feat: edge gateway service

2026-04-02 19:18:42 +02:00
parent 8cde99936c
commit 436c97a38b
95 changed files with 20504 additions and 57 deletions
@@ -0,0 +1,294 @@
+package grpcapi
+
+import (
+	"context"
+	"errors"
+	"io"
+	"testing"
+
+	"galaxy/gateway/internal/session"
+	gatewayv1 "galaxy/gateway/proto/galaxy/gateway/v1"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func TestExecuteCommandRejectsUnknownSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service: delegate,
+		SessionCache: staticSessionCache{
+			lookupFunc: func(context.Context, string) (session.Record, error) {
+				return session.Record{}, session.ErrNotFound
+			},
+		},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	_, err := client.ExecuteCommand(context.Background(), newValidExecuteCommandRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.Unauthenticated, status.Code(err))
+	assert.Equal(t, "unknown device session", status.Convert(err).Message())
+	assert.Zero(t, delegate.executeCalls)
+}
+
+func TestSubscribeEventsRejectsUnknownSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service: delegate,
+		SessionCache: staticSessionCache{
+			lookupFunc: func(context.Context, string) (session.Record, error) {
+				return session.Record{}, session.ErrNotFound
+			},
+		},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	err := subscribeEventsError(t, context.Background(), client, newValidSubscribeEventsRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.Unauthenticated, status.Code(err))
+	assert.Equal(t, "unknown device session", status.Convert(err).Message())
+	assert.Zero(t, delegate.subscribeCalls)
+}
+
+func TestExecuteCommandRejectsRevokedSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service:      delegate,
+		SessionCache: staticSessionCache{lookupFunc: func(context.Context, string) (session.Record, error) { return newRevokedSessionRecord(), nil }},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	_, err := client.ExecuteCommand(context.Background(), newValidExecuteCommandRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.FailedPrecondition, status.Code(err))
+	assert.Equal(t, "device session is revoked", status.Convert(err).Message())
+	assert.Zero(t, delegate.executeCalls)
+}
+
+func TestSubscribeEventsRejectsRevokedSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service:      delegate,
+		SessionCache: staticSessionCache{lookupFunc: func(context.Context, string) (session.Record, error) { return newRevokedSessionRecord(), nil }},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	err := subscribeEventsError(t, context.Background(), client, newValidSubscribeEventsRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.FailedPrecondition, status.Code(err))
+	assert.Equal(t, "device session is revoked", status.Convert(err).Message())
+	assert.Zero(t, delegate.subscribeCalls)
+}
+
+func TestExecuteCommandRejectsSessionCacheUnavailable(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service: delegate,
+		SessionCache: staticSessionCache{
+			lookupFunc: func(context.Context, string) (session.Record, error) {
+				return session.Record{}, errors.New("redis down")
+			},
+		},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	_, err := client.ExecuteCommand(context.Background(), newValidExecuteCommandRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.Unavailable, status.Code(err))
+	assert.Equal(t, "session cache is unavailable", status.Convert(err).Message())
+	assert.Zero(t, delegate.executeCalls)
+}
+
+func TestSubscribeEventsRejectsSessionCacheUnavailable(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{}
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service: delegate,
+		SessionCache: staticSessionCache{
+			lookupFunc: func(context.Context, string) (session.Record, error) {
+				return session.Record{}, errors.New("redis down")
+			},
+		},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	err := subscribeEventsError(t, context.Background(), client, newValidSubscribeEventsRequest())
