feat: use postgres

2026-04-26 20:34:39 +02:00
parent 48b0056b49
commit fe829285a6
365 changed files with 29223 additions and 24049 deletions
@@ -5,7 +5,6 @@ package challengestore
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -26,23 +25,10 @@ const expirationGracePeriod = 5 * time.Minute

 const defaultPreferredLanguage = "en"

-// Config configures one Redis-backed challenge store instance.
+// Config configures one Redis-backed challenge store instance. The store does
+// not own its Redis client; the runtime supplies a shared client constructed
+// via `pkg/redisconn`.
 type Config struct {
-	// Addr is the Redis network address in host:port form.
-	Addr string
-
-	// Username is the optional Redis ACL username.
-	Username string
-
-	// Password is the optional Redis ACL password.
-	Password string
-
-	// DB is the Redis logical database index.
-	DB int
-
-	// TLSEnabled enables TLS with a conservative minimum protocol version.
-	TLSEnabled bool
-
 	// KeyPrefix is the namespace prefix applied to every challenge key.
 	KeyPrefix string

@@ -74,13 +60,11 @@ type redisRecord struct {
 	ConfirmedAt              *string                 `json:"confirmed_at,omitempty"`
 }

-// New constructs a Redis-backed challenge store from cfg.
-func New(cfg Config) (*Store, error) {
-	if strings.TrimSpace(cfg.Addr) == "" {
-		return nil, errors.New("new redis challenge store: redis addr must not be empty")
-	}
-	if cfg.DB < 0 {
-		return nil, errors.New("new redis challenge store: redis db must not be negative")
+// New constructs a Redis-backed challenge store that uses client and applies
+// the namespace and timeout settings from cfg.
+func New(client *redis.Client, cfg Config) (*Store, error) {
+	if client == nil {
+		return nil, errors.New("new redis challenge store: nil redis client")
 	}
 	if strings.TrimSpace(cfg.KeyPrefix) == "" {
 		return nil, errors.New("new redis challenge store: redis key prefix must not be empty")
@@ -89,50 +73,13 @@ func New(cfg Config) (*Store, error) {
 		return nil, errors.New("new redis challenge store: operation timeout must be positive")
 	}

-	options := &redis.Options{
-		Addr:            cfg.Addr,
-		Username:        cfg.Username,
-		Password:        cfg.Password,
-		DB:              cfg.DB,
-		Protocol:        2,
-		DisableIdentity: true,
-	}
-	if cfg.TLSEnabled {
-		options.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
-	}
-
 	return &Store{
-		client:           redis.NewClient(options),
+		client:           client,
 		keyPrefix:        cfg.KeyPrefix,
 		operationTimeout: cfg.OperationTimeout,
 	}, nil
 }

-// Close releases the underlying Redis client resources.
-func (s *Store) Close() error {
-	if s == nil || s.client == nil {
-		return nil
-	}
-
-	return s.client.Close()
-}
-
-// Ping verifies that the configured Redis backend is reachable within the
-// adapter operation timeout budget.
-func (s *Store) Ping(ctx context.Context) error {
-	operationCtx, cancel, err := s.operationContext(ctx, "ping redis challenge store")
-	if err != nil {
-		return err
-	}
-	defer cancel()
-
-	if err := s.client.Ping(operationCtx).Err(); err != nil {
-		return fmt.Errorf("ping redis challenge store: %w", err)
-	}
-
-	return nil
-}
-
 // Get returns the stored challenge for challengeID.
 func (s *Store) Get(ctx context.Context, challengeID common.ChallengeID) (challenge.Challenge, error) {
 	if err := challengeID.Validate(); err != nil {
@@ -13,10 +13,26 @@ import (
 	"galaxy/authsession/internal/ports"

 	"github.com/alicebob/miniredis/v2"
+	"github.com/redis/go-redis/v9"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

+func newRedisClient(t *testing.T, server *miniredis.Miniredis) *redis.Client {
+	t.Helper()
+
+	client := redis.NewClient(&redis.Options{
+		Addr:            server.Addr(),
+		Protocol:        2,
+		DisableIdentity: true,
+	})
+	t.Cleanup(func() {
+		assert.NoError(t, client.Close())
+	})
+
+	return client
+}
+
 func TestStoreContract(t *testing.T) {
 	t.Parallel()

