Test: new changes in middleware pkg

middleware/auth.go

@@ -199,6 +199,7 @@ func QiniuCallbackAuth() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
+
 		if !ok {
 			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名无效"})
 			c.Abort()
@@ -283,21 +284,6 @@ func OneDriveCallbackAuth() gin.HandlerFunc {
 	}
 }
 
-// S3CallbackAuth Amazon S3回调签名验证
-func S3CallbackAuth() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		//// 验证key并查找用户
-		//resp, _ := uploadCallbackCheck(c)
-		//if resp.Code != 0 {
-		//	c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
-		//	c.Abort()
-		//	return
-		//}
-
-		c.Next()
-	}
-}
-
 // IsAdmin 必须为管理员用户组
 func IsAdmin() gin.HandlerFunc {
 	return func(c *gin.Context) {

middleware/auth_test.go

@@ -3,21 +3,24 @@ package middleware
 import (
 	"database/sql"
 	"errors"
+	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
+	"github.com/cloudreve/Cloudreve/v3/pkg/filesystem"
+	"github.com/cloudreve/Cloudreve/v3/pkg/mq"
+	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
+	"github.com/qiniu/go-sdk/v7/auth/qbox"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/DATA-DOG/go-sqlmock"
 	model "github.com/cloudreve/Cloudreve/v3/models"
 	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
-	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
-	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
 	"github.com/cloudreve/Cloudreve/v3/pkg/util"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
-	"github.com/qiniu/go-sdk/v7/auth/qbox"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -223,19 +226,31 @@ func TestWebDAVAuth(t *testing.T) {
 
 }
 
-func TestRemoteCallbackAuth(t *testing.T) {
+func TestUseUploadSession(t *testing.T) {
 	asserts := assert.New(t)
 	rec := httptest.NewRecorder()
-	AuthFunc := RemoteCallbackAuth()
+	AuthFunc := UseUploadSession("local")
+
+	// sessionID 为空
+	{
+
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/sessionID", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}
 
 	// 成功
 	{
 		cache.Set(
-			"callback_testCallBackRemote",
+			filesystem.UploadSessionCachePrefix+"testCallBackRemote",
 			serializer.UploadSession{
 				UID:         1,
-				PolicyID:    513,
 				VirtualPath: "/",
+				Policy:      model.Policy{Type: "local"},
 			},
 			0,
 		)
@@ -248,7 +263,7 @@ func TestRemoteCallbackAuth(t *testing.T) {
 			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
 		c, _ := gin.CreateTestContext(rec)
 		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
+			{"sessionID", "testCallBackRemote"},
 		}
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
 		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
@@ -257,79 +272,95 @@ func TestRemoteCallbackAuth(t *testing.T) {
 		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
+}
 
-	// Callback Key 不存在
+func TestUploadCallbackCheck(t *testing.T) {
-	{
+	a := assert.New(t)
+	rec := httptest.NewRecorder()
 
+	// 上传会话不存在
+	{
 		c, _ := gin.CreateTestContext(rec)
 		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
+			{"sessionID", "testSessionNotExist"},
 		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		res := uploadCallbackCheck(c, "local")
-		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		a.Contains("上传会话不存在或已过期", res.Msg)
-		auth.SignRequest(authInstance, c.Request, 0)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
 	}
 
-	// 用户不存在
+	// 上传策略不一致
 	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"sessionID", "testPolicyNotMatch"},
+		}
 		cache.Set(
-			"callback_testCallBackRemote",
+			filesystem.UploadSessionCachePrefix+"testPolicyNotMatch",
 			serializer.UploadSession{
 				UID:         1,
-				PolicyID:    550,
 				VirtualPath: "/",
+				Policy:      model.Policy{Type: "remote"},
 			},
 			0,
 		)
-		cache.Deletes([]string{"1"}, "policy_")
+		res := uploadCallbackCheck(c, "local")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
+		a.Contains("Policy not supported", res.Msg)
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
-		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
-		auth.SignRequest(authInstance, c.Request, 0)
-		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.True(c.IsAborted())
 	}
 
-	// 签名错误
+	// 用户不存在
 	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"sessionID", "testUserNotExist"},
+		}
 		cache.Set(
-			"callback_testCallBackRemote",
+			filesystem.UploadSessionCachePrefix+"testUserNotExist",
 			serializer.UploadSession{
-				UID:         1,
+				UID:         313,
-				PolicyID:    514,
 				VirtualPath: "/",
+				Policy:      model.Policy{Type: "remote"},
 			},
 			0,
 		)
-		cache.Deletes([]string{"1"}, "policy_")
 		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
+		res := uploadCallbackCheck(c, "remote")
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[514]"))
+		a.Contains("找不到用户", res.Msg)
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
+		a.NoError(mock.ExpectationsWereMet())
-			WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
+		_, ok := cache.Get(filesystem.UploadSessionCachePrefix + "testUserNotExist")
+		a.False(ok)
+	}
+}
+
+func TestRemoteCallbackAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := RemoteCallbackAuth()
+
+	// 成功
+	{
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackRemote"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy:      model.Policy{SecretKey: "123"},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
+		authInstance := auth.HMACAuth{SecretKey: []byte("123")}
+		auth.SignRequest(authInstance, c.Request, 0)
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.False(c.IsAborted())
-		asserts.True(c.IsAborted())
 	}
 
-	// Callback Key 为空
+	// 签名错误
 	{
 		c, _ := gin.CreateTestContext(rec)
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote", nil)
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
+			UID:         1,
+			VirtualPath: "/",
+			Policy:      model.Policy{SecretKey: "123"},
+		})
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
 		AuthFunc(c)
 		asserts.True(c.IsAborted())
 	}
@@ -340,39 +371,17 @@ func TestQiniuCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := QiniuCallbackAuth()
 
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testQiniuBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testQiniuBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 成功
 	{
-		cache.Set(
-			"callback_testCallBackQiniu",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    515,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[515]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackQiniu"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
 		mac := qbox.NewMac("123", "123")
 		token, err := mac.SignRequest(c.Request)
@@ -385,33 +394,21 @@ func TestQiniuCallbackAuth(t *testing.T) {
 
 	// 验证失败
 	{
-		cache.Set(
-			"callback_testCallBackQiniu",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    516,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[516]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackQiniu"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackQiniu", nil)
-		mac := qbox.NewMac("123", "123")
+		mac := qbox.NewMac("123", "1213")
 		token, err := mac.SignRequest(c.Request)
 		asserts.NoError(err)
-		c.Request.Header["Authorization"] = []string{"QBox " + token + " "}
+		c.Request.Header["Authorization"] = []string{"QBox " + token}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 }
@@ -421,76 +418,41 @@ func TestOSSCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := OSSCallbackAuth()
 
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testOSSBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testQiniuBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 签名验证失败
 	{
-		cache.Set(
-			"callback_testCallBackOSS",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    517,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[517]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackOSS"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testCallBackOSS", nil)
 		mac := qbox.NewMac("123", "123")
 		token, err := mac.SignRequest(c.Request)
 		asserts.NoError(err)
 		c.Request.Header["Authorization"] = []string{"QBox " + token}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 
 	// 成功
 	{
-		cache.Set(
-			"callback_TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    518,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[518]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/TnXx5E5VyfJUyM1UdkdDu1rtnJ34EbmH", ioutil.NopCloser(strings.NewReader(`{"name":"2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","source_name":"1/1_hFRtDLgM_2f7b2ccf30e9270ea920f1ab8a4037a546a2f0d5.jpg","size":114020,"pic_info":"810,539"}`)))
 		c.Request.Header["Authorization"] = []string{"e5LwzwTkP9AFAItT4YzvdJOHd0Y0wqTMWhsV/h5SG90JYGAmMd+8LQyj96R+9qUfJWjMt6suuUh7LaOryR87Dw=="}
 		c.Request.Header["X-Oss-Pub-Key-Url"] = []string{"aHR0cHM6Ly9nb3NzcHVibGljLmFsaWNkbi5jb20vY2FsbGJhY2tfcHViX2tleV92MS5wZW0="}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
 
