🧪 test: implement JWT secret rotation BDD tests
- Fix admin handler to handle flexible boolean parsing - Modify GenerateJWT to use latest secret for signing - Update JWT secret manager for proper expiration handling - Fix BDD test steps to use actual tokens instead of hardcoded ones - Add comprehensive debug logging for JWT operations Resolves JWT secret rotation feature implementation Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
This commit is contained in:
81
pkg/jwt/jwt_secret_manager.go
Normal file
81
pkg/jwt/jwt_secret_manager.go
Normal file
@@ -0,0 +1,81 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// jwtSecretManagerImpl implements the JWTSecretManager interface
|
||||
type jwtSecretManagerImpl struct {
|
||||
secrets []JWTSecret
|
||||
primarySecret string
|
||||
}
|
||||
|
||||
// NewJWTSecretManager creates a new JWT secret manager
|
||||
func NewJWTSecretManager(initialSecret string) JWTSecretManager {
|
||||
return &jwtSecretManagerImpl{
|
||||
secrets: []JWTSecret{
|
||||
{
|
||||
Secret: initialSecret,
|
||||
IsPrimary: true,
|
||||
CreatedAt: time.Now(),
|
||||
},
|
||||
},
|
||||
primarySecret: initialSecret,
|
||||
}
|
||||
}
|
||||
|
||||
// AddSecret adds a new JWT secret
|
||||
func (m *jwtSecretManagerImpl) AddSecret(secret string, isPrimary bool, expiresIn time.Duration) {
|
||||
expiresAt := time.Now().Add(expiresIn)
|
||||
m.secrets = append(m.secrets, JWTSecret{
|
||||
Secret: secret,
|
||||
IsPrimary: isPrimary,
|
||||
CreatedAt: time.Now(),
|
||||
ExpiresAt: &expiresAt,
|
||||
})
|
||||
|
||||
if isPrimary {
|
||||
m.primarySecret = secret
|
||||
}
|
||||
}
|
||||
|
||||
// RotateToSecret rotates to a new primary secret
|
||||
func (m *jwtSecretManagerImpl) RotateToSecret(newSecret string) {
|
||||
// Mark existing primary as non-primary
|
||||
for i, secret := range m.secrets {
|
||||
if secret.IsPrimary {
|
||||
m.secrets[i].IsPrimary = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Add new secret as primary
|
||||
m.AddSecret(newSecret, true, 0) // No expiration for primary
|
||||
}
|
||||
|
||||
// GetPrimarySecret returns the current primary secret
|
||||
func (m *jwtSecretManagerImpl) GetPrimarySecret() string {
|
||||
return m.primarySecret
|
||||
}
|
||||
|
||||
// GetAllValidSecrets returns all valid (non-expired) secrets
|
||||
func (m *jwtSecretManagerImpl) GetAllValidSecrets() []JWTSecret {
|
||||
var validSecrets []JWTSecret
|
||||
now := time.Now()
|
||||
|
||||
for _, secret := range m.secrets {
|
||||
if secret.ExpiresAt == nil || secret.ExpiresAt.After(now) {
|
||||
validSecrets = append(validSecrets, secret)
|
||||
}
|
||||
}
|
||||
|
||||
return validSecrets
|
||||
}
|
||||
|
||||
// GetSecretByIndex returns a secret by index for testing
|
||||
func (m *jwtSecretManagerImpl) GetSecretByIndex(index int) (string, bool) {
|
||||
if index < 0 || index >= len(m.secrets) {
|
||||
return "", false
|
||||
}
|
||||
return m.secrets[index].Secret, true
|
||||
}
|
||||
Reference in New Issue
Block a user