"use strict"; const test = require("node:test"); const assert = require("node:assert/strict"); const fs = require("node:fs"); const source = fs.readFileSync(__dirname + "/engine-v3.js", "utf8"); const actions = require(__dirname + "/authorized-actions.js"); test("direct email bypass is removed", () => { assert.doesNotMatch(source, /requestEmail|email_mode:\s*requestEmail|直接使用,不查白名单/); assert.match(source, /禁止客户端指定邮箱/); }); test("work-session lifecycle endpoints exist", () => { for (const route of ["/auth/session/request", "/auth/session/confirm", "/auth/session/exec", "/auth/session/end"]) assert.match(source, new RegExp(route.replaceAll("/", "\\/"))); }); test("Zhulan and Canger identities are registered", () => { assert.match(source, /ICE-GL-ZL-001/); assert.match(source, /TCS-GL-009/); assert.match(source, /PTS-VA-001-EED/); assert.match(source, /ICE-GL-CA001/); }); test("arbitrary shell commands are not accepted by the authorization flow", () => { assert.doesNotMatch(source, /execCmd\(body\.cmd/); assert.doesNotMatch(source, /execCmd\(op\.cmd/); assert.match(source, /必须指定已登记 action/); assert.deepEqual(actions.listActions().map((item) => item.id), ["inspect-gatekeeper", "sync-status"]); assert.equal(actions.getAction("not-registered"), null); }); test("Gatekeeper and sync-agent ports are separated", () => { assert.match(source, /process\.argv\[2\] \|\| '3911'/); const syncConfig = fs.readFileSync(__dirname + "/../../../server-tools/fifth-domain-sync-agent/config.example.json", "utf8"); assert.match(syncConfig, /"listen_port": 3982/); });