shindakun.net
+9
-1
REFACTORING_PLAN.md
+9
-1
REFACTORING_PLAN.md
···
521
521
- โ
Added LoggingMiddleware for request/response logging
522
522
- โ
All middleware exportable and composable
523
523
- โ
Standard Go middleware patterns throughout
524
+
- โ
**Phase 5: Testing Improvements - COMPLETE**
525
+
- โ
Created internal/testutil/ package with common utilities
526
+
- โ
Added fixtures.go with test data generators (sessions, keys, metadata)
527
+
- โ
Added mock_server.go with mock OAuth, PDS, and handle servers
528
+
- โ
Added helpers.go with assertion helpers and mock HTTP clients
529
+
- โ
All testutil functions tested and documented
524
530
525
531
### Results
526
532
- **100% backward compatibility maintained** - All public APIs unchanged
···
529
535
- **Clear separation of concerns** - Internal implementation hidden
530
536
- **Better code organization** - Functionality split into focused packages
531
537
- **Reusable middleware** - Can be composed and used independently
538
+
- **Test utilities available** - Reduces duplication in test code
539
+
- **Mock servers ready** - Easy to test OAuth and API flows
532
540
- **Foundation established** for future improvements
533
541
534
542
### Next Steps
535
543
- Phase 2: Refactor Client Struct (potentially breaking, requires major version bump)
536
-
- Phase 5: Testing Improvements (ongoing)
544
+
- Update existing tests to use testutil package (incremental improvement)
537
545
538
546
---
539
547
+180
internal/testutil/fixtures.go
+180
internal/testutil/fixtures.go
···
1
+
package testutil
2
+
3
+
import (
4
+
"crypto/ecdsa"
5
+
"crypto/elliptic"
6
+
"crypto/rand"
7
+
"testing"
8
+
"time"
9
+
)
10
+
11
+
// NewTestDPoPKey generates a test ECDSA P-256 key for DPoP.
12
+
// If generation fails, the test is failed with t.Fatal.
13
+
func NewTestDPoPKey(t *testing.T) *ecdsa.PrivateKey {
14
+
t.Helper()
15
+
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
16
+
if err != nil {
17
+
t.Fatalf("Failed to generate DPoP key: %v", err)
18
+
}
19
+
return key
20
+
}
21
+
22
+
// TestSession represents a test session with all fields populated.
23
+
type TestSession struct {
24
+
DID string
25
+
AccessToken string
26
+
RefreshToken string
27
+
DPoPKey *ecdsa.PrivateKey
28
+
PDS string
29
+
DPoPNonce string
30
+
Handle string
31
+
Email string
32
+
AccessTokenExpiresAt time.Time
33
+
RefreshTokenExpiresAt time.Time
34
+
}
35
+
36
+
// NewTestSession creates a test session with sensible defaults.
37
+
// Pass options to customize the session.
38
+
func NewTestSession(t *testing.T, opts ...TestSessionOption) *TestSession {
39
+
t.Helper()
40
+
41
+
// Default values
42
+
session := &TestSession{
43
+
DID: "did:plc:test123abc",
44
+
AccessToken: "test-access-token-" + RandomString(16),
45
+
RefreshToken: "test-refresh-token-" + RandomString(16),
46
+
DPoPKey: NewTestDPoPKey(t),
47
+
PDS: "https://test.pds.example.com",
48
+
DPoPNonce: "test-nonce-" + RandomString(8),
49
+
Handle: "testuser.test",
50
+
Email: "test@example.com",
51
+
AccessTokenExpiresAt: time.Now().Add(12 * time.Hour),
52
+
RefreshTokenExpiresAt: time.Now().Add(90 * 24 * time.Hour),
53
+
}
54
+
55
+
// Apply options
56
+
for _, opt := range opts {
57
+
opt(session)
58
+
}
59
+
60
+
return session
61
+
}
62
+
63
+
// TestSessionOption is a function that modifies a TestSession.
64
+
type TestSessionOption func(*TestSession)
65
+
66
+
// WithDID sets the DID for the test session.
67
+
func WithDID(did string) TestSessionOption {
68
+
return func(s *TestSession) {
69
+
s.DID = did
70
+
}
71
+
}
72
+
73
+
// WithAccessToken sets the access token for the test session.
74
+
func WithAccessToken(token string) TestSessionOption {
75
+
return func(s *TestSession) {
76
+
s.AccessToken = token
77
+
}
78
+
}
79
+
80
+
// WithRefreshToken sets the refresh token for the test session.
81
+
func WithRefreshToken(token string) TestSessionOption {
82
+
return func(s *TestSession) {
83
+
s.RefreshToken = token
84
+
}
85
+
}
86
+
87
+
// WithPDS sets the PDS URL for the test session.
88
+
func WithPDS(pds string) TestSessionOption {
89
+
return func(s *TestSession) {
90
+
s.PDS = pds
91
+
}
92
+
}
93
+
94
+
// WithDPoPNonce sets the DPoP nonce for the test session.
95
+
func WithDPoPNonce(nonce string) TestSessionOption {
96
+
return func(s *TestSession) {
97
+
s.DPoPNonce = nonce
98
+
}
99
+
}
100
+
101
+
// WithHandle sets the handle for the test session.
