The auth package is in decent shape, but there are still a few branches that deserve direct tests.
I’d like someone to add focused test coverage for edge cases in JWT handling and request auth behavior.
What this should cover:
- expired bearer tokens
- malformed bearer tokens
- invalid API keys
- optional auth flow when auth is missing or bad
- any small missing branch in role checks that is easy to cover cleanly
Suggested files:
internal/auth/auth.gointernal/auth/auth_test.go
Acceptance criteria:
- tests are small and readable
- no real external services involved
go test ./... still passes
Notes:
This is a good issue if you want a first real code contribution without touching too much of the app at once.
The auth package is in decent shape, but there are still a few branches that deserve direct tests.
I’d like someone to add focused test coverage for edge cases in JWT handling and request auth behavior.
What this should cover:
Suggested files:
internal/auth/auth.gointernal/auth/auth_test.goAcceptance criteria:
go test ./...still passesNotes:
This is a good issue if you want a first real code contribution without touching too much of the app at once.