userfront 접속이력 타임라인 oathkeeper 세션 ID 보강

2026-04-07 14:47:04 +09:00
parent 6e312cc5fd
commit 9e473ae8a8
4 changed files with 166 additions and 15 deletions
--- a/backend/internal/handler/auth_handler_sessions_test.go
+++ b/backend/internal/handler/auth_handler_sessions_test.go
@@ -616,3 +616,70 @@ func TestGetHydraProfile_RejectsInactiveLinkedSession(t *testing.T) {
 	assert.Contains(t, err.Error(), "inactive")
 	mockKratos.AssertExpectations(t)
 }
+
+func TestGetAuthTimeline_FillsSessionIDFromOathkeeperRaw(t *testing.T) {
+	now := time.Date(2026, 4, 7, 4, 39, 0, 0, time.UTC)
+	setDefaultHTTPClientForTest(t, roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		if r.URL.Path == "/sessions/whoami" {
+			return httpJSONAny(r, http.StatusOK, map[string]any{
+				"id":               "current-sid",
+				"authenticated_at": now.Format(time.RFC3339),
+				"identity": map[string]any{
+					"id": "user-123",
+					"traits": map[string]any{
+						"email": "user@example.com",
+						"name":  "User",
+						"role":  "user",
+					},
+				},
+			}), nil
+		}
+		return httpResponse(r, http.StatusNotFound, "not found"), nil
+	}))
+
+	h := &AuthHandler{
+		AuditRepo: &mockAuditRepo{},
+		OathkeeperRepo: &mockOathkeeperRepo{
+			logs: []domain.OathkeeperAccessLog{
+				{
+					Timestamp: now,
+					RequestID: "req-1",
+					Method:    http.MethodGet,
+					Path:      "/api/v1/dev/sessions",
+					Status:    http.StatusOK,
+					Subject:   "user-123",
+					ClientIP:  "203.0.113.7",
+					UserAgent: "Mozilla/5.0",
+					Raw:       `{"request":{"url":"https://devfront.example.com/callback?client_id=devfront"},"extra":{"session_id":"target-sid"}}`,
+				},
+			},
+		},
+	}
+
+	app := fiber.New()
+	app.Get("/api/v1/audit/auth/timeline", h.GetAuthTimeline)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/audit/auth/timeline", nil)
+	req.Header.Set("Cookie", "ory_kratos_session=valid")
+
+	resp, err := app.Test(req, -1)
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+	var body struct {
+		Items []struct {
+			SessionID string `json:"session_id"`
+			ClientID  string `json:"client_id"`
+			AppName   string `json:"app_name"`
+			Source    string `json:"source"`
+		} `json:"items"`
+	}
+	err = json.NewDecoder(resp.Body).Decode(&body)
+	assert.NoError(t, err)
+	if assert.Len(t, body.Items, 1) {
+		assert.Equal(t, "target-sid", body.Items[0].SessionID)
+		assert.Equal(t, "devfront", body.Items[0].ClientID)
+		assert.Equal(t, "devfront", body.Items[0].AppName)
+		assert.Equal(t, "oathkeeper", body.Items[0].Source)
+	}
+}