mirror of
https://github.com/SamyRai/tercul-backend.git
synced 2025-12-27 00:31:35 +00:00
24d48396ca
* Fix workflow triggers to use 'main' branch instead of 'master' * Switch to semantic version tags for GitHub Actions instead of SHAs for better maintainability * Fix golangci-lint by adding go mod tidy and specifying paths ./... for linting * feat: Restructure workflows following Single Responsibility Principle - Remove old monolithic workflows (ci.yml, ci-cd.yml, cd.yml) - Add focused workflows: lint.yml, test.yml, build.yml, security.yml, docker-build.yml, deploy.yml - Each workflow has a single, clear responsibility - Follow 2025 best practices with semantic versioning, OIDC auth, build attestations - Add comprehensive README.md with workflow documentation - Configure Dependabot for automated dependency updates Workflows now run independently and can be triggered separately for better CI/CD control. * fix: Resolve CI/CD workflow failures and GraphQL integration test issues - Fix Application struct mismatch in application_builder.go - Add global config.Cfg variable and BleveIndexPath field - Regenerate GraphQL code to fix ProcessArgField errors - Add search.InitBleve() call in main.go - Fix all errcheck issues (12 total) in main.go files and test files - Fix staticcheck issues (deprecated handler.NewDefaultServer, tagged switch) - Remove all unused code (50 unused items including mock implementations) - Fix GraphQL 'transport not supported' error in integration tests - Add comprehensive database cleanup for integration tests - Update GraphQL server setup with proper error presenter * feat: Complete backend CI/CD workflow setup - Add comprehensive GitHub Actions workflows for Go backend - Build workflow with binary compilation and attestation - Test workflow with coverage reporting and race detection - Lint workflow with golangci-lint and security scanning - Docker build workflow with multi-architecture support - Deploy workflow for production deployment - Security workflow with vulnerability scanning - All workflows follow Single Responsibility Principle - Use semantic versioning and latest action versions - Enable security features: OIDC auth, attestations, minimal permissions * fix: correct Go build path to ./cmd/api - Fix build workflow to target ./cmd/api instead of ./cmd - The main.go file is located in cmd/api/ subdirectory * fix: correct Dockerfile build path to ./cmd/api - Fix Docker build to target ./cmd/api instead of root directory - The main.go file is located in cmd/api/ subdirectory
163 lines
5.8 KiB
Go
163 lines
5.8 KiB
Go
package http_test
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"tercul/internal/platform/config"
|
|
platformhttp "tercul/internal/platform/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/suite"
|
|
)
|
|
|
|
// RateLimiterSuite is a test suite for the RateLimiter
|
|
type RateLimiterSuite struct {
|
|
suite.Suite
|
|
}
|
|
|
|
// TestRateLimiter tests the RateLimiter
|
|
func (s *RateLimiterSuite) TestRateLimiter() {
|
|
cfg := &config.Config{RateLimit: 2, RateLimitBurst: 3}
|
|
limiter := platformhttp.NewRateLimiter(cfg)
|
|
|
|
// Test that the first 3 requests are allowed (burst)
|
|
for i := 0; i < 3; i++ {
|
|
allowed := limiter.Allow("test-client")
|
|
s.True(allowed, "Request %d should be allowed (burst)", i+1)
|
|
}
|
|
|
|
// Test that the 4th request is not allowed (burst exceeded)
|
|
allowed := limiter.Allow("test-client")
|
|
s.False(allowed, "Request 4 should not be allowed (burst exceeded)")
|
|
|
|
// Wait for 1 second to allow the rate limiter to refill
|
|
time.Sleep(1 * time.Second)
|
|
|
|
// Test that the next 2 requests are allowed (rate)
|
|
for i := 0; i < 2; i++ {
|
|
allowed := limiter.Allow("test-client")
|
|
s.True(allowed, "Request %d after wait should be allowed (rate)", i+1)
|
|
}
|
|
|
|
// Test that the 3rd request after wait is not allowed (rate exceeded)
|
|
allowed = limiter.Allow("test-client")
|
|
s.False(allowed, "Request 3 after wait should not be allowed (rate exceeded)")
|
|
}
|
|
|
|
// TestRateLimiterMultipleClients tests the RateLimiter with multiple clients
|
|
func (s *RateLimiterSuite) TestRateLimiterMultipleClients() {
|
|
cfg := &config.Config{RateLimit: 2, RateLimitBurst: 3}
|
|
limiter := platformhttp.NewRateLimiter(cfg)
|
|
|
|
// Test that the first 3 requests for client1 are allowed (burst)
|
|
for i := 0; i < 3; i++ {
|
|
allowed := limiter.Allow("client1")
|
|