@@ -507,130 +469,71 @@ func TestUpyunCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := UpyunCallbackAuth()
 
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 无法获取请求正文
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    509,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[519]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackUpyun"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(fakeRead("")))
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 
 	// 正文MD5不一致
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    510,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[520]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackUpyun"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"123"}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 
 	// 签名不一致
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    511,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[521]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackUpyun"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.True(c.IsAborted())
 	}
 
 	// 成功
 	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[522]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
 		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-			{"key", "testCallBackUpyun"},
+			UID:         1,
-		}
+			VirtualPath: "/",
+			Policy: model.Policy{
+				SecretKey: "123",
+				AccessKey: "123",
+			},
+		})
 		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		c.Request.Header["Content-Md5"] = []string{"c4ca4238a0b923820dcc509a6f75849b"}
 		c.Request.Header["Authorization"] = []string{"UPYUN 123:GWueK9x493BKFFk5gmfdO2Mn6EM="}
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
 		asserts.False(c.IsAborted())
 	}
 }
@@ -640,87 +543,28 @@ func TestOneDriveCallbackAuth(t *testing.T) {
 	rec := httptest.NewRecorder()
 	AuthFunc := OneDriveCallbackAuth()
 
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
 	// 成功
-	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[657]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
-		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
-		asserts.False(c.IsAborted())
-	}
-}
-
-func TestCOSCallbackAuth(t *testing.T) {
-	asserts := assert.New(t)
-	rec := httptest.NewRecorder()
-	AuthFunc := COSCallbackAuth()
-
-	// Callback Key 相关验证失败
 	{
 		c, _ := gin.CreateTestContext(rec)
 		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
+			{"sessionID", "TestOneDriveCallbackAuth"},
 		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
+		c.Set(filesystem.UploadSessionCtx, &serializer.UploadSession{
-		AuthFunc(c)
+			UID:         1,
-		asserts.True(c.IsAborted())
+			VirtualPath: "/",
-	}
+			Policy: model.Policy{
-
+				SecretKey: "123",
-	// 成功
+				AccessKey: "123",
-	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
 			},
-			0,
+		})
-		)
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/TestOneDriveCallbackAuth", ioutil.NopCloser(strings.NewReader("1")))
-		cache.Deletes([]string{"1"}, "policy_")
+		res := mq.GlobalMQ.Subscribe("TestOneDriveCallbackAuth", 1)
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
-		mock.ExpectQuery("SELECT(.+)policies(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
 		AuthFunc(c)
-		asserts.NoError(mock.ExpectationsWereMet())
+		select {
+		case <-res:
+		case <-time.After(time.Millisecond * 500):
+			asserts.Fail("mq message should be published")
+		}
 		asserts.False(c.IsAborted())
 	}
 }
@@ -759,46 +603,3 @@ func TestIsAdmin(t *testing.T) {
 		asserts.False(c.IsAborted())
 	}
 }
-
-func TestS3CallbackAuth(t *testing.T) {
-	asserts := assert.New(t)
-	rec := httptest.NewRecorder()
-	AuthFunc := S3CallbackAuth()
-
-	// Callback Key 相关验证失败
-	{
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testUpyunBackRemote"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
-		AuthFunc(c)
-		asserts.True(c.IsAborted())
-	}
-
-	// 成功
-	{
-		cache.Set(
-			"callback_testCallBackUpyun",
-			serializer.UploadSession{
-				UID:         1,
-				PolicyID:    512,
-				VirtualPath: "/",
-			},
-			0,
-		)
-		cache.Deletes([]string{"1"}, "policy_")
-		mock.ExpectQuery("SELECT(.+)users(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
-		mock.ExpectQuery("SELECT(.+)groups(.+)").
-			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
-		c, _ := gin.CreateTestContext(rec)
-		c.Params = []gin.Param{
-			{"key", "testCallBackUpyun"},
-		}
-		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
-		AuthFunc(c)
-		asserts.False(c.IsAborted())
-		asserts.NoError(mock.ExpectationsWereMet())
-	}
-}