feat: user service

2026-04-10 19:05:02 +02:00
parent 710bad712e
commit 23ffcb7535
140 changed files with 33418 additions and 952 deletions
@@ -0,0 +1,147 @@
+package gatewayuser_test
+
+import (
+	"testing"
+
+	contractsuserv1 "galaxy/integration/internal/contracts/userv1"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGatewayUserGetMyAccountAuthenticated(t *testing.T) {
+	h := newGatewayUserHarness(t)
+
+	const (
+		email           = "pilot@example.com"
+		deviceSessionID = "device-session-get-account"
+		requestID       = "request-get-account"
+	)
+
+	created := h.ensureUser(t, email, "en", gatewayUserTestTimeZone)
+	require.Equal(t, "created", created.Outcome)
+
+	clientPrivateKey := newClientPrivateKey("get-account")
+	h.seedGatewaySession(t, deviceSessionID, created.UserID, clientPrivateKey)
+
+	payload, err := contractsuserv1.EncodeGetMyAccountRequest()
+	require.NoError(t, err)
+
+	response := h.executeCommand(t, deviceSessionID, requestID, contractsuserv1.MessageTypeGetMyAccount, payload, clientPrivateKey)
+	require.Equal(t, contractsuserv1.ResultCodeOK, response.GetResultCode())
+
+	accountResponse, err := contractsuserv1.DecodeAccountResponse(response.GetPayloadBytes())
+	require.NoError(t, err)
+	require.Equal(t, created.UserID, accountResponse.Account.UserID)
+	require.Equal(t, email, accountResponse.Account.Email)
+	require.Equal(t, "en", accountResponse.Account.PreferredLanguage)
+	require.Equal(t, gatewayUserTestTimeZone, accountResponse.Account.TimeZone)
+}
+
+func TestGatewayUserUpdateMyProfileSuccess(t *testing.T) {
+	h := newGatewayUserHarness(t)
+
+	const (
+		email           = "pilot-profile@example.com"
+		deviceSessionID = "device-session-update-profile"
+		requestID       = "request-update-profile"
+	)
+
+	created := h.ensureUser(t, email, "en", gatewayUserTestTimeZone)
+	clientPrivateKey := newClientPrivateKey("update-profile")
+	h.seedGatewaySession(t, deviceSessionID, created.UserID, clientPrivateKey)
+
+	payload, err := contractsuserv1.EncodeUpdateMyProfileRequest("Nova Prime")
+	require.NoError(t, err)
+
+	response := h.executeCommand(t, deviceSessionID, requestID, contractsuserv1.MessageTypeUpdateMyProfile, payload, clientPrivateKey)
+	require.Equal(t, contractsuserv1.ResultCodeOK, response.GetResultCode())
+
+	accountResponse, err := contractsuserv1.DecodeAccountResponse(response.GetPayloadBytes())
+	require.NoError(t, err)
+	require.Equal(t, "Nova Prime", accountResponse.Account.RaceName)
+
+	lookup := h.lookupUserByEmail(t, email)
+	require.Equal(t, "Nova Prime", lookup.User.RaceName)
+}
+
+func TestGatewayUserUpdateMySettingsSuccess(t *testing.T) {
+	h := newGatewayUserHarness(t)
+
+	const (
+		email           = "pilot-settings@example.com"
+		deviceSessionID = "device-session-update-settings"
+		requestID       = "request-update-settings"
+	)
+
+	created := h.ensureUser(t, email, "en", gatewayUserTestTimeZone)
+	clientPrivateKey := newClientPrivateKey("update-settings")
+	h.seedGatewaySession(t, deviceSessionID, created.UserID, clientPrivateKey)
+
+	payload, err := contractsuserv1.EncodeUpdateMySettingsRequest("fr-FR", "Europe/Paris")
+	require.NoError(t, err)
+
+	response := h.executeCommand(t, deviceSessionID, requestID, contractsuserv1.MessageTypeUpdateMySettings, payload, clientPrivateKey)
