test(mono): add multi-user support and files-list API#1881
Conversation
Signed-off-by: miliu2cc <miliu2cc@gmail.com>
Signed-off-by: miliu2cc <miliu2cc@gmail.com>
Signed-off-by: miliu2cc <miliu2cc@gmail.com>
Signed-off-by: miliu2cc <miliu2cc@gmail.com>
|
Claude finished @benjamin-747's task in 1m 51s —— View job Code Review Complete ✓I've reviewed the changes in this PR which adds multi-user support and files-list API integration to the CL merge integration test. Here's my comprehensive feedback: SummaryThis PR transforms the integration test from a single anonymous user setup to a proper multi-user authentication scenario. The changes are well-structured and improve test coverage significantly. Key Changes:
✅ Strengths
🔍 Code Quality Issues1. Hard-coded Test Tokens (Security Concern)Location: mono/tests/cl_merge_integration.rs:68-69 The test tokens are hard-coded constants: const TEST_TOKEN_A: &str = "a1b2c3d4-e5f6-7890-abcd-ef1234567890";
const TEST_TOKEN_B: &str = "b2c3d4e5-f6a7-8901-bcde-f12345678901";Issue: While this is a test file, hard-coded tokens can be problematic if:
Recommendation: Consider generating random tokens at runtime or adding a prominent comment warning against this pattern in production: // WARNING: These are TEST-ONLY constant tokens for reproducible testing
// NEVER use hard-coded tokens in production code - always generate them securely
const TEST_TOKEN_A: &str = "a1b2c3d4-e5f6-7890-abcd-ef1234567890";2. SQL Injection Prevention - Good but Could Be BetterLocation: mono/tests/cl_merge_integration.rs:290-299 The code uses string formatting for SQL queries: exec_check(vm, &format!(
"PGPASSWORD={} psql -h 127.0.0.1 -U {} -d {} -c \"INSERT INTO access_token (id, username, token, created_at) VALUES (floor(random() * 1000000000000)::bigint, '{}', '{}', NOW());\"",
POSTGRES_PASSWORD, POSTGRES_USER, POSTGRES_DB, TEST_USER_A, TEST_TOKEN_A
)).await?;Issue: While the inputs are controlled constants in this test, the pattern demonstrates SQL string concatenation which is risky. Recommendation: Add a comment explaining why this is safe here (controlled test inputs) and consider using parameterized queries if the test infrastructure supports it. 3. Random ID GenerationLocation: mono/tests/cl_merge_integration.rs:291 VALUES (floor(random() * 1000000000000)::bigint, ...Issue: Using Recommendation: Either use a sequence/serial type, or add error handling for unique constraint violations. 4. Clone URL Contains CredentialsLocation: mono/tests/cl_merge_integration.rs:428-430, 468-470 let clone_url = format!(
"http://{}:{}@127.0.0.1:8000/.git",
auth_username, auth_token
);Issue: Credentials in URLs can leak into logs. Git typically warns about this. Current State: The code does log the clone output (mono/tests/cl_merge_integration.rs:432) which might expose credentials. Recommendation: Either:
🎯 Testing Concerns1. API Response ValidationGood: The code properly validates API responses: if !json["req_result"].as_bool().unwrap_or(false) {
anyhow::bail!(
"files-list API returned error: {}",
json["err_message"].as_str().unwrap_or("Unknown error")
);
}Suggestion: Consider adding validation for unexpected response structure to prevent panics on malformed JSON. 2. files-list API vs files-changed APILocation: mono/tests/cl_merge_integration.rs:596-598 The comment states: // Use files-list API instead of files-changed API
// The files-changed API's total field is inaccurate, but files-list returns correct dataConcern: This suggests there's a bug in the
Recommendation: File a separate issue to investigate and fix the 3. Test Timing and Race ConditionsLocation: mono/tests/cl_merge_integration.rs:544 The test uses fixed sleep durations to wait for async operations. While timing constants improve readability, fixed sleeps can cause flakiness:
Current: The code does have a proper polling mechanism for service readiness (mono/tests/cl_merge_integration.rs:123-159), which is excellent. Recommendation: Consider using similar polling for CL operations instead of fixed sleeps. 📝 Documentation1. Well-Documented Test Design ✓The updated documentation clearly explains the multi-user approach (mono/tests/cl_merge_integration.rs:28-36). This is excellent. 2. Function DocumentationMost functions have clear doc comments. Great examples:
