feat: authsession service
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,168 @@
|
||||
// Package app wires the authsession process lifecycle and coordinates
|
||||
// component startup and graceful shutdown.
|
||||
package app
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"sync"
|
||||
|
||||
"galaxy/authsession/internal/config"
|
||||
)
|
||||
|
||||
// Component is a long-lived authsession subsystem that participates in
|
||||
// coordinated startup and graceful shutdown.
|
||||
type Component interface {
|
||||
// Run starts the component and blocks until it stops.
|
||||
Run(context.Context) error
|
||||
|
||||
// Shutdown stops the component within the provided timeout-bounded context.
|
||||
Shutdown(context.Context) error
|
||||
}
|
||||
|
||||
// App owns the process-level lifecycle of authsession and its registered
|
||||
// components.
|
||||
type App struct {
|
||||
cfg config.Config
|
||||
components []Component
|
||||
}
|
||||
|
||||
// New constructs an App with a defensive copy of the supplied components.
|
||||
func New(cfg config.Config, components ...Component) *App {
|
||||
clonedComponents := append([]Component(nil), components...)
|
||||
|
||||
return &App{
|
||||
cfg: cfg,
|
||||
components: clonedComponents,
|
||||
}
|
||||
}
|
||||
|
||||
// Run starts all configured components, waits for cancellation or the first
|
||||
// component failure, and then executes best-effort graceful shutdown.
|
||||
func (a *App) Run(ctx context.Context) error {
|
||||
if ctx == nil {
|
||||
return errors.New("run authsession app: nil context")
|
||||
}
|
||||
if err := a.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(a.components) == 0 {
|
||||
<-ctx.Done()
|
||||
return nil
|
||||
}
|
||||
|
||||
runCtx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
|
||||
results := make(chan componentResult, len(a.components))
|
||||
var runWG sync.WaitGroup
|
||||
|
||||
for idx, component := range a.components {
|
||||
runWG.Add(1)
|
||||
|
||||
go func(index int, component Component) {
|
||||
defer runWG.Done()
|
||||
results <- componentResult{
|
||||
index: index,
|
||||
err: component.Run(runCtx),
|
||||
}
|
||||
}(idx, component)
|
||||
}
|
||||
|
||||
var runErr error
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
case result := <-results:
|
||||
runErr = classifyComponentResult(ctx, result)
|
||||
}
|
||||
|
||||
cancel()
|
||||
|
||||
shutdownErr := a.shutdownComponents()
|
||||
waitErr := a.waitForComponents(&runWG)
|
||||
|
||||
return errors.Join(runErr, shutdownErr, waitErr)
|
||||
}
|
||||
|
||||
type componentResult struct {
|
||||
index int
|
||||
err error
|
||||
}
|
||||
|
||||
func (a *App) validate() error {
|
||||
if a.cfg.ShutdownTimeout <= 0 {
|
||||
return fmt.Errorf("run authsession app: shutdown timeout must be positive, got %s", a.cfg.ShutdownTimeout)
|
||||
}
|
||||
|
||||
for idx, component := range a.components {
|
||||
if component == nil {
|
||||
return fmt.Errorf("run authsession app: component %d is nil", idx)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func classifyComponentResult(parentCtx context.Context, result componentResult) error {
|
||||
switch {
|
||||
case result.err == nil:
|
||||
if parentCtx.Err() != nil {
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("run authsession app: component %d exited without error before shutdown", result.index)
|
||||
case errors.Is(result.err, context.Canceled) && parentCtx.Err() != nil:
|
