feat: initial shared auth module
Signed user-header middleware (UserMiddleware/FromContext/User, ADR-0005) plus the deployed-secrets startup guard (MissingDeployedSecrets, ADR-0005/0006). Replaces the byte-identical auth package + secrets_guard.go copied into every backend service.
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestMissingDeployedSecrets(t *testing.T) {
|
||||
required := func(signing, internal string) map[string]string {
|
||||
return map[string]string{"USER_SIGNING_KEY": signing, "INTERNAL_API_KEY": internal}
|
||||
}
|
||||
for _, env := range []string{"development", "", "acctest", "test"} {
|
||||
assert.Nil(t, MissingDeployedSecrets(env, required("", "")), "env %q must not enforce", env)
|
||||
}
|
||||
assert.Nil(t, MissingDeployedSecrets("staging", required("k", "k")))
|
||||
assert.Nil(t, MissingDeployedSecrets("production", required("k", "k")))
|
||||
assert.Equal(t, []string{"INTERNAL_API_KEY", "USER_SIGNING_KEY"},
|
||||
MissingDeployedSecrets("staging", required("", "")))
|
||||
assert.Equal(t, []string{"USER_SIGNING_KEY"},
|
||||
MissingDeployedSecrets("production", required("", "k")))
|
||||
}
|
||||
Reference in New Issue
Block a user