@@ -32,64 +48,44 @@ func TestNew(t *testing.T) {
 	t.Parallel()

 	server := miniredis.RunT(t)
+	client := newRedisClient(t, server)

 	tests := []struct {
 		name    string
+		client  *redis.Client
 		cfg     Config
 		wantErr string
 	}{
 		{
-			name: "valid config",
-			cfg: Config{
-				Addr:             server.Addr(),
-				DB:               2,
-				KeyPrefix:        "authsession:challenge:",
-				OperationTimeout: 250 * time.Millisecond,
-			},
+			name:   "valid config",
+			client: client,
+			cfg:    Config{KeyPrefix: "authsession:challenge:", OperationTimeout: 250 * time.Millisecond},
 		},
 		{
-			name: "empty addr",
-			cfg: Config{
-				KeyPrefix:        "authsession:challenge:",
-				OperationTimeout: 250 * time.Millisecond,
-			},
-			wantErr: "redis addr must not be empty",
+			name:    "nil client",
+			client:  nil,
+			cfg:     Config{KeyPrefix: "authsession:challenge:", OperationTimeout: 250 * time.Millisecond},
+			wantErr: "nil redis client",
 		},
 		{
-			name: "negative db",
-			cfg: Config{
-				Addr:             server.Addr(),
-				DB:               -1,
-				KeyPrefix:        "authsession:challenge:",
-				OperationTimeout: 250 * time.Millisecond,
-			},
-			wantErr: "redis db must not be negative",
-		},
-		{
-			name: "empty key prefix",
-			cfg: Config{
-				Addr:             server.Addr(),
-				OperationTimeout: 250 * time.Millisecond,
-			},
+			name:    "empty key prefix",
+			client:  client,
+			cfg:     Config{OperationTimeout: 250 * time.Millisecond},
 			wantErr: "redis key prefix must not be empty",
 		},
 		{
-			name: "non-positive operation timeout",
-			cfg: Config{
-				Addr:      server.Addr(),
-				KeyPrefix: "authsession:challenge:",
-			},
+			name:    "non-positive operation timeout",
+			client:  client,
+			cfg:     Config{KeyPrefix: "authsession:challenge:"},
 			wantErr: "operation timeout must be positive",
 		},
 	}

 	for _, tt := range tests {
-		tt := tt
-
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()

-			store, err := New(tt.cfg)
+			store, err := New(tt.client, tt.cfg)
 			if tt.wantErr != "" {
 				require.Error(t, err)
 				assert.ErrorContains(t, err, tt.wantErr)
@@ -97,22 +93,11 @@ func TestNew(t *testing.T) {
 			}

 			require.NoError(t, err)
-			t.Cleanup(func() {
-				assert.NoError(t, store.Close())
-			})
+			require.NotNil(t, store)
 		})
 	}
 }

-func TestStorePing(t *testing.T) {
-	t.Parallel()
-
-	server := miniredis.RunT(t)
-	store := newTestStore(t, server, Config{})
-
-	require.NoError(t, store.Ping(context.Background()))
-}
-
 func TestStoreCreateAndGet(t *testing.T) {
 	t.Parallel()

@@ -429,9 +414,6 @@ func TestStoreCompareAndSwap(t *testing.T) {
 func newTestStore(t *testing.T, server *miniredis.Miniredis, cfg Config) *Store {
 	t.Helper()

-	if cfg.Addr == "" {
-		cfg.Addr = server.Addr()
-	}
 	if cfg.KeyPrefix == "" {
 		cfg.KeyPrefix = "authsession:challenge:"
 	}
@@ -439,13 +421,9 @@ func newTestStore(t *testing.T, server *miniredis.Miniredis, cfg Config) *Store
 		cfg.OperationTimeout = 250 * time.Millisecond
 	}

-	store, err := New(cfg)
+	store, err := New(newRedisClient(t, server), cfg)
 	require.NoError(t, err)

-	t.Cleanup(func() {
-		assert.NoError(t, store.Close())
-	})
-
 	return store
 }

@@ -540,17 +518,6 @@ func mustMarshalJSON(t *testing.T, value any) string {
 	return string(payload)
 }

-func TestStorePingNilContext(t *testing.T) {
-	t.Parallel()
-
-	server := miniredis.RunT(t)
-	store := newTestStore(t, server, Config{})
-
-	err := store.Ping(nil)
-	require.Error(t, err)
-	assert.ErrorContains(t, err, "nil context")
-}
-
 func TestStoreGetNilContext(t *testing.T) {
 	t.Parallel()