feat: platform orders export require download=1 safety valve
This commit is contained in:
萝卜
@@ -977,6 +977,11 @@ class PlatformOrderController extends Controller
|
|||||||
{
|
{
|
||||||
$this->ensurePlatformAdmin($request);
|
$this->ensurePlatformAdmin($request);
|
||||||
|
|
||||||
|
// 安全阀:必须显式声明 download=1,避免浏览器预取/误触发导致频繁导出
|
||||||
|
if ((string) $request->query('download', '') !== '1') {
|
||||||
|
abort(400, 'download=1 required');
|
||||||
|
}
|
||||||
|
|
||||||
$filters = [
|
$filters = [
|
||||||
'status' => trim((string) $request->query('status', '')),
|
'status' => trim((string) $request->query('status', '')),
|
||||||
'payment_status' => trim((string) $request->query('payment_status', '')),
|
'payment_status' => trim((string) $request->query('payment_status', '')),
|
||||||
|
|||||||
@@ -440,6 +440,7 @@
|
|||||||
@endif
|
@endif
|
||||||
|
|
||||||
<form method="get" action="/admin/platform-orders/export" class="mb-10">
|
<form method="get" action="/admin/platform-orders/export" class="mb-10">
|
||||||
|
<input type="hidden" name="download" value="1">
|
||||||
<input type="hidden" name="status" value="{{ $filters['status'] ?? '' }}">
|
<input type="hidden" name="status" value="{{ $filters['status'] ?? '' }}">
|
||||||
<input type="hidden" name="payment_status" value="{{ $filters['payment_status'] ?? '' }}">
|
<input type="hidden" name="payment_status" value="{{ $filters['payment_status'] ?? '' }}">
|
||||||
<input type="hidden" name="merchant_id" value="{{ $filters['merchant_id'] ?? '' }}">
|
<input type="hidden" name="merchant_id" value="{{ $filters['merchant_id'] ?? '' }}">
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ class AdminPlatformOrderExportBmpaFiltersTest extends TestCase
|
|||||||
'placed_at' => now(),
|
'placed_at' => now(),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export?bmpa_failed_only=1');
|
$res = $this->get('/admin/platform-orders/export?download=1&bmpa_failed_only=1');
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
@@ -147,7 +147,7 @@ class AdminPlatformOrderExportBmpaFiltersTest extends TestCase
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export?bmpa_error_keyword=' . urlencode('回执'));
|
$res = $this->get('/admin/platform-orders/export?download=1&bmpa_error_keyword=' . urlencode('回执'));
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
|
|||||||
@@ -0,0 +1,33 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Feature;
|
||||||
|
|
||||||
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class AdminPlatformOrderExportDownloadSafetyValveTest extends TestCase
|
||||||
|
{
|
||||||
|
use RefreshDatabase;
|
||||||
|
|
||||||
|
protected function loginAsPlatformAdmin(): void
|
||||||
|
{
|
||||||
|
$this->seed();
|
||||||
|
|
||||||
|
$this->post('/admin/login', [
|
||||||
|
'email' => 'platform.admin@demo.local',
|
||||||
|
'password' => 'Platform@123456',
|
||||||
|
])->assertRedirect('/admin');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_export_should_require_download_flag(): void
|
||||||
|
{
|
||||||
|
$this->loginAsPlatformAdmin();
|
||||||
|
|
||||||
|
$this->get('/admin/platform-orders/export')
|
||||||
|
->assertStatus(400)
|
||||||
|
->assertSee('download=1 required');
|
||||||
|
|
||||||
|
$this->get('/admin/platform-orders/export?download=1')
|
||||||
|
->assertOk();
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -107,14 +107,14 @@ class AdminPlatformOrderExportReceiptStatusFilterTest extends TestCase
|
|||||||
'meta' => [],
|
'meta' => [],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res1 = $this->get('/admin/platform-orders/export?receipt_status=has');
|
$res1 = $this->get('/admin/platform-orders/export?download=1&receipt_status=has');
|
||||||
$res1->assertOk();
|
$res1->assertOk();
|
||||||
$content1 = $res1->streamedContent();
|
$content1 = $res1->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0001', $content1);
|
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0001', $content1);
|
||||||
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0002', $content1);
|
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0002', $content1);
|
||||||
$this->assertStringNotContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content1);
|
$this->assertStringNotContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content1);
|
||||||
|
|
||||||
$res2 = $this->get('/admin/platform-orders/export?receipt_status=none');
|
$res2 = $this->get('/admin/platform-orders/export?download=1&receipt_status=none');
|
||||||
$res2->assertOk();
|
$res2->assertOk();
|
||||||
$content2 = $res2->streamedContent();
|
$content2 = $res2->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content2);
|
$this->assertStringContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content2);
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ class AdminPlatformOrderExportReconcileMismatchFilterTest extends TestCase
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export?reconcile_mismatch=1');
|
$res = $this->get('/admin/platform-orders/export?download=1&reconcile_mismatch=1');
