feat: add google oauth

e2e/auth-email.spec.ts

@@ -0,0 +1,57 @@
+import { expect, test } from '@playwright/test';
+
+const jwtPayload = Buffer.from(
+  JSON.stringify({ user_id: 7, email: 'user@example.com', exp: 1999999999, iat: 1111111 })
+)
+  .toString('base64')
+  .replace(/\+/g, '-')
+  .replace(/\//g, '_')
+  .replace(/=+$/g, '');
+
+const token = `header.${jwtPayload}.sig`;
+
+test('email login should authenticate and display user email', async ({ page }) => {
+  await page.route('**/user/login', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        request_id: 'req_login',
+        code: 200,
+        message: 'ok',
+        data: {
+          token,
+          expires_at: 1999999999,
+        },
+      }),
+    });
+  });
+
+  await page.route('**/task/list**', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        request_id: 'req_tasks',
+        code: 200,
+        message: 'ok',
+        data: {
+          task_list: [],
+          total: 0,
+        },
+      }),
+    });
+  });
+
+  await page.goto('/');
+
+  const loginButton = page.getByRole('button', { name: /Login|登录/ }).first();
+  await loginButton.click();
+
+  await page.fill('#auth-email', 'user@example.com');
+  await page.fill('#auth-password', '123456');
+
+  await page.locator('button[type="submit"]').click();
+
+  await expect(page.getByText('user@example.com')).toBeVisible();
+});

e2e/auth-oauth.spec.ts

@@ -0,0 +1,80 @@
+import { expect, test } from '@playwright/test';
+
+const jwtPayload = Buffer.from(
+  JSON.stringify({ user_id: 9, email: 'oauth@example.com', exp: 1999999999, iat: 1111111 })
+)
+  .toString('base64')
+  .replace(/\+/g, '-')
+  .replace(/\//g, '_')
+  .replace(/=+$/g, '');
+
+const token = `header.${jwtPayload}.sig`;
+
+test('google oauth callback with valid state should complete login', async ({ page }) => {
+  await page.route('**/user/oauth/google/url**', async (route, request) => {
+    const url = new URL(request.url());
+    const state = url.searchParams.get('state') ?? '';
+
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        request_id: 'req_oauth_url',
+        code: 200,
+        message: 'ok',
+        data: {
+          auth_url: `http://127.0.0.1:4173/auth/google/callback?code=oauth_code&state=${state}`,
+        },
+      }),
+    });
+  });
+
+  await page.route('**/user/oauth/google/callback', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        request_id: 'req_oauth_callback',
+        code: 200,
+        message: 'ok',
+        data: {
+          token,
+          expires_at: 1999999999,
+        },
+      }),
+    });
+  });
+
+  await page.route('**/task/list**', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        request_id: 'req_tasks',
+        code: 200,
+        message: 'ok',
+        data: {
+          task_list: [],
+          total: 0,
+        },
+      }),
+    });
+  });
+
+  await page.goto('/');
+  await page.getByRole('button', { name: /Login|登录/ }).first().click();
+  await page.getByRole('button', { name: /Google/ }).click();
+
+  await expect(page.getByText('oauth@example.com')).toBeVisible();
+});
+
+test('google oauth callback with invalid state should show error', async ({ page }) => {
+  await page.goto('/');
+
+  await page.evaluate(() => {
+    sessionStorage.setItem('texpixel_oauth_state', 'expected_state');
+  });
+
+  await page.goto('/auth/google/callback?code=fake_code&state=wrong_state');
+  await expect(page.getByText('OAuth state 校验失败')).toBeVisible();
+});