You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6.3 KiB
6.3 KiB
用户服务测试指南
创建时间:2025-01-18
适用版本:v1.0
一、环境准备
1.1 启动数据库
确保 PostgreSQL 数据库已启动并可访问:
# 检查数据库连接
psql -h 127.0.0.1 -p 5432 -U postgres -d jointo
1.2 启动服务
cd server
python -m app.main
服务启动后访问:
二、API 测试
2.1 手机号登录(首次 - 自动注册)
curl -X POST http://localhost:8000/api/v1/auth/login/phone \
-H "Content-Type: application/json" \
-d '{
"phone": "13800138000",
"country_code": "+86",
"code": "6666"
}'
预期响应:
{
"user": {
"user_id": 1,
"phone": "13800138000",
"country_code": "+86",
"phone_verified": true,
"username": "user_1705564800_a3f9",
"nickname": null,
"avatar_url": null,
"ai_credits_balance": 100,
"created_at": "2025-01-18T10:00:00Z"
},
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
保存 token:
export TOKEN="<your_access_token>"
2.2 获取当前用户信息
curl -X GET http://localhost:8000/api/v1/users/me \
-H "Authorization: Bearer $TOKEN"
预期响应:
{
"user_id": 1,
"phone": "13800138000",
"country_code": "+86",
"phone_verified": true,
"username": "user_1705564800_a3f9",
"nickname": null,
"avatar_url": null,
"ai_credits_balance": 100,
"created_at": "2025-01-18T10:00:00Z"
}
2.3 登出
curl -X POST http://localhost:8000/api/v1/auth/logout \
-H "Authorization: Bearer $TOKEN"
预期响应:
{
"message": "登出成功"
}
2.4 验证登出后 token 失效
curl -X GET http://localhost:8000/api/v1/users/me \
-H "Authorization: Bearer $TOKEN"
预期响应(401):
{
"detail": "访问令牌已过期或无效"
}
2.5 再次登录(已存在用户)
curl -X POST http://localhost:8000/api/v1/auth/login/phone \
-H "Content-Type: application/json" \
-d '{
"phone": "13800138000",
"country_code": "+86",
"code": "6666"
}'
预期行为:
- 不会创建新用户
- 返回已存在用户的信息
- 生成新的 token
2.6 错误验证码测试
curl -X POST http://localhost:8000/api/v1/auth/login/phone \
-H "Content-Type: application/json" \
-d '{
"phone": "13800138000",
"country_code": "+86",
"code": "1234"
}'
预期响应(400):
{
"detail": "验证码错误"
}
三、数据库验证
3.1 查看用户表
SELECT
user_id,
phone,
country_code,
username,
ai_credits_balance,
created_at
FROM users
WHERE deleted_at IS NULL;
3.2 查看会话表
SELECT
session_id,
user_id,
LEFT(token, 20) || '...' as token_preview,
expires_at,
ip_address,
created_at,
last_used_at
FROM user_sessions
ORDER BY created_at DESC;
3.3 验证登出后会话被删除
-- 登出前应该有记录
SELECT COUNT(*) FROM user_sessions WHERE user_id = 1;
-- 登出后应该为 0
SELECT COUNT(*) FROM user_sessions WHERE user_id = 1;
四、使用 Swagger UI 测试
访问 http://localhost:8000/api/docs
4.1 测试登录
- 展开
POST /api/v1/auth/login/phone - 点击 "Try it out"
- 输入请求体:
{ "phone": "13900139000", "country_code": "+86", "code": "6666" } - 点击 "Execute"
- 复制返回的
access_token
4.2 测试认证接口
- 点击页面右上角 "Authorize" 按钮
- 输入:
Bearer <your_token> - 点击 "Authorize"
- 现在可以测试需要认证的接口了
4.3 测试获取用户信息
- 展开
GET /api/v1/users/me - 点击 "Try it out"
- 点击 "Execute"
- 查看返回的用户信息
4.4 测试登出
- 展开
POST /api/v1/auth/logout - 点击 "Try it out"
- 点击 "Execute"
- 再次测试
/users/me应该返回 401
五、常见问题
5.1 数据库连接失败
错误信息:
Failed to initialize database: could not connect to server
解决方案:
- 检查 PostgreSQL 是否启动
- 检查
.env中的DATABASE_URL配置 - 确认端口 5432 未被占用
5.2 Token 验证失败
错误信息:
{
"detail": "无效的访问令牌"
}
可能原因:
- Token 格式错误(缺少 "Bearer " 前缀)
- Token 已过期(7 天有效期)
- 用户已登出(会话被删除)
- SECRET_KEY 配置不一致
5.3 验证码错误
错误信息:
{
"detail": "验证码错误"
}
解决方案:
- 当前验证码固定为
6666 - 确认请求体中
code字段值为"6666"
六、性能测试
6.1 并发登录测试
使用 Apache Bench:
# 100 个请求,10 个并发
ab -n 100 -c 10 -p login.json -T application/json \
http://localhost:8000/api/v1/auth/login/phone
login.json 内容:
{
"phone": "13800138000",
"country_code": "+86",
"code": "6666"
}
6.2 认证接口压测
# 1000 个请求,50 个并发
ab -n 1000 -c 50 -H "Authorization: Bearer $TOKEN" \
http://localhost:8000/api/v1/users/me
七、安全测试
7.1 测试无效 Token
curl -X GET http://localhost:8000/api/v1/users/me \
-H "Authorization: Bearer invalid_token_here"
预期:返回 401
7.2 测试过期 Token
修改 .env 中的 ACCESS_TOKEN_EXPIRE_MINUTES=1,等待 1 分钟后测试。
7.3 测试 SQL 注入
curl -X POST http://localhost:8000/api/v1/auth/login/phone \
-H "Content-Type: application/json" \
-d '{
"phone": "13800138000\" OR \"1\"=\"1",
"country_code": "+86",
"code": "6666"
}'
预期:参数验证失败或正常处理(不会导致 SQL 注入)
八、清理测试数据
-- 删除所有测试用户
DELETE FROM users WHERE phone LIKE '138%' OR phone LIKE '139%';
-- 清空会话表
TRUNCATE TABLE user_sessions CASCADE;
-- 重置自增 ID
ALTER SEQUENCE users_user_id_seq RESTART WITH 1;
ALTER SEQUENCE user_sessions_session_id_seq RESTART WITH 1;
文档版本:v1.0
创建时间:2025-01-18