stacklok / toolhive / 21066441899
59%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 447
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 59.152% (+0.3%) from 58.884%
21066441899

push

github

web-flow 
Add in-memory authserver storage implementation (#3298)

* Add in-memory authserver storage implementation

This is a preparatory commit for the auth-proxy feature. The storage
package provides the persistence layer for the OAuth 2.0 authorization
server. In the complete branch, this storage is:

- Passed to authserver.New() and used by the fosite OAuth2 provider
  for authorization codes, access tokens, refresh tokens, and PKCE
- Used by handlers to validate clients and store pending authorizations
  while users authenticate with the upstream identity provider
- Exposed via Server.IDPTokenStorage() for the token swap middleware,
  which replaces client JWTs with upstream IDP tokens for backend requests

This commit adds:

- Storage interface embedding fosite's OAuth2 storage interfaces plus
  ToolHive-specific interfaces for upstream tokens, pending authorizations,
  and client registration
- MemoryStorage implementation with thread-safe maps and background cleanup
- Comprehensive documentation in doc.go explaining fosite's type system
  (Requester, Session, signature vs request ID) to help developers
  understand why the API is designed as it is

The in-memory implementation is suitable for single-instance deployments
and development. Production deployments will use a distributed storage
backend (Redis or database).

* Address PR #3298 review feedback

This commit addresses three review comments from the PR:

- Remove authorization code from debug log
- Remove internal state from debug logs

- Refactor cleanupExpired() to collect-then-delete pattern

The original implementation held a write lock while iterating all 8
storage maps, blocking all read and write operations during cleanup.

The new implementation:
- Acquires READ lock to collect expired keys into slices
- Releases read lock and returns early if nothing to delete
- Acquires WRITE lock only for the deletion phase

This reduces write lock hold time from O(total entries) to O(expired
entries... (continued)

496 of 533 new or added lines in 1 file covered. (93.06%)

36 existing lines in 4 files now uncovered.

35338 of 59741 relevant lines covered (59.15%)

81.78 hits per line

New Missed Lines in Diff

Lines Coverage File
37
93.06
 pkg/authserver/storage/memory.go

Uncovered Existing Lines

Lines Coverage File
3
71.85
 -1.11% pkg/ignore/processor.go
8
25.0
 -4.44% pkg/client/manager.go
11
65.0
 -13.75% pkg/client/discovery.go
14
66.67
 -7.91% pkg/client/config.go
Jobs
ID Job ID Ran Files Coverage
1 21066441899.1 447
59.15
 GitHub Action Run
Source Files on build 21066441899