feat: add first page with auth and containers list and agents
This commit is contained in:
49
server/internal/auth/auth.go
Normal file
49
server/internal/auth/auth.go
Normal file
@ -0,0 +1,49 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type Claims struct {
|
||||
UserID string `json:"uid"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
type Service struct {
|
||||
secret []byte
|
||||
}
|
||||
|
||||
func New(secret string) *Service {
|
||||
return &Service{secret: []byte(secret)}
|
||||
}
|
||||
|
||||
func (s *Service) Sign(userID string) (string, error) {
|
||||
claims := Claims{
|
||||
UserID: userID,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
},
|
||||
}
|
||||
return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString(s.secret)
|
||||
}
|
||||
|
||||
func (s *Service) Verify(tokenStr string) (*Claims, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenStr, &Claims{}, func(t *jwt.Token) (any, error) {
|
||||
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, errors.New("unexpected signing method")
|
||||
}
|
||||
return s.secret, nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
claims, ok := token.Claims.(*Claims)
|
||||
if !ok || !token.Valid {
|
||||
return nil, errors.New("invalid token")
|
||||
}
|
||||
return claims, nil
|
||||
}
|
||||
64
server/internal/auth/auth_test.go
Normal file
64
server/internal/auth/auth_test.go
Normal file
@ -0,0 +1,64 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestSignAndVerify(t *testing.T) {
|
||||
svc := New("test-secret")
|
||||
|
||||
token, err := svc.Sign("user42")
|
||||
if err != nil {
|
||||
t.Fatalf("Sign: %v", err)
|
||||
}
|
||||
if token == "" {
|
||||
t.Fatal("expected non-empty token")
|
||||
}
|
||||
|
||||
claims, err := svc.Verify(token)
|
||||
if err != nil {
|
||||
t.Fatalf("Verify: %v", err)
|
||||
}
|
||||
if claims.UserID != "user42" {
|
||||
t.Errorf("expected UserID 'user42', got %q", claims.UserID)
|
||||
}
|
||||
if claims.ExpiresAt == nil || claims.ExpiresAt.Before(time.Now()) {
|
||||
t.Error("token should not be expired")
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerify_InvalidToken(t *testing.T) {
|
||||
svc := New("test-secret")
|
||||
_, err := svc.Verify("not.a.valid.token")
|
||||
if err == nil {
|
||||
t.Fatal("expected error for invalid token")
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerify_WrongSecret(t *testing.T) {
|
||||
svc1 := New("secret-a")
|
||||
svc2 := New("secret-b")
|
||||
|
||||
token, err := svc1.Sign("user1")
|
||||
if err != nil {
|
||||
t.Fatalf("Sign: %v", err)
|
||||
}
|
||||
|
||||
_, err = svc2.Verify(token)
|
||||
if err == nil {
|
||||
t.Fatal("expected error when verifying with different secret")
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerify_TamperedToken(t *testing.T) {
|
||||
svc := New("test-secret")
|
||||
token, _ := svc.Sign("admin")
|
||||
|
||||
// Append garbage to corrupt the signature.
|
||||
tampered := token + "x"
|
||||
_, err := svc.Verify(tampered)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for tampered token")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user