feat: authsession service

2026-04-08 16:23:07 +02:00
parent 28f04916af
commit 86a68ed9d0
174 changed files with 31732 additions and 112 deletions
@@ -0,0 +1,106 @@
+package internalhttp
+
+import (
+	"bytes"
+	"context"
+	"net/http"
+	"testing"
+	"time"
+
+	"galaxy/authsession/internal/service/blockuser"
+	"galaxy/authsession/internal/service/getsession"
+	"galaxy/authsession/internal/service/listusersessions"
+	"galaxy/authsession/internal/service/revokeallusersessions"
+	"galaxy/authsession/internal/service/revokedevicesession"
+	"galaxy/authsession/internal/service/shared"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewServerRejectsInvalidConfiguration(t *testing.T) {
+	t.Parallel()
+
+	cfg := DefaultConfig()
+	cfg.Addr = ""
+
+	_, err := NewServer(cfg, validDependencies())
+
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "addr")
+}
+
+func TestServerRunAndShutdown(t *testing.T) {
+	t.Parallel()
+
+	cfg := DefaultConfig()
+	cfg.Addr = "127.0.0.1:0"
+
+	server, err := NewServer(cfg, validDependencies())
+	require.NoError(t, err)
+
+	runErr := make(chan error, 1)
+	go func() {
+		runErr <- server.Run(context.Background())
+	}()
+
+	require.Eventually(t, func() bool {
+		server.stateMu.RLock()
+		defer server.stateMu.RUnlock()
+		return server.listener != nil
+	}, time.Second, 10*time.Millisecond)
+
+	server.stateMu.RLock()
+	addr := server.listener.Addr().String()
+	server.stateMu.RUnlock()
+
+	response, err := http.Post(
+		"http://"+addr+"/api/v1/internal/sessions/device-session-123/revoke",
+		"application/json",
+		bytes.NewBufferString(`{"reason_code":"admin_revoke","actor":{"type":"system"}}`),
+	)
+	require.NoError(t, err)
+	defer response.Body.Close()
+
+	assert.Equal(t, http.StatusOK, response.StatusCode)
+
+	shutdownCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+	require.NoError(t, server.Shutdown(shutdownCtx))
+	require.NoError(t, <-runErr)
+}
+
+func validDependencies() Dependencies {
+	return Dependencies{
+		GetSession: getSessionFunc(func(context.Context, getsession.Input) (getsession.Result, error) {
+			return getsession.Result{Session: validSessionDTO()}, nil
+		}),
+		ListUserSessions: listUserSessionsFunc(func(context.Context, listusersessions.Input) (listusersessions.Result, error) {
+			return listusersessions.Result{Sessions: []shared.Session{validSessionDTO()}}, nil
+		}),
+		RevokeDeviceSession: revokeDeviceSessionFunc(func(context.Context, revokedevicesession.Input) (revokedevicesession.Result, error) {
+			return revokedevicesession.Result{
+				Outcome:              "revoked",
+				DeviceSessionID:      "device-session-123",
+				AffectedSessionCount: 1,
+			}, nil
+		}),
+		RevokeAllUserSessions: revokeAllUserSessionsFunc(func(context.Context, revokeallusersessions.Input) (revokeallusersessions.Result, error) {
+			return revokeallusersessions.Result{
+				Outcome:                  "revoked",
+				UserID:                   "user-123",
+				AffectedSessionCount:     1,
+				AffectedDeviceSessionIDs: []string{"device-session-123"},
+			}, nil
+		}),
+		BlockUser: blockUserFunc(func(context.Context, blockuser.Input) (blockuser.Result, error) {
+			return blockuser.Result{
+				Outcome:                  "blocked",
+				SubjectKind:              blockuser.SubjectKindEmail,
+				SubjectValue:             "pilot@example.com",
+				AffectedSessionCount:     0,
+				AffectedDeviceSessionIDs: []string{},
+			}, nil
+		}),
+	}
+}