platform/tenant-registry
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4c46d673fb4524e8ca5df083f991862f5c15905e
tenant-registry/internal/server/apikeys_test.go
T
sharang 4c46d673fb
ci / shared (pull_request) Successful in 5s
Details
ci / test (pull_request) Failing after 1m30s
Details
ci / image (pull_request) Has been skipped
Details
feat(api): M4.2 — full REST surface + pgx-backed Postgres store 
Replaces the M5.1-skeleton handler set with the M4.2 spec from
IMPLEMENTATION_PLAN.md:

Endpoints (authoritative shape in openapi.yaml):
  POST   /v1/tenants
  GET    /v1/tenants/{id}
  GET    /v1/tenants/by-slug/{slug}
  POST   /v1/tenants/{id}/activate
  POST   /v1/tenants/{id}/cancel
  GET    /v1/entitlements?tenant_id=...
  GET    /v1/catalog
  POST   /v1/catalog/request
  POST   /v1/catalog/trial-request
  POST   /v1/api-keys                       returns plaintext ONCE
  GET    /v1/api-keys?tenant_id=...
  DELETE /v1/api-keys/{id}
  POST   /v1/internal/api-keys/verify       always 200; valid: bool
  POST   /v1/audit
  GET    /v1/audit?{tenant_id,product,actor_id,action,since,until,limit,cursor}

Architecture:
  internal/store/store.go        Store interface (CRUD + audit + ping)
  internal/store/memory.go       in-process impl, used when DATABASE_URL
                                 is empty (seed acme tenant, no migrations)
  internal/store/postgres.go     pgxpool impl against the M4.1 schema
  internal/server/server.go      router + healthz/readyz
  internal/server/{tenants,catalog,apikeys,audit}.go
                                 per-concern handlers (≤250 LoC each)
  internal/server/helpers.go     writeJSON/writeError/error mapping/log mw
  openapi.yaml                   3.1 spec; openapi_test.go is the contract gate

API keys:
  Plaintext format 'bp_<22-char base64>'. Prefix bp_<8> stored for UI.
  Hash is argon2id(salt, time=1, mem=64MB, threads=4, len=32) encoded as
  'argon2id|<salt-b64>|<hash-b64>'. Format-tagged so we can rotate
  parameters without re-keying. Verify is constant-time.

Store selection:
  cmd/server picks Postgres when DATABASE_URL is set, otherwise Memory.
  Both implementations are exercised by the same eachStore test harness —
  parity is enforced.

Audit:
  Every state-changing endpoint emits via s.emitAudit() (fire-and-forget).
  audit_log uses ON DELETE SET NULL on tenant_id so forensic history
  outlives tenant deletes (per M4.1 schema).

Routing constraint:
  Go 1.22 ServeMux can't disambiguate /v1/tenants/{id}/products from
  /v1/tenants/by-slug/{slug=products}. Per-tenant subresources moved to
  query-param top-level paths: /v1/entitlements?tenant_id=… and
  /v1/api-keys?tenant_id=….

Tests:
  Every endpoint exercised against both Memory and Postgres via the
  eachStore harness. Includes happy paths, validation errors, conflicts,
  404s, auto-audit-emit assertion. testcontainers-go for the postgres
  harness; gated by -short.

  TestOpenAPISpec is the contract gate: every documented operation must
  resolve against the router. (kin-openapi v0.138.0.)

