24219b611e
Backend (Go): - Project structure with chi router, pgxpool, goose migrations - JWT auth (access/refresh tokens) with Firebase token verification - NoopTokenVerifier for local dev without Firebase credentials - PostgreSQL user repository with atomic profile updates (transactions) - Mifflin-St Jeor calorie calculation based on profile data - REST API: POST /auth/login, /auth/refresh, /auth/logout, GET/PUT /profile, GET /health - Middleware: auth, CORS (localhost wildcard), logging, recovery, request_id - Unit tests (51 passing) and integration tests (testcontainers) - Docker Compose setup with postgres healthcheck and graceful shutdown Flutter client: - Riverpod state management with GoRouter navigation - Firebase Auth (email/password + Google sign-in with web popup support) - Platform-aware API URLs (web/Android/iOS) - Dio HTTP client with JWT auth interceptor and concurrent refresh handling - Secure token storage - Screens: Login, Register, Home (tabs: Menu, Recipes, Products, Profile) - Unit tests (17 passing) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
87 lines
2.2 KiB
Go
87 lines
2.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestGenerateAccessToken(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
|
|
|
|
token, err := jm.GenerateAccessToken("user-123", "free")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if token == "" {
|
|
t.Fatal("expected non-empty token")
|
|
}
|
|
}
|
|
|
|
func TestValidateAccessToken_Valid(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
|
|
|
|
token, _ := jm.GenerateAccessToken("user-123", "free")
|
|
claims, err := jm.ValidateAccessToken(token)
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if claims.UserID != "user-123" {
|
|
t.Errorf("expected user_id 'user-123', got %q", claims.UserID)
|
|
}
|
|
if claims.Plan != "free" {
|
|
t.Errorf("expected plan 'free', got %q", claims.Plan)
|
|
}
|
|
}
|
|
|
|
func TestValidateAccessToken_Expired(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", -1*time.Second, 720*time.Hour)
|
|
|
|
token, _ := jm.GenerateAccessToken("user-123", "free")
|
|
_, err := jm.ValidateAccessToken(token)
|
|
if err == nil {
|
|
t.Fatal("expected error for expired token")
|
|
}
|
|
}
|
|
|
|
func TestValidateAccessToken_WrongSecret(t *testing.T) {
|
|
jm1 := NewJWTManager("secret-1", 15*time.Minute, 720*time.Hour)
|
|
jm2 := NewJWTManager("secret-2", 15*time.Minute, 720*time.Hour)
|
|
|
|
token, _ := jm1.GenerateAccessToken("user-123", "free")
|
|
_, err := jm2.ValidateAccessToken(token)
|
|
if err == nil {
|
|
t.Fatal("expected error for wrong secret")
|
|
}
|
|
}
|
|
|
|
func TestValidateAccessToken_InvalidToken(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
|
|
|
|
_, err := jm.ValidateAccessToken("invalid-token")
|
|
if err == nil {
|
|
t.Fatal("expected error for invalid token")
|
|
}
|
|
}
|
|
|
|
func TestGenerateRefreshToken(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
|
|
|
|
token, expiresAt := jm.GenerateRefreshToken()
|
|
if token == "" {
|
|
t.Fatal("expected non-empty refresh token")
|
|
}
|
|
if expiresAt.Before(time.Now()) {
|
|
t.Fatal("expected future expiration time")
|
|
}
|
|
}
|
|
|
|
func TestGenerateRefreshToken_Unique(t *testing.T) {
|
|
jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)
|
|
|
|
token1, _ := jm.GenerateRefreshToken()
|
|
token2, _ := jm.GenerateRefreshToken()
|
|
if token1 == token2 {
|
|
t.Fatal("expected unique refresh tokens")
|
|
}
|
|
}
|