Skip to content

feat: auth SIWE login service + config#353

Open
sadiq1971 wants to merge 1 commit into
feat/auth-jwtfrom
feat/auth-service
Open

feat: auth SIWE login service + config#353
sadiq1971 wants to merge 1 commit into
feat/auth-jwtfrom
feat/auth-service

Conversation

@sadiq1971

Copy link
Copy Markdown
Member

2 of 3 — read-API authentication. Base: feat/auth-jwt.

The orchestration layer over pkg/auth/jwt, plus the config type. Not wired into the server yet (inert until PR 3), so it's reviewable as pure business logic.

  • pkg/auth/service — login flow (nonce → SIWE verify → issue JWT), HTTP handlers, log decorator, consumer interfaces (Verifier/Issuer/NonceStore/UserLookup) + mockery mocks
  • pkg/auth/service/nonce_provider — address-keyed in-memory nonce store (reuse per address; reject-when-full, never evicts a live nonce)
  • pkg/auth/config.go, pkg/auth/types.goConfig + wire DTOs
  • pkg/config — add optional auth block; remove the dead JWKS type/field (and its jwks: blocks from the default configs)

@codecov-commenter

codecov-commenter commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 75.73529% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 33.52%. Comparing base (9fa7b9c) to head (77ee61c).

Files with missing lines Patch % Lines
pkg/auth/service/log.go 0.00% 28 Missing ⚠️
pkg/auth/service/http.go 92.50% 2 Missing and 1 partial ⚠️
pkg/auth/service/nonce_provider/in_memory.go 95.23% 1 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@                Coverage Diff                @@
##           feat/auth-jwt     #353      +/-   ##
=================================================
+ Coverage          33.08%   33.52%   +0.44%     
=================================================
  Files                159      163       +4     
  Lines              12376    12512     +136     
=================================================
+ Hits                4094     4195     +101     
- Misses              7949     7981      +32     
- Partials             333      336       +3     
Flag Coverage Δ
unittests 33.52% <75.73%> (+0.44%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
pkg/auth/service/login.go 100.00% <100.00%> (ø)
pkg/config/config.go 71.18% <ø> (ø)
pkg/auth/service/nonce_provider/in_memory.go 95.23% <95.23%> (ø)
pkg/auth/service/http.go 92.50% <92.50%> (ø)
pkg/auth/service/log.go 0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new authentication service (pkg/auth) implementing Sign-In with Ethereum (SIWE) login, nonce management, and JWKS token validation, replacing the previous basic JWKS configuration. Feedback on these changes highlights a potential nil pointer dereference on resp in the login logging decorator when ls.svc.Login returns a nil response with a nil error. Additionally, a slight inconsistency in expiration logic was identified in the in-memory nonce provider, where purgeExpired uses now.After(e.expiry) while Issue and Consume check now.Before(e.expiry).

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread pkg/auth/service/log.go
Comment thread pkg/auth/service/nonce_provider/in_memory.go Outdated
@sadiq1971 sadiq1971 changed the title Auth: SIWE login service + config feat: auth SIWE login service + config Jul 10, 2026
@sadiq1971 sadiq1971 force-pushed the feat/auth-service branch from 9100c55 to c8d567f Compare July 10, 2026 09:44
@sadiq1971

Copy link
Copy Markdown
Member Author

Addressed Gemini's review in c8d567f:

  • log.go (nil response, medium): the Login log decorator now builds its fields conditionally and only reads resp.ExpiresAt when resp != nil — no panic if an implementation returns (nil, nil).
  • in_memory.go (expiry boundary, medium): purgeExpired now uses !now.Before(e.expiry), matching the liveness check in Issue/Consume (an entry at exactly its expiry instant is treated as expired everywhere).

The orchestration layer over pkg/auth/jwt, plus the config type. Not wired into
the server and not enabled in any deployment yet (that is the integration change),
so it is reviewable as pure business logic.

- pkg/auth/service: login flow (nonce -> SIWE verify -> issue JWT), HTTP handlers,
  log decorator (guards a nil response), consumer interfaces + mockery mocks
- pkg/auth/service/nonce_provider: address-keyed in-memory nonce store (reuse per
  address; reject-when-full; purge boundary matches Issue/Consume)
- pkg/auth/config.go, pkg/auth/types.go: Config + wire DTOs
- pkg/config: add optional Auth block; remove the dead JWKS type/field (and its
  now-orphaned jwks: blocks from the default configs)
@sadiq1971 sadiq1971 force-pushed the feat/auth-service branch from c8d567f to 77ee61c Compare July 10, 2026 12:05
@sadiq1971 sadiq1971 self-assigned this Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants