mc/mcdsl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38da2e9a4b775b3eae758acb390377bf68e10398
mcdsl/PROGRESS.md
Kyle Isom 38da2e9a4b Add auth package: MCIAS token validation with caching 
- Authenticator with Login, ValidateToken, Logout
- 30-second SHA-256-keyed cache with lazy eviction
- TLS 1.3, custom CA support, service context (name + tags)
- Error types: ErrInvalidToken, ErrInvalidCredentials,
  ErrForbidden, ErrUnavailable
- Context helpers for TokenInfo propagation
- 14 tests with mock MCIAS server and injectable clock

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 14:24:52 -07:00

52 lines
2.3 KiB
Markdown
Raw Blame History

# MCDSL Progress
## Current State
Phase 2 complete. The `db` and `auth` packages are implemented and tested.
## Completed
### Phase 0: Project Setup (2026-03-25)
- Initialized Go module (`git.wntrmute.dev/kyle/mcdsl`)
- Created `.golangci.yaml` matching platform standard (with `exported` rule
enabled since this is a shared library)
- Created `Makefile` with standard targets (build, test, vet, lint, all)
- Created `.gitignore`
- Created `doc.go` package doc
- `make all` passes clean
### Phase 1: `db` — SQLite Foundation (2026-03-25)
- `Open(path string) (*sql.DB, error)` — opens with WAL, FK, busy timeout
5000ms, 0600 permissions, creates parent dirs
- `Migration` type with Version, Name, SQL fields
- `Migrate(database *sql.DB, migrations []Migration) error` — sequential,
transactional, idempotent, records name and timestamp in schema_migrations
- `SchemaVersion(database *sql.DB) (int, error)` — highest applied version
- `Snapshot(database *sql.DB, destPath string) error` — VACUUM INTO with
0600 permissions, creates parent dirs
- 11 tests covering open, migrate, and snapshot
### Phase 2: `auth` — MCIAS Token Validation (2026-03-25)
- `Config` type matching `[mcias]` TOML section (ServerURL, CACert,
ServiceName, Tags)
- `TokenInfo` type (Username, Roles, IsAdmin)
- `New(cfg Config, logger *slog.Logger) (*Authenticator, error)` — creates
MCIAS client with TLS 1.3, custom CA support, 10s timeout
- `Login(username, password, totpCode string) (token, expiresAt, err)`
forwards to MCIAS with service context, returns ErrForbidden for policy
denials, ErrInvalidCredentials for bad creds
- `ValidateToken(token string) (*TokenInfo, error)` — 30s SHA-256-keyed
cache, lazy eviction, concurrent-safe (RWMutex)
- `Logout(token string) error` — revokes token on MCIAS
- Error types: ErrInvalidToken, ErrInvalidCredentials, ErrForbidden,
ErrUnavailable
- Context helpers: ContextWithTokenInfo, TokenInfoFromContext
- 14 tests: login (success, invalid creds, forbidden), validate (admin,
non-admin, expired, unknown), cache (hit, expiry via injectable clock),
logout, constructor validation, context roundtrip, admin detection
- `make all` passes clean (vet, lint 0 issues, 25 total tests, build)
## Next Steps
- Phase 3: `config` package (TOML loading, env overrides, standard sections)
Reference in New Issue View Git Blame Copy Permalink