||||
return nil
|
||||
default:
|
||||
return fmt.Errorf("run authsession app: component %d: %w", result.index, result.err)
|
||||
}
|
||||
}
|
||||
|
||||
func (a *App) shutdownComponents() error {
|
||||
var shutdownWG sync.WaitGroup
|
||||
errs := make(chan error, len(a.components))
|
||||
|
||||
for idx, component := range a.components {
|
||||
shutdownWG.Add(1)
|
||||
|
||||
go func(index int, component Component) {
|
||||
defer shutdownWG.Done()
|
||||
|
||||
shutdownCtx, cancel := context.WithTimeout(context.Background(), a.cfg.ShutdownTimeout)
|
||||
defer cancel()
|
||||
|
||||
if err := component.Shutdown(shutdownCtx); err != nil {
|
||||
errs <- fmt.Errorf("shutdown authsession component %d: %w", index, err)
|
||||
}
|
||||
}(idx, component)
|
||||
}
|
||||
|
||||
shutdownWG.Wait()
|
||||
close(errs)
|
||||
|
||||
var joined error
|
||||
for err := range errs {
|
||||
joined = errors.Join(joined, err)
|
||||
}
|
||||
|
||||
return joined
|
||||
}
|
||||
|
||||
func (a *App) waitForComponents(runWG *sync.WaitGroup) error {
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
runWG.Wait()
|
||||
close(done)
|
||||
}()
|
||||
|
||||
waitCtx, cancel := context.WithTimeout(context.Background(), a.cfg.ShutdownTimeout)
|
||||
defer cancel()
|
||||
|
||||
select {
|
||||
case <-done:
|
||||
return nil
|
||||
case <-waitCtx.Done():
|
||||
return fmt.Errorf("wait for authsession components: %w", waitCtx.Err())
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,284 @@
|
||||
package app
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"galaxy/authsession/internal/adapters/local"
|
||||
"galaxy/authsession/internal/adapters/mail"
|
||||
"galaxy/authsession/internal/adapters/redis/challengestore"
|
||||
"galaxy/authsession/internal/adapters/redis/configprovider"
|
||||
"galaxy/authsession/internal/adapters/redis/projectionpublisher"
|
||||
"galaxy/authsession/internal/adapters/redis/sendemailcodeabuse"
|
||||
"galaxy/authsession/internal/adapters/redis/sessionstore"
|
||||
"galaxy/authsession/internal/adapters/userservice"
|
||||
"galaxy/authsession/internal/api/internalhttp"
|
||||
"galaxy/authsession/internal/api/publichttp"
|
||||
"galaxy/authsession/internal/config"
|
||||
"galaxy/authsession/internal/ports"
|
||||
"galaxy/authsession/internal/service/blockuser"
|
||||
"galaxy/authsession/internal/service/confirmemailcode"
|
||||
"galaxy/authsession/internal/service/getsession"
|
||||
"galaxy/authsession/internal/service/listusersessions"
|
||||
"galaxy/authsession/internal/service/revokeallusersessions"
|
||||
"galaxy/authsession/internal/service/revokedevicesession"
|
||||
"galaxy/authsession/internal/service/sendemailcode"
|
||||
"galaxy/authsession/internal/telemetry"
|
||||
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
type pinger interface {
|
||||
Ping(context.Context) error
|
||||
}
|
||||
|
||||
type closer interface {
|
||||
Close() error
|
||||
}
|
||||
|
||||
// Runtime owns the runnable authsession application plus the adapter cleanup
|
||||
// functions that must run after the process stops.
|
||||
type Runtime struct {
|
||||
// App coordinates the long-lived HTTP listeners.
|
||||
App *App
|
||||
|
||||
cleanupFns []func() error
|
||||
}
|
||||
|
||||
// NewRuntime constructs the runnable authsession process from cfg using the
|
||||
// Stage 18 Redis adapters, local runtime helpers, and the selectable mail and
|
||||
// user-service runtime adapters from Stages 20 and 21.
