Files
pikasTech-unidesk/scripts/baidu-netdisk-artifact-guard-contract-test.ts
T
2026-05-20 11:53:59 +00:00

71 lines
2.6 KiB
TypeScript

import {
baiduNetdiskAuthHealthGateStatus,
baiduNetdiskRuntimeSecretRequirements,
runtimeSecretPresenceFromEnvText,
} from "./src/artifact-registry";
function assertCondition(condition: unknown, message: string, detail: unknown = {}): void {
if (!condition) throw new Error(`${message}: ${JSON.stringify(detail)}`);
}
const secretEnvText = [
"UNIDESK_BAIDU_NETDISK_CLIENT_ID=clientid-clientid-clientid-0000",
"UNIDESK_BAIDU_NETDISK_CLIENT_SECRET=\"clientsecret-clientsecret-0001\"",
"UNIDESK_BAIDU_NETDISK_TOKEN_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
].join("\n");
const present = runtimeSecretPresenceFromEnvText(secretEnvText, baiduNetdiskRuntimeSecretRequirements);
assertCondition(present.every((item) => item.present), "all baidu-netdisk secrets should be present", present);
assertCondition(present.map((item) => item.length).join(",") === "31,30,64", "presence reports only lengths", present);
assertCondition(!JSON.stringify(present).includes("0123456789abcdef"), "secret values must not be exposed", present);
const missing = runtimeSecretPresenceFromEnvText(
"UNIDESK_BAIDU_NETDISK_CLIENT_ID=clientid-clientid-clientid-0000\n",
baiduNetdiskRuntimeSecretRequirements,
);
assertCondition(!missing.every((item) => item.present), "missing env should fail presence contract", missing);
assertCondition(
missing.filter((item) => !item.present).map((item) => item.sourceEnvName).join(",") === "UNIDESK_BAIDU_NETDISK_CLIENT_SECRET,UNIDESK_BAIDU_NETDISK_TOKEN_KEY",
"missing env should identify absent keys without values",
missing,
);
const healthy = baiduNetdiskAuthHealthGateStatus({
auth: {
configured: true,
clientIdConfigured: true,
clientSecretConfigured: true,
tokenKeyConfigured: true,
loggedIn: true,
},
});
assertCondition(healthy.ok, "healthy auth fields should pass", healthy);
const degraded = baiduNetdiskAuthHealthGateStatus({
auth: {
configured: false,
clientIdConfigured: true,
clientSecretConfigured: true,
tokenKeyConfigured: false,
loggedIn: true,
},
});
assertCondition(!degraded.ok, "missing auth fields should fail", degraded);
assertCondition(
degraded.failedFields.join(",") === "configured,tokenKeyConfigured",
"auth gate should report failed boolean fields",
degraded,
);
process.stdout.write(`${JSON.stringify({
ok: true,
checks: [
"runtime secret presence reports booleans and lengths only",
"missing Baidu Netdisk env cannot pass the deploy contract",
"auth health gate requires configured/clientId/clientSecret/tokenKey/loggedIn",
],
present,
missing: missing.map((item) => ({ ...item, length: item.length })),
degraded,
}, null, 2)}\n`);