Files
scrabble-game/backend/internal/inttest/session_test.go
T
Ilia Denisov 92633f935e
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 18s
CI / ui (pull_request) Successful in 1m7s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m42s
feat(payments): trusted platform signal on the session
Record the execution platform (kind vk|telegram|direct + device subtype
ios|android|web) on each session, captured at creation and carried
gateway->backend as a trusted X-Platform header, so the upcoming
store-compliance gate has an unforgeable execution context.

- backend.sessions gains nullable platform_kind/platform_subtype columns
  (migration 00011, CHECK-constrained, jet regenerated); session.Platform
  captures them at mint, resolve returns them, middleware exposes platform(c).
  kind is derived from the establish endpoint, never a client field; the
  account-merge session mint inherits the caller's platform.
- gateway derives the platform (VK subtype from the signed vk_platform via
  vkauth, Telegram/direct best-effort from the client) and injects X-Platform
  on every authenticated backend call through the request context.
- ui submits a best-effort device subtype on the telegram/guest/email login
  requests (new FBS subtype field); VK is server-derived from the signed params.
- an unattributed session is untrusted (view-only); VK/TG self-heal on the next
  cold-start re-mint, direct/email on re-login.

Signal plumbing only, no user-visible change; X-Platform is inert until the
gate consumes it.
2026-07-08 03:31:51 +02:00

85 lines
2.5 KiB
Go

//go:build integration
package inttest
import (
"context"
"errors"
"testing"
"github.com/google/uuid"
"scrabble/backend/internal/account"
"scrabble/backend/internal/session"
)
// TestSessionLifecycle covers create, cache-hit resolve, DB-fallback resolve
// after a cold cache warm, idempotent revoke, and post-revoke resolution.
func TestSessionLifecycle(t *testing.T) {
ctx := context.Background()
acc, err := account.NewStore(testDB).ProvisionByIdentity(ctx, account.KindTelegram, "tg-"+uuid.NewString())
if err != nil {
t.Fatalf("provision account: %v", err)
}
store := session.NewStore(testDB)
svc := session.NewService(store, session.NewCache())
platform := session.Platform{Kind: session.PlatformKindVK, Subtype: session.SubtypeIOS}
token, sess, err := svc.Create(ctx, acc.ID, platform)
if err != nil {
t.Fatalf("create session: %v", err)
}
if sess.AccountID != acc.ID {
t.Errorf("session account = %s, want %s", sess.AccountID, acc.ID)
}
if token == sess.TokenHash {
t.Error("plaintext token must not equal the stored hash")
}
if sess.Platform != platform {
t.Errorf("session platform = %+v, want %+v", sess.Platform, platform)
}
// Resolve via the warm write-through cache.
got, err := svc.Resolve(ctx, token)
if err != nil {
t.Fatalf("resolve (cache): %v", err)
}
if got.ID != sess.ID {
t.Errorf("resolve id = %s, want %s", got.ID, sess.ID)
}
// An unknown token is not found.
if _, err := svc.Resolve(ctx, "not-a-real-token"); !errors.Is(err, session.ErrNotFound) {
t.Errorf("resolve unknown = %v, want ErrNotFound", err)
}
// A fresh service with a cold cache resolves through the DB after Warm.
cold := session.NewCache()
svc2 := session.NewService(store, cold)
if err := svc2.Warm(ctx); err != nil {
t.Fatalf("warm: %v", err)
}
if !cold.Ready() {
t.Error("cache must be ready after Warm")
}
if _, ok := cold.Get(session.HashToken(token)); !ok {
t.Error("Warm must load the active session into the cache")
}
if got2, err := svc2.Resolve(ctx, token); err != nil || got2.ID != sess.ID || got2.Platform != platform {
t.Errorf("resolve after warm = (%s, %+v, %v), want %s / %+v", got2.ID, got2.Platform, err, sess.ID, platform)
}
// Revoke, then the token no longer resolves; revoke again is a no-op.
if err := svc.Revoke(ctx, token); err != nil {
t.Fatalf("revoke: %v", err)
}
if _, err := svc.Resolve(ctx, token); !errors.Is(err, session.ErrNotFound) {
t.Errorf("resolve after revoke = %v, want ErrNotFound", err)
}
if err := svc.Revoke(ctx, token); err != nil {
t.Errorf("idempotent revoke: %v", err)
}
}