feat: auth SIWE login service + config#353
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## feat/auth-jwt #353 +/- ##
=================================================
+ Coverage 33.08% 33.52% +0.44%
=================================================
Files 159 163 +4
Lines 12376 12512 +136
=================================================
+ Hits 4094 4195 +101
- Misses 7949 7981 +32
- Partials 333 336 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
This pull request introduces a new authentication service (pkg/auth) implementing Sign-In with Ethereum (SIWE) login, nonce management, and JWKS token validation, replacing the previous basic JWKS configuration. Feedback on these changes highlights a potential nil pointer dereference on resp in the login logging decorator when ls.svc.Login returns a nil response with a nil error. Additionally, a slight inconsistency in expiration logic was identified in the in-memory nonce provider, where purgeExpired uses now.After(e.expiry) while Issue and Consume check now.Before(e.expiry).
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
9100c55 to
c8d567f
Compare
|
Addressed Gemini's review in
|
The orchestration layer over pkg/auth/jwt, plus the config type. Not wired into the server and not enabled in any deployment yet (that is the integration change), so it is reviewable as pure business logic. - pkg/auth/service: login flow (nonce -> SIWE verify -> issue JWT), HTTP handlers, log decorator (guards a nil response), consumer interfaces + mockery mocks - pkg/auth/service/nonce_provider: address-keyed in-memory nonce store (reuse per address; reject-when-full; purge boundary matches Issue/Consume) - pkg/auth/config.go, pkg/auth/types.go: Config + wire DTOs - pkg/config: add optional Auth block; remove the dead JWKS type/field (and its now-orphaned jwks: blocks from the default configs)
c8d567f to
77ee61c
Compare
2 of 3 — read-API authentication. Base:
feat/auth-jwt.The orchestration layer over
pkg/auth/jwt, plus the config type. Not wired into the server yet (inert until PR 3), so it's reviewable as pure business logic.pkg/auth/service— login flow (nonce → SIWE verify → issue JWT), HTTP handlers, log decorator, consumer interfaces (Verifier/Issuer/NonceStore/UserLookup) + mockery mockspkg/auth/service/nonce_provider— address-keyed in-memory nonce store (reuse per address; reject-when-full, never evicts a live nonce)pkg/auth/config.go,pkg/auth/types.go—Config+ wire DTOspkg/config— add optionalauthblock; remove the deadJWKStype/field (and itsjwks:blocks from the default configs)