102
+
func WithHandle(handle string) TestSessionOption {
103
+
return func(s *TestSession) {
104
+
s.Handle = handle
105
+
}
106
+
}
107
+
108
+
// WithExpiredAccessToken sets the access token to be expired.
109
+
func WithExpiredAccessToken() TestSessionOption {
110
+
return func(s *TestSession) {
111
+
s.AccessTokenExpiresAt = time.Now().Add(-1 * time.Hour)
112
+
}
113
+
}
114
+
115
+
// WithExpiredRefreshToken sets the refresh token to be expired.
116
+
func WithExpiredRefreshToken() TestSessionOption {
117
+
return func(s *TestSession) {
118
+
s.RefreshTokenExpiresAt = time.Now().Add(-1 * time.Hour)
119
+
}
120
+
}
121
+
122
+
// TestAuthServerMetadata represents OAuth server metadata for testing.
123
+
type TestAuthServerMetadata struct {
124
+
Issuer string
125
+
AuthorizationEndpoint string
126
+
TokenEndpoint string
127
+
JWKSURI string
128
+
}
129
+
130
+
// NewTestAuthServerMetadata creates test OAuth server metadata.
131
+
// Pass a base URL to customize the endpoints.
132
+
func NewTestAuthServerMetadata(baseURL string) *TestAuthServerMetadata {
133
+
if baseURL == "" {
134
+
baseURL = "https://test.oauth.example.com"
135
+
}
136
+
137
+
return &TestAuthServerMetadata{
138
+
Issuer: baseURL,
139
+
AuthorizationEndpoint: baseURL + "/authorize",
140
+
TokenEndpoint: baseURL + "/token",
141
+
JWKSURI: baseURL + "/.well-known/jwks.json",
142
+
}
143
+
}
144
+
145
+
// TestClientConfig represents test client configuration.
146
+
type TestClientConfig struct {
147
+
BaseURL string
148
+
ClientID string
149
+
RedirectURI string
150
+
ClientName string
151
+
ApplicationType string
152
+
Scopes []string
153
+
}
154
+
155
+
// NewTestClientConfig creates test client configuration.
156
+
func NewTestClientConfig() *TestClientConfig {
157
+
baseURL := "http://localhost:8181"
158
+
return &TestClientConfig{
159
+
BaseURL: baseURL,
160
+
ClientID: baseURL + "/client-metadata.json",
161
+
RedirectURI: baseURL + "/callback",
162
+
ClientName: "Test OAuth Client",
163
+
ApplicationType: "web",
164
+
Scopes: []string{"atproto", "transition:generic"},
165
+
}
166
+
}
167
+
168
+
// RandomString generates a random string of the specified length.
169
+
// Uses URL-safe base64 characters.
170
+
func RandomString(length int) string {
171
+
const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
172
+
b := make([]byte, length)
173
+
if _, err := rand.Read(b); err != nil {
174
+
return ""
175
+
}
176
+
for i := range b {
177
+
b[i] = charset[int(b[i])%len(charset)]
178
+
}
179
+
return string(b)
180
+
}
+80
internal/testutil/fixtures_test.go
+80
internal/testutil/fixtures_test.go
···
1
+
package testutil
2
+
3
+
import (
4
+
"testing"
5
+
)
6
+
7
+
// TestNewTestDPoPKey verifies that DPoP key generation works.
8
+
func TestNewTestDPoPKey(t *testing.T) {
9
+
key := NewTestDPoPKey(t)
10
+
AssertNotNil(t, key, "DPoP key should not be nil")
11
+
AssertNotNil(t, key.PublicKey, "Public key should not be nil")
12
+
}
13
+
14
+
// TestNewTestSession verifies that test session creation works.
15
+
func TestNewTestSession(t *testing.T) {
16
+
session := NewTestSession(t)
17
+
18
+
AssertNotEqual(t, session.DID, "", "DID should not be empty")
19
+
AssertNotEqual(t, session.AccessToken, "", "AccessToken should not be empty")
20
+
AssertNotEqual(t, session.RefreshToken, "", "RefreshToken should not be empty")
21
+
AssertNotNil(t, session.DPoPKey, "DPoPKey should not be nil")
22
+
AssertNotEqual(t, session.PDS, "", "PDS should not be empty")
23
+
AssertNotEqual(t, session.DPoPNonce, "", "DPoPNonce should not be empty")
24
+
}
25
+
26
+
// TestNewTestSessionWithOptions verifies that test session options work.
27
+
func TestNewTestSessionWithOptions(t *testing.T) {
28
+
customDID := "did:plc:custom123"
29
+
customPDS := "https://custom.pds.com"
30
+
31
+
session := NewTestSession(t,
32
+
WithDID(customDID),
33
+
WithPDS(customPDS),
34
+
)
35
+
36
+
AssertEqual(t, session.DID, customDID, "DID should match custom value")
37
+
AssertEqual(t, session.PDS, customPDS, "PDS should match custom value")
38
+
}
39
+
40
+
// TestNewTestSessionExpired verifies expired token options.
41
+
func TestNewTestSessionExpired(t *testing.T) {
42
+
session := NewTestSession(t,
43
+
WithExpiredAccessToken(),
44
+
WithExpiredRefreshToken(),
45
+
)
46
+
47
+
AssertTrue(t, session.AccessTokenExpiresAt.Before(session.RefreshTokenExpiresAt), "Access token should be in the past")
48
+
}
49
+
50
+
// TestNewTestAuthServerMetadata verifies metadata creation.