+	require.Error(t, err)
+	assert.Equal(t, codes.Unavailable, status.Code(err))
+	assert.Equal(t, "session cache is unavailable", status.Convert(err).Message())
+	assert.Zero(t, delegate.subscribeCalls)
+}
+
+func TestExecuteCommandAttachesResolvedSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{
+		executeCommandFunc: func(ctx context.Context, req *gatewayv1.ExecuteCommandRequest) (*gatewayv1.ExecuteCommandResponse, error) {
+			record, ok := resolvedSessionFromContext(ctx)
+			require.True(t, ok)
+			assert.Equal(t, newActiveSessionRecord(), record)
+			return &gatewayv1.ExecuteCommandResponse{RequestId: req.GetRequestId()}, nil
+		},
+	}
+
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service:      delegate,
+		SessionCache: staticSessionCache{lookupFunc: func(context.Context, string) (session.Record, error) { return newActiveSessionRecord(), nil }},
+		ReplayStore:  staticReplayStore{},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	response, err := client.ExecuteCommand(context.Background(), newValidExecuteCommandRequest())
+	require.NoError(t, err)
+	assert.Equal(t, "request-123", response.GetRequestId())
+}
+
+func TestSubscribeEventsAttachesResolvedSession(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{
+		subscribeEventsFunc: func(req *gatewayv1.SubscribeEventsRequest, stream grpc.ServerStreamingServer[gatewayv1.GatewayEvent]) error {
+			record, ok := resolvedSessionFromContext(stream.Context())
+			require.True(t, ok)
+			assert.Equal(t, newActiveSessionRecord(), record)
+			return nil
+		},
+	}
+
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service:      delegate,
+		SessionCache: staticSessionCache{lookupFunc: func(context.Context, string) (session.Record, error) { return newActiveSessionRecord(), nil }},
+		ReplayStore:  staticReplayStore{},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	stream, err := client.SubscribeEvents(context.Background(), newValidSubscribeEventsRequest())
+	require.NoError(t, err)
+
+	event := recvBootstrapEvent(t, stream)
+	assertServerTimeBootstrapEvent(t, event, newTestResponseSignerPublicKey(), "request-123", "trace-123", testCurrentTime.UnixMilli())
+
+	_, err = stream.Recv()
+	require.ErrorIs(t, err, io.EOF)
+}
+
+func TestSubscribeEventsAttachesAuthenticatedStreamBinding(t *testing.T) {
+	t.Parallel()
+
+	delegate := &recordingEdgeGatewayService{
+		subscribeEventsFunc: func(req *gatewayv1.SubscribeEventsRequest, stream grpc.ServerStreamingServer[gatewayv1.GatewayEvent]) error {
+			binding, ok := authenticatedStreamBindingFromContext(stream.Context())
+			require.True(t, ok)
+			assert.Equal(t, authenticatedStreamBinding{
+				UserID:          "user-123",
+				DeviceSessionID: "device-session-123",
+				MessageType:     "gateway.subscribe",
+				RequestID:       "request-123",
+				TraceID:         "trace-123",
+			}, binding)
+			return nil
+		},
+	}
+
+	server, runGateway := newTestGateway(t, ServerDependencies{
+		Service:      delegate,
+		SessionCache: staticSessionCache{lookupFunc: func(context.Context, string) (session.Record, error) { return newActiveSessionRecord(), nil }},
+		ReplayStore:  staticReplayStore{},
+	})
+	defer runGateway.stop(t)
+
+	addr := waitForListenAddr(t, server)
+	conn := dialGatewayClient(t, addr)
+	defer func() {
+		require.NoError(t, conn.Close())
+	}()
+
+	client := gatewayv1.NewEdgeGatewayClient(conn)
+	stream, err := client.SubscribeEvents(context.Background(), newValidSubscribeEventsRequest())
+	require.NoError(t, err)
+
+	event := recvBootstrapEvent(t, stream)
+	assertServerTimeBootstrapEvent(t, event, newTestResponseSignerPublicKey(), "request-123", "trace-123", testCurrentTime.UnixMilli())
+
+	_, err = stream.Recv()
+	require.ErrorIs(t, err, io.EOF)
+}
+
+type staticSessionCache struct {
+	lookupFunc func(context.Context, string) (session.Record, error)
+}
+
+func (c staticSessionCache) Lookup(ctx context.Context, deviceSessionID string) (session.Record, error) {
+	return c.lookupFunc(ctx, deviceSessionID)
+}