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
|
|||||||
@@ -115,7 +115,7 @@ class AdminPlatformOrderExportRefundInconsistentFilterTest extends TestCase
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export?refund_inconsistent=1');
|
$res = $this->get('/admin/platform-orders/export?download=1&refund_inconsistent=1');
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
|
|||||||
@@ -142,7 +142,7 @@ class AdminPlatformOrderExportRefundInconsistentToleranceConfigTest extends Test
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export?refund_inconsistent=1');
|
$res = $this->get('/admin/platform-orders/export?download=1&refund_inconsistent=1');
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ class AdminPlatformOrderExportRefundReceiptFieldsTest extends TestCase
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export');
|
$res = $this->get('/admin/platform-orders/export?download=1');
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
|
|
||||||
$content = $res->streamedContent();
|
$content = $res->streamedContent();
|
||||||
|
|||||||
@@ -107,14 +107,14 @@ class AdminPlatformOrderExportRefundStatusFilterTest extends TestCase
|
|||||||
'meta' => [],
|
'meta' => [],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res1 = $this->get('/admin/platform-orders/export?refund_status=has');
|
$res1 = $this->get('/admin/platform-orders/export?download=1&refund_status=has');
|
||||||
$res1->assertOk();
|
$res1->assertOk();
|
||||||
$content1 = $res1->streamedContent();
|
$content1 = $res1->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0001', $content1);
|
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0001', $content1);
|
||||||
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0002', $content1);
|
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0002', $content1);
|
||||||
$this->assertStringNotContainsString('PO_EXPORT_REFUND_NONE_0003', $content1);
|
$this->assertStringNotContainsString('PO_EXPORT_REFUND_NONE_0003', $content1);
|
||||||
|
|
||||||
$res2 = $this->get('/admin/platform-orders/export?refund_status=none');
|
$res2 = $this->get('/admin/platform-orders/export?download=1&refund_status=none');
|
||||||
$res2->assertOk();
|
$res2->assertOk();
|
||||||
$content2 = $res2->streamedContent();
|
$content2 = $res2->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_REFUND_NONE_0003', $content2);
|
$this->assertStringContainsString('PO_EXPORT_REFUND_NONE_0003', $content2);
|
||||||
|
|||||||
@@ -112,7 +112,7 @@ class AdminPlatformOrderExportTest extends TestCase
|
|||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res = $this->get('/admin/platform-orders/export');
|
$res = $this->get('/admin/platform-orders/export?download=1');
|
||||||
|
|
||||||
$res->assertOk();
|
$res->assertOk();
|
||||||
$res->assertHeader('content-type', 'text/csv; charset=UTF-8');
|
$res->assertHeader('content-type', 'text/csv; charset=UTF-8');
|
||||||
@@ -131,14 +131,14 @@ class AdminPlatformOrderExportTest extends TestCase
|
|||||||
$this->assertStringContainsString('退款总额', $content);
|
$this->assertStringContainsString('退款总额', $content);
|
||||||
|
|
||||||
// include_meta=1 时应包含 meta(JSON) 列
|
// include_meta=1 时应包含 meta(JSON) 列
|
||||||
$res2 = $this->get('/admin/platform-orders/export?include_meta=1');
|
$res2 = $this->get('/admin/platform-orders/export?download=1&include_meta=1');
|
||||||
$res2->assertOk();
|
$res2->assertOk();
|
||||||
$content2 = $res2->streamedContent();
|
$content2 = $res2->streamedContent();
|
||||||
$this->assertStringContainsString('原始meta(JSON)', $content2);
|
$this->assertStringContainsString('原始meta(JSON)', $content2);
|
||||||
$this->assertStringContainsString('subscription_activation_error', $content2);
|
$this->assertStringContainsString('subscription_activation_error', $content2);
|
||||||
|
|
||||||
// batch_synced_24h=1 导出应只包含 24h 内批量同步过的订单
|
// batch_synced_24h=1 导出应只包含 24h 内批量同步过的订单
|
||||||
$res3 = $this->get('/admin/platform-orders/export?batch_synced_24h=1');
|
$res3 = $this->get('/admin/platform-orders/export?download=1&batch_synced_24h=1');
|
||||||
$res3->assertOk();
|
$res3->assertOk();
|
||||||
$content3 = $res3->streamedContent();
|
$content3 = $res3->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_BATCH_RECENT', $content3);
|
$this->assertStringContainsString('PO_EXPORT_BATCH_RECENT', $content3);
|
||||||
@@ -198,7 +198,7 @@ class AdminPlatformOrderExportTest extends TestCase
|
|||||||
'activated_at' => now(),
|
'activated_at' => now(),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$res4 = $this->get('/admin/platform-orders/export?site_subscription_id=' . $sub->id);
|
$res4 = $this->get('/admin/platform-orders/export?download=1&site_subscription_id=' . $sub->id);
|
||||||
$res4->assertOk();
|
$res4->assertOk();
|
||||||
$content4 = $res4->streamedContent();
|
$content4 = $res4->streamedContent();
|
||||||
$this->assertStringContainsString('PO_EXPORT_SUB_FILTER_0001', $content4);
|
$this->assertStringContainsString('PO_EXPORT_SUB_FILTER_0001', $content4);
|
||||||
|
|||||||
Reference in New Issue
Block a user