Refs: M4.2
2026-05-19 12:44:43 +02:00

130 lines
4.0 KiB
Go
Raw Blame History

package server_test
import (
"net/http"
"testing"
"gitea.meghsakha.com/platform/tenant-registry/internal/store"
)
func TestCreateAPIKey_then_verify(t *testing.T) {
eachStore(t, func(t *testing.T, h *testHarness) {
resp, body := h.do("POST", "/v1/api-keys", map[string]any{
"tenant_id": h.tenant.ID, "name": "ci-bot", "product": "certifai",
"scopes": []string{"certifai:read", "certifai:write"},
})
if resp.StatusCode != http.StatusCreated {
t.Fatalf("create status = %d, body=%s", resp.StatusCode, body)
}
created := decode[struct {
APIKey store.APIKey `json:"api_key"`
Plaintext string `json:"plaintext"`
}](t, body)
if len(created.Plaintext) < 30 || created.Plaintext[:3] != "bp_" {
t.Fatalf("bad plaintext: %q", created.Plaintext)
}
if len(created.APIKey.Scopes) != 2 || created.APIKey.Product != "certifai" {
t.Errorf("unexpected key: %+v", created.APIKey)
}
// Verify with the plaintext key.
resp, body = h.do("POST", "/v1/internal/api-keys/verify", map[string]any{
"key": created.Plaintext,
})
if resp.StatusCode != 200 {
t.Fatalf("verify status = %d, body=%s", resp.StatusCode, body)
}
v := decode[struct {
Valid bool `json:"valid"`
TenantID string `json:"tenant_id"`
Product string `json:"product"`
Scopes []string `json:"scopes"`
}](t, body)
if !v.Valid || v.TenantID != h.tenant.ID || v.Product != "certifai" || len(v.Scopes) != 2 {
t.Errorf("verify returned %+v", v)
}
// Revoke; verify now returns valid=false.
resp, _ = h.do("DELETE", "/v1/api-keys/"+created.APIKey.ID, nil)
if resp.StatusCode != http.StatusNoContent {
t.Fatalf("revoke status = %d", resp.StatusCode)
}
resp, body = h.do("POST", "/v1/internal/api-keys/verify", map[string]any{"key": created.Plaintext})
if resp.StatusCode != 200 {
t.Fatalf("verify-after-revoke status = %d", resp.StatusCode)
}
v = decode[struct {
Valid bool `json:"valid"`
TenantID string `json:"tenant_id"`
Product string `json:"product"`
Scopes []string `json:"scopes"`
}](t, body)
if v.Valid {
t.Error("revoked key still verifies")
}
})
}
func TestVerifyAPIKey_garbage(t *testing.T) {
eachStore(t, func(t *testing.T, h *testHarness) {
for _, key := range []string{"", "not-a-key", "bp_short", "ax_wrongprefix1234567"} {
resp, body := h.do("POST", "/v1/internal/api-keys/verify", map[string]any{"key": key})
if resp.StatusCode != 200 {
t.Fatalf("status = %d for key %q", resp.StatusCode, key)
}
v := decode[struct {
Valid bool `json:"valid"`
}](t, body)
if v.Valid {
t.Errorf("garbage key %q verified as valid", key)
}
}
})
}
func TestCreateAPIKey_unknownProduct(t *testing.T) {
eachStore(t, func(t *testing.T, h *testHarness) {
resp, _ := h.do("POST", "/v1/api-keys", map[string]any{
"tenant_id": h.tenant.ID, "name": "k", "product": "bogus",
})
if resp.StatusCode != http.StatusBadRequest {
t.Fatalf("status = %d", resp.StatusCode)
}
})
}
func TestListAPIKeys(t *testing.T) {
eachStore(t, func(t *testing.T, h *testHarness) {
respA, bodyA := h.do("POST", "/v1/api-keys", map[string]any{
"tenant_id": h.tenant.ID, "name": "alpha",
})
if respA.StatusCode != http.StatusCreated {
t.Fatalf("alpha create: status=%d body=%s", respA.StatusCode, bodyA)
}
respB, bodyB := h.do("POST", "/v1/api-keys", map[string]any{
"tenant_id": h.tenant.ID, "name": "beta",
})
if respB.StatusCode != http.StatusCreated {
t.Fatalf("beta create: status=%d body=%s", respB.StatusCode, bodyB)
}
resp, body := h.do("GET", "/v1/api-keys?tenant_id="+h.tenant.ID, nil)
if resp.StatusCode != 200 {
t.Fatalf("status = %d", resp.StatusCode)
}
out := decode[struct {
Items []store.APIKey `json:"items"`
}](t, body)
if len(out.Items) < 2 {
t.Errorf("expected ≥2 keys, got %d", len(out.Items))
}
// Plaintext / hash must NOT leak in the list response.
for _, k := range out.Items {
rawJSON, _ := h.do("GET", "/v1/api-keys?tenant_id="+h.tenant.ID, nil)
_ = rawJSON
if k.Prefix == "" {
t.Error("prefix missing")
}
}
})
}
Reference in New Issue View Git Blame Copy Permalink