feat: backend service
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,111 @@
|
||||
package testenv
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/ed25519"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Session is a registered device session ready to drive the
|
||||
// authenticated gRPC surface.
|
||||
type Session struct {
|
||||
Email string
|
||||
DeviceSessionID string
|
||||
Public ed25519.PublicKey
|
||||
Private ed25519.PrivateKey
|
||||
}
|
||||
|
||||
var sessionLoginCodeRE = regexp.MustCompile(`(?m)\b(\d{6})\b`)
|
||||
|
||||
// RegisterSession runs send-email-code → confirm-email-code through
|
||||
// the gateway public REST surface and returns a fresh Session. It
|
||||
// uses mailpit to capture the verification code and includes the
|
||||
// platform's mailpit reset to avoid stale messages between calls.
|
||||
func RegisterSession(t *testing.T, plat *Platform, email string) *Session {
|
||||
t.Helper()
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
|
||||
defer cancel()
|
||||
|
||||
if err := plat.Mailpit.DeleteAll(ctx); err != nil {
|
||||
t.Fatalf("clear mailpit: %v", err)
|
||||
}
|
||||
|
||||
pub, priv, err := GenerateSessionKeyPair()
|
||||
if err != nil {
|
||||
t.Fatalf("generate session keypair: %v", err)
|
||||
}
|
||||
public := NewPublicRESTClient(plat.Gateway.HTTPURL)
|
||||
|
||||
send, _, err := public.SendEmailCode(ctx, email, "en-US")
|
||||
if err != nil {
|
||||
t.Fatalf("send-email-code: %v", err)
|
||||
}
|
||||
if send.ChallengeID == "" {
|
||||
t.Fatalf("send-email-code returned empty challenge_id")
|
||||
}
|
||||
|
||||
msg, err := plat.Mailpit.WaitForMessage(ctx, "to:"+email, 30*time.Second)
|
||||
if err != nil {
|
||||
t.Fatalf("wait for mail: %v", err)
|
||||
}
|
||||
body, err := plat.Mailpit.MessageBody(ctx, msg.ID)
|
||||
if err != nil {
|
||||
t.Fatalf("fetch mail body: %v", err)
|
||||
}
|
||||
m := sessionLoginCodeRE.FindStringSubmatch(body)
|
||||
if m == nil {
|
||||
t.Fatalf("no 6-digit code in mail body:\n%s", body)
|
||||
}
|
||||
code := m[1]
|
||||
|
||||
confirm, _, err := public.ConfirmEmailCode(ctx, send.ChallengeID, code, EncodePublicKey(pub), "UTC")
|
||||
if err != nil {
|
||||
t.Fatalf("confirm-email-code: %v", err)
|
||||
}
|
||||
if confirm.DeviceSessionID == "" {
|
||||
t.Fatalf("confirm-email-code returned empty device_session_id")
|
||||
}
|
||||
|
||||
return &Session{
|
||||
Email: email,
|
||||
DeviceSessionID: confirm.DeviceSessionID,
|
||||
Public: pub,
|
||||
Private: priv,
|
||||
}
|
||||
}
|
||||
|
||||
// DialAuthenticated returns a SignedGatewayClient bound to s.
|
||||
func (s *Session) DialAuthenticated(ctx context.Context, plat *Platform) (*SignedGatewayClient, error) {
|
||||
if s == nil {
|
||||
return nil, fmt.Errorf("nil session")
|
||||
}
|
||||
return DialGateway(ctx, plat.Gateway.GRPCAddr, s.DeviceSessionID, s.Private, plat.Gateway.ResponseSignerPublic)
|
||||
}
|
||||
|
||||
// LookupUserID resolves the user_id for s via backend's internal
|
||||
// session lookup. Returns an empty string if the session is unknown.
|
||||
func (s *Session) LookupUserID(ctx context.Context, plat *Platform) (string, error) {
|
||||
if s == nil || s.DeviceSessionID == "" {
|
||||
return "", fmt.Errorf("nil or empty session")
|
||||
}
|
||||
internal := NewBackendInternalClient(plat.Backend.HTTPURL)
|
||||
raw, resp, err := internal.Do(ctx, http.MethodGet, "/api/v1/internal/sessions/"+s.DeviceSessionID, nil)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return "", fmt.Errorf("session lookup: status %d body=%s", resp.StatusCode, string(raw))
|
||||
}
|
||||
var body struct {
|
||||
UserID string `json:"user_id"`
|
||||
}
|
||||
if err := json.Unmarshal(raw, &body); err != nil {
|
||||
return "", fmt.Errorf("decode session: %w", err)
|
||||
}
|
||||
return body.UserID, nil
|
||||
}
|
||||
Reference in New Issue
Block a user