_openid 返回 401', async () => {
+    const app = createApp()
+    const response = await request(app)
+        .post('/api/wechat/refresh-token')
+        .send({})
+
+    assert.equal(response.status, 401)
+    assert.equal(response.body.code, 401)
+    assert.equal(response.body.msg, '请求头缺少 users_wx_openid')
+})
--- a/back-end/tests/userService.test.js
+++ b/back-end/tests/userService.test.js
@@ -0,0 +1,181 @@
+const test = require('node:test')
+const assert = require('node:assert/strict')
+
+const wechatService = require('../src/services/wechatService')
+const pocketbaseService = require('../src/services/pocketbaseService')
+const jwtService = require('../src/services/jwtService')
+const userService = require('../src/services/userService')
+
+test('authenticateWechatUser 首次注册默认写入游客类型', async (t) => {
+    const originGetWxOpenId = wechatService.getWxOpenId
+    const originListUsersByFilter = pocketbaseService.listUsersByFilter
+    const originCreateUser = pocketbaseService.createUser
+    const originSignAccessToken = jwtService.signAccessToken
+    const originGetCompanyByCompanyId = pocketbaseService.getCompanyByCompanyId
+
+    wechatService.getWxOpenId = async () => 'openid-register'
+    pocketbaseService.listUsersByFilter = async () => []
+    pocketbaseService.createUser = async (payload) => ({
+        id: 'pb-1',
+        created: '2026-03-19T00:00:00Z',
+        updated: '2026-03-19T00:00:00Z',
+        ...payload,
+    })
+    pocketbaseService.getCompanyByCompanyId = async () => null
+    jwtService.signAccessToken = () => 'token-1'
+
+    t.after(() => {
+        wechatService.getWxOpenId = originGetWxOpenId
+        pocketbaseService.listUsersByFilter = originListUsersByFilter
+        pocketbaseService.createUser = originCreateUser
+        pocketbaseService.getCompanyByCompanyId = originGetCompanyByCompanyId
+        jwtService.signAccessToken = originSignAccessToken
+    })
+
+    const result = await userService.authenticateWechatUser({
+        users_wx_code: 'code-1',
+    })
+
+    assert.equal(result.status, 'register_success')
+    assert.equal(result.is_info_complete, false)
+    assert.equal(result.user.users_type, '游客')
+})
+
+test('updateWechatUserProfile 首次完整补充资料时升级为注册用户', async (t) => {
+    const originGetWxOpenId = wechatService.getWxOpenId
+    const originGetWxPhoneNumber = wechatService.getWxPhoneNumber
+    const originListUsersByFilter = pocketbaseService.listUsersByFilter
+    const originUpdateUser = pocketbaseService.updateUser
+    const originGetCompanyByCompanyId = pocketbaseService.getCompanyByCompanyId
+
+    wechatService.getWxOpenId = async () => 'openid-profile'
+    wechatService.getWxPhoneNumber = async () => '13800138000'
+    pocketbaseService.listUsersByFilter = async (filter) => {
+        if (filter.includes('users_wx_openid')) {
+            return [
+                {
+                    id: 'pb-2',
+                    users_id: 'U2001',
+                    users_type: '游客',
+                    users_name: '',
+                    users_phone: '',
+                    users_picture: '',
+                    users_wx_openid: 'openid-profile',
+                    created: '2026-03-19T00:00:00Z',
+                    updated: '2026-03-19T00:00:00Z',
+                },
+            ]
+        }
+        return []
+    }
+    pocketbaseService.updateUser = async (_id, payload) => ({
+        id: 'pb-2',
+        users_id: 'U2001',
+        users_wx_openid: 'openid-profile',
+        users_type: payload.users_type || '游客',
+        users_name: payload.users_name,
+        users_phone: payload.users_phone,
+        users_picture: payload.users_picture,
+        created: '2026-03-19T00:00:00Z',
+        updated: '2026-03-19T00:10:00Z',
+    })
+    pocketbaseService.getCompanyByCompanyId = async () => null
