feat: add first page with auth and containers list and agents

server/internal/auth/auth_test.go

@@ -0,0 +1,64 @@
+package auth
+
+import (
+	"testing"
+	"time"
+)
+
+func TestSignAndVerify(t *testing.T) {
+	svc := New("test-secret")
+
+	token, err := svc.Sign("user42")
+	if err != nil {
+		t.Fatalf("Sign: %v", err)
+	}
+	if token == "" {
+		t.Fatal("expected non-empty token")
+	}
+
+	claims, err := svc.Verify(token)
+	if err != nil {
+		t.Fatalf("Verify: %v", err)
+	}
+	if claims.UserID != "user42" {
+		t.Errorf("expected UserID 'user42', got %q", claims.UserID)
+	}
+	if claims.ExpiresAt == nil || claims.ExpiresAt.Before(time.Now()) {
+		t.Error("token should not be expired")
+	}
+}
+
+func TestVerify_InvalidToken(t *testing.T) {
+	svc := New("test-secret")
+	_, err := svc.Verify("not.a.valid.token")
+	if err == nil {
+		t.Fatal("expected error for invalid token")
+	}
+}
+
+func TestVerify_WrongSecret(t *testing.T) {
+	svc1 := New("secret-a")
+	svc2 := New("secret-b")
+
+	token, err := svc1.Sign("user1")
+	if err != nil {
+		t.Fatalf("Sign: %v", err)
+	}
+
+	_, err = svc2.Verify(token)
+	if err == nil {
+		t.Fatal("expected error when verifying with different secret")
+	}
+}
+
+func TestVerify_TamperedToken(t *testing.T) {
+	svc := New("test-secret")
+	token, _ := svc.Sign("admin")
+
+	// Append garbage to corrupt the signature.
+	tampered := token + "x"
+	_, err := svc.Verify(tampered)
+	if err == nil {
+		t.Fatal("expected error for tampered token")
+	}
+}