|
||||
func NewRuntime(ctx context.Context, cfg config.Config, logger *zap.Logger, telemetryRuntime *telemetry.Runtime) (*Runtime, error) {
|
||||
if ctx == nil {
|
||||
return nil, errors.New("new authsession runtime: nil context")
|
||||
}
|
||||
if err := cfg.Validate(); err != nil {
|
||||
return nil, fmt.Errorf("new authsession runtime: %w", err)
|
||||
}
|
||||
if logger == nil {
|
||||
logger = zap.NewNop()
|
||||
}
|
||||
|
||||
runtime := &Runtime{}
|
||||
cleanupOnError := func(err error) (*Runtime, error) {
|
||||
return nil, errors.Join(err, runtime.Close())
|
||||
}
|
||||
|
||||
challengeStore, err := challengestore.New(challengestore.Config{
|
||||
Addr: cfg.Redis.Addr,
|
||||
Username: cfg.Redis.Username,
|
||||
Password: cfg.Redis.Password,
|
||||
DB: cfg.Redis.DB,
|
||||
TLSEnabled: cfg.Redis.TLSEnabled,
|
||||
KeyPrefix: cfg.Redis.ChallengeKeyPrefix,
|
||||
OperationTimeout: cfg.Redis.OperationTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: challenge store: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, challengeStore.Close)
|
||||
|
||||
sessionStore, err := sessionstore.New(sessionstore.Config{
|
||||
Addr: cfg.Redis.Addr,
|
||||
Username: cfg.Redis.Username,
|
||||
Password: cfg.Redis.Password,
|
||||
DB: cfg.Redis.DB,
|
||||
TLSEnabled: cfg.Redis.TLSEnabled,
|
||||
SessionKeyPrefix: cfg.Redis.SessionKeyPrefix,
|
||||
UserSessionsKeyPrefix: cfg.Redis.UserSessionsKeyPrefix,
|
||||
UserActiveSessionsKeyPrefix: cfg.Redis.UserActiveSessionsKeyPrefix,
|
||||
OperationTimeout: cfg.Redis.OperationTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: session store: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, sessionStore.Close)
|
||||
|
||||
configStore, err := configprovider.New(configprovider.Config{
|
||||
Addr: cfg.Redis.Addr,
|
||||
Username: cfg.Redis.Username,
|
||||
Password: cfg.Redis.Password,
|
||||
DB: cfg.Redis.DB,
|
||||
TLSEnabled: cfg.Redis.TLSEnabled,
|
||||
SessionLimitKey: cfg.Redis.SessionLimitKey,
|
||||
OperationTimeout: cfg.Redis.OperationTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: config provider: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, configStore.Close)
|
||||
|
||||
publisher, err := projectionpublisher.New(projectionpublisher.Config{
|
||||
Addr: cfg.Redis.Addr,
|
||||
Username: cfg.Redis.Username,
|
||||
Password: cfg.Redis.Password,
|
||||
DB: cfg.Redis.DB,
|
||||
TLSEnabled: cfg.Redis.TLSEnabled,
|
||||
SessionCacheKeyPrefix: cfg.Redis.GatewaySessionCacheKeyPrefix,
|
||||
SessionEventsStream: cfg.Redis.GatewaySessionEventsStream,
|
||||
StreamMaxLen: cfg.Redis.GatewaySessionEventsStreamMaxLen,
|
||||
OperationTimeout: cfg.Redis.OperationTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: projection publisher: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, publisher.Close)
|
||||
|
||||
abuseProtector, err := sendemailcodeabuse.New(sendemailcodeabuse.Config{
|
||||
Addr: cfg.Redis.Addr,
|
||||
Username: cfg.Redis.Username,
|
||||
Password: cfg.Redis.Password,
|
||||
DB: cfg.Redis.DB,
|
||||
TLSEnabled: cfg.Redis.TLSEnabled,
|
||||
KeyPrefix: cfg.Redis.SendEmailCodeThrottleKeyPrefix,
|
||||
OperationTimeout: cfg.Redis.OperationTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: send email code abuse protector: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, abuseProtector.Close)
|
||||
|
||||
for name, dependency := range map[string]pinger{
|
||||
"challenge store": challengeStore,
|
||||
"session store": sessionStore,
|
||||
"config provider": configStore,
|
||||
"projection publisher": publisher,
|
||||
"send email code abuse protector": abuseProtector,
|
||||
} {
|
||||
if err := dependency.Ping(ctx); err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: ping %s: %w", name, err))
|
||||
}
|
||||
}
|
||||
|
||||
clock := local.Clock{}
|
||||
idGenerator := local.IDGenerator{}
|
||||
codeGenerator := local.CodeGenerator{}
|
||||
codeHasher := local.CodeHasher{}
|
||||
var mailSender ports.MailSender
|
||||
switch cfg.MailService.Mode {
|
||||
case "stub":
|
||||
mailSender = &mail.StubSender{}
|
||||
case "rest":
|
||||
