feat: implement Iteration 0 foundation (backend + Flutter client)

Backend (Go): - Project structure with chi router, pgxpool, goose migrations - JWT auth (access/refresh tokens) with Firebase token verification - NoopTokenVerifier for local dev without Firebase credentials - PostgreSQL user repository with atomic profile updates (transactions) - Mifflin-St Jeor calorie calculation based on profile data - REST API: POST /auth/login, /auth/refresh, /auth/logout, GET/PUT /profile, GET /health - Middleware: auth, CORS (localhost wildcard), logging, recovery, request_id - Unit tests (51 passing) and integration tests (testcontainers) - Docker Compose setup with postgres healthcheck and graceful shutdown Flutter client: - Riverpod state management with GoRouter navigation - Firebase Auth (email/password + Google sign-in with web popup support) - Platform-aware API URLs (web/Android/iOS) - Dio HTTP client with JWT auth interceptor and concurrent refresh handling - Secure token storage - Screens: Login, Register, Home (tabs: Menu, Recipes, Products, Profile) - Unit tests (17 passing) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 13:14:58 +02:00
commit 24219b611e
140 changed files with 13062 additions and 0 deletions
--- a/backend/internal/auth/jwt_test.go
+++ b/backend/internal/auth/jwt_test.go
@@ -0,0 +1,86 @@
+package auth
+
+import (
+	"testing"
+	"time"
+)
+
+func TestGenerateAccessToken(t *testing.T) {
+	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
+
+	token, err := jm.GenerateAccessToken("user-123", "free")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if token == "" {
+		t.Fatal("expected non-empty token")
+	}
+}
+
+func TestValidateAccessToken_Valid(t *testing.T) {
+	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
+
+	token, _ := jm.GenerateAccessToken("user-123", "free")
+	claims, err := jm.ValidateAccessToken(token)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if claims.UserID != "user-123" {
+		t.Errorf("expected user_id 'user-123', got %q", claims.UserID)
+	}
+	if claims.Plan != "free" {
+		t.Errorf("expected plan 'free', got %q", claims.Plan)
+	}
+}
+
+func TestValidateAccessToken_Expired(t *testing.T) {
+	jm := NewJWTManager("test-secret", -1*time.Second, 720*time.Hour)
+
+	token, _ := jm.GenerateAccessToken("user-123", "free")
+	_, err := jm.ValidateAccessToken(token)
+	if err == nil {
+		t.Fatal("expected error for expired token")
+	}
+}
+
+func TestValidateAccessToken_WrongSecret(t *testing.T) {
+	jm1 := NewJWTManager("secret-1", 15*time.Minute, 720*time.Hour)
+	jm2 := NewJWTManager("secret-2", 15*time.Minute, 720*time.Hour)
+
+	token, _ := jm1.GenerateAccessToken("user-123", "free")
+	_, err := jm2.ValidateAccessToken(token)
+	if err == nil {
+		t.Fatal("expected error for wrong secret")
+	}
+}
+
+func TestValidateAccessToken_InvalidToken(t *testing.T) {
+	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
+
+	_, err := jm.ValidateAccessToken("invalid-token")
+	if err == nil {
+		t.Fatal("expected error for invalid token")
+	}
+}
+
+func TestGenerateRefreshToken(t *testing.T) {
+	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
+
+	token, expiresAt := jm.GenerateRefreshToken()
+	if token == "" {
+		t.Fatal("expected non-empty refresh token")
+	}
+	if expiresAt.Before(time.Now()) {
+		t.Fatal("expected future expiration time")
+	}
+}
+
+func TestGenerateRefreshToken_Unique(t *testing.T) {
+	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
+
+	token1, _ := jm.GenerateRefreshToken()
+	token2, _ := jm.GenerateRefreshToken()
+	if token1 == token2 {
+		t.Fatal("expected unique refresh tokens")
+	}
+}