51
+
func TestNewTestAuthServerMetadata(t *testing.T) {
52
+
metadata := NewTestAuthServerMetadata("")
53
+
54
+
AssertNotEqual(t, metadata.Issuer, "", "Issuer should not be empty")
55
+
AssertNotEqual(t, metadata.AuthorizationEndpoint, "", "AuthorizationEndpoint should not be empty")
56
+
AssertNotEqual(t, metadata.TokenEndpoint, "", "TokenEndpoint should not be empty")
57
+
AssertNotEqual(t, metadata.JWKSURI, "", "JWKSURI should not be empty")
58
+
}
59
+
60
+
// TestNewTestClientConfig verifies client config creation.
61
+
func TestNewTestClientConfig(t *testing.T) {
62
+
config := NewTestClientConfig()
63
+
64
+
AssertNotEqual(t, config.BaseURL, "", "BaseURL should not be empty")
65
+
AssertNotEqual(t, config.ClientID, "", "ClientID should not be empty")
66
+
AssertNotEqual(t, config.RedirectURI, "", "RedirectURI should not be empty")
67
+
AssertTrue(t, len(config.Scopes) > 0, "Scopes should not be empty")
68
+
}
69
+
70
+
// TestRandomString verifies random string generation.
71
+
func TestRandomString(t *testing.T) {
72
+
length := 16
73
+
str := RandomString(length)
74
+
75
+
AssertEqual(t, len(str), length, "Random string should have correct length")
76
+
77
+
// Verify uniqueness
78
+
str2 := RandomString(length)
79
+
AssertNotEqual(t, str, str2, "Random strings should be unique")
80
+
}
+207
internal/testutil/helpers.go
+207
internal/testutil/helpers.go
···
1
+
package testutil
2
+
3
+
import (
4
+
"bytes"
5
+
"context"
6
+
"io"
7
+
"net/http"
8
+
"testing"
9
+
)
10
+
11
+
// AssertNoError fails the test if err is not nil.
12
+
func AssertNoError(t *testing.T, err error, message string) {
13
+
t.Helper()
14
+
if err != nil {
15
+
t.Fatalf("%s: %v", message, err)
16
+
}
17
+
}
18
+
19
+
// AssertError fails the test if err is nil.
20
+
func AssertError(t *testing.T, err error, message string) {
21
+
t.Helper()
22
+
if err == nil {
23
+
t.Fatalf("%s: expected error but got nil", message)
24
+
}
25
+
}
26
+
27
+
// AssertEqual fails the test if got != want.
28
+
func AssertEqual(t *testing.T, got, want interface{}, message string) {
29
+
t.Helper()
30
+
if got != want {
31
+
t.Fatalf("%s: got %v, want %v", message, got, want)
32
+
}
33
+
}
34
+
35
+
// AssertNotEqual fails the test if got == want.
36
+
func AssertNotEqual(t *testing.T, got, want interface{}, message string) {
37
+
t.Helper()
38
+
if got == want {
39
+
t.Fatalf("%s: got %v, did not want %v", message, got, want)
40
+
}
41
+
}
42
+
43
+
// AssertNil fails the test if value is not nil.
44
+
func AssertNil(t *testing.T, value interface{}, message string) {
45
+
t.Helper()
46
+
if value != nil {
47
+
t.Fatalf("%s: expected nil but got %v", message, value)
48
+
}
49
+
}
50
+
51
+
// AssertNotNil fails the test if value is nil.
52
+
func AssertNotNil(t *testing.T, value interface{}, message string) {
53
+
t.Helper()
54
+
if value == nil {
55
+
t.Fatalf("%s: expected non-nil value", message)
56
+
}
57
+
}
58
+
59
+
// AssertTrue fails the test if condition is false.
60
+
func AssertTrue(t *testing.T, condition bool, message string) {
61
+
t.Helper()
62
+
if !condition {
63
+
t.Fatalf("%s: expected true but got false", message)
64
+
}
65
+
}
66
+
67
+
// AssertFalse fails the test if condition is true.
68
+
func AssertFalse(t *testing.T, condition bool, message string) {
69
+
t.Helper()
70
+
if condition {
71
+
t.Fatalf("%s: expected false but got true", message)
72
+
}
73
+
}
74
+
75
+
// AssertContains fails the test if substring is not in str.
76
+
func AssertContains(t *testing.T, str, substring, message string) {
77
+
t.Helper()
78
+
if !contains(str, substring) {
79
+
t.Fatalf("%s: expected %q to contain %q", message, str, substring)
80
+
}
81
+
}
82
+
83
+
// AssertNotContains fails the test if substring is in str.
84
+
func AssertNotContains(t *testing.T, str, substring, message string) {
85
+
t.Helper()
86
+
if contains(str, substring) {
87
+
t.Fatalf("%s: expected %q not to contain %q", message, str, substring)
88
+
}
89
+
}
90
+
91
+
func contains(str, substring string) bool {
92
+
return len(str) >= len(substring) && (str == substring || len(substring) == 0 || indexOf(str, substring) >= 0)
93
+
}
94
+
95
+
func indexOf(str, substring string) int {
96
+
for i := 0; i <= len(str)-len(substring); i++ {
97
+
if str[i:i+len(substring)] == substring {
98
+
return i
99
+
}
100
+
}
101
+
return -1
102
+
}
103
+
104
+
// AssertPanics fails the test if the function does not panic.
