feat: authsession service

2026-04-08 16:23:07 +02:00
parent 28f04916af
commit 86a68ed9d0
174 changed files with 31732 additions and 112 deletions
@@ -0,0 +1,146 @@
+package gatewayprojection
+
+import (
+	"crypto/ed25519"
+	"encoding/base64"
+	"github.com/stretchr/testify/require"
+	"reflect"
+	"testing"
+	"time"
+
+	"galaxy/authsession/internal/domain/common"
+	"galaxy/authsession/internal/domain/devicesession"
+)
+
+func TestStatusIsKnown(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name  string
+		value Status
+		want  bool
+	}{
+		{name: "active", value: StatusActive, want: true},
+		{name: "revoked", value: StatusRevoked, want: true},
+		{name: "unknown", value: Status("unknown"), want: false},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			if got := tt.value.IsKnown(); got != tt.want {
+				require.Failf(t, "test failed", "IsKnown() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestSnapshotValidate(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		mutate  func(*Snapshot)
+		wantErr bool
+	}{
+		{name: "active valid"},
+		{
+			name: "revoked valid",
+			mutate: func(snapshot *Snapshot) {
+				snapshot.Status = StatusRevoked
+				revokedAt := time.Unix(1_775_121_900, 0).UTC()
+				snapshot.RevokedAt = &revokedAt
+				snapshot.RevokeReasonCode = common.RevokeReasonCode("admin_revoke")
+				snapshot.RevokeActorType = common.RevokeActorType("admin")
+				snapshot.RevokeActorID = "admin-123"
+			},
+		},
+		{
+			name: "active rejects revoke metadata",
+			mutate: func(snapshot *Snapshot) {
+				snapshot.RevokeReasonCode = common.RevokeReasonCode("admin_revoke")
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid key encoding",
+			mutate: func(snapshot *Snapshot) {
+				snapshot.ClientPublicKey = "not-base64"
+			},
+			wantErr: true,
+		},
+		{
+			name: "actor id requires actor type",
+			mutate: func(snapshot *Snapshot) {
+				snapshot.Status = StatusRevoked
+				snapshot.RevokeActorID = "admin-123"
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			snapshot := validSnapshot()
+			if tt.mutate != nil {
+				tt.mutate(&snapshot)
+			}
+
+			err := snapshot.Validate()
+			if tt.wantErr && err == nil {
+				require.FailNow(t, "Validate() returned nil error")
+			}
+			if !tt.wantErr && err != nil {
+				require.Failf(t, "test failed", "Validate() returned error: %v", err)
+			}
+		})
+	}
+}
+
+func TestSnapshotStaysSeparateFromSessionDomainShape(t *testing.T) {
+	t.Parallel()
+
+	snapshotType := reflect.TypeOf(Snapshot{})
+	sessionType := reflect.TypeOf(devicesession.Session{})
+
+	clientPublicKeyField, ok := snapshotType.FieldByName("ClientPublicKey")
+	if !ok {
+		require.FailNow(t, "Snapshot is missing ClientPublicKey field")
+	}
+	if clientPublicKeyField.Type.Kind() != reflect.String {
+		require.Failf(t, "test failed", "Snapshot.ClientPublicKey kind = %s, want string", clientPublicKeyField.Type.Kind())
+	}
+
+	sessionClientPublicKeyField, ok := sessionType.FieldByName("ClientPublicKey")
+	if !ok {
+		require.FailNow(t, "devicesession.Session is missing ClientPublicKey field")
+	}
+	if clientPublicKeyField.Type == sessionClientPublicKeyField.Type {
+		require.FailNow(t, "Snapshot.ClientPublicKey must stay separate from devicesession.Session.ClientPublicKey type")
+	}
+
+	if _, ok := snapshotType.FieldByName("RevokedAtMS"); ok {
+		require.FailNow(t, "Snapshot must not expose Redis-specific RevokedAtMS field")
+	}
+}
+
+func validSnapshot() Snapshot {
+	raw := make(ed25519.PublicKey, ed25519.PublicKeySize)
+	for index := range raw {
+		raw[index] = byte(index + 17)
+	}
+
+	return Snapshot{
+		DeviceSessionID: common.DeviceSessionID("device-session-123"),
+		UserID:          common.UserID("user-123"),
+		ClientPublicKey: base64.StdEncoding.EncodeToString(raw),
+		Status:          StatusActive,
+	}
+}