package gatewayprojection import ( "crypto/ed25519" "encoding/base64" "github.com/stretchr/testify/require" "reflect" "testing" "time" "galaxy/authsession/internal/domain/common" "galaxy/authsession/internal/domain/devicesession" ) func TestStatusIsKnown(t *testing.T) { t.Parallel() tests := []struct { name string value Status want bool }{ {name: "active", value: StatusActive, want: true}, {name: "revoked", value: StatusRevoked, want: true}, {name: "unknown", value: Status("unknown"), want: false}, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() if got := tt.value.IsKnown(); got != tt.want { require.Failf(t, "test failed", "IsKnown() = %v, want %v", got, tt.want) } }) } } func TestSnapshotValidate(t *testing.T) { t.Parallel() tests := []struct { name string mutate func(*Snapshot) wantErr bool }{ {name: "active valid"}, { name: "revoked valid", mutate: func(snapshot *Snapshot) { snapshot.Status = StatusRevoked revokedAt := time.Unix(1_775_121_900, 0).UTC() snapshot.RevokedAt = &revokedAt snapshot.RevokeReasonCode = common.RevokeReasonCode("admin_revoke") snapshot.RevokeActorType = common.RevokeActorType("admin") snapshot.RevokeActorID = "admin-123" }, }, { name: "active rejects revoke metadata", mutate: func(snapshot *Snapshot) { snapshot.RevokeReasonCode = common.RevokeReasonCode("admin_revoke") }, wantErr: true, }, { name: "invalid key encoding", mutate: func(snapshot *Snapshot) { snapshot.ClientPublicKey = "not-base64" }, wantErr: true, }, { name: "actor id requires actor type", mutate: func(snapshot *Snapshot) { snapshot.Status = StatusRevoked snapshot.RevokeActorID = "admin-123" }, wantErr: true, }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() snapshot := validSnapshot() if tt.mutate != nil { tt.mutate(&snapshot) } err := snapshot.Validate() if tt.wantErr && err == nil { require.FailNow(t, "Validate() returned nil error") } if !tt.wantErr && err != nil { require.Failf(t, "test failed", "Validate() returned error: %v", err) } }) } } func TestSnapshotStaysSeparateFromSessionDomainShape(t *testing.T) { t.Parallel() snapshotType := reflect.TypeOf(Snapshot{}) sessionType := reflect.TypeOf(devicesession.Session{}) clientPublicKeyField, ok := snapshotType.FieldByName("ClientPublicKey") if !ok { require.FailNow(t, "Snapshot is missing ClientPublicKey field") } if clientPublicKeyField.Type.Kind() != reflect.String { require.Failf(t, "test failed", "Snapshot.ClientPublicKey kind = %s, want string", clientPublicKeyField.Type.Kind()) } sessionClientPublicKeyField, ok := sessionType.FieldByName("ClientPublicKey") if !ok { require.FailNow(t, "devicesession.Session is missing ClientPublicKey field") } if clientPublicKeyField.Type == sessionClientPublicKeyField.Type { require.FailNow(t, "Snapshot.ClientPublicKey must stay separate from devicesession.Session.ClientPublicKey type") } if _, ok := snapshotType.FieldByName("RevokedAtMS"); ok { require.FailNow(t, "Snapshot must not expose Redis-specific RevokedAtMS field") } } func validSnapshot() Snapshot { raw := make(ed25519.PublicKey, ed25519.PublicKeySize) for index := range raw { raw[index] = byte(index + 17) } return Snapshot{ DeviceSessionID: common.DeviceSessionID("device-session-123"), UserID: common.UserID("user-123"), ClientPublicKey: base64.StdEncoding.EncodeToString(raw), Status: StatusActive, } }