feat: add security module (encryption + auth)
- Implement AES-256-GCM encryption for sensitive data - Implement decryption function - Implement Bearer token authentication verification - Add comprehensive tests for encryption/decryption roundtrip - Add tests for API token verification (success and failure cases) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
panw
34
backend/tests/test_security.py
Normal file
34
backend/tests/test_security.py
Normal file
@@ -0,0 +1,34 @@
|
||||
import base64
|
||||
import pytest
|
||||
|
||||
|
||||
def test_encrypt_decrypt_roundtrip():
|
||||
"""测试加密解密往返."""
|
||||
from app.security import encrypt_data, decrypt_data
|
||||
|
||||
original = b"sensitive-secret-data"
|
||||
key = base64.b64encode(b'12345678901234567890123456789012').decode()
|
||||
|
||||
encrypted = encrypt_data(original, key)
|
||||
assert encrypted != original
|
||||
assert isinstance(encrypted, bytes)
|
||||
assert len(encrypted) > len(original) # nonce + ciphertext + tag
|
||||
|
||||
decrypted = decrypt_data(encrypted, key)
|
||||
assert decrypted == original
|
||||
|
||||
|
||||
def test_verify_api_token_success(test_env_vars):
|
||||
"""测试 API token 验证成功."""
|
||||
from app.security import verify_api_token
|
||||
|
||||
assert verify_api_token("Bearer test-token") is True
|
||||
|
||||
|
||||
def test_verify_api_token_failure():
|
||||
"""测试 API token 验证失败."""
|
||||
from app.security import verify_api_token
|
||||
|
||||
assert verify_api_token("Bearer wrong-token") is False
|
||||
assert verify_api_token(None) is False
|
||||
assert verify_api_token("Basic token") is False
|
||||
Reference in New Issue
Block a user