chore: 清理敏感与开发文档，仅同步代码

- 永久忽略并从仓库移除开发文档/ - 移除并忽略 .env 与小程序私有配置 - 同步小程序/管理端/API与脚本改动 Made-with: Cursor
2026-03-17 17:50:12 +08:00
parent 868b0a10d9
commit 76965adb23
443 changed files with 24175 additions and 64154 deletions
--- a/scripts/test/web/test_admin_auth.py
+++ b/scripts/test/web/test_admin_auth.py
@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+"""
+管理端鉴权测试。POST /api/admin 登录，GET /api/admin 鉴权检查。
+"""
+import pytest
+import requests
+
+from util import admin_headers
+
+
+def test_admin_login(base_url):
+    """POST /api/admin 登录成功"""
+    r = requests.post(
+        f"{base_url}/api/admin",
+        json={"username": "admin", "password": "admin123"},
+        timeout=10,
+    )
+    assert r.status_code == 200
+    data = r.json()
+    assert data.get("success") is True
+    assert "token" in data
+    assert "user" in data
+
+
+def test_admin_check_with_token(admin_token, base_url):
+    """GET /api/admin 带 token 鉴权通过"""
+    if not admin_token:
+        pytest.skip("admin 登录失败，跳过鉴权测试")
+    r = requests.get(
+        f"{base_url}/api/admin",
+        headers=admin_headers(admin_token),
+        timeout=10,
+    )
+    assert r.status_code == 200
+    data = r.json()
+    assert data.get("success") is True
+
+
+def test_admin_check_without_token(base_url):
+    """GET /api/admin 无 token 返回 401"""
+    r = requests.get(f"{base_url}/api/admin", timeout=10)
+    assert r.status_code == 401