新增管理登录页面

tests/Feature/ChatControllerTest.php

@@ -45,6 +45,21 @@ class ChatControllerTest extends TestCase
         $this->assertEquals(1, Redis::hexists("room:{$room->id}:users", $user->username));
     }
 
+    /**
+     * 测试主干默认聊天室页面不会渲染虚拟形象挂载点和配置。
+     */
+    public function test_room_view_does_not_render_avatar_widget_or_config_by_default(): void
+    {
+        $room = Room::create(['room_name' => 'avguard']);
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->get(route('chat.room', $room->id));
+
+        $response->assertOk();
+        $response->assertDontSee('chat-avatar-widget');
+        $response->assertDontSee('chatAvatarWidget');
+    }
+
     /**
      * 测试用户可以发送普通文本消息。
      */

tests/Feature/Feature/AdminAuthControllerTest.php

@@ -0,0 +1,115 @@
+<?php
+
+/**
+ * 文件功能：站长隐藏登录功能测试
+ *
+ * 覆盖隐藏登录页访问、站长登录成功、非站长拒绝登录
+ * 以及通过隐藏入口登录后首页不再回到聊天室大厅等核心场景。
+ *
+ * @author   ChatRoom Laravel
+ *
+ * @version  1.0.0
+ */
+
+namespace Tests\Feature\Feature;
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Validator;
+use Tests\TestCase;
+
+/**
+ * 类功能：验证站长隐藏登录入口的行为。
+ */
+class AdminAuthControllerTest extends TestCase
+{
+    use RefreshDatabase;
+
+    /**
+     * 测试前注册验证码校验桩，避免依赖真实验证码生成。
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        Validator::extend('captcha', function () {
+            return true;
+        });
+    }
+
+    /**
+     * 验证隐藏登录页可以正常打开。
+     */
+    public function test_hidden_admin_login_page_can_be_opened(): void
+    {
+        $response = $this->get('/lkddi');
+
+        $response->assertOk()
+            ->assertSee('站长后台入口')
+            ->assertSee('/lkddi');
+    }
+
+    /**
+     * 验证 id=1 站长可以通过隐藏入口登录并进入后台首页。
+     */
+    public function test_site_owner_can_login_via_hidden_admin_entry(): void
+    {
+        $siteOwner = User::factory()->create([
+            'id' => 1,
+            'username' => 'site-owner',
+            'password' => Hash::make('secret-owner'),
+        ]);
+
+        $response = $this->post('/lkddi', [
+            'username' => 'site-owner',
+            'password' => 'secret-owner',
+            'captcha' => '1234',
+        ]);
+
+        $response->assertRedirect(route('admin.dashboard'));
+        $response->assertSessionHas('admin_login_via_hidden', true);
+        $this->assertAuthenticatedAs($siteOwner);
+    }
+
+    /**
+     * 验证非 id=1 账号即使密码正确，也不能使用隐藏入口。
+     */
+    public function test_non_site_owner_cannot_login_via_hidden_admin_entry(): void
+    {
+        User::factory()->create([
+            'username' => 'manager',
+            'password' => Hash::make('secret-manager'),
+        ]);
+
+        $response = $this->from('/lkddi')->post('/lkddi', [
+            'username' => 'manager',
+            'password' => 'secret-manager',
+            'captcha' => '1234',
+        ]);
+
+        $response->assertRedirect('/lkddi');
+        $response->assertSessionHasErrors('username');
+        $this->assertGuest();
+    }
+
+    /**
+     * 验证通过隐藏入口登录的站长访问首页时不会被送去聊天室大厅。
+     */
+    public function test_hidden_admin_login_keeps_homepage_redirecting_to_dashboard(): void
+    {
+        $siteOwner = User::factory()->create([
+            'id' => 1,
+            'username' => 'site-owner',
+            'password' => Hash::make('secret-owner'),
+        ]);
+
+        $this->actingAs($siteOwner)->withSession([
+            'admin_login_via_hidden' => true,
+        ]);
+
+        $response = $this->get('/');
+
+        $response->assertRedirect(route('admin.dashboard'));
+    }
+}