developer/scrabble-game
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8878711cf3958d71226b70125838c64db6745e13
scrabble-game/gateway/internal/backendclient/client_test.go
T
Ilia Denisov 8878711cf3 R3: gateway edge hardening — body cap, h2c sizing, rate-limit observability 
- GATEWAY_MAX_BODY_BYTES (1 MiB): connect WithReadMaxBytes + http.MaxBytesReader
  on the public mux; explicit http2.Server MaxConcurrentStreams/IdleTimeout and
  an http.Server ReadHeaderTimeout (R2 report follow-up).
- gateway_rate_limited_total{class} counter, Debug per rejection, a rejection
  tracker drained every 30 s into a Warn summary per key and a report POST to
  /api/v1/internal/ratelimit/report (feeds the admin view + auto-flag).
- The dead AdminPerMinute/AdminBurst policy now guards the /_gm mount (429),
  ahead of its Basic-Auth.
- resolve() logs the cause of infra session-resolve failures at Warn (the
  transient unauthenticated dips from the R2 run); unknown tokens stay silent.
2026-06-10 01:58:48 +02:00

49 lines
1.5 KiB
Go
Raw Blame History

package backendclient_test
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"time"
"scrabble/gateway/internal/backendclient"
"scrabble/gateway/internal/ratelimit"
)
// TestReportRateLimited verifies the rejection report reaches the backend's
// internal endpoint with the agreed JSON shape and no user identity.
func TestReportRateLimited(t *testing.T) {
var got struct {
WindowSeconds int `json:"window_seconds"`
Entries []ratelimit.Rejection `json:"entries"`
}
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost || r.URL.Path != "/api/v1/internal/ratelimit/report" {
t.Errorf("call = %s %s, want POST /api/v1/internal/ratelimit/report", r.Method, r.URL.Path)
}
if uid