create([ 'site_code' => 'main', 'site_player_id' => 'uid-42', 'username' => 'alice', 'nickname' => 'A', 'default_currency' => 'NPR', 'status' => 0, ]); $this->withHeader('Authorization', 'Bearer dev:'.$player->id) ->getJson('/api/v1/player/me') ->assertOk() ->assertJsonPath('code', 0) ->assertJsonPath('data.id', $player->id) ->assertJsonPath('data.site_player_id', 'uid-42') ->assertJsonPath('data.username', 'alice'); }); test('player auth missing bearer returns localized sso 8001', function () { $this->withHeader('Accept-Language', 'zh-CN,zh;q=0.9') ->getJson('/api/v1/player/me') ->assertStatus(Response::HTTP_UNAUTHORIZED) ->assertJsonPath('code', 8001) ->assertJsonPath('msg', __('sso.8001', [], 'zh')); }); test('api unknown route returns unified not_found json without hitting locale middleware', function () { $this->withHeader('X-Locale', 'zh') ->getJson('/api/v1/player/__no_route__xxx') ->assertStatus(Response::HTTP_NOT_FOUND) ->assertJsonPath('code', 9004) ->assertJsonPath('msg', __('api.not_found', [], 'zh')); }); test('player me works with main site jwt when dev bypass is off', function () { config(['lottery.player_auth.dev_bypass' => false]); config(['lottery.main_site.sso_jwt_secret' => 'jwt-test-secret']); $player = Player::query()->create([ 'site_code' => 'main', 'site_player_id' => 'jwt-user-1', 'username' => null, 'nickname' => null, 'default_currency' => 'NPR', 'status' => 0, ]); $jwt = JWT::encode([ 'site_code' => 'main', 'site_player_id' => 'jwt-user-1', 'exp' => time() + 3600, ], 'jwt-test-secret', 'HS256'); $this->withHeader('Authorization', 'Bearer '.$jwt) ->getJson('/api/v1/player/me') ->assertOk() ->assertJsonPath('data.site_player_id', 'jwt-user-1'); });