mc/mcdsl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38da2e9a4b775b3eae758acb390377bf68e10398
mcdsl/PROGRESS.md
Kyle Isom 38da2e9a4b Add auth package: MCIAS token validation with caching 
- Authenticator with Login, ValidateToken, Logout
- 30-second SHA-256-keyed cache with lazy eviction
- TLS 1.3, custom CA support, service context (name + tags)
- Error types: ErrInvalidToken, ErrInvalidCredentials,
  ErrForbidden, ErrUnavailable
- Context helpers for TokenInfo propagation
- 14 tests with mock MCIAS server and injectable clock

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 14:24:52 -07:00

2.3 KiB
Raw Blame History

MCDSL Progress

Current State

Phase 2 complete. The db and auth packages are implemented and tested.

Completed

Phase 0: Project Setup (2026-03-25)

  • Initialized Go module (git.wntrmute.dev/kyle/mcdsl)
  • Created .golangci.yaml matching platform standard (with exported rule enabled since this is a shared library)
  • Created Makefile with standard targets (build, test, vet, lint, all)
  • Created .gitignore
  • Created doc.go package doc
  • make all passes clean

Phase 1: db — SQLite Foundation (2026-03-25)

  • Open(path string) (*sql.DB, error) — opens with WAL, FK, busy timeout 5000ms, 0600 permissions, creates parent dirs
  • Migration type with Version, Name, SQL fields
  • Migrate(database *sql.DB, migrations []Migration) error — sequential, transactional, idempotent, records name and timestamp in schema_migrations
  • SchemaVersion(database *sql.DB) (int, error) — highest applied version
  • Snapshot(database *sql.DB, destPath string) error — VACUUM INTO with 0600 permissions, creates parent dirs
  • 11 tests covering open, migrate, and snapshot

Phase 2: auth — MCIAS Token Validation (2026-03-25)

  • Config type matching [mcias] TOML section (ServerURL, CACert, ServiceName, Tags)
  • TokenInfo type (Username, Roles, IsAdmin)
  • New(cfg Config, logger *slog.Logger) (*Authenticator, error) — creates MCIAS client with TLS 1.3, custom CA support, 10s timeout
  • Login(username, password, totpCode string) (token, expiresAt, err) — forwards to MCIAS with service context, returns ErrForbidden for policy denials, ErrInvalidCredentials for bad creds
  • ValidateToken(token string) (*TokenInfo, error) — 30s SHA-256-keyed cache, lazy eviction, concurrent-safe (RWMutex)
  • Logout(token string) error — revokes token on MCIAS
  • Error types: ErrInvalidToken, ErrInvalidCredentials, ErrForbidden, ErrUnavailable
  • Context helpers: ContextWithTokenInfo, TokenInfoFromContext
  • 14 tests: login (success, invalid creds, forbidden), validate (admin, non-admin, expired, unknown), cache (hit, expiry via injectable clock), logout, constructor validation, context roundtrip, admin detection
  • make all passes clean (vet, lint 0 issues, 25 total tests, build)

Next Steps

  • Phase 3: config package (TOML loading, env overrides, standard sections)
Reference in New Issue View Git Blame Copy Permalink