feat(auth): add support for persisting disabled flag in token storage

- Updated `FileTokenStore` and related stores (`objectstore`, `gitstore`, `postgresstore`) to include the `disabled` flag in metadata for token storage.
- Adjusted `Auth` metadata handling to initialize empty maps when absent.
- Refined logic in `auto_refresh_loop` and `conductor` to exclude `disabled` tokens from refresh checks.
- Added comprehensive unit tests to verify proper handling of the `disabled` flag in storage and retrieval operations.
This commit is contained in:
Luis Pater
2026-05-09 19:48:42 +08:00
parent 0dcb8bd714
commit c69ff49758
8 changed files with 120 additions and 6 deletions
+1 -1
View File
@@ -336,7 +336,7 @@ func (l *authAutoRefreshLoop) remove(authID string) {
}
func nextRefreshCheckAt(now time.Time, auth *Auth, interval time.Duration) (time.Time, bool) {
if auth == nil || auth.Disabled {
if auth == nil {
return time.Time{}, false
}
+25 -3
View File
@@ -34,9 +34,31 @@ func setRefreshLeadFactory(t *testing.T, provider string, factory func() *time.D
func TestNextRefreshCheckAt_DisabledUnschedule(t *testing.T) {
now := time.Date(2026, 4, 12, 0, 0, 0, 0, time.UTC)
auth := &Auth{ID: "a1", Provider: "test", Disabled: true}
if _, ok := nextRefreshCheckAt(now, auth, 15*time.Minute); ok {
t.Fatalf("nextRefreshCheckAt() ok = true, want false")
expiry := now.Add(time.Hour)
lead := 10 * time.Minute
setRefreshLeadFactory(t, "disabled-schedule", func() *time.Duration {
d := lead
return &d
})
auth := &Auth{
ID: "a1",
Provider: "disabled-schedule",
Disabled: true,
Status: StatusDisabled,
Metadata: map[string]any{
"email": "x@example.com",
"expires_at": expiry.Format(time.RFC3339),
},
}
got, ok := nextRefreshCheckAt(now, auth, 15*time.Minute)
if !ok {
t.Fatalf("nextRefreshCheckAt() ok = false, want true")
}
want := expiry.Add(-lead)
if !got.Equal(want) {
t.Fatalf("nextRefreshCheckAt() = %s, want %s", got, want)
}
}
+2 -2
View File
@@ -3454,7 +3454,7 @@ func (m *Manager) queueRefreshReschedule(authID string) {
}
func (m *Manager) shouldRefresh(a *Auth, now time.Time) bool {
if a == nil || a.Disabled {
if a == nil {
return false
}
if !a.NextRefreshAfter.IsZero() && now.Before(a.NextRefreshAfter) {
@@ -3661,7 +3661,7 @@ func lookupMetadataTime(meta map[string]any, keys ...string) (time.Time, bool) {
func (m *Manager) markRefreshPending(id string, now time.Time) bool {
m.mu.Lock()
auth, ok := m.auths[id]
if !ok || auth == nil || auth.Disabled {
if !ok || auth == nil {
m.mu.Unlock()
return false
}