sub2api/backend/internal/pkg/antigravity/oauth_user_agent_test.go

//go:build unit

package antigravity

import (
	"context"
	"io"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
)

// 验证 ExchangeCode / RefreshToken 真实发出的 UA 是 Go-http-client/2.0，
// 不含 antigravity/<ver> 业务指纹。这是保证 token 端点流量与 IDE 业务流量解耦的关键。
func TestClient_TokenEndpoint_UserAgent_不暴露业务指纹(t *testing.T) {
	prevSecret := defaultClientSecret
	defaultClientSecret = "test-secret"
	t.Cleanup(func() { defaultClientSecret = prevSecret })

	cases := []struct {
		name string
		call func(t *testing.T, c *Client)
	}{
		{
			name: "ExchangeCode",
			call: func(t *testing.T, c *Client) {
				if _, err := c.ExchangeCode(context.Background(), "code", "verifier", false); err != nil {
					t.Fatalf("exchange: %v", err)
				}
			},
		},
		{
			name: "RefreshToken",
			call: func(t *testing.T, c *Client) {
				if _, err := c.RefreshToken(context.Background(), "rt", false); err != nil {
					t.Fatalf("refresh: %v", err)
				}
			},
		},
	}

	for _, tc := range cases {
		t.Run(tc.name, func(t *testing.T) {
			var seenUA string
			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
				seenUA = r.Header.Get("User-Agent")
				w.Header().Set("Content-Type", "application/json")
				_, _ = io.WriteString(w, `{"access_token":"a","expires_in":3600,"token_type":"Bearer"}`)
			}))
			defer ts.Close()

			client := newTestClientWithRedirect(map[string]string{
				TokenURL: ts.URL,
			})
			tc.call(t, client)

			if seenUA != oauthClientUserAgent {
				t.Errorf("UA 未锁定为 %q: got %q", oauthClientUserAgent, seenUA)
			}
			if strings.Contains(seenUA, "antigravity/") {
				t.Errorf("UA 包含 antigravity/ 业务指纹: %q", seenUA)
			}
		})
	}
}