Migrate db, auth to mcdsl; remove mcias client dependency
- db.Open: delegate to mcdsl/db.Open - db.Migrate: convert to mcdsl/db.Migration format, delegate - auth: type aliases for TokenInfo/Authenticator/Config from mcdsl, re-export error sentinels, Logout helper - cmd/server: construct auth.Authenticator from Config (not mcias.Client) - server/routes.go logout: use auth.Logout(authenticator, token) - grpcserver/auth.go: same logout pattern, fix Login return type (time.Time not string) - webserver: replace mcias.Client with mcdsl/auth for service token validation; resolveUser degrades to raw UUID (TODO: restore when mcias client library is properly tagged) - Dockerfiles: bump to golang:1.25-alpine, remove gcc/musl-dev, add VERSION build arg - Deploy: add docker-compose-rift.yml with localhost-only port mapping - Remove git.wntrmute.dev/kyle/mcias/clients/go dependency entirely - All tests pass, net -185 lines Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,53 +1,21 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"log/slog"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestTokenHash(t *testing.T) {
|
||||
h1 := tokenHash("token-abc")
|
||||
h2 := tokenHash("token-abc")
|
||||
h3 := tokenHash("token-def")
|
||||
|
||||
if h1 != h2 {
|
||||
t.Error("same input should produce same hash")
|
||||
func TestErrorsExported(t *testing.T) {
|
||||
// Verify the error sentinels are accessible and non-nil.
|
||||
if ErrInvalidCredentials == nil {
|
||||
t.Error("ErrInvalidCredentials is nil")
|
||||
}
|
||||
if h1 == h3 {
|
||||
t.Error("different inputs should produce different hashes")
|
||||
if ErrInvalidToken == nil {
|
||||
t.Error("ErrInvalidToken is nil")
|
||||
}
|
||||
if len(h1) != 64 { // SHA-256 hex
|
||||
t.Errorf("hash length: got %d, want 64", len(h1))
|
||||
}
|
||||
}
|
||||
|
||||
func TestHasAdminRole(t *testing.T) {
|
||||
if !hasAdminRole([]string{"user", "admin"}) {
|
||||
t.Error("should detect admin role")
|
||||
}
|
||||
if hasAdminRole([]string{"user", "operator"}) {
|
||||
t.Error("should not detect admin role when absent")
|
||||
}
|
||||
if hasAdminRole(nil) {
|
||||
t.Error("nil roles should not be admin")
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewAuthenticator(t *testing.T) {
|
||||
a := NewAuthenticator(nil, slog.Default())
|
||||
if a == nil {
|
||||
t.Fatal("NewAuthenticator returned nil")
|
||||
}
|
||||
if a.cache == nil {
|
||||
t.Error("cache should be initialized")
|
||||
}
|
||||
}
|
||||
|
||||
func TestClearCache(t *testing.T) {
|
||||
a := NewAuthenticator(nil, slog.Default())
|
||||
a.cache["test"] = &cachedClaims{info: &TokenInfo{Username: "test"}}
|
||||
a.ClearCache()
|
||||
if len(a.cache) != 0 {
|
||||
t.Error("cache should be empty after clear")
|
||||
if ErrForbidden == nil {
|
||||
t.Error("ErrForbidden is nil")
|
||||
}
|
||||
if ErrUnavailable == nil {
|
||||
t.Error("ErrUnavailable is nil")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user