steam 2fa for polling and security

2025-08-16 16:43:54 +02:00
parent 1683d5c2f1
commit aab5d2ad61
32 changed files with 2191 additions and 98 deletions
--- a/tests/auth_helper.go
+++ b/tests/auth_helper.go
@@ -4,6 +4,7 @@ import (
 	"acc-server-manager/local/model"
 	"acc-server-manager/local/utl/jwt"
 	"fmt"
+	"os"
 	"time"

 	"github.com/google/uuid"
@@ -18,8 +19,16 @@ func GenerateTestToken() (string, error) {
 		RoleID:   uuid.New(),
 	}

+	// Use the environment JWT_SECRET for consistency with middleware
+	testSecret := os.Getenv("JWT_SECRET")
+	if testSecret == "" {
+		// Fallback to a test secret if env var is not set
+		testSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(testSecret)
+
 	// Generate JWT token
-	token, err := jwt.GenerateToken(user)
+	token, err := jwtHandler.GenerateToken(user)
 	if err != nil {
 		return "", fmt.Errorf("failed to generate test token: %w", err)
 	}
@@ -39,6 +48,14 @@ func MustGenerateTestToken() string {

 // GenerateTestTokenWithExpiry creates a JWT token with a specific expiry time
 func GenerateTestTokenWithExpiry(expiryTime time.Time) (string, error) {
+	// Use the environment JWT_SECRET for consistency with middleware
+	testSecret := os.Getenv("JWT_SECRET")
+	if testSecret == "" {
+		// Fallback to a test secret if env var is not set
+		testSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(testSecret)
+	
 	// Create test user
 	user := &model.User{
 		ID:       uuid.New(),
@@ -47,7 +64,7 @@ func GenerateTestTokenWithExpiry(expiryTime time.Time) (string, error) {
 	}

 	// Generate JWT token with custom expiry
-	token, err := jwt.GenerateTokenWithExpiry(user, expiryTime)
+	token, err := jwtHandler.GenerateTokenWithExpiry(user, expiryTime)
 	if err != nil {
 		return "", fmt.Errorf("failed to generate test token with expiry: %w", err)
 	}
--- a/tests/test_helper.go
+++ b/tests/test_helper.go
@@ -3,7 +3,6 @@ package tests
 import (
 	"acc-server-manager/local/model"
 	"acc-server-manager/local/utl/configs"
-	"acc-server-manager/local/utl/jwt"
 	"bytes"
 	"context"
 	"errors"
@@ -52,7 +51,6 @@ func SetTestEnv() {
 	os.Setenv("TESTING_ENV", "true") // Used to bypass

 	configs.Init()
-	jwt.Init()
 }

 // NewTestHelper creates a new test helper with in-memory database
--- a/tests/unit/controller/helper.go
+++ b/tests/unit/controller/helper.go
@@ -4,7 +4,9 @@ import (
 	"acc-server-manager/local/middleware"
 	"acc-server-manager/local/service"
 	"acc-server-manager/local/utl/cache"
+	"acc-server-manager/local/utl/jwt"
 	"acc-server-manager/tests"
+	"os"

 	"github.com/gofiber/fiber/v2"
 )
@@ -15,9 +17,18 @@ type MockMiddleware struct{}
 // GetTestAuthMiddleware returns a mock auth middleware that can be used in place of the real one
 // This works because we're adding real authentication tokens to requests
 func GetTestAuthMiddleware(ms *service.MembershipService, cache *cache.InMemoryCache) *middleware.AuthMiddleware {
+	// Use environment JWT secrets for consistency with token generation
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret) // Use same secret for test consistency
+	
 	// Cast our mock to the real type for testing
 	// This is a type-unsafe cast but works for testing because we're using real JWT tokens
-	return middleware.NewAuthMiddleware(ms, cache)
+	return middleware.NewAuthMiddleware(ms, cache, jwtHandler, openJWTHandler)
 }

 // AddAuthToRequest adds a valid authentication token to a test request
--- a/tests/unit/controller/state_history_controller_test.go
+++ b/tests/unit/controller/state_history_controller_test.go
@@ -7,6 +7,7 @@ import (
 	"acc-server-manager/local/service"
 	"acc-server-manager/local/utl/cache"
 	"acc-server-manager/local/utl/common"
+	"acc-server-manager/local/utl/jwt"
 	"acc-server-manager/tests"
 	"acc-server-manager/tests/testdata"
 	"encoding/json"
@@ -14,6 +15,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"testing"