+	require.Equal(t, contractsuserv1.ResultCodeOK, response.GetResultCode())
+
+	accountResponse, err := contractsuserv1.DecodeAccountResponse(response.GetPayloadBytes())
+	require.NoError(t, err)
+	require.Equal(t, "fr-FR", accountResponse.Account.PreferredLanguage)
+	require.Equal(t, "Europe/Paris", accountResponse.Account.TimeZone)
+
+	lookup := h.lookupUserByEmail(t, email)
+	require.Equal(t, "fr-FR", lookup.User.PreferredLanguage)
+	require.Equal(t, "Europe/Paris", lookup.User.TimeZone)
+}
+
+func TestGatewayUserUpdateMyProfileConflict(t *testing.T) {
+	h := newGatewayUserHarness(t)
+
+	const (
+		email           = "pilot-conflict@example.com"
+		deviceSessionID = "device-session-profile-conflict"
+		requestID       = "request-profile-conflict"
+	)
+
+	created := h.ensureUser(t, email, "en", gatewayUserTestTimeZone)
+	h.applyProfileUpdateBlock(t, created.UserID)
+
+	clientPrivateKey := newClientPrivateKey("profile-conflict")
+	h.seedGatewaySession(t, deviceSessionID, created.UserID, clientPrivateKey)
+
+	payload, err := contractsuserv1.EncodeUpdateMyProfileRequest("Blocked Nova")
+	require.NoError(t, err)
+
+	response := h.executeCommand(t, deviceSessionID, requestID, contractsuserv1.MessageTypeUpdateMyProfile, payload, clientPrivateKey)
+	require.Equal(t, "conflict", response.GetResultCode())
+
+	errorResponse, err := contractsuserv1.DecodeErrorResponse(response.GetPayloadBytes())
+	require.NoError(t, err)
+	require.Equal(t, "conflict", errorResponse.Error.Code)
+	require.Equal(t, "request conflicts with current state", errorResponse.Error.Message)
+}
+
+func TestGatewayUserUpdateMySettingsInvalidRequest(t *testing.T) {
+	h := newGatewayUserHarness(t)
+
+	const (
+		email           = "pilot-invalid@example.com"
+		deviceSessionID = "device-session-settings-invalid"
+		requestID       = "request-settings-invalid"
+	)
+
+	created := h.ensureUser(t, email, "en", gatewayUserTestTimeZone)
+
+	clientPrivateKey := newClientPrivateKey("settings-invalid")
+	h.seedGatewaySession(t, deviceSessionID, created.UserID, clientPrivateKey)
+
+	payload, err := contractsuserv1.EncodeUpdateMySettingsRequest("en", "Mars/Base")
+	require.NoError(t, err)
+
+	response := h.executeCommand(t, deviceSessionID, requestID, contractsuserv1.MessageTypeUpdateMySettings, payload, clientPrivateKey)
+	require.Equal(t, "invalid_request", response.GetResultCode())
+
+	errorResponse, err := contractsuserv1.DecodeErrorResponse(response.GetPayloadBytes())
+	require.NoError(t, err)
+	require.Equal(t, "invalid_request", errorResponse.Error.Code)
+	require.NotEmpty(t, errorResponse.Error.Message)
+}
@@ -0,0 +1,311 @@
+package gatewayuser_test
+
+import (
+	"bytes"
+	"context"
+	"crypto/ed25519"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"path/filepath"
+	"testing"
+	"time"
+
+	gatewayv1 "galaxy/gateway/proto/galaxy/gateway/v1"
+	contractsgatewayv1 "galaxy/integration/internal/contracts/gatewayv1"
+	"galaxy/integration/internal/harness"
+	usermodel "galaxy/model/user"
+
+	"github.com/redis/go-redis/v9"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+const (
+	gatewayUserDefaultHTTPTimeout = time.Second
+	gatewayUserTestTimeZone       = "Europe/Kaliningrad"
+)
+
