🧪 test: add JWT secret rotation BDD scenarios and step implementations (#12)
✨ merge: implement JWT secret rotation with BDD scenario isolation - Implement JWT secret rotation mechanism (closes #8) - Add per-scenario state isolation for BDD tests (closes #14) - Validate password reset workflow via BDD tests (closes #7) - Fix port conflicts in test validation - Add state tracer for debugging test execution - Document BDD isolation strategies in ADR 0025 - Fix PostgreSQL configuration environment variables Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai> Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
This commit was merged in pull request #12.
This commit is contained in:
81
pkg/jwt/jwt_secret_manager.go
Normal file
81
pkg/jwt/jwt_secret_manager.go
Normal file
@@ -0,0 +1,81 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
// jwtSecretManagerImpl implements the JWTSecretManager interface
|
||||
type jwtSecretManagerImpl struct {
|
||||
secrets []JWTSecret
|
||||
primarySecret string
|
||||
}
|
||||
|
||||
// NewJWTSecretManager creates a new JWT secret manager
|
||||
func NewJWTSecretManager(initialSecret string) JWTSecretManager {
|
||||
return &jwtSecretManagerImpl{
|
||||
secrets: []JWTSecret{
|
||||
{
|
||||
Secret: initialSecret,
|
||||
IsPrimary: true,
|
||||
CreatedAt: time.Now(),
|
||||
},
|
||||
},
|
||||
primarySecret: initialSecret,
|
||||
}
|
||||
}
|
||||
|
||||
// AddSecret adds a new JWT secret
|
||||
func (m *jwtSecretManagerImpl) AddSecret(secret string, isPrimary bool, expiresIn time.Duration) {
|
||||
expiresAt := time.Now().Add(expiresIn)
|
||||
m.secrets = append(m.secrets, JWTSecret{
|
||||
Secret: secret,
|
||||
IsPrimary: isPrimary,
|
||||
CreatedAt: time.Now(),
|
||||
ExpiresAt: &expiresAt,
|
||||
})
|
||||
|
||||
if isPrimary {
|
||||
m.primarySecret = secret
|
||||
}
|
||||
}
|
||||
|
||||
// RotateToSecret rotates to a new primary secret
|
||||
func (m *jwtSecretManagerImpl) RotateToSecret(newSecret string) {
|
||||
// Mark existing primary as non-primary
|
||||
for i, secret := range m.secrets {
|
||||
if secret.IsPrimary {
|
||||
m.secrets[i].IsPrimary = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Add new secret as primary
|
||||
m.AddSecret(newSecret, true, 0) // No expiration for primary
|
||||
}
|
||||
|
||||
// GetPrimarySecret returns the current primary secret
|
||||
func (m *jwtSecretManagerImpl) GetPrimarySecret() string {
|
||||
return m.primarySecret
|
||||
}
|
||||
|
||||
// GetAllValidSecrets returns all valid (non-expired) secrets
|
||||
func (m *jwtSecretManagerImpl) GetAllValidSecrets() []JWTSecret {
|
||||
var validSecrets []JWTSecret
|
||||
now := time.Now()
|
||||
|
||||
for _, secret := range m.secrets {
|
||||
if secret.ExpiresAt == nil || secret.ExpiresAt.After(now) {
|
||||
validSecrets = append(validSecrets, secret)
|
||||
}
|
||||
}
|
||||
|
||||
return validSecrets
|
||||
}
|
||||
|
||||
// GetSecretByIndex returns a secret by index for testing
|
||||
func (m *jwtSecretManagerImpl) GetSecretByIndex(index int) (string, bool) {
|
||||
if index < 0 || index >= len(m.secrets) {
|
||||
return "", false
|
||||
}
|
||||
return m.secrets[index].Secret, true
|
||||
}
|
||||
Reference in New Issue
Block a user