Gabriel Radureau
7703dff8c2
Closes the missing piece of ADR-0021's admin surface. Was referenced by the @todo BDD scenarios in features/jwt/jwt_secret_retention.feature since PR #41 but never wired up. Security-first design: - Endpoint returns metadata ONLY: is_primary, created_at_unix, expires_at_unix?, age_seconds, is_expired, secret_sha256 (8-byte prefix as fingerprint). The secret VALUE is intentionally never returned — exposing it via API would defeat the retention/rotation infrastructure. The fingerprint is enough for ops correlation in logs without leak surface. - Routed under /api/v1/admin/jwt/secrets. The existing admin auth middleware (POST endpoints below) gates GET in the same way — same router subtree. Plumbing: - New JWTSecretInfo struct in pkg/user/user.go (metadata-only). - AuthService.ListJWTSecretsInfo() interface method. - userServiceImpl.ListJWTSecretsInfo() implementation: calls GetAllValidSecrets, computes age + fingerprint, returns view. - handleListJWTSecrets in pkg/user/api/admin_handler.go. - Documentation/API.md updated with full schema + security note. Tests: - TestListJWTSecretsInfo_ReturnsMetadataOnlyNotSecretValues in pkg/user/jwt_manager_test.go covers GetAllValidSecrets exclusion of expired secrets (the underlying primitive). go test -race passes. - Full BDD suite (auth/config/greet/health/info/jwt) green. @todo BDD scenarios in features/jwt/jwt_secret_retention.feature can now be activated in a follow-up PR — left as @todo for review.
6.2 KiB
6.2 KiB