const axios = require('axios'); const BASE_URL = 'http://localhost:3000'; const AUTH_URL = `${BASE_URL}/api/auth`; const OAUTH_URL = `${BASE_URL}/api/oauth`; // 测试数据 const testUser = { username: `oauthuser${Date.now()}`, email: `oauthuser${Date.now()}@example.com`, password: 'TestPassword123' }; const testOAuthClient = { name: '测试OAuth客户端', description: '用于测试的OAuth客户端', redirect_uris: ['http://localhost:3001/callback'], scopes: ['read', 'write'] }; let authToken = ''; let clientId = ''; let clientSecret = ''; let authCode = ''; let accessToken = ''; let refreshToken = ''; async function testOAuthFlow() { console.log('🚀 开始测试OAuth功能...\n'); try { // 1. 注册测试用户 console.log('1. 注册测试用户...'); const registerResponse = await axios.post(`${AUTH_URL}/register`, testUser); if (registerResponse.data.success) { console.log('✅ 用户注册成功:', registerResponse.data.message); } else { console.log('❌ 用户注册失败:', registerResponse.data.message); return; } // 2. 登录获取JWT令牌 console.log('\n2. 登录获取JWT令牌...'); const loginResponse = await axios.post(`${AUTH_URL}/login`, { username: testUser.username, password: testUser.password }); if (loginResponse.data.success) { authToken = loginResponse.data.data.token; console.log('✅ 登录成功,获取到JWT令牌'); } else { console.log('❌ 登录失败:', loginResponse.data.message); return; } // 3. 创建OAuth客户端 console.log('\n3. 创建OAuth客户端...'); const clientResponse = await axios.post(`${OAUTH_URL}/clients`, testOAuthClient, { headers: { Authorization: `Bearer ${authToken}` } }); if (clientResponse.data.success) { const clientData = clientResponse.data.data; clientId = clientData.client_id; clientSecret = clientData.client_secret; console.log('✅ OAuth客户端创建成功:', clientResponse.data.message); console.log(`Client ID: ${clientId}`); console.log(`Client Secret: ${clientSecret.substring(0, 16)}...`); } else { console.log('❌ OAuth客户端创建失败:', clientResponse.data.message); return; } // 4. 测试授权端点 console.log('\n4. 测试授权端点...'); const authorizeUrl = `${OAUTH_URL}/authorize?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent('http://localhost:3001/callback')}&scope=read write&state=test_state_123`; const authorizeResponse = await axios.get(authorizeUrl, { headers: { Authorization: `Bearer ${authToken}` } }); if (authorizeResponse.data.success) { authCode = authorizeResponse.data.data.code; console.log('✅ 授权成功:', authorizeResponse.data.message); console.log(`授权码: ${authCode.substring(0, 20)}...`); } else { console.log('❌ 授权失败:', authorizeResponse.data.message); return; } // 5. 测试令牌交换 console.log('\n5. 测试令牌交换...'); const tokenResponse = await axios.post(`${OAUTH_URL}/token`, { grant_type: 'authorization_code', client_id: clientId, client_secret: clientSecret, code: authCode, redirect_uri: 'http://localhost:3001/callback' }); if (tokenResponse.data.success) { const tokenData = tokenResponse.data.data; accessToken = tokenData.access_token; refreshToken = tokenData.refresh_token; console.log('✅ 令牌交换成功'); console.log(`访问令牌: ${accessToken.substring(0, 20)}...`); console.log(`刷新令牌: ${refreshToken.substring(0, 20)}...`); } else { console.log('❌ 令牌交换失败:', tokenResponse.data.message); return; } // 6. 测试用户信息端点 console.log('\n6. 测试用户信息端点...'); const userInfoResponse = await axios.get(`${OAUTH_URL}/userinfo`, { headers: { Authorization: `Bearer ${accessToken}` } }); if (userInfoResponse.data.success) { console.log('✅ 用户信息获取成功'); console.log('用户信息:', userInfoResponse.data.data); } else { console.log('❌ 用户信息获取失败:', userInfoResponse.data.message); } // 7. 测试令牌信息端点 console.log('\n7. 测试令牌信息端点...'); const tokenInfoResponse = await axios.get(`${OAUTH_URL}/tokeninfo`, { headers: { Authorization: `Bearer ${accessToken}` } }); if (tokenInfoResponse.data.success) { console.log('✅ 令牌信息获取成功'); console.log('令牌信息:', tokenInfoResponse.data.data); } else { console.log('❌ 令牌信息获取失败:', tokenInfoResponse.data.message); } // 8. 测试刷新令牌 console.log('\n8. 测试刷新令牌...'); const refreshResponse = await axios.post(`${OAUTH_URL}/token`, { grant_type: 'refresh_token', client_id: clientId, client_secret: clientSecret, refresh_token: refreshToken }); if (refreshResponse.data.success) { const newTokenData = refreshResponse.data.data; accessToken = newTokenData.access_token; refreshToken = newTokenData.refresh_token; console.log('✅ 刷新令牌成功'); console.log(`新访问令牌: ${accessToken.substring(0, 20)}...`); } else { console.log('❌ 刷新令牌失败:', refreshResponse.data.message); } // 9. 测试撤销令牌 console.log('\n9. 测试撤销令牌...'); const revokeResponse = await axios.post(`${OAUTH_URL}/revoke`, { token: accessToken, client_id: clientId, client_secret: clientSecret }); if (revokeResponse.data.success) { console.log('✅ 令牌撤销成功'); } else { console.log('❌ 令牌撤销失败:', revokeResponse.data.message); } // 10. 测试OAuth客户端管理 console.log('\n10. 测试OAuth客户端管理...'); const clientsResponse = await axios.get(`${OAUTH_URL}/clients`, { headers: { Authorization: `Bearer ${authToken}` } }); if (clientsResponse.data.success) { console.log('✅ 获取客户端列表成功'); console.log(`客户端数量: ${clientsResponse.data.data.clients.length}`); } else { console.log('❌ 获取客户端列表失败:', clientsResponse.data.message); } // 11. 测试获取客户端密钥 console.log('\n11. 测试获取客户端密钥...'); const secretResponse = await axios.get(`${OAUTH_URL}/clients/${clientId}/secret`, { headers: { Authorization: `Bearer ${authToken}` } }); if (secretResponse.data.success) { console.log('✅ 获取客户端密钥成功'); console.log(`密钥: ${secretResponse.data.data.client_secret.substring(0, 16)}...`); } else { console.log('❌ 获取客户端密钥失败:', secretResponse.data.message); } // 12. 测试OAuth发现端点 console.log('\n12. 测试OAuth发现端点...'); const discoveryResponse = await axios.get(`${BASE_URL}/.well-known/oauth-authorization-server`); if (discoveryResponse.status === 200) { console.log('✅ OAuth发现端点正常'); console.log('授权端点:', discoveryResponse.data.authorization_endpoint); console.log('令牌端点:', discoveryResponse.data.token_endpoint); } else { console.log('❌ OAuth发现端点异常'); } console.log('\n🎉 OAuth完整流程测试通过!'); } catch (error) { console.error('❌ OAuth测试失败:', error.response?.data || error.message); } } // 运行测试 testOAuthFlow();