+type gatewayUserHarness struct {
+	redis *redis.Client
+
+	userServiceURL  string
+	gatewayGRPCAddr string
+
+	responseSignerPublicKey ed25519.PublicKey
+
+	gatewayProcess     *harness.Process
+	userServiceProcess *harness.Process
+}
+
+func newGatewayUserHarness(t *testing.T) *gatewayUserHarness {
+	t.Helper()
+
+	redisServer := harness.StartMiniredis(t)
+	redisClient := redis.NewClient(&redis.Options{
+		Addr:            redisServer.Addr(),
+		Protocol:        2,
+		DisableIdentity: true,
+	})
+	t.Cleanup(func() {
+		require.NoError(t, redisClient.Close())
+	})
+
+	responseSignerPath, responseSignerPublicKey := harness.WriteResponseSignerPEM(t, t.Name())
+	userServiceAddr := harness.FreeTCPAddress(t)
+	gatewayPublicAddr := harness.FreeTCPAddress(t)
+	gatewayGRPCAddr := harness.FreeTCPAddress(t)
+
+	userServiceBinary := harness.BuildBinary(t, "userservice", "./user/cmd/userservice")
+	gatewayBinary := harness.BuildBinary(t, "gateway", "./gateway/cmd/gateway")
+
+	userServiceEnv := map[string]string{
+		"USERSERVICE_LOG_LEVEL":          "info",
+		"USERSERVICE_INTERNAL_HTTP_ADDR": userServiceAddr,
+		"USERSERVICE_REDIS_ADDR":         redisServer.Addr(),
+		"OTEL_TRACES_EXPORTER":           "none",
+		"OTEL_METRICS_EXPORTER":          "none",
+	}
+	userServiceProcess := harness.StartProcess(t, "userservice", userServiceBinary, userServiceEnv)
+	harness.WaitForHTTPStatus(t, userServiceProcess, "http://"+userServiceAddr+"/api/v1/internal/users/user-missing/exists", http.StatusOK)
+
+	gatewayEnv := map[string]string{
+		"GATEWAY_LOG_LEVEL":                            "info",
+		"GATEWAY_PUBLIC_HTTP_ADDR":                     gatewayPublicAddr,
+		"GATEWAY_AUTHENTICATED_GRPC_ADDR":              gatewayGRPCAddr,
+		"GATEWAY_USER_SERVICE_BASE_URL":                "http://" + userServiceAddr,
+		"GATEWAY_SESSION_CACHE_REDIS_ADDR":             redisServer.Addr(),
+		"GATEWAY_SESSION_CACHE_REDIS_KEY_PREFIX":       "gateway:session:",
+		"GATEWAY_SESSION_EVENTS_REDIS_STREAM":          "gateway:session_events",
+		"GATEWAY_CLIENT_EVENTS_REDIS_STREAM":           "gateway:client_events",
+		"GATEWAY_REPLAY_REDIS_KEY_PREFIX":              "gateway:replay:",
+		"GATEWAY_RESPONSE_SIGNER_PRIVATE_KEY_PEM_PATH": filepath.Clean(responseSignerPath),
+		"OTEL_TRACES_EXPORTER":                         "none",
+		"OTEL_METRICS_EXPORTER":                        "none",
+	}
+	gatewayProcess := harness.StartProcess(t, "gateway", gatewayBinary, gatewayEnv)
+	harness.WaitForHTTPStatus(t, gatewayProcess, "http://"+gatewayPublicAddr+"/healthz", http.StatusOK)
+	harness.WaitForTCP(t, gatewayProcess, gatewayGRPCAddr)
+
+	return &gatewayUserHarness{
+		redis:                   redisClient,
+		userServiceURL:          "http://" + userServiceAddr,
+		gatewayGRPCAddr:         gatewayGRPCAddr,
+		responseSignerPublicKey: responseSignerPublicKey,
+		gatewayProcess:          gatewayProcess,
+		userServiceProcess:      userServiceProcess,
+	}
+}
+
+func (h *gatewayUserHarness) dialGateway(t *testing.T) *grpc.ClientConn {
+	t.Helper()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	conn, err := grpc.DialContext(
+		ctx,
+		h.gatewayGRPCAddr,
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithBlock(),
+	)