restClient, err := mail.NewRESTClient(mail.Config{
|
||||
BaseURL: cfg.MailService.BaseURL,
|
||||
RequestTimeout: cfg.MailService.RequestTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: mail service REST client: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, restClient.Close)
|
||||
mailSender = restClient
|
||||
default:
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: unsupported mail service mode %q", cfg.MailService.Mode))
|
||||
}
|
||||
var userDirectory ports.UserDirectory
|
||||
switch cfg.UserService.Mode {
|
||||
case "stub":
|
||||
userDirectory = &userservice.StubDirectory{}
|
||||
case "rest":
|
||||
restClient, err := userservice.NewRESTClient(userservice.Config{
|
||||
BaseURL: cfg.UserService.BaseURL,
|
||||
RequestTimeout: cfg.UserService.RequestTimeout,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: user service REST client: %w", err))
|
||||
}
|
||||
runtime.cleanupFns = append(runtime.cleanupFns, restClient.Close)
|
||||
userDirectory = restClient
|
||||
default:
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: unsupported user service mode %q", cfg.UserService.Mode))
|
||||
}
|
||||
|
||||
sendEmailCodeService, err := sendemailcode.NewWithObservability(
|
||||
challengeStore,
|
||||
userDirectory,
|
||||
idGenerator,
|
||||
codeGenerator,
|
||||
codeHasher,
|
||||
mailSender,
|
||||
abuseProtector,
|
||||
clock,
|
||||
logger,
|
||||
telemetryRuntime,
|
||||
)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: send email code service: %w", err))
|
||||
}
|
||||
confirmEmailCodeService, err := confirmemailcode.NewWithObservability(
|
||||
challengeStore,
|
||||
sessionStore,
|
||||
userDirectory,
|
||||
configStore,
|
||||
publisher,
|
||||
idGenerator,
|
||||
codeHasher,
|
||||
clock,
|
||||
logger,
|
||||
telemetryRuntime,
|
||||
)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: confirm email code service: %w", err))
|
||||
}
|
||||
getSessionService, err := getsession.New(sessionStore)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: get session service: %w", err))
|
||||
}
|
||||
listUserSessionsService, err := listusersessions.New(sessionStore)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: list user sessions service: %w", err))
|
||||
}
|
||||
revokeDeviceSessionService, err := revokedevicesession.NewWithObservability(sessionStore, publisher, clock, logger, telemetryRuntime)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: revoke device session service: %w", err))
|
||||
}
|
||||
revokeAllUserSessionsService, err := revokeallusersessions.NewWithObservability(sessionStore, userDirectory, publisher, clock, logger, telemetryRuntime)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: revoke all user sessions service: %w", err))
|
||||
}
|
||||
blockUserService, err := blockuser.NewWithObservability(userDirectory, sessionStore, publisher, clock, logger, telemetryRuntime)
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: block user service: %w", err))
|
||||
}
|
||||
|
||||
publicServer, err := publichttp.NewServer(cfg.PublicHTTP, publichttp.Dependencies{
|
||||
SendEmailCode: sendEmailCodeService,
|
||||
ConfirmEmailCode: confirmEmailCodeService,
|
||||
Logger: logger,
|
||||
Telemetry: telemetryRuntime,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: public HTTP server: %w", err))
|
||||
}
|
||||
|
||||
internalServer, err := internalhttp.NewServer(cfg.InternalHTTP, internalhttp.Dependencies{
|
||||
GetSession: getSessionService,
|
||||
ListUserSessions: listUserSessionsService,
|
||||
RevokeDeviceSession: revokeDeviceSessionService,
|
||||
RevokeAllUserSessions: revokeAllUserSessionsService,
|
||||
BlockUser: blockUserService,
|
||||
Logger: logger,
|
||||
Telemetry: telemetryRuntime,
|
||||
})
|
||||
if err != nil {
|
||||
return cleanupOnError(fmt.Errorf("new authsession runtime: internal HTTP server: %w", err))
|
||||
}
|
||||
|
||||
runtime.App = New(cfg, publicServer, internalServer)
|
||||
return runtime, nil
|
||||
}
|
||||
|
||||
// Close releases the runtime-managed adapter resources. Close is idempotent in
|
||||
// practice because every underlying adapter Close method is idempotent.
