docs(auth): document atomic per-type device limit enforcement

Clarify in API/README that device limits are enforced independently per
normalized device type with atomic overflow revocation, and add a mapper
test covering the RFC3339 UTC timestamp contract.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-11 01:02:25 +08:00
parent 869e2bb75b
commit 114198f1d9
3 changed files with 19 additions and 1 deletions
+16
View File
@@ -0,0 +1,16 @@
package logic
import (
"testing"
"time"
authmodule "img_infinite_canvas/internal/modules/auth"
)
func TestAccountDeviceMapperReturnsTimezoneNeutralTimestamp(t *testing.T) {
lastSeenAt := time.Date(2026, 7, 11, 16, 51, 0, 0, time.FixedZone("CST", 8*60*60))
devices := toAPIAccountDevices([]authmodule.Device{{ID: "session-1", LastSeenAt: lastSeenAt}})
if len(devices) != 1 || devices[0].LastSeenAt != "2026-07-11T08:51:00Z" {
t.Fatalf("expected RFC3339 UTC timestamp, got %#v", devices)
}
}