Migrate db, auth to mcdsl; remove mcias client dependency

- db.Open: delegate to mcdsl/db.Open - db.Migrate: convert to mcdsl/db.Migration format, delegate - auth: type aliases for TokenInfo/Authenticator/Config from mcdsl, re-export error sentinels, Logout helper - cmd/server: construct auth.Authenticator from Config (not mcias.Client) - server/routes.go logout: use auth.Logout(authenticator, token) - grpcserver/auth.go: same logout pattern, fix Login return type (time.Time not string) - webserver: replace mcias.Client with mcdsl/auth for service token validation; resolveUser degrades to raw UUID (TODO: restore when mcias client library is properly tagged) - Dockerfiles: bump to golang:1.25-alpine, remove gcc/musl-dev, add VERSION build arg - Deploy: add docker-compose-rift.yml with localhost-only port mapping - Remove git.wntrmute.dev/kyle/mcias/clients/go dependency entirely - All tests pass, net -185 lines Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 18:42:43 -07:00
parent 5c5d7e184e
commit dd698ff6d8
15 changed files with 157 additions and 342 deletions
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -9,7 +9,7 @@ import (

 	"github.com/go-chi/chi/v5"

-	mcias "git.wntrmute.dev/kyle/mcias/clients/go"
+

 	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
 	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
@@ -236,13 +236,7 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {

 func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
 	token := extractToken(r)
-	client, err := mcias.New(s.cfg.MCIAS.ServerURL, mcias.Options{
-		CACertPath: s.cfg.MCIAS.CACert,
-		Token:      token,
-	})
-	if err == nil {
-		_ = s.auth.Logout(client)
-	}
+	_ = auth.Logout(s.auth, token)

 	// Clear cookie.
 	http.SetCookie(w, &http.Cookie{
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -39,9 +39,8 @@ func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
 	sealMgr := seal.NewManager(database, b, nil, slog.Default())
 	_ = sealMgr.CheckInitialized()

-	// Auth requires MCIAS client which we can't create in tests easily,
-	// so we pass nil and avoid auth-dependent routes in these tests.
-	authenticator := auth.NewAuthenticator(nil, slog.Default())
+	// Auth not exercised in these tests — token info is injected directly.
+	authenticator, _ := auth.NewAuthenticator(auth.Config{ServerURL: "http://localhost:0"}, slog.Default())
 	policyEngine := policy.NewEngine(b)
 	engineRegistry := engine.NewRegistry(b, slog.Default())