 	"github.com/gofiber/fiber/v2"
@@ -32,7 +34,13 @@ func TestStateHistoryController_GetAll_Success(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -86,7 +94,13 @@ func TestStateHistoryController_GetAll_WithSessionFilter(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -145,7 +159,13 @@ func TestStateHistoryController_GetAll_EmptyResult(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -185,7 +205,13 @@ func TestStateHistoryController_GetStatistics_Success(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -262,7 +288,13 @@ func TestStateHistoryController_GetStatistics_NoData(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -321,7 +353,13 @@ func TestStateHistoryController_GetStatistics_InvalidQueryParams(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -365,7 +403,13 @@ func TestStateHistoryController_HTTPMethods(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -419,7 +463,13 @@ func TestStateHistoryController_ContentType(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

@@ -481,7 +531,13 @@ func TestStateHistoryController_ResponseStructure(t *testing.T) {
 	stateHistoryService := service.NewStateHistoryService(repo)

 	membershipRepo := repository.NewMembershipRepository(helper.DB)
-	membershipService := service.NewMembershipService(membershipRepo)
+	jwtSecret := os.Getenv("JWT_SECRET")
+	if jwtSecret == "" {
+		jwtSecret = "test-secret-that-is-at-least-32-bytes-long-for-security"
+	}
+	jwtHandler := jwt.NewJWTHandler(jwtSecret)
+	openJWTHandler := jwt.NewOpenJWTHandler(jwtSecret)
+	membershipService := service.NewMembershipService(membershipRepo, jwtHandler, openJWTHandler)

 	inMemCache := cache.NewInMemoryCache()

--- a/tests/unit/service/auth_simple_test.go
+++ b/tests/unit/service/auth_simple_test.go
@@ -5,6 +5,7 @@ import (
 	"acc-server-manager/local/utl/jwt"
 	"acc-server-manager/local/utl/password"
 	"acc-server-manager/tests"
+	"os"
 	"testing"

 	"github.com/google/uuid"
@@ -15,6 +16,8 @@ func TestJWT_GenerateAndValidateToken(t *testing.T) {
 	helper := tests.NewTestHelper(t)
 	defer helper.Cleanup()

+	jwtHandler := jwt.NewJWTHandler(os.Getenv("JWT_SECRET"))
+
 	// Create test user
 	user := &model.User{
 		ID:       uuid.New(),
@@ -23,7 +26,7 @@ func TestJWT_GenerateAndValidateToken(t *testing.T) {
 	}

 	// Test JWT generation
-	token, err := jwt.GenerateToken(user)
+	token, err := jwtHandler.GenerateToken(user)
 	tests.AssertNoError(t, err)
 	tests.AssertNotNil(t, token)

@@ -33,7 +36,7 @@ func TestJWT_GenerateAndValidateToken(t *testing.T) {
 	}

 	// Test JWT validation
-	claims, err := jwt.ValidateToken(token)
+	claims, err := jwtHandler.ValidateToken(token)
 	tests.AssertNoError(t, err)
 	tests.AssertNotNil(t, claims)
 	tests.AssertEqual(t, user.ID.String(), claims.UserID)
@@ -43,9 +46,10 @@ func TestJWT_ValidateToken_InvalidToken(t *testing.T) {
 	// Setup
 	helper := tests.NewTestHelper(t)
 	defer helper.Cleanup()
+	jwtHandler := jwt.NewJWTHandler(os.Getenv("JWT_SECRET"))

 	// Test with invalid token
-	claims, err := jwt.ValidateToken("invalid-token")
+	claims, err := jwtHandler.ValidateToken("invalid-token")
 	if err == nil {
 		t.Fatal("Expected error for invalid token, got nil")
 	}
@@ -59,9 +63,10 @@ func TestJWT_ValidateToken_EmptyToken(t *testing.T) {
 	// Setup
 	helper := tests.NewTestHelper(t)
 	defer helper.Cleanup()
+	jwtHandler := jwt.NewJWTHandler(os.Getenv("JWT_SECRET"))

 	// Test with empty token
-	claims, err := jwt.ValidateToken("")
+	claims, err := jwtHandler.ValidateToken("")
 	if err == nil {
 		t.Fatal("Expected error for empty token, got nil")
 	}