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		require.NoError(t, conn.Close())
+	})
+
+	return conn
+}
+
+func (h *gatewayUserHarness) ensureUser(t *testing.T, email string, preferredLanguage string, timeZone string) ensureByEmailResponse {
+	t.Helper()
+
+	response := postJSONValue(t, h.userServiceURL+"/api/v1/internal/users/ensure-by-email", map[string]any{
+		"email": email,
+		"registration_context": map[string]string{
+			"preferred_language": preferredLanguage,
+			"time_zone":          timeZone,
+		},
+	})
+
+	var body ensureByEmailResponse
+	requireJSONStatus(t, response, http.StatusOK, &body)
+	return body
+}
+
+func (h *gatewayUserHarness) lookupUserByEmail(t *testing.T, email string) userLookupResponse {
+	t.Helper()
+
+	response := postJSONValue(t, h.userServiceURL+"/api/v1/internal/user-lookups/by-email", map[string]string{
+		"email": email,
+	})
+
+	var body userLookupResponse
+	requireJSONStatus(t, response, http.StatusOK, &body)
+	return body
+}
+
+func (h *gatewayUserHarness) applyProfileUpdateBlock(t *testing.T, userID string) {
+	t.Helper()
+
+	response := postJSONValue(t, h.userServiceURL+"/api/v1/internal/users/"+userID+"/sanctions/apply", map[string]any{
+		"sanction_code": "profile_update_block",
+		"scope":         "lobby",
+		"reason_code":   "manual_block",
+		"actor": map[string]string{
+			"type": "admin",
+			"id":   "admin-1",
+		},
+		"applied_at": "2026-04-09T10:00:00Z",
+	})
+	require.Equal(t, http.StatusOK, response.StatusCode, "response body: %s", response.Body)
+}
+
+func (h *gatewayUserHarness) seedGatewaySession(t *testing.T, deviceSessionID string, userID string, clientPrivateKey ed25519.PrivateKey) {
+	t.Helper()
+
+	record := gatewaySessionRecord{
+		DeviceSessionID: deviceSessionID,
+		UserID:          userID,
+		ClientPublicKey: base64.StdEncoding.EncodeToString(clientPrivateKey.Public().(ed25519.PublicKey)),
+		Status:          "active",
+	}
+
+	payload, err := json.Marshal(record)
+	require.NoError(t, err)
+	require.NoError(t, h.redis.Set(context.Background(), "gateway:session:"+deviceSessionID, payload, 0).Err())
+}
+
+func (h *gatewayUserHarness) executeCommand(t *testing.T, deviceSessionID string, requestID string, messageType string, payload []byte, clientPrivateKey ed25519.PrivateKey) *gatewayv1.ExecuteCommandResponse {
+	t.Helper()
+
+	conn := h.dialGateway(t)
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	response, err := client.ExecuteCommand(ctx, newExecuteCommandRequest(deviceSessionID, requestID, messageType, payload, clientPrivateKey))
+	require.NoError(t, err)
+	assertSignedExecuteCommandResponse(t, response, h.responseSignerPublicKey)
+	return response
+}
+
+type httpResponse struct {
+	StatusCode int
+	Body       string
+	Header     http.Header
+}
+
+type gatewaySessionRecord struct {
+	DeviceSessionID string `json:"device_session_id"`
+	UserID          string `json:"user_id"`
+	ClientPublicKey string `json:"client_public_key"`
+	Status          string `json:"status"`
+	RevokedAtMS     *int64 `json:"revoked_at_ms,omitempty"`
+}
+
+type ensureByEmailResponse struct {
+	Outcome string `json:"outcome"`
+	UserID  string `json:"user_id,omitempty"`
+}
+
+type userLookupResponse struct {
+	User usermodel.Account `json:"user"`
+}
+