s.True(allowed, "Request %d for client1 should be allowed (burst)", i+1)
|
|
}
|
|
|
|
// Test that the first 3 requests for client2 are allowed (burst)
|
|
for i := 0; i < 3; i++ {
|
|
allowed := limiter.Allow("client2")
|
|
s.True(allowed, "Request %d for client2 should be allowed (burst)", i+1)
|
|
}
|
|
|
|
// Test that the 4th request for client1 is not allowed (burst exceeded)
|
|
allowed := limiter.Allow("client1")
|
|
s.False(allowed, "Request 4 for client1 should not be allowed (burst exceeded)")
|
|
|
|
// Test that the 4th request for client2 is not allowed (burst exceeded)
|
|
allowed = limiter.Allow("client2")
|
|
s.False(allowed, "Request 4 for client2 should not be allowed (burst exceeded)")
|
|
}
|
|
|
|
// TestRateLimiterMiddleware tests the RateLimiterMiddleware
|
|
func (s *RateLimiterSuite) TestRateLimiterMiddleware() {
|
|
cfg := &config.Config{RateLimit: 2, RateLimitBurst: 3}
|
|
|
|
// Create a test handler that always returns 200 OK
|
|
testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
})
|
|
|
|
// Create a rate limiter middleware
|
|
middleware := platformhttp.RateLimitMiddleware(cfg)(testHandler)
|
|
|
|
// Create a test server
|
|
server := httptest.NewServer(middleware)
|
|
defer server.Close()
|
|
|
|
// Create a test client
|
|
client := server.Client()
|
|
|
|
// Use a static client IP for all requests
|
|
staticID := "test-client-id"
|
|
// Test that the first 3 requests are allowed (burst)
|
|
for i := 0; i < 3; i++ {
|
|
req, _ := http.NewRequest("GET", server.URL, nil)
|
|
req.Header.Set("X-Client-ID", staticID)
|
|
resp, err := client.Do(req)
|
|
s.Require().NoError(err)
|
|
s.Equal(http.StatusOK, resp.StatusCode, "Request %d should be allowed (burst)", i+1)
|
|
_ = resp.Body.Close()
|
|
}
|
|
|
|
// Test that the 4th request is not allowed (burst exceeded)
|
|
req, _ := http.NewRequest("GET", server.URL, nil)
|
|
req.Header.Set("X-Client-ID", staticID)
|
|
resp, err := client.Do(req)
|
|
s.Require().NoError(err)
|
|
s.Equal(http.StatusTooManyRequests, resp.StatusCode, "Request 4 should not be allowed (burst exceeded)")
|
|
_ = resp.Body.Close()
|
|
|
|
// Wait for 1.1 seconds to allow the rate limiter to refill (ensure >1 token)
|
|
time.Sleep(1100 * time.Millisecond)
|
|
|
|
// Test that the next 2 requests are allowed (rate)
|
|
for i := 0; i < 2; i++ {
|
|
req, _ := http.NewRequest("GET", server.URL, nil)
|
|
req.Header.Set("X-Client-ID", staticID)
|
|
resp, err := client.Do(req)
|
|
s.Require().NoError(err)
|
|
s.Equal(http.StatusOK, resp.StatusCode, "Request %d after wait should be allowed (rate)", i+1)
|
|
_ = resp.Body.Close()
|
|
}
|
|
|
|
// Test that the 3rd request after wait is not allowed (rate exceeded)
|
|
req, _ = http.NewRequest("GET", server.URL, nil)
|
|
req.Header.Set("X-Client-ID", staticID)
|
|
resp, err = client.Do(req)
|
|
s.Require().NoError(err)
|
|
s.Equal(http.StatusTooManyRequests, resp.StatusCode, "Request 3 after wait should not be allowed (rate exceeded)")
|
|
_ = resp.Body.Close()
|
|
}
|
|
|
|
// TestRateLimiterSuite runs the test suite
|
|
func TestRateLimiterSuite(t *testing.T) {
|
|
suite.Run(t, new(RateLimiterSuite))
|
|
}
|
|
|
|
// TestNewRateLimiter tests the NewRateLimiter function
|
|
func TestNewRateLimiter(t *testing.T) {
|
|
// Test with valid parameters
|
|
limiter := platformhttp.NewRateLimiter(&config.Config{RateLimit: 10, RateLimitBurst: 20})
|
|
assert.NotNil(t, limiter, "NewRateLimiter should return a non-nil limiter")
|
|
|
|
// Test with zero rate (should use default)
|
|
limiter = platformhttp.NewRateLimiter(&config.Config{RateLimit: 0, RateLimitBurst: 20})
|
|
assert.NotNil(t, limiter, "NewRateLimiter should return a non-nil limiter with default rate")
|
|
|
|
// Test with zero capacity (should use default)
|
|
limiter = platformhttp.NewRateLimiter(&config.Config{RateLimit: 10, RateLimitBurst: 0})
|
|
assert.NotNil(t, limiter, "NewRateLimiter should return a non-nil limiter with default capacity")
|
|
|
|
// Test with negative rate (should use default)
|
|
limiter = platformhttp.NewRateLimiter(&config.Config{RateLimit: -10, RateLimitBurst: 20})
|
|
assert.NotNil(t, limiter, "NewRateLimiter should return a non-nil limiter with default rate")
|
|
|
|
// Test with negative capacity (should use default)
|
|
limiter = platformhttp.NewRateLimiter(&config.Config{RateLimit: 10, RateLimitBurst: -20})
|
|
assert.NotNil(t, limiter, "NewRateLimiter should return a non-nil limiter with default capacity")
|
|
}
|