mirror of
https://github.com/lordmathis/lemma.git
synced 2025-11-05 23:44:22 +00:00
Refactor encryption key handling: auto-generate if not provided, update README and tests
This commit is contained in:
@@ -34,8 +34,8 @@ func TestEnsureJWTSigningKey(t *testing.T) {
|
||||
}
|
||||
|
||||
perm := info.Mode().Perm()
|
||||
if perm != JWTKeyPerm {
|
||||
t.Errorf("expected permissions %o, got %o", JWTKeyPerm, perm)
|
||||
if perm != KeyPerm {
|
||||
t.Errorf("expected permissions %o, got %o", KeyPerm, perm)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -65,7 +65,7 @@ func TestEnsureJWTSigningKey(t *testing.T) {
|
||||
if err := os.MkdirAll(emptyDir, 0700); err != nil {
|
||||
t.Fatalf("failed to create directory: %v", err)
|
||||
}
|
||||
if err := os.WriteFile(keyPath, []byte(""), JWTKeyPerm); err != nil {
|
||||
if err := os.WriteFile(keyPath, []byte(""), KeyPerm); err != nil {
|
||||
t.Fatalf("failed to write empty file: %v", err)
|
||||
}
|
||||
|
||||
@@ -76,6 +76,76 @@ func TestEnsureJWTSigningKey(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestEnsureEncryptionKey(t *testing.T) {
|
||||
// Create a temporary directory for testing
|
||||
tempDir := t.TempDir()
|
||||
secretsDir := filepath.Join(tempDir, "secrets")
|
||||
|
||||
t.Run("generates new key if not exists", func(t *testing.T) {
|
||||
key, err := EnsureEncryptionKey(secretsDir)
|
||||
if err != nil {
|
||||
t.Fatalf("expected no error, got %v", err)
|
||||
}
|
||||
|
||||
if key == "" {
|
||||
t.Fatal("expected non-empty key")
|
||||
}
|
||||
|
||||
// Check that the key file was created
|
||||
keyPath := filepath.Join(secretsDir, EncryptionKeyFile)
|
||||
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
|
||||
t.Fatal("expected key file to exist")
|
||||
}
|
||||
|
||||
// Check file permissions
|
||||
info, err := os.Stat(keyPath)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to stat key file: %v", err)
|
||||
}
|
||||
|
||||
perm := info.Mode().Perm()
|
||||
if perm != KeyPerm {
|
||||
t.Errorf("expected permissions %o, got %o", KeyPerm, perm)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("loads existing key", func(t *testing.T) {
|
||||
// First call to generate the key
|
||||
key1, err := EnsureEncryptionKey(secretsDir)
|
||||
if err != nil {
|
||||
t.Fatalf("expected no error, got %v", err)
|
||||
}
|
||||
|
||||
// Second call should load the same key
|
||||
key2, err := EnsureEncryptionKey(secretsDir)
|
||||
if err != nil {
|
||||
t.Fatalf("expected no error, got %v", err)
|
||||
}
|
||||
|
||||
if key1 != key2 {
|
||||
t.Error("expected same key on subsequent calls")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("fails if key file is empty", func(t *testing.T) {
|
||||
emptyDir := filepath.Join(tempDir, "empty_encryption_test")
|
||||
keyPath := filepath.Join(emptyDir, EncryptionKeyFile)
|
||||
|
||||
// Create empty key file
|
||||
if err := os.MkdirAll(emptyDir, 0700); err != nil {
|
||||
t.Fatalf("failed to create directory: %v", err)
|
||||
}
|
||||
if err := os.WriteFile(keyPath, []byte(""), KeyPerm); err != nil {
|
||||
t.Fatalf("failed to write empty file: %v", err)
|
||||
}
|
||||
|
||||
_, err := EnsureEncryptionKey(emptyDir)
|
||||
if err == nil {
|
||||
t.Error("expected error for empty key file")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestGenerateJWTSigningKey(t *testing.T) {
|
||||
key, err := generateJWTSigningKey()
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user