linxianzhuang/saasshop
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: platform orders export require download=1 safety valve

Browse Source
This commit is contained in:
萝卜
2026-03-13 22:40:56 +00:00
parent 6a666b4c2a
commit 1f832477c0
11 changed files with 53 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Controllers/Admin/PlatformOrderController.php
View File

@@ -977,6 +977,11 @@ class PlatformOrderController extends Controller
{
$this->ensurePlatformAdmin($request);
// 安全阀:必须显式声明 download=1避免浏览器预取/误触发导致频繁导出
if ((string) $request->query('download', '') !== '1') {
abort(400, 'download=1 required');
}
$filters = [
'status' => trim((string) $request->query('status', '')),
'payment_status' => trim((string) $request->query('payment_status', '')),

1
resources/views/admin/platform_orders/index.blade.php
View File

@@ -440,6 +440,7 @@
@endif
<form method="get" action="/admin/platform-orders/export" class="mb-10">
<input type="hidden" name="download" value="1">
<input type="hidden" name="status" value="{{ $filters['status'] ?? '' }}">
<input type="hidden" name="payment_status" value="{{ $filters['payment_status'] ?? '' }}">
<input type="hidden" name="merchant_id" value="{{ $filters['merchant_id'] ?? '' }}">

4
tests/Feature/AdminPlatformOrderExportBmpaFiltersTest.php
View File

@@ -77,7 +77,7 @@ class AdminPlatformOrderExportBmpaFiltersTest extends TestCase
'placed_at' => now(),
]);
$res = $this->get('/admin/platform-orders/export?bmpa_failed_only=1');
$res = $this->get('/admin/platform-orders/export?download=1&bmpa_failed_only=1');
$res->assertOk();
$content = $res->streamedContent();
@@ -147,7 +147,7 @@ class AdminPlatformOrderExportBmpaFiltersTest extends TestCase
],
]);
$res = $this->get('/admin/platform-orders/export?bmpa_error_keyword=' . urlencode('回执'));
$res = $this->get('/admin/platform-orders/export?download=1&bmpa_error_keyword=' . urlencode('回执'));
$res->assertOk();
$content = $res->streamedContent();

33
tests/Feature/AdminPlatformOrderExportDownloadSafetyValveTest.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace Tests\Feature;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class AdminPlatformOrderExportDownloadSafetyValveTest extends TestCase
{
use RefreshDatabase;
protected function loginAsPlatformAdmin(): void
{
$this->seed();
$this->post('/admin/login', [
'email' => 'platform.admin@demo.local',
'password' => 'Platform@123456',
])->assertRedirect('/admin');
}
public function test_export_should_require_download_flag(): void
{
$this->loginAsPlatformAdmin();
$this->get('/admin/platform-orders/export')
->assertStatus(400)
->assertSee('download=1 required');
$this->get('/admin/platform-orders/export?download=1')
->assertOk();
}
}

4
tests/Feature/AdminPlatformOrderExportReceiptStatusFilterTest.php
View File

@@ -107,14 +107,14 @@ class AdminPlatformOrderExportReceiptStatusFilterTest extends TestCase
'meta' => [],
]);
$res1 = $this->get('/admin/platform-orders/export?receipt_status=has');
$res1 = $this->get('/admin/platform-orders/export?download=1&receipt_status=has');
$res1->assertOk();
$content1 = $res1->streamedContent();
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0001', $content1);
$this->assertStringContainsString('PO_EXPORT_RECEIPT_HAS_0002', $content1);
$this->assertStringNotContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content1);
$res2 = $this->get('/admin/platform-orders/export?receipt_status=none');
$res2 = $this->get('/admin/platform-orders/export?download=1&receipt_status=none');
$res2->assertOk();
$content2 = $res2->streamedContent();
$this->assertStringContainsString('PO_EXPORT_RECEIPT_NONE_0003', $content2);

2
tests/Feature/AdminPlatformOrderExportReconcileMismatchFilterTest.php
View File

@@ -88,7 +88,7 @@ class AdminPlatformOrderExportReconcileMismatchFilterTest extends TestCase
],
]);
$res = $this->get('/admin/platform-orders/export?reconcile_mismatch=1');
$res = $this->get('/admin/platform-orders/export?download=1&reconcile_mismatch=1');
$res->assertOk();
$content = $res->streamedContent();

