feat: backend service

integration/anti_replay_test.go

@@ -0,0 +1,59 @@
+package integration_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"galaxy/integration/testenv"
+	usermodel "galaxy/model/user"
+	"galaxy/transcoder"
+
+	"github.com/google/uuid"
+)
+
+// TestAntiReplay_DuplicateRequestID submits the same authenticated
+// request_id twice within the freshness window and asserts the
+// second attempt is rejected by gateway as a replay (Redis
+// reservation check).
+func TestAntiReplay_DuplicateRequestID(t *testing.T) {
+	plat := testenv.Bootstrap(t, testenv.BootstrapOptions{})
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	sess := testenv.RegisterSession(t, plat, "pilot+replay@example.com")
+	gw, err := sess.DialAuthenticated(ctx, plat)
+	if err != nil {
+		t.Fatalf("dial: %v", err)
+	}
+	defer gw.Close()
+
+	payload, err := transcoder.GetMyAccountRequestToPayload(&usermodel.GetMyAccountRequest{})
+	if err != nil {
+		t.Fatalf("encode payload: %v", err)
+	}
+	requestID := uuid.NewString()
+	timestamp := time.Now().UnixMilli()
+
+	first, err := gw.Execute(ctx, usermodel.MessageTypeGetMyAccount, payload, testenv.ExecuteOptions{
+		RequestID:   requestID,
+		TimestampMS: timestamp,
+	})
+	if err != nil {
+		t.Fatalf("first call failed: %v", err)
+	}
+	if first.ResultCode != "ok" {
+		t.Fatalf("first call result_code = %q, want ok", first.ResultCode)
+	}
+
+	_, err = gw.Execute(ctx, usermodel.MessageTypeGetMyAccount, payload, testenv.ExecuteOptions{
+		RequestID:   requestID,
+		TimestampMS: timestamp,
+	})
+	if err == nil {
+		t.Fatalf("replay accepted: expected rejection on duplicate request_id")
+	}
+	if !testenv.IsFailedPrecondition(err) && !testenv.IsResourceExhausted(err) && !testenv.IsUnauthenticated(err) && !testenv.IsInvalidArgument(err) {
+		t.Fatalf("replay rejection has unexpected status: %v", err)
+	}
+}