"use strict"; const test = require("node:test"); const assert = require("node:assert/strict"); const { SessionManager } = require("./session-manager"); const zhulan = { pid: "ICE-GL-ZL-001", name: "铸澜" }; test("one approval creates a reusable bounded session", () => { const m = new SessionManager({ absoluteTtl: 100, idleTtl: 20 }); const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10); assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 11).ok, true); assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 12).ok, true); }); test("session is bound to identity server and scope", () => { const m = new SessionManager(); const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10); assert.equal(m.verify(token, { pid: "ICE-GL-ZY001" }, "BS-SG-001", "code-repo", 11).ok, false); assert.equal(m.verify(token, zhulan, "OTHER", "code-repo", 11).ok, false); assert.equal(m.verify(token, zhulan, "BS-SG-001", "system-arch", 11).ok, false); }); test("end signal revokes immediately", () => { const m = new SessionManager(); const { token } = m.create(zhulan, "BS-SG-001", ["code-repo"], 10); assert.equal(m.end(token, zhulan), true); assert.equal(m.verify(token, zhulan, "BS-SG-001", "code-repo", 11).ok, false); });