steve
84fd31ccaa
P1-01 chi router, slog request log, graceful shutdown via signal
context. Health endpoint, /api/auth/login, /api/auth/logout,
/api/bootstrap. Background sweeper for expired sessions and
enrollment tokens (15 min cadence).
P1-04 (sessions half) HttpOnly Secure-when-TLS cookie carrying a
base64url token; server stores SHA-256(token) so a stolen DB
doesn't yield credentials. Unknown user and bad password collapse
to the same 401 response code so a probe can't enumerate names.
P1-05 first-run admin bootstrap. On a fresh DB the server mints a
one-time token and prints it to stderr inside a banner. The
/api/bootstrap handler accepts {token, username, password},
creates the first admin, then becomes a 409 forever.
P1-07 (partial) audit hooks fire on auth.login and auth.bootstrap.
Full middleware-driven coverage lands with the rest of the API.
internal/server/config: env > YAML > defaults. RM_LISTEN /
RM_DATA_DIR / RM_BASE_URL / RM_TLS_CERT / RM_TLS_KEY /
RM_SECRET_KEY_FILE / RM_TRUSTED_PROXY (CIDR list, validated).
End-to-end smoke test passes: server boots on a fresh dir,
prints the bootstrap token, POST /api/bootstrap creates the admin,
POST /api/auth/login returns 200 with a session cookie.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
93 lines
2.1 KiB
Go
93 lines
2.1 KiB
Go
package config
|
|
|
|
import (
|
|
"path/filepath"
|
|
"testing"
|
|
)
|
|
|
|
func TestDefaultsValid(t *testing.T) {
|
|
t.Setenv("RM_LISTEN", ":8443")
|
|
t.Setenv("RM_DATA_DIR", "/tmp/rm-test")
|
|
|
|
c, err := Load("")
|
|
if err != nil {
|
|
t.Fatalf("load: %v", err)
|
|
}
|
|
if c.Listen != ":8443" {
|
|
t.Errorf("listen: %q", c.Listen)
|
|
}
|
|
if c.SecretKeyFile != "/tmp/rm-test/secret.key" {
|
|
t.Errorf("secret_key_file default: %q", c.SecretKeyFile)
|
|
}
|
|
}
|
|
|
|
func TestEnvOverridesYAML(t *testing.T) {
|
|
dir := t.TempDir()
|
|
yamlPath := filepath.Join(dir, "rm.yaml")
|
|
body := []byte(`listen: ":7000"` + "\n" +
|
|
`data_dir: "/var/lib/rm"` + "\n" +
|
|
`base_url: "https://yaml.example"` + "\n")
|
|
if err := writeFile(yamlPath, body); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
t.Setenv("RM_LISTEN", ":9999")
|
|
t.Setenv("RM_BASE_URL", "https://env.example")
|
|
|
|
c, err := Load(yamlPath)
|
|
if err != nil {
|
|
t.Fatalf("load: %v", err)
|
|
}
|
|
if c.Listen != ":9999" {
|
|
t.Errorf("env should win: %q", c.Listen)
|
|
}
|
|
if c.BaseURL != "https://env.example" {
|
|
t.Errorf("env should win: %q", c.BaseURL)
|
|
}
|
|
if c.DataDir != "/var/lib/rm" {
|
|
t.Errorf("yaml should fill: %q", c.DataDir)
|
|
}
|
|
}
|
|
|
|
func TestTrustedProxyParsing(t *testing.T) {
|
|
t.Setenv("RM_LISTEN", ":8443")
|
|
t.Setenv("RM_DATA_DIR", "/tmp/x")
|
|
t.Setenv("RM_TRUSTED_PROXY", "10.0.0.0/8, 192.168.1.0/24")
|
|
|
|
c, err := Load("")
|
|
if err != nil {
|
|
t.Fatalf("load: %v", err)
|
|
}
|
|
if len(c.TrustedProxies) != 2 {
|
|
t.Fatalf("want 2 proxies, got %v", c.TrustedProxies)
|
|
}
|
|
if c.TrustedProxies[0] != "10.0.0.0/8" || c.TrustedProxies[1] != "192.168.1.0/24" {
|
|
t.Errorf("parsed: %v", c.TrustedProxies)
|
|
}
|
|
}
|
|
|
|
func TestTrustedProxyRejectsGarbage(t *testing.T) {
|
|
t.Setenv("RM_LISTEN", ":8443")
|
|
t.Setenv("RM_DATA_DIR", "/tmp/x")
|
|
t.Setenv("RM_TRUSTED_PROXY", "not-a-cidr")
|
|
|
|
if _, err := Load(""); err == nil {
|
|
t.Fatal("expected validation error, got nil")
|
|
}
|
|
}
|
|
|
|
func TestTLSPairConsistency(t *testing.T) {
|
|
t.Setenv("RM_LISTEN", ":8443")
|
|
t.Setenv("RM_DATA_DIR", "/tmp/x")
|
|
t.Setenv("RM_TLS_CERT", "/some/cert.pem")
|
|
// key intentionally unset
|
|
|
|
if _, err := Load(""); err == nil {
|
|
t.Fatal("expected error: cert without key")
|
|
}
|
|
}
|
|
|
|
func writeFile(path string, body []byte) error {
|
|
return writeFileImpl(path, body)
|
|
}
|