package crypto import ( "testing" "time" ) func TestSessionRoundTrip(t *testing.T) { secret := []byte("s3cr3t") now := time.Unix(1_700_000_000, 0) tok := SignSession(secret, "admin", now.Add(time.Hour)) user, ok := VerifySession(secret, tok, now) if !ok || user != "admin" { t.Fatalf("verify = %q,%v want admin,true", user, ok) } } func TestSessionRejectsExpired(t *testing.T) { secret := []byte("s3cr3t") now := time.Unix(1_700_000_000, 0) tok := SignSession(secret, "admin", now.Add(-time.Second)) if _, ok := VerifySession(secret, tok, now); ok { t.Fatal("expired token must be rejected") } } func TestSessionRejectsTampered(t *testing.T) { secret := []byte("s3cr3t") now := time.Unix(1_700_000_000, 0) tok := SignSession(secret, "admin", now.Add(time.Hour)) if _, ok := VerifySession([]byte("other"), tok, now); ok { t.Fatal("wrong secret must be rejected") } }