105
+
func AssertPanics(t *testing.T, fn func(), message string) {
106
+
t.Helper()
107
+
defer func() {
108
+
if r := recover(); r == nil {
109
+
t.Fatalf("%s: expected panic but did not panic", message)
110
+
}
111
+
}()
112
+
fn()
113
+
}
114
+
115
+
// NewTestContext returns a context with a test timeout.
116
+
func NewTestContext(t *testing.T) context.Context {
117
+
t.Helper()
118
+
ctx, cancel := context.WithTimeout(context.Background(), 30*1000000000) // 30 seconds
119
+
t.Cleanup(cancel)
120
+
return ctx
121
+
}
122
+
123
+
// MockHTTPClient creates a mock HTTP client that returns predefined responses.
124
+
type MockHTTPClient struct {
125
+
Responses []*http.Response
126
+
Errors []error
127
+
Requests []*http.Request
128
+
index int
129
+
}
130
+
131
+
// NewMockHTTPClient creates a new mock HTTP client.
132
+
func NewMockHTTPClient() *MockHTTPClient {
133
+
return &MockHTTPClient{
134
+
Responses: []*http.Response{},
135
+
Errors: []error{},
136
+
Requests: []*http.Request{},
137
+
}
138
+
}
139
+
140
+
// AddResponse adds a response to the mock client's queue.
141
+
func (m *MockHTTPClient) AddResponse(statusCode int, body string) {
142
+
m.Responses = append(m.Responses, &http.Response{
143
+
StatusCode: statusCode,
144
+
Body: io.NopCloser(bytes.NewBufferString(body)),
145
+
Header: make(http.Header),
146
+
})
147
+
m.Errors = append(m.Errors, nil)
148
+
}
149
+
150
+
// AddError adds an error to the mock client's queue.
151
+
func (m *MockHTTPClient) AddError(err error) {
152
+
m.Responses = append(m.Responses, nil)
153
+
m.Errors = append(m.Errors, err)
154
+
}
155
+
156
+
// Do implements the http.Client.Do interface.
157
+
func (m *MockHTTPClient) Do(req *http.Request) (*http.Response, error) {
158
+
m.Requests = append(m.Requests, req)
159
+
160
+
if m.index >= len(m.Responses) {
161
+
return nil, io.EOF
162
+
}
163
+
164
+
resp := m.Responses[m.index]
165
+
err := m.Errors[m.index]
166
+
m.index++
167
+
168
+
return resp, err
169
+
}
170
+
171
+
// Reset resets the mock client state.
172
+
func (m *MockHTTPClient) Reset() {
173
+
m.Responses = []*http.Response{}
174
+
m.Errors = []error{}
175
+
m.Requests = []*http.Request{}
176
+
m.index = 0
177
+
}
178
+
179
+
// RequestCount returns the number of requests made.
180
+
func (m *MockHTTPClient) RequestCount() int {
181
+
return len(m.Requests)
182
+
}
183
+
184
+
// LastRequest returns the most recent request, or nil if no requests were made.
185
+
func (m *MockHTTPClient) LastRequest() *http.Request {
186
+
if len(m.Requests) == 0 {
187
+
return nil
188
+
}
189
+
return m.Requests[len(m.Requests)-1]
190
+
}
191
+
192
+
// MockRoundTripper implements http.RoundTripper for testing.
193
+
type MockRoundTripper struct {
194
+
RoundTripFunc func(*http.Request) (*http.Response, error)
195
+
}
196
+
197
+
// RoundTrip implements http.RoundTripper.
198
+
func (m *MockRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
199
+
return m.RoundTripFunc(req)
200
+
}
201
+
202
+
// NewMockRoundTripper creates a new mock round tripper.
203
+
func NewMockRoundTripper(fn func(*http.Request) (*http.Response, error)) *MockRoundTripper {
204
+
return &MockRoundTripper{
205
+
RoundTripFunc: fn,
206
+
}
207
+
}
+406
internal/testutil/mock_server.go
+406
internal/testutil/mock_server.go
···
1
+
package testutil
2
+
3
+
import (
4
+
"crypto/ecdsa"
5
+
"crypto/elliptic"
6
+
"crypto/rand"
7
+
"crypto/rsa"
8
+
"encoding/base64"
9
+
"encoding/json"
10
+
"fmt"
11
+
"math/big"
12
+
"net/http"
13
+
"net/http/httptest"
14
+
"strings"
15
+
"testing"
16
+
"time"
17
+
)
18
+
19
+
// MockOAuthServer provides a mock OAuth authorization server for testing.
20
+
type MockOAuthServer struct {
21
+
Server *httptest.Server
22
+
BaseURL string
23
+
t *testing.T
24
+
handlers map[string]http.HandlerFunc
25
+
}
26
+
27
+
// NewMockOAuthServer creates a new mock OAuth server.