🔒 Security AnalysisOverall Security Posture: Good for a test file Positive Security Measures:
Security Notes:
🚀 PerformanceNo significant performance concerns. The test is I/O bound (VM operations, database operations) and the code changes don't introduce performance regressions. ✨ Recommendations SummaryHigh Priority
Medium Priority
Low Priority
Final VerdictOverall Assessment: ✅ Approved with Suggestions This is a solid improvement to the test suite. The code is well-structured, properly documented, and significantly improves test coverage by adding multi-user scenarios. The security concerns are minor and specific to test code context. The changes demonstrate good software engineering practices:
Great work on improving the test infrastructure! 🎉 Tasks Completed
|
|
link #1817 |
* test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> --------- Signed-off-by: miliu2cc <miliu2cc@gmail.com>
* test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> --------- Signed-off-by: miliu2cc <miliu2cc@gmail.com>
* test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> --------- Signed-off-by: miliu2cc <miliu2cc@gmail.com>
* test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> --------- Signed-off-by: miliu2cc <miliu2cc@gmail.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com>
…d WebSocket (#1909) * refactor: some modules (#4) * feat: add refactor orion module for migration Signed-off-by: Wangyan <topshihun@foxmail.com> * fix: add CL for build Signed-off-by: Wangyan <topshihun@foxmail.com> * refactor: some modules Signed-off-by: Wangyan <topshihun@foxmail.com> --------- Signed-off-by: Wangyan <topshihun@foxmail.com> Signed-off-by: Aid_C <57825561+AidCheng@users.noreply.github.com> Co-authored-by: Aid_C <57825561+AidCheng@users.noreply.github.com> * [orion]REFACTOR: Integrate generic jupiter model with refactored orion structure Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * fix: enforce mount_path semantics and stabilize builds (#1836) * fix: enforce mount_path semantics and stabilize builds Consolidate mount_path handling with buck2 prechecks and fix BuildDTO repo handling to avoid moves. Signed-off-by: jerry609 <1772030600@qq.com> style: format code with cargo fmt Signed-off-by: jerry609 <1772030600@qq.com> chore(orion): remove unused mount helpers Signed-off-by: jerry609 <1772030600@qq.com> fix(orion): retry buck2 targets once on failure Signed-off-by: jerry609 <1772030600@qq.com> fix(orion): remount and retry target discovery on failure Signed-off-by: jerry609 <1772030600@qq.com> style(orion): format buck_controller after retry changes Signed-off-by: jerry609 <1772030600@qq.com> fix(orion): annotate changes type for retry path Signed-off-by: jerry609 <1772030600@qq.com> fix(orion): appease clippy for mount guards Signed-off-by: jerry609 <1772030600@qq.com> test(common): avoid clippy field reassignment lint Signed-off-by: jerry609 <1772030600@qq.com> * test(ceres): fix clippy lints in tests Signed-off-by: jerry609 <1772030600@qq.com> --------- Signed-off-by: jerry609 <1772030600@qq.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * Feature/comment reanchor (#1874) * refactor(code_review): add anchor and position to locat code thread * feat: add reanchor thread function * fix: seaORM repeated * fix: rebase error * fix: lcs_len error * fix: fix CR problems * fix: error Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * feat(theme): Complete theme color migration for multiple modules (#1875) * feat(theme): Complete theme color system migration for CL, Issue, Queue, OrionClient, and Settings modules * feat(theme): Complete theme color system migration for CL, Issue, Queue, OrionClient, and Settings modules * feat(theme): Complete theme color system migration for CL, Issue, Queue, OrionClient, and Settings modules * feat(theme): Complete theme color system migration for CL, Issue, Queue, OrionClient, and Settings modules Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * refactor(mono): convert third-party and buckal-bundles init to script (#1876) Signed-off-by: MYUU <1405758738@qq.