2
tests/Feature/AdminPlatformOrderExportRefundInconsistentFilterTest.php
View File

@@ -115,7 +115,7 @@ class AdminPlatformOrderExportRefundInconsistentFilterTest extends TestCase
],
]);
$res = $this->get('/admin/platform-orders/export?refund_inconsistent=1');
$res = $this->get('/admin/platform-orders/export?download=1&refund_inconsistent=1');
$res->assertOk();
$content = $res->streamedContent();

2
tests/Feature/AdminPlatformOrderExportRefundInconsistentToleranceConfigTest.php
View File

@@ -142,7 +142,7 @@ class AdminPlatformOrderExportRefundInconsistentToleranceConfigTest extends Test
],
]);
$res = $this->get('/admin/platform-orders/export?refund_inconsistent=1');
$res = $this->get('/admin/platform-orders/export?download=1&refund_inconsistent=1');
$res->assertOk();
$content = $res->streamedContent();

2
tests/Feature/AdminPlatformOrderExportRefundReceiptFieldsTest.php
View File

@@ -78,7 +78,7 @@ class AdminPlatformOrderExportRefundReceiptFieldsTest extends TestCase
],
]);
$res = $this->get('/admin/platform-orders/export');
$res = $this->get('/admin/platform-orders/export?download=1');
$res->assertOk();
$content = $res->streamedContent();

4
tests/Feature/AdminPlatformOrderExportRefundStatusFilterTest.php
View File

@@ -107,14 +107,14 @@ class AdminPlatformOrderExportRefundStatusFilterTest extends TestCase
'meta' => [],
]);
$res1 = $this->get('/admin/platform-orders/export?refund_status=has');
$res1 = $this->get('/admin/platform-orders/export?download=1&refund_status=has');
$res1->assertOk();
$content1 = $res1->streamedContent();
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0001', $content1);
$this->assertStringContainsString('PO_EXPORT_REFUND_HAS_0002', $content1);
$this->assertStringNotContainsString('PO_EXPORT_REFUND_NONE_0003', $content1);
$res2 = $this->get('/admin/platform-orders/export?refund_status=none');
$res2 = $this->get('/admin/platform-orders/export?download=1&refund_status=none');
$res2->assertOk();
$content2 = $res2->streamedContent();
$this->assertStringContainsString('PO_EXPORT_REFUND_NONE_0003', $content2);

8
tests/Feature/AdminPlatformOrderExportTest.php
View File

@@ -112,7 +112,7 @@ class AdminPlatformOrderExportTest extends TestCase
],
]);
$res = $this->get('/admin/platform-orders/export');
$res = $this->get('/admin/platform-orders/export?download=1');
$res->assertOk();
$res->assertHeader('content-type', 'text/csv; charset=UTF-8');
@@ -131,14 +131,14 @@ class AdminPlatformOrderExportTest extends TestCase
$this->assertStringContainsString('退款总额', $content);
// include_meta=1 时应包含 meta(JSON) 列
$res2 = $this->get('/admin/platform-orders/export?include_meta=1');
$res2 = $this->get('/admin/platform-orders/export?download=1&include_meta=1');
$res2->assertOk();
$content2 = $res2->streamedContent();
$this->assertStringContainsString('原始meta(JSON)', $content2);
$this->assertStringContainsString('subscription_activation_error', $content2);
// batch_synced_24h=1 导出应只包含 24h 内批量同步过的订单
$res3 = $this->get('/admin/platform-orders/export?batch_synced_24h=1');
$res3 = $this->get('/admin/platform-orders/export?download=1&batch_synced_24h=1');
$res3->assertOk();
$content3 = $res3->streamedContent();
$this->assertStringContainsString('PO_EXPORT_BATCH_RECENT', $content3);
@@ -198,7 +198,7 @@ class AdminPlatformOrderExportTest extends TestCase
'activated_at' => now(),
]);
$res4 = $this->get('/admin/platform-orders/export?site_subscription_id=' . $sub->id);
$res4 = $this->get('/admin/platform-orders/export?download=1&site_subscription_id=' . $sub->id);
$res4->assertOk();
$content4 = $res4->streamedContent();
$this->assertStringContainsString('PO_EXPORT_SUB_FILTER_0001', $content4);