28
+
func NewMockOAuthServer(t *testing.T) *MockOAuthServer {
29
+
t.Helper()
30
+
31
+
mock := &MockOAuthServer{
32
+
t: t,
33
+
handlers: make(map[string]http.HandlerFunc),
34
+
}
35
+
36
+
// Set up default handlers
37
+
mock.handlers["/.well-known/oauth-authorization-server"] = mock.handleMetadata
38
+
mock.handlers["/.well-known/jwks.json"] = mock.handleJWKS
39
+
mock.handlers["/authorize"] = mock.handleAuthorize
40
+
mock.handlers["/token"] = mock.handleToken
41
+
mock.handlers["/par"] = mock.handlePAR
42
+
43
+
// Create the server
44
+
mux := http.NewServeMux()
45
+
for path, handler := range mock.handlers {
46
+
mux.HandleFunc(path, handler)
47
+
}
48
+
49
+
mock.Server = httptest.NewServer(mux)
50
+
mock.BaseURL = mock.Server.URL
51
+
52
+
return mock
53
+
}
54
+
55
+
// Close closes the mock server.
56
+
func (m *MockOAuthServer) Close() {
57
+
m.Server.Close()
58
+
}
59
+
60
+
// SetHandler allows overriding a specific handler for testing.
61
+
func (m *MockOAuthServer) SetHandler(path string, handler http.HandlerFunc) {
62
+
m.handlers[path] = handler
63
+
}
64
+
65
+
// handleMetadata returns OAuth server metadata.
66
+
func (m *MockOAuthServer) handleMetadata(w http.ResponseWriter, r *http.Request) {
67
+
metadata := map[string]interface{}{
68
+
"issuer": m.BaseURL,
69
+
"authorization_endpoint": m.BaseURL + "/authorize",
70
+
"token_endpoint": m.BaseURL + "/token",
71
+
"jwks_uri": m.BaseURL + "/.well-known/jwks.json",
72
+
"pushed_authorization_request_endpoint": m.BaseURL + "/par",
73
+
"response_types_supported": []string{"code"},
74
+
"grant_types_supported": []string{"authorization_code", "refresh_token"},
75
+
"code_challenge_methods_supported": []string{"S256"},
76
+
"dpop_signing_alg_values_supported": []string{"ES256"},
77
+
}
78
+
79
+
w.Header().Set("Content-Type", "application/json")
80
+
json.NewEncoder(w).Encode(metadata)
81
+
}
82
+
83
+
// handleJWKS returns a mock JWKS with a test RSA key.
84
+
func (m *MockOAuthServer) handleJWKS(w http.ResponseWriter, r *http.Request) {
85
+
// Generate a test RSA key
86
+
key, err := rsa.GenerateKey(rand.Reader, 2048)
87
+
if err != nil {
88
+
http.Error(w, "Failed to generate key", http.StatusInternalServerError)
89
+
return
90
+
}
91
+
92
+
// Convert to JWK format
93
+
n := base64.RawURLEncoding.EncodeToString(key.N.Bytes())
94
+
e := base64.RawURLEncoding.EncodeToString(big.NewInt(int64(key.E)).Bytes())
95
+
96
+
jwks := map[string]interface{}{
97
+
"keys": []map[string]interface{}{
98
+
{
99
+
"kty": "RSA",
100
+
"kid": "test-key-1",
101
+
"use": "sig",
102
+
"alg": "RS256",
103
+
"n": n,
104
+
"e": e,
105
+
},
106
+
},
107
+
}
108
+
109
+
w.Header().Set("Content-Type", "application/json")
110
+
json.NewEncoder(w).Encode(jwks)
111
+
}
112
+
113
+
// handleAuthorize handles the authorization endpoint.
114
+
func (m *MockOAuthServer) handleAuthorize(w http.ResponseWriter, r *http.Request) {
115
+
// Extract parameters
116
+
clientID := r.URL.Query().Get("client_id")
117
+
redirectURI := r.URL.Query().Get("redirect_uri")
118
+
state := r.URL.Query().Get("state")
119
+
120
+
if clientID == "" || redirectURI == "" || state == "" {
121
+
http.Error(w, "Missing required parameters", http.StatusBadRequest)
122
+
return
123
+
}
124
+
125
+
// Generate a test authorization code
126
+
code := "test-auth-code-" + RandomString(16)
127
+
128
+
// Redirect back with code
129
+
redirectURL := fmt.Sprintf("%s?code=%s&state=%s&iss=%s", redirectURI, code, state, m.BaseURL)
130
+
http.Redirect(w, r, redirectURL, http.StatusFound)
131
+
}
132
+
133
+
// handleToken handles the token endpoint.