|
||||
func (r *Runtime) Close() error {
|
||||
if r == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
var joined error
|
||||
for index := len(r.cleanupFns) - 1; index >= 0; index-- {
|
||||
joined = errors.Join(joined, r.cleanupFns[index]())
|
||||
}
|
||||
|
||||
return joined
|
||||
}
|
||||
@@ -0,0 +1,212 @@
|
||||
package app
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"sync/atomic"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"galaxy/authsession/internal/config"
|
||||
|
||||
"github.com/alicebob/miniredis/v2"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func TestNewRuntimeStartsAndStopsHTTPServers(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
redisServer := miniredis.RunT(t)
|
||||
|
||||
cfg := config.DefaultConfig()
|
||||
cfg.Redis.Addr = redisServer.Addr()
|
||||
cfg.PublicHTTP.Addr = mustFreeAddr(t)
|
||||
cfg.InternalHTTP.Addr = mustFreeAddr(t)
|
||||
|
||||
runtime, err := NewRuntime(context.Background(), cfg, zap.NewNop(), nil)
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
require.NoError(t, runtime.Close())
|
||||
}()
|
||||
|
||||
runCtx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
runErrCh := make(chan error, 1)
|
||||
go func() {
|
||||
runErrCh <- runtime.App.Run(runCtx)
|
||||
}()
|
||||
|
||||
require.Eventually(t, func() bool {
|
||||
response, err := http.Post(
|
||||
"http://"+cfg.PublicHTTP.Addr+"/api/v1/public/auth/send-email-code",
|
||||
"application/json",
|
||||
bytes.NewBufferString(`{"email":"pilot@example.com"}`),
|
||||
)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
defer response.Body.Close()
|
||||
_, _ = io.ReadAll(response.Body)
|
||||
|
||||
return response.StatusCode == http.StatusOK
|
||||
}, 5*time.Second, 25*time.Millisecond)
|
||||
|
||||
require.Eventually(t, func() bool {
|
||||
response, err := http.Get("http://" + cfg.InternalHTTP.Addr + "/api/v1/internal/sessions/missing")
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
defer response.Body.Close()
|
||||
_, _ = io.ReadAll(response.Body)
|
||||
|
||||
return response.StatusCode == http.StatusNotFound
|
||||
}, 5*time.Second, 25*time.Millisecond)
|
||||
|
||||
cancel()
|
||||
require.NoError(t, <-runErrCh)
|
||||
}
|
||||
|
||||
func TestNewRuntimeUsesRESTUserDirectoryWhenConfigured(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
redisServer := miniredis.RunT(t)
|
||||
userService := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodGet && r.URL.Path == "/api/v1/internal/users/user-1/exists" {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_, _ = io.WriteString(w, `{"exists":true}`)
|
||||
return
|
||||
}
|
||||
|
||||
http.NotFound(w, r)
|
||||
}))
|
||||
defer userService.Close()
|
||||
|
||||
cfg := config.DefaultConfig()
|
||||
cfg.Redis.Addr = redisServer.Addr()
|
||||
cfg.PublicHTTP.Addr = mustFreeAddr(t)
|
||||
cfg.InternalHTTP.Addr = mustFreeAddr(t)
|
||||
cfg.UserService.Mode = "rest"
|
||||
cfg.UserService.BaseURL = userService.URL
|
||||
cfg.UserService.RequestTimeout = 250 * time.Millisecond
|
||||
|
||||
runtime, err := NewRuntime(context.Background(), cfg, zap.NewNop(), nil)
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
require.NoError(t, runtime.Close())
|
||||
}()
|
||||
|
