arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(admin): GET /api/v1/admin/jwt/secrets — metadata-only introspection (#51)
Some checks failed
CI/CD Pipeline / Build Docker Cache (push) Successful in 57s
Details
CI/CD Pipeline / Trigger Docker Push (push) Has been cancelled
Details
CI/CD Pipeline / CI Pipeline (push) Has been cancelled
Details

Browse Source 
Co-authored-by: Gabriel Radureau <arcodange@gmail.com>
Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
This commit was merged in pull request #51.
This commit is contained in:
Gabriel Radureau
2026-05-05 09:51:54 +02:00
committed by arcodange
parent 46df1f6170
commit f71495b6fc
5 changed files with 118 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/user/user.go
View File

@@ -52,6 +52,24 @@ type AuthService interface {
// the count of removed non-primary expired secrets. Useful for tests
// driving cleanup synchronously.
RemoveExpiredJWTSecrets() int
// ListJWTSecretsInfo returns metadata about every currently-tracked JWT
// secret WITHOUT exposing the secret values. Used by the admin
// introspection endpoint and BDD tests verifying cleanup behavior.
// Order is preserved from internal storage (insertion order).
ListJWTSecretsInfo() []JWTSecretInfo
}
// JWTSecretInfo is a non-sensitive metadata view of a JWT secret.
// The secret VALUE is intentionally NOT included — exposing it via an
// API endpoint, even an admin one, would defeat the point of the
// retention/rotation infrastructure.
type JWTSecretInfo struct {
IsPrimary bool `json:"is_primary"`
CreatedAtUnix int64 `json:"created_at_unix"`
ExpiresAtUnix *int64 `json:"expires_at_unix,omitempty"`
AgeSeconds int64 `json:"age_seconds"`
IsExpired bool `json:"is_expired"`
SecretSHA256 string `json:"secret_sha256"` // first 16 hex chars of sha256 — fingerprint, not the secret
}
// UserManager defines interface for user management operations