lotteryLaravel/tests/Feature/PlayerFoundationTest.php

<?php

use App\Lottery\ErrorCode;
use App\Models\Player;
use Firebase\JWT\JWT;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Symfony\Component\HttpFoundation\Response;

uses(RefreshDatabase::class);

test('player me returns profile with dev bearer', function () {
    $player = Player::query()->create([
        'site_code' => 'main',
        'site_player_id' => 'uid-42',
        'username' => 'alice',
        'nickname' => 'A',
        'default_currency' => 'NPR',
        'status' => 0,
    ]);

    $this->withHeader('Authorization', 'Bearer dev:'.$player->id)
        ->getJson('/api/v1/player/me')
        ->assertOk()
        ->assertJsonPath('code', ErrorCode::Success->value)
        ->assertJsonPath('data.id', $player->id)
        ->assertJsonPath('data.site_player_id', 'uid-42')
        ->assertJsonPath('data.username', 'alice');
});

test('player auth missing bearer returns localized sso 8001', function () {
    $code = ErrorCode::PlayerAuthorizationInvalid->value;
    $this->withHeader('Accept-Language', 'zh-CN,zh;q=0.9')
        ->getJson('/api/v1/player/me')
        ->assertStatus(Response::HTTP_UNAUTHORIZED)
        ->assertJsonPath('code', $code)
        ->assertJsonPath('msg', __("sso.$code", [], 'zh'));
});

test('api unknown route returns unified not_found json without hitting locale middleware', function () {
    $this->withHeader('X-Locale', 'zh')
        ->getJson('/api/v1/player/__no_route__xxx')
        ->assertStatus(Response::HTTP_NOT_FOUND)
        ->assertJsonPath('code', ErrorCode::NotFound->value)
        ->assertJsonPath('msg', __('api.not_found', [], 'zh'));
});

test('player me works with main site jwt when dev bypass is off', function () {
    config(['lottery.player_auth.dev_bypass' => false]);
    config(['lottery.main_site.sso_jwt_secret' => 'jwt-test-secret']);

    $player = Player::query()->create([
        'site_code' => 'main',
        'site_player_id' => 'jwt-user-1',
        'username' => null,
        'nickname' => null,
        'default_currency' => 'NPR',
        'status' => 0,
    ]);

    $jwt = JWT::encode([
        'site_code' => 'main',
        'site_player_id' => 'jwt-user-1',
        'exp' => time() + 3600,
    ], 'jwt-test-secret', 'HS256');

    $this->withHeader('Authorization', 'Bearer '.$jwt)
        ->getJson('/api/v1/player/me')
        ->assertOk()
        ->assertJsonPath('data.site_player_id', 'jwt-user-1');
});