+
+    t.after(() => {
+        wechatService.getWxOpenId = originGetWxOpenId
+        wechatService.getWxPhoneNumber = originGetWxPhoneNumber
+        pocketbaseService.listUsersByFilter = originListUsersByFilter
+        pocketbaseService.updateUser = originUpdateUser
+        pocketbaseService.getCompanyByCompanyId = originGetCompanyByCompanyId
+    })
+
+    const result = await userService.updateWechatUserProfile('openid-profile', {
+        users_name: '张三',
+        users_phone_code: 'phone-code-1',
+        users_picture: 'https://example.com/a.png',
+    })
+
+    assert.equal(result.status, 'update_success')
+    assert.equal(result.user.users_type, '注册用户')
+    assert.equal(result.user.users_phone_masked, '138****8000')
+})
+
+test('updateWechatUserProfile 非首次补充资料时不覆盖已确定类型', async (t) => {
+    const originGetWxOpenId = wechatService.getWxOpenId
+    const originGetWxPhoneNumber = wechatService.getWxPhoneNumber
+    const originListUsersByFilter = pocketbaseService.listUsersByFilter
+    const originUpdateUser = pocketbaseService.updateUser
+    const originGetCompanyByCompanyId = pocketbaseService.getCompanyByCompanyId
+
+    wechatService.getWxOpenId = async () => 'openid-registered'
+    wechatService.getWxPhoneNumber = async () => '13900139000'
+    pocketbaseService.listUsersByFilter = async (filter) => {
+        if (filter.includes('users_wx_openid')) {
+            return [
+                {
+                    id: 'pb-3',
+                    users_id: 'U2002',
+                    users_type: '注册用户',
+                    users_name: '老用户',
+                    users_phone: '13800138000',
+                    users_picture: 'https://example.com/old.png',
+                    users_wx_openid: 'openid-registered',
+                    created: '2026-03-19T00:00:00Z',
+                    updated: '2026-03-19T00:00:00Z',
+                },
+            ]
+        }
+        return []
+    }
+    pocketbaseService.updateUser = async (_id, payload) => ({
+        id: 'pb-3',
+        users_id: 'U2002',
+        users_wx_openid: 'openid-registered',
+        users_type: '注册用户',
+        users_name: payload.users_name,
+        users_phone: payload.users_phone,
+        users_picture: payload.users_picture,
+        created: '2026-03-19T00:00:00Z',
+        updated: '2026-03-19T00:10:00Z',
+    })
+    pocketbaseService.getCompanyByCompanyId = async () => null
+
+    t.after(() => {
+        wechatService.getWxOpenId = originGetWxOpenId
+        wechatService.getWxPhoneNumber = originGetWxPhoneNumber
+        pocketbaseService.listUsersByFilter = originListUsersByFilter
+        pocketbaseService.updateUser = originUpdateUser
+        pocketbaseService.getCompanyByCompanyId = originGetCompanyByCompanyId
+    })
+
+    const result = await userService.updateWechatUserProfile('openid-registered', {
+        users_name: '新名字',
+        users_phone_code: 'phone-code-2',
+        users_picture: 'https://example.com/new.png',
+    })
+
+    assert.equal(result.user.users_type, '注册用户')
+})
+
+test('refreshWechatToken 返回新的 token', async (t) => {
+    const originListUsersByFilter = pocketbaseService.listUsersByFilter
+    const originSignAccessToken = jwtService.signAccessToken
+
+    pocketbaseService.listUsersByFilter = async () => [
+        {
+            id: 'pb-4',
+            users_id: 'U3001',
+            users_wx_openid: 'openid-refresh',
+        },
+    ]
+    jwtService.signAccessToken = () => 'refresh-token'
+
+    t.after(() => {
+        pocketbaseService.listUsersByFilter = originListUsersByFilter
+        jwtService.signAccessToken = originSignAccessToken
+    })
+
+    const result = await userService.refreshWechatToken('openid-refresh')
+
+    assert.equal(result.token, 'refresh-token')
+})