134
+
func (m *MockOAuthServer) handleToken(w http.ResponseWriter, r *http.Request) {
135
+
if r.Method != http.MethodPost {
136
+
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
137
+
return
138
+
}
139
+
140
+
if err := r.ParseForm(); err != nil {
141
+
http.Error(w, "Invalid form data", http.StatusBadRequest)
142
+
return
143
+
}
144
+
145
+
grantType := r.FormValue("grant_type")
146
+
147
+
var response map[string]interface{}
148
+
149
+
switch grantType {
150
+
case "authorization_code":
151
+
response = map[string]interface{}{
152
+
"access_token": "test-access-token-" + RandomString(16),
153
+
"refresh_token": "test-refresh-token-" + RandomString(16),
154
+
"token_type": "DPoP",
155
+
"expires_in": 43200, // 12 hours
156
+
"sub": "did:plc:test123abc",
157
+
}
158
+
159
+
case "refresh_token":
160
+
response = map[string]interface{}{
161
+
"access_token": "test-refreshed-access-token-" + RandomString(16),
162
+
"refresh_token": "test-new-refresh-token-" + RandomString(16),
163
+
"token_type": "DPoP",
164
+
"expires_in": 43200, // 12 hours
165
+
}
166
+
167
+
default:
168
+
http.Error(w, "Unsupported grant type", http.StatusBadRequest)
169
+
return
170
+
}
171
+
172
+
// Set DPoP nonce header
173
+
w.Header().Set("DPoP-Nonce", "test-nonce-"+RandomString(8))
174
+
w.Header().Set("Content-Type", "application/json")
175
+
json.NewEncoder(w).Encode(response)
176
+
}
177
+
178
+
// handlePAR handles the Pushed Authorization Request endpoint.
179
+
func (m *MockOAuthServer) handlePAR(w http.ResponseWriter, r *http.Request) {
180
+
if r.Method != http.MethodPost {
181
+
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
182
+
return
183
+
}
184
+
185
+
// Generate request URI
186
+
requestURI := "urn:ietf:params:oauth:request_uri:test-" + RandomString(16)
187
+
188
+
response := map[string]interface{}{
189
+
"request_uri": requestURI,
190
+
"expires_in": 60,
191
+
}
192
+
193
+
w.Header().Set("Content-Type", "application/json")
194
+
json.NewEncoder(w).Encode(response)
195
+
}
196
+
197
+
// MockPDSServer provides a mock AT Protocol PDS server for testing.
198
+
type MockPDSServer struct {
199
+
Server *httptest.Server
200
+
BaseURL string
201
+
t *testing.T
202
+
handlers map[string]http.HandlerFunc
203
+
}
204
+
205
+
// NewMockPDSServer creates a new mock PDS server.
206
+
func NewMockPDSServer(t *testing.T) *MockPDSServer {
207
+
t.Helper()
208
+
209
+
mock := &MockPDSServer{
210
+
t: t,
211
+
handlers: make(map[string]http.HandlerFunc),
212
+
}
213
+
214
+
// Set up default handlers
215
+
mock.handlers["/xrpc/com.atproto.repo.createRecord"] = mock.handleCreateRecord
216
+
mock.handlers["/xrpc/com.atproto.repo.deleteRecord"] = mock.handleDeleteRecord
217
+
mock.handlers["/xrpc/com.atproto.server.describeServer"] = mock.handleDescribeServer
218
+
219
+
// Create the server
220
+
mux := http.NewServeMux()
221
+
for path, handler := range mock.handlers {
222
+
mux.HandleFunc(path, handler)
223
+
}
224
+
225
+
mock.Server = httptest.NewServer(mux)
226
+
mock.BaseURL = mock.Server.URL
227
+
228
+
return mock
229
+
}
230
+
231
+
// Close closes the mock server.
232
+
func (m *MockPDSServer) Close() {
233
+
m.Server.Close()
234
+
}
235
+
236
+
// SetHandler allows overriding a specific handler for testing.
237
+
func (m *MockPDSServer) SetHandler(path string, handler http.HandlerFunc) {
238
+
m.handlers[path] = handler
239
+
}
240
+
241
+
// handleCreateRecord handles record creation.
242
+
func (m *MockPDSServer) handleCreateRecord(w http.ResponseWriter, r *http.Request) {
243
+
if r.Method != http.MethodPost {
244
+
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
245
+
return
246
+
}
247
+
248
+
// Check DPoP header
249
+
dpopHeader := r.Header.Get("DPoP")
250
+
if dpopHeader == "" {
251
+
http.Error(w, "Missing DPoP header", http.StatusUnauthorized)
252
+
return
253
+
}
254
+
255
+
// Parse request
256
+
var req map[string]interface{}
257
+
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
258
+
http.Error(w, "Invalid JSON", http.StatusBadRequest)
259
+
return
260
+
}
261
+
262
+
// Generate response
263
+
rkey := "test-rkey-" + RandomString(13)
264
+
uri := fmt.Sprintf("at://%s/%s/%s", "did:plc:test123abc", req["collection"], rkey)
265
+
cid := "bafyrei" + RandomString(52)
266
+
267
+
response := map[string]interface{}{
268
+
"uri": uri,
269
+
"cid": cid,
270
+
}
271
+
272
+
// Return fresh DPoP nonce
273
+
w.Header().Set("DPoP-Nonce", "test-nonce-"+RandomString(8))
274
+
w.Header().Set("Content-Type", "application/json")
275
+
json.NewEncoder(w).Encode(response)
276
+
}
277
+
278
+
// handleDeleteRecord handles record deletion.
