Add tests for authentication and security features

- Implement unit tests for password handling in `auth_test.ts`, covering bcrypt and legacy password hashes.
- Create a fake database for user management to facilitate testing of the `AdminHandler`.
- Validate JWT-based identity verification against database records.
- Introduce tests for credential encryption and registry management in `security_test.ts`.
- Ensure registry passwords are securely stored and can be decrypted correctly, including legacy support.
- Add utility functions for password hashing and verification in `auth.ts`.

ts/opsserver/handlers/registry.handler.ts

@@ -1,7 +1,7 @@
 import * as plugins from '../../plugins.ts';
 import type { OpsServer } from '../classes.opsserver.ts';
 import * as interfaces from '../../../ts_interfaces/index.ts';
-import { requireValidIdentity } from '../helpers/guards.ts';
+import { requireAdminIdentity } from '../helpers/guards.ts';
 
 export class RegistryHandler {
   public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -17,7 +17,7 @@ export class RegistryHandler {
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetRegistryTags>(
         'getRegistryTags',
         async (dataArg) => {
-          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
           const tags = await this.opsServerRef.oneboxRef.registry.getImageTags(dataArg.serviceName);
           return { tags };
         },
@@ -29,7 +29,7 @@ export class RegistryHandler {
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetRegistryTokens>(
         'getRegistryTokens',
         async (dataArg) => {
-          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
           const rawTokens = this.opsServerRef.oneboxRef.database.getAllRegistryTokens();
           const now = Date.now();
 
@@ -68,7 +68,7 @@ export class RegistryHandler {
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateRegistryToken>(
         'createRegistryToken',
         async (dataArg) => {
-          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const identity = await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
           const config = dataArg.tokenConfig;
 
           // Calculate expiration
@@ -95,7 +95,7 @@ export class RegistryHandler {
             expiresAt,
             createdAt: now,
             lastUsedAt: null,
-            createdBy: dataArg.identity.username,
+            createdBy: identity.username,
           });
 
           let scopeDisplay: string;
@@ -133,7 +133,7 @@ export class RegistryHandler {
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteRegistryToken>(
         'deleteRegistryToken',
         async (dataArg) => {
-          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
           const token = this.opsServerRef.oneboxRef.database.getRegistryTokenById(dataArg.tokenId);
           if (!token) {
             throw new plugins.typedrequest.TypedResponseError('Token not found');