store sessions in the DB
This commit is contained in:
@@ -5,6 +5,7 @@ register/login/logout, per-account balance and usage, API-key lifecycle
|
||||
(revoked keys rejected by the OpenAI proxy), and the admin listing.
|
||||
"""
|
||||
|
||||
import http.cookies
|
||||
import json
|
||||
import urllib.error
|
||||
import urllib.request
|
||||
@@ -68,6 +69,17 @@ def test_sessions_resolve_and_destroy():
|
||||
assert store.session_account("bogus") is None
|
||||
|
||||
|
||||
def test_sessions_persist_across_restart(tmp_path):
|
||||
db = str(tmp_path / "accounts.db")
|
||||
store = AccountStore(db_path=db)
|
||||
account = store.register(email="cookie@example.com", password="secret-123")
|
||||
token = store.create_session(account["account_id"])
|
||||
store.save_to_db()
|
||||
|
||||
reloaded = AccountStore(db_path=db)
|
||||
assert reloaded.session_account(token)["account_id"] == account["account_id"]
|
||||
|
||||
|
||||
def test_api_key_lifecycle():
|
||||
store = AccountStore()
|
||||
account = store.register(email="k@example.com", password="secret-123")
|
||||
@@ -156,6 +168,59 @@ def test_register_login_and_account_view(account_tracker):
|
||||
assert me["usage"]["requests"] == 0
|
||||
|
||||
|
||||
def test_login_sets_cookie_and_cookie_auth_survives_tracker_restart(tmp_path):
|
||||
accounts_db = str(tmp_path / "accounts.db")
|
||||
tracker = TrackerServer(
|
||||
billing=BillingLedger(starting_credit=0.0, default_price_per_1k=0.02),
|
||||
accounts_db=accounts_db,
|
||||
starting_credit=0.0,
|
||||
devnet_topup_amount=0.0,
|
||||
)
|
||||
port = tracker.start()
|
||||
url = f"http://127.0.0.1:{port}"
|
||||
try:
|
||||
_call(f"{url}/v1/auth/register", "POST",
|
||||
{"email": "cookie-http@example.com", "password": "secret-123"})
|
||||
req = urllib.request.Request(
|
||||
f"{url}/v1/auth/login",
|
||||
data=json.dumps({
|
||||
"identifier": "cookie-http@example.com",
|
||||
"password": "secret-123",
|
||||
}).encode(),
|
||||
headers={"Content-Type": "application/json"},
|
||||
method="POST",
|
||||
)
|
||||
with urllib.request.urlopen(req) as r:
|
||||
assert json.loads(r.read())["session_token"]
|
||||
cookie_header = r.headers["Set-Cookie"]
|
||||
finally:
|
||||
tracker.stop()
|
||||
|
||||
cookie = http.cookies.SimpleCookie(cookie_header)
|
||||
session_cookie = cookie["meshnet_session"].OutputString()
|
||||
|
||||
restarted = TrackerServer(
|
||||
billing=BillingLedger(starting_credit=0.0, default_price_per_1k=0.02),
|
||||
accounts_db=accounts_db,
|
||||
starting_credit=0.0,
|
||||
devnet_topup_amount=0.0,
|
||||
)
|
||||
restarted_port = restarted.start()
|
||||
restarted_url = f"http://127.0.0.1:{restarted_port}"
|
||||
try:
|
||||
req = urllib.request.Request(
|
||||
f"{restarted_url}/v1/account",
|
||||
headers={"Cookie": session_cookie},
|
||||
method="GET",
|
||||
)
|
||||
with urllib.request.urlopen(req) as r:
|
||||
me = json.loads(r.read())
|
||||
finally:
|
||||
restarted.stop()
|
||||
|
||||
assert me["account"]["email"] == "cookie-http@example.com"
|
||||
|
||||
|
||||
def test_bad_credentials_and_missing_session_are_401(account_tracker):
|
||||
url, _ = account_tracker
|
||||
_call(f"{url}/v1/auth/register", "POST",
|
||||
|
||||
Reference in New Issue
Block a user