William Gill
12bf35caf8
Greenfield Go multi-tenant IPFS Pinning Service wire-compatible with the
IPFS Pinning Services API spec. Paired 1:1 with Kubo over localhost RPC,
clustered via embedded NATS JetStream, Postgres source-of-truth with
RLS-enforced tenancy, Fiber + huma v2 for the HTTP surface, Authentik
OIDC for session login with kid-rotated HS256 JWT API tokens.
Feature-complete against the 22-milestone build plan, including the
ship-it v1.0 gap items:
* admin CLIs: drain/uncordon, maintenance, mint-token, rotate-key,
prune-denylist, rebalance --dry-run, cache-stats, cluster-presences
* TTL leader election via NATS KV, fence tokens, JetStream dedup
* rebalancer (plan/apply split), reconciler, requeue sweeper
* ristretto caches with NATS-backed cross-node invalidation
(placements live-nodes + token denylist)
* maintenance watchdog for stuck cluster-pause flag
* Prometheus /metrics with CIDR ACL, HTTP/pin/scheduler/cache gauges
* rate limiting: session (10/min) + anonymous global (120/min)
* integration tests: rebalance, refcount multi-org, RLS belt
* goreleaser (tar + deb/rpm/apk + Alpine Docker) targeting Gitea
Stack: Cobra/Viper, Fiber v2 + huma v2, embedded NATS JetStream,
pgx/sqlc/golang-migrate, ristretto, TypeID, prometheus/client_golang,
testcontainers-go.
106 lines
2.6 KiB
Go
106 lines
2.6 KiB
Go
package token_test
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"anchorage/internal/pkg/ids"
|
|
"anchorage/internal/pkg/store"
|
|
"anchorage/internal/pkg/store/memstore"
|
|
"anchorage/internal/pkg/token"
|
|
)
|
|
|
|
func newSigner(t *testing.T) (*token.Signer, *memstore.Store) {
|
|
t.Helper()
|
|
s := memstore.New()
|
|
sg, err := token.NewSigner(
|
|
[]token.SigningKey{{
|
|
ID: "test-kid",
|
|
Key: []byte("0123456789abcdef0123456789abcdef"),
|
|
Primary: true,
|
|
}},
|
|
"https://anchorage.test/",
|
|
"anchorage",
|
|
s.Tokens(),
|
|
)
|
|
if err != nil {
|
|
t.Fatalf("NewSigner: %v", err)
|
|
}
|
|
return sg, s
|
|
}
|
|
|
|
func TestMintAndParseRoundTrip(t *testing.T) {
|
|
sg, _ := newSigner(t)
|
|
orgID := ids.MustNewOrg()
|
|
userID := ids.MustNewUser()
|
|
|
|
raw, claims, err := sg.Mint(context.Background(), orgID, userID, "orgadmin", []string{"pin:write"}, time.Hour)
|
|
if err != nil {
|
|
t.Fatalf("Mint: %v", err)
|
|
}
|
|
if claims.Org != orgID || claims.User != userID {
|
|
t.Errorf("claims org/user mismatch")
|
|
}
|
|
if claims.Role != "orgadmin" {
|
|
t.Errorf("role = %q", claims.Role)
|
|
}
|
|
|
|
parsed, err := sg.Parse(context.Background(), raw)
|
|
if err != nil {
|
|
t.Fatalf("Parse: %v", err)
|
|
}
|
|
if parsed.Org != orgID {
|
|
t.Errorf("parsed.Org = %v", parsed.Org)
|
|
}
|
|
if parsed.ID != claims.ID {
|
|
t.Errorf("jti changed during round-trip")
|
|
}
|
|
}
|
|
|
|
func TestParseRejectsExpired(t *testing.T) {
|
|
sg, _ := newSigner(t)
|
|
raw, _, err := sg.Mint(context.Background(), ids.MustNewOrg(), ids.MustNewUser(), "member", nil, time.Millisecond)
|
|
if err != nil {
|
|
t.Fatalf("Mint: %v", err)
|
|
}
|
|
time.Sleep(10 * time.Millisecond)
|
|
if _, err := sg.Parse(context.Background(), raw); err == nil {
|
|
t.Error("expected expired token to be rejected")
|
|
}
|
|
}
|
|
|
|
func TestRevokeAddsToDenylist(t *testing.T) {
|
|
sg, s := newSigner(t)
|
|
raw, claims, err := sg.Mint(context.Background(), ids.MustNewOrg(), ids.MustNewUser(), "member", nil, time.Hour)
|
|
if err != nil {
|
|
t.Fatalf("Mint: %v", err)
|
|
}
|
|
|
|
// Write the token metadata to the store so Revoke has something to update.
|
|
if err := s.Tokens().Create(context.Background(), &store.APIToken{
|
|
JTI: mustParseToken(t, claims.ID), OrgID: claims.Org, UserID: claims.User,
|
|
Label: "test", ExpiresAt: claims.ExpiresAt.Time,
|
|
}); err != nil {
|
|
t.Fatalf("seed token: %v", err)
|
|
}
|
|
|
|
jti := mustParseToken(t, claims.ID)
|
|
if err := sg.Revoke(context.Background(), jti, claims.ExpiresAt.Time, "test"); err != nil {
|
|
t.Fatalf("Revoke: %v", err)
|
|
}
|
|
|
|
if _, err := sg.Parse(context.Background(), raw); err == nil {
|
|
t.Error("expected revoked token to be rejected")
|
|
}
|
|
}
|
|
|
|
func mustParseToken(t *testing.T, s string) ids.TokenID {
|
|
t.Helper()
|
|
id, err := ids.ParseToken(s)
|
|
if err != nil {
|
|
t.Fatalf("ParseToken(%q): %v", s, err)
|
|
}
|
|
return id
|
|
}
|