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * chore: move log models under buck2 types (#1878) Signed-off-by: lvy010 <17338770572@163.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * test(mono): add multi-user support and files-list API (#1881) * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): Add CL merge and update-branch integration test Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> * test(mono): add multi-user support and files-list API Signed-off-by: miliu2cc <miliu2cc@gmail.com> --------- Signed-off-by: miliu2cc <miliu2cc@gmail.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * fix(script):cleanup per-repo .git after processing (#1884) Signed-off-by: MYUU <1405758738@qq.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * feat: implement build trigger system (#1880) * feat: implement build trigger system Signed-off-by: allure <1550220889@qq.com> * feat: refactor build trigger system and fix error Signed-off-by: allure <1550220889@qq.com> --------- Signed-off-by: allure <1550220889@qq.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * fix(orion): skip incompatible targets for buck2 builds (#1885) Signed-off-by: jerry609 <1772030600@qq.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * fixed(cl): update UI for checks log section (#1887) Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * refactor: some modules (#4) * feat: add refactor orion module for migration Signed-off-by: Wangyan <topshihun@foxmail.com> * fix: add CL for build Signed-off-by: Wangyan <topshihun@foxmail.com> * refactor: some modules Signed-off-by: Wangyan <topshihun@foxmail.com> --------- Signed-off-by: Wangyan <topshihun@foxmail.com> Signed-off-by: Aid_C <57825561+AidCheng@users.noreply.github.com> Co-authored-by: Aid_C <57825561+AidCheng@users.noreply.github.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * [buck2]REFACTOR: Integrate orion and orion server with generic api and model interface Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * FIX: use correct ProjectRelativePath crate Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * UPDATE: cargo fmt Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * [orion] Replace worker-server commun with WS msg Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * [orion]FIX: update branch and fix conflicts * [Orion]FIX: workflow error Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * [orion]UPDATE: fix based on copilot suggestions Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * cargo fmt Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * UPDATE: temporary allow unused started at in build info Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * FIX: remove unused import Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * fmt Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> * [jupiter]REMOVE: duplicate migration Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Aid_C <57825561+AidCheng@users.noreply.github.com> * [jupiter]FIX: temporary remove task.rs Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> --------- Signed-off-by: Wangyan <topshihun@foxmail.com> Signed-off-by: Aid_C <57825561+AidCheng@users.noreply.github.com> Signed-off-by: AidCheng <cn.aiden.cheng@gmail.com> Signed-off-by: jerry609 <1772030600@qq.com> Signed-off-by: MYUU <1405758738@qq.com> Signed-off-by: lvy010 <17338770572@163.com> Signed-off-by: miliu2cc <miliu2cc@gmail.com> Signed-off-by: allure <1550220889@qq.com> Co-authored-by: TOP <89700178+topshihun@users.noreply.github.com> Co-authored-by: Jerry Zhang <1772030600@qq.com> Co-authored-by: TianYi <2739022972@qq.com> Co-authored-by: zhaokang <zhaokang.r2cn@isrc.iscas.ac.cn> Co-authored-by: MYUU <52773565+zhoujiaqi30@users.noreply.github.com> Co-authored-by: lvy010 <17338770572@163.com> Co-authored-by: miliu2cc <98928567+miliu2cc@users.noreply.github.com> Co-authored-by: Yao <1550220889@qq.com> Co-authored-by: zyd123-cmd <yingdong.r2cn@isrc.iscas.ac.cn> Co-authored-by: Tianxing Ye <benjamin.747@outlook.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
No description provided.