279
+
func (m *MockPDSServer) handleDeleteRecord(w http.ResponseWriter, r *http.Request) {
280
+
if r.Method != http.MethodPost {
281
+
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
282
+
return
283
+
}
284
+
285
+
// Check DPoP header
286
+
dpopHeader := r.Header.Get("DPoP")
287
+
if dpopHeader == "" {
288
+
http.Error(w, "Missing DPoP header", http.StatusUnauthorized)
289
+
return
290
+
}
291
+
292
+
// Return success with fresh DPoP nonce
293
+
w.Header().Set("DPoP-Nonce", "test-nonce-"+RandomString(8))
294
+
w.WriteHeader(http.StatusOK)
295
+
}
296
+
297
+
// handleDescribeServer handles server description.
298
+
func (m *MockPDSServer) handleDescribeServer(w http.ResponseWriter, r *http.Request) {
299
+
response := map[string]interface{}{
300
+
"did": "did:plc:testpds123",
301
+
"availableUserDomains": []string{
302
+
"test.example.com",
303
+
},
304
+
}
305
+
306
+
w.Header().Set("Content-Type", "application/json")
307
+
json.NewEncoder(w).Encode(response)
308
+
}
309
+
310
+
// MockHandleServer provides a mock handle resolution server.
311
+
type MockHandleServer struct {
312
+
Server *httptest.Server
313
+
BaseURL string
314
+
t *testing.T
315
+
handles map[string]string // handle -> DID mapping
316
+
}
317
+
318
+
// NewMockHandleServer creates a new mock handle resolution server.
319
+
func NewMockHandleServer(t *testing.T) *MockHandleServer {
320
+
t.Helper()
321
+
322
+
mock := &MockHandleServer{
323
+
t: t,
324
+
handles: make(map[string]string),
325
+
}
326
+
327
+
// Default handle mappings
328
+
mock.handles["test.bsky.social"] = "did:plc:test123abc"
329
+
mock.handles["alice.bsky.social"] = "did:plc:alice123"
330
+
mock.handles["bob.bsky.social"] = "did:plc:bob456"
331
+
332
+
mux := http.NewServeMux()
333
+
mux.HandleFunc("/xrpc/com.atproto.identity.resolveHandle", mock.handleResolveHandle)
334
+
335
+
mock.Server = httptest.NewServer(mux)
336
+
mock.BaseURL = mock.Server.URL
337
+
338
+
return mock
339
+
}
340
+
341
+
// Close closes the mock server.
342
+
func (m *MockHandleServer) Close() {
343
+
m.Server.Close()
344
+
}
345
+
346
+
// AddHandle adds a handle -> DID mapping.
347
+
func (m *MockHandleServer) AddHandle(handle, did string) {
348
+
m.handles[handle] = did
349
+
}
350
+
351
+
// handleResolveHandle resolves a handle to a DID.
352
+
func (m *MockHandleServer) handleResolveHandle(w http.ResponseWriter, r *http.Request) {
353
+
handle := r.URL.Query().Get("handle")
354
+
if handle == "" {
355
+
http.Error(w, "Missing handle parameter", http.StatusBadRequest)
356
+
return
357
+
}
358
+
359
+
// Remove any protocol prefix
360
+
handle = strings.TrimPrefix(handle, "http://")
361
+
handle = strings.TrimPrefix(handle, "https://")
362
+
363
+
did, exists := m.handles[handle]
364
+
if !exists {
365
+
http.Error(w, "Handle not found", http.StatusNotFound)
366
+
return
367
+
}
368
+
369
+
response := map[string]interface{}{
370
+
"did": did,
371
+
}
372
+
373
+
w.Header().Set("Content-Type", "application/json")
374
+
json.NewEncoder(w).Encode(response)
375
+
}
376
+
377
+
// NewTestDPoPProofKey generates a test ECDSA key and returns it with a JWK thumbprint.
378
+
func NewTestDPoPProofKey(t *testing.T) (*ecdsa.PrivateKey, string) {
379
+
t.Helper()
380
+
381
+
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
382
+
if err != nil {
383
+
t.Fatalf("Failed to generate DPoP key: %v", err)
384
+
}
385
+
386
+
// Generate a simple thumbprint for testing
387
+
thumbprint := "test-thumbprint-" + RandomString(16)
388
+
389
+
return key, thumbprint
390
+
}
391
+
392
+
// WaitForCondition waits for a condition to be true or times out.
393
+
// Useful for testing async behavior.
394
+
func WaitForCondition(t *testing.T, timeout time.Duration, check func() bool, message string) {
395
+
t.Helper()
396
+
397
+
deadline := time.Now().Add(timeout)
398
+
for time.Now().Before(deadline) {
399
+
if check() {
400
+
return
401
+
}
402
+
time.Sleep(10 * time.Millisecond)
403
+
}
404
+
405
+
t.Fatalf("Timeout waiting for condition: %s", message)
406
+
}
+120
internal/testutil/mock_server_test.go
+120
internal/testutil/mock_server_test.go
···
1
+
package testutil
2
+
3
+
import (
4
+
"encoding/json"
5
+
"net/http"
6
+
"testing"
7
+
)
8
+
9
+
// TestMockOAuthServer verifies the mock OAuth server works.