+func postJSONValue(t *testing.T, targetURL string, body any) httpResponse {
+	t.Helper()
+
+	payload, err := json.Marshal(body)
+	require.NoError(t, err)
+
+	request, err := http.NewRequest(http.MethodPost, targetURL, bytes.NewReader(payload))
+	require.NoError(t, err)
+	request.Header.Set("Content-Type", "application/json")
+
+	client := &http.Client{Timeout: gatewayUserDefaultHTTPTimeout}
+	response, err := client.Do(request)
+	require.NoError(t, err)
+	defer response.Body.Close()
+
+	responseBody, err := io.ReadAll(response.Body)
+	require.NoError(t, err)
+
+	return httpResponse{
+		StatusCode: response.StatusCode,
+		Body:       string(responseBody),
+		Header:     response.Header.Clone(),
+	}
+}
+
+func requireJSONStatus(t *testing.T, response httpResponse, wantStatus int, target any) {
+	t.Helper()
+
+	require.Equal(t, wantStatus, response.StatusCode, "response body: %s", response.Body)
+	require.NoError(t, decodeStrictJSONPayload([]byte(response.Body), target))
+}
+
+func decodeStrictJSONPayload(payload []byte, target any) error {
+	decoder := json.NewDecoder(bytes.NewReader(payload))
+	decoder.DisallowUnknownFields()
+
+	if err := decoder.Decode(target); err != nil {
+		return err
+	}
+	if err := decoder.Decode(&struct{}{}); err != io.EOF {
+		if err == nil {
+			return fmt.Errorf("unexpected trailing JSON input")
+		}
+		return err
+	}
+
+	return nil
+}
+
+func newClientPrivateKey(label string) ed25519.PrivateKey {
+	seed := sha256.Sum256([]byte("galaxy-integration-gateway-user-client-" + label))
+	return ed25519.NewKeyFromSeed(seed[:])
+}
+
+func newExecuteCommandRequest(deviceSessionID string, requestID string, messageType string, payload []byte, clientPrivateKey ed25519.PrivateKey) *gatewayv1.ExecuteCommandRequest {
+	payloadHash := contractsgatewayv1.ComputePayloadHash(payload)
+
+	request := &gatewayv1.ExecuteCommandRequest{
+		ProtocolVersion: contractsgatewayv1.ProtocolVersionV1,
+		DeviceSessionId: deviceSessionID,
+		MessageType:     messageType,
+		TimestampMs:     time.Now().UnixMilli(),
+		RequestId:       requestID,
+		PayloadBytes:    payload,
+		PayloadHash:     payloadHash,
+		TraceId:         "trace-" + requestID,
+	}
+	request.Signature = contractsgatewayv1.SignRequest(clientPrivateKey, contractsgatewayv1.RequestSigningFields{
+		ProtocolVersion: request.GetProtocolVersion(),
+		DeviceSessionID: request.GetDeviceSessionId(),
+		MessageType:     request.GetMessageType(),
+		TimestampMS:     request.GetTimestampMs(),
+		RequestID:       request.GetRequestId(),
+		PayloadHash:     request.GetPayloadHash(),
+	})
+
+	return request
+}
+
+func assertSignedExecuteCommandResponse(t *testing.T, response *gatewayv1.ExecuteCommandResponse, publicKey ed25519.PublicKey) {
+	t.Helper()
+
+	require.NoError(t, contractsgatewayv1.VerifyPayloadHash(response.GetPayloadBytes(), response.GetPayloadHash()))
+	require.NoError(t, contractsgatewayv1.VerifyResponseSignature(publicKey, response.GetSignature(), contractsgatewayv1.ResponseSigningFields{
+		ProtocolVersion: response.GetProtocolVersion(),
+		RequestID:       response.GetRequestId(),
+		TimestampMS:     response.GetTimestampMs(),
+		ResultCode:      response.GetResultCode(),
+		PayloadHash:     response.GetPayloadHash(),
+	}))
+}