fix(server): fix npe in non-auth mode

[Tsukilc]

fix npe in server non-auth mode

[codecov]

Codecov Report

❌ Patch coverage is 0% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 29.48%. Comparing base (b12425c) to head (6e6e23f).

Files with missing lines	Patch %	Lines
.../org/apache/hugegraph/auth/HugeGraphAuthProxy.java	0.00%	4 Missing ⚠️
...java/org/apache/hugegraph/api/auth/ManagerAPI.java	0.00%	3 Missing ⚠️
...va/org/apache/hugegraph/api/profile/GraphsAPI.java	0.00%	1 Missing ⚠️
.../org/apache/hugegraph/api/space/GraphSpaceAPI.java	0.00%	1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (b12425c) and HEAD (6e6e23f). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (b12425c)	HEAD (6e6e23f)
	3	2

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #2912      +/-   ##
============================================
- Coverage     35.57%   29.48%   -6.10%     
+ Complexity      333      286      -47     
============================================
  Files           802      802              
  Lines         67568    67572       +4     
  Branches       8777     8778       +1     
============================================
- Hits          24040    19926    -4114     
- Misses        40967    45371    +4404     
+ Partials       2561     2275     -286     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[imbajin]

‼️ Critical: 返回值设计问题

新增的 username() 方法在非认证模式下返回 "anonymous",但需要考虑:

1. 业务逻辑正确性: 在 ManagerAPI.createManager() 和 GraphSpaceAPI.create() 中,这个 username 被用作 creator 字段。如果在非认证模式下所有创建者都是 "anonymous",会导致无法追踪真实的资源创建者。

2. 建议方案:

   • 如果非认证模式下不需要追踪创建者,应该返回 null 而不是 "anonymous",让调用方明确处理
   • 或者在调用方检查认证模式,非认证模式下使用其他标识(如 IP、session ID 等)

Suggested change

	return context.user.username();
	public static String username() {
	Context context = HugeGraphAuthProxy.getContext();
	if (context == null || context.user == null) {
	return null; // 让调用方明确处理非认证场景
	}
	return context.user.username();
	}

请确认非认证模式下的业务预期行为。

[imbajin]

⚠️ Important: 空指针安全性不完整

虽然修复了 context 为 null 的情况,但没有处理 context.user 为 null 的场景。建议增加防御性检查:

Suggested change

	Context context = HugeGraphAuthProxy.getContext();
	public static String username() {
	Context context = HugeGraphAuthProxy.getContext();
	if (context == null || context.user == null) {
	return "anonymous";
	}
	return context.user.username();
	}

或者检查一下 Context 的构造函数是否保证 user 字段非空。

[imbajin]

⚠️ Important: 缺少单元测试

这是一个 NPE 修复,应该添加单元测试来验证:

1. 非认证模式下调用 username() 的行为
2. getContext() 返回 null 时的处理
3. 各个调用方(ManagerAPI, GraphsAPI, GraphSpaceAPI)在非认证模式下的正确性

建议添加测试类或测试方法覆盖这些场景。

[imbajin]

⚠️ Important: 全局一致性检查

建议搜索整个代码库中所有 HugeGraphAuthProxy.getContext().user().username() 的调用点,确保都已替换为新的 username() 方法,避免遗漏其他潜在的 NPE 风险点。

可以使用以下命令检查:

grep -r "HugeGraphAuthProxy.getContext().user().username()" --include="*.java"