||||
runCtx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
runErrCh := make(chan error, 1)
|
||||
go func() {
|
||||
runErrCh <- runtime.App.Run(runCtx)
|
||||
}()
|
||||
|
||||
require.Eventually(t, func() bool {
|
||||
response, err := http.Post(
|
||||
"http://"+cfg.InternalHTTP.Addr+"/api/v1/internal/users/user-1/sessions/revoke-all",
|
||||
"application/json",
|
||||
bytes.NewBufferString(`{"reason_code":"logout_all","actor":{"type":"system"}}`),
|
||||
)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
defer response.Body.Close()
|
||||
|
||||
payload, err := io.ReadAll(response.Body)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return response.StatusCode == http.StatusOK &&
|
||||
bytes.Contains(payload, []byte(`"outcome":"no_active_sessions"`)) &&
|
||||
bytes.Contains(payload, []byte(`"user_id":"user-1"`))
|
||||
}, 5*time.Second, 25*time.Millisecond)
|
||||
|
||||
cancel()
|
||||
require.NoError(t, <-runErrCh)
|
||||
}
|
||||
|
||||
func TestNewRuntimeUsesRESTMailSenderWhenConfigured(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
redisServer := miniredis.RunT(t)
|
||||
var calls atomic.Int64
|
||||
mailService := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodPost && r.URL.Path == "/api/v1/internal/login-code-deliveries" {
|
||||
calls.Add(1)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_, _ = io.WriteString(w, `{"outcome":"suppressed"}`)
|
||||
return
|
||||
}
|
||||
|
||||
http.NotFound(w, r)
|
||||
}))
|
||||
defer mailService.Close()
|
||||
|
||||
cfg := config.DefaultConfig()
|
||||
cfg.Redis.Addr = redisServer.Addr()
|
||||
cfg.PublicHTTP.Addr = mustFreeAddr(t)
|
||||
cfg.InternalHTTP.Addr = mustFreeAddr(t)
|
||||
cfg.MailService.Mode = "rest"
|
||||
cfg.MailService.BaseURL = mailService.URL
|
||||
cfg.MailService.RequestTimeout = 250 * time.Millisecond
|
||||
|
||||
runtime, err := NewRuntime(context.Background(), cfg, zap.NewNop(), nil)
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
require.NoError(t, runtime.Close())
|
||||
}()
|
||||
|
||||
runCtx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
runErrCh := make(chan error, 1)
|
||||
go func() {
|
||||
runErrCh <- runtime.App.Run(runCtx)
|
||||
}()
|
||||
|
||||
require.Eventually(t, func() bool {
|
||||
response, err := http.Post(
|
||||
"http://"+cfg.PublicHTTP.Addr+"/api/v1/public/auth/send-email-code",
|
||||
"application/json",
|
||||
bytes.NewBufferString(`{"email":"pilot@example.com"}`),
|
||||
)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
defer response.Body.Close()
|
||||
|
||||
payload, err := io.ReadAll(response.Body)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return response.StatusCode == http.StatusOK &&
|
||||
bytes.Contains(payload, []byte(`"challenge_id":"`)) &&
|
||||
calls.Load() == 1
|
||||
}, 5*time.Second, 25*time.Millisecond)
|
||||
|
||||
cancel()
|
||||
require.NoError(t, <-runErrCh)
|
||||
}
|
||||
|
||||
func mustFreeAddr(t *testing.T) string {
|
||||
t.Helper()
|
||||
|
||||
listener, err := net.Listen("tcp", "127.0.0.1:0")
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
assert.NoError(t, listener.Close())
|
||||
}()
|
||||
|
||||
return listener.Addr().String()
|
||||
}
|
||||
Reference in New Issue
Block a user