26 lines
1.3 KiB
JavaScript
Raw Normal View History

"use strict";
const test = require("node:test");
const assert = require("node:assert/strict");
const { SessionManager } = require("./session-manager");
const zhulan = { pid: "ICE-GL∞-ZL-001", name: "铸澜" };
test("one approval creates a reusable bounded session", () => {
const m = new SessionManager({ absoluteTtl: 100, idleTtl: 20 });
const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10);
assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 11).ok, true);
assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 12).ok, true);
});
test("session is bound to identity server and scope", () => {
const m = new SessionManager();
const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10);
assert.equal(m.verify(token, { pid: "ICE-GL-ZY001" }, "BS-SG-001", "code-repo", 11).ok, false);
assert.equal(m.verify(token, zhulan, "OTHER", "code-repo", 11).ok, false);
assert.equal(m.verify(token, zhulan, "BS-SG-001", "system-arch", 11).ok, false);
});
test("end signal revokes immediately", () => {
const m = new SessionManager();
const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10);
assert.equal(m.end(token, zhulan), true);
assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 11).ok, false);
});