From 226de652e370dc06c34bdcd14753c3dade28bb2c Mon Sep 17 00:00:00 2001
From: Lectom C Han <hchy0730@gmail.com>
Date: Fri, 6 Feb 2026 17:29:27 +0900
Subject: [PATCH] Fix hydra consent session parsing and audit detail tests

---
 .../middleware/audit_middleware_test.go       | 39 +++++++++++++++++++
 .../internal/service/hydra_admin_service.go   | 10 ++++-
 2 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/backend/internal/middleware/audit_middleware_test.go b/backend/internal/middleware/audit_middleware_test.go
index 05706b45..f764b7d1 100644
--- a/backend/internal/middleware/audit_middleware_test.go
+++ b/backend/internal/middleware/audit_middleware_test.go
@@ -69,6 +69,45 @@ func TestAuditMiddleware(t *testing.T) {
 		mockRepo.AssertExpectations(t)
 	})
 
+	t.Run("POST request - Merge extra audit details", func(t *testing.T) {
+		app := fiber.New()
+		mockRepo := new(MockAuditRepository)
+
+		app.Use(AuditMiddleware(AuditConfig{
+			Repo: mockRepo,
+		}))
+
+		app.Post("/test", func(c *fiber.Ctx) error {
+			c.Locals("audit_details_extra", map[string]any{
+				"client_id":   "rp-1",
+				"client_name": "Demo App",
+			})
+			c.Locals("auth_timeline_skip", true)
+			return c.SendStatus(fiber.StatusOK)
+		})
+
+		mockRepo.On("Create", mock.MatchedBy(func(log *domain.AuditLog) bool {
+			var details map[string]any
+			if err := json.Unmarshal([]byte(log.Details), &details); err != nil {
+				return false
+			}
+			if details["client_id"] != "rp-1" {
+				return false
+			}
+			if details["client_name"] != "Demo App" {
+				return false
+			}
+			skip, ok := details["auth_timeline_skip"].(bool)
+			return ok && skip
+		})).Return(nil)
+
+		req := httptest.NewRequest("POST", "/test", nil)
+		resp, _ := app.Test(req)
+
+		assert.Equal(t, fiber.StatusOK, resp.StatusCode)
+		mockRepo.AssertExpectations(t)
+	})
+
 	t.Run("POST request - Sync Failure (Strict Mode)", func(t *testing.T) {
 		app := fiber.New()
 		mockRepo := new(MockAuditRepository)
diff --git a/backend/internal/service/hydra_admin_service.go b/backend/internal/service/hydra_admin_service.go
index 5c909572..b86ebaba 100644
--- a/backend/internal/service/hydra_admin_service.go
+++ b/backend/internal/service/hydra_admin_service.go
@@ -240,14 +240,20 @@ func (s *HydraAdminService) ListConsentSessions(ctx context.Context, subject, cl
 	}
 	defer resp.Body.Close()
 
-	body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
+	if resp.StatusCode == http.StatusNoContent {
+		return []domain.HydraConsentSession{}, nil
+	}
+	body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024*1024))
 	if resp.StatusCode >= 300 {
 		return nil, fmt.Errorf("hydra admin: list consent sessions failed status=%d body=%s", resp.StatusCode, string(body))
 	}
+	if len(body) == 0 {
+		return []domain.HydraConsentSession{}, nil
+	}
 
 	var sessions []domain.HydraConsentSession
 	if err := json.Unmarshal(body, &sessions); err != nil {
-		return nil, fmt.Errorf("hydra admin: decode consent sessions failed: %w", err)
+		return nil, fmt.Errorf("hydra admin: decode consent sessions failed: %w body=%s", err, string(body))
 	}
 	return sessions, nil
 }