10
+
func TestMockOAuthServer(t *testing.T) {
11
+
server := NewMockOAuthServer(t)
12
+
defer server.Close()
13
+
14
+
// Test metadata endpoint
15
+
resp, err := http.Get(server.BaseURL + "/.well-known/oauth-authorization-server")
16
+
AssertNoError(t, err, "Metadata request should succeed")
17
+
defer resp.Body.Close()
18
+
19
+
AssertEqual(t, resp.StatusCode, http.StatusOK, "Metadata should return 200")
20
+
21
+
var metadata map[string]interface{}
22
+
err = json.NewDecoder(resp.Body).Decode(&metadata)
23
+
AssertNoError(t, err, "Metadata JSON should decode")
24
+
25
+
AssertEqual(t, metadata["issuer"], server.BaseURL, "Issuer should match server URL")
26
+
AssertNotNil(t, metadata["authorization_endpoint"], "Should have authorization endpoint")
27
+
AssertNotNil(t, metadata["token_endpoint"], "Should have token endpoint")
28
+
}
29
+
30
+
// TestMockOAuthServerJWKS verifies JWKS endpoint works.
31
+
func TestMockOAuthServerJWKS(t *testing.T) {
32
+
server := NewMockOAuthServer(t)
33
+
defer server.Close()
34
+
35
+
resp, err := http.Get(server.BaseURL + "/.well-known/jwks.json")
36
+
AssertNoError(t, err, "JWKS request should succeed")
37
+
defer resp.Body.Close()
38
+
39
+
AssertEqual(t, resp.StatusCode, http.StatusOK, "JWKS should return 200")
40
+
41
+
var jwks map[string]interface{}
42
+
err = json.NewDecoder(resp.Body).Decode(&jwks)
43
+
AssertNoError(t, err, "JWKS JSON should decode")
44
+
45
+
keys, ok := jwks["keys"].([]interface{})
46
+
AssertTrue(t, ok, "Should have keys array")
47
+
AssertTrue(t, len(keys) > 0, "Should have at least one key")
48
+
}
49
+
50
+
// TestMockPDSServer verifies the mock PDS server works.
51
+
func TestMockPDSServer(t *testing.T) {
52
+
server := NewMockPDSServer(t)
53
+
defer server.Close()
54
+
55
+
// Test describe server endpoint
56
+
resp, err := http.Get(server.BaseURL + "/xrpc/com.atproto.server.describeServer")
57
+
AssertNoError(t, err, "Describe server request should succeed")
58
+
defer resp.Body.Close()
59
+
60
+
AssertEqual(t, resp.StatusCode, http.StatusOK, "Describe server should return 200")
61
+
62
+
var data map[string]interface{}
63
+
err = json.NewDecoder(resp.Body).Decode(&data)
64
+
AssertNoError(t, err, "Response JSON should decode")
65
+
66
+
AssertNotNil(t, data["did"], "Should have DID")
67
+
}
68
+
69
+
// TestMockHandleServer verifies the mock handle server works.
70
+
func TestMockHandleServer(t *testing.T) {
71
+
server := NewMockHandleServer(t)
72
+
defer server.Close()
73
+
74
+
// Test existing handle
75
+
resp, err := http.Get(server.BaseURL + "/xrpc/com.atproto.identity.resolveHandle?handle=test.bsky.social")
76
+
AssertNoError(t, err, "Resolve handle request should succeed")
77
+
defer resp.Body.Close()
78
+
79
+
AssertEqual(t, resp.StatusCode, http.StatusOK, "Resolve handle should return 200")
80
+
81
+
var data map[string]interface{}
82
+
err = json.NewDecoder(resp.Body).Decode(&data)
83
+
AssertNoError(t, err, "Response JSON should decode")
84
+
85
+
AssertEqual(t, data["did"], "did:plc:test123abc", "Should resolve to correct DID")
86
+
}
87
+
88
+
// TestMockHandleServerAddHandle verifies adding custom handles works.
89
+
func TestMockHandleServerAddHandle(t *testing.T) {
90
+
server := NewMockHandleServer(t)
91
+
defer server.Close()
92
+
93
+
// Add a custom handle
94
+
server.AddHandle("custom.example.com", "did:plc:custom999")
95
+
96
+
// Test custom handle
97
+
resp, err := http.Get(server.BaseURL + "/xrpc/com.atproto.identity.resolveHandle?handle=custom.example.com")
98
+
AssertNoError(t, err, "Resolve custom handle request should succeed")
99
+
defer resp.Body.Close()
100
+
101
+
AssertEqual(t, resp.StatusCode, http.StatusOK, "Resolve custom handle should return 200")
102
+
103
+
var data map[string]interface{}
104
+
err = json.NewDecoder(resp.Body).Decode(&data)
105
+
AssertNoError(t, err, "Response JSON should decode")
106
+
107
+
AssertEqual(t, data["did"], "did:plc:custom999", "Should resolve to custom DID")
108
+
}
109
+
110
+
// TestMockHandleServerNotFound verifies 404 for unknown handles.
111
+
func TestMockHandleServerNotFound(t *testing.T) {
112
+
server := NewMockHandleServer(t)
113
+
defer server.Close()
114
+
115
+
resp, err := http.Get(server.BaseURL + "/xrpc/com.atproto.identity.resolveHandle?handle=nonexistent.example.com")
116
+
AssertNoError(t, err, "Request should succeed even for unknown handle")
117
+
defer resp.Body.Close()
118
+
119
+
AssertEqual(t, resp.StatusCode, http.StatusNotFound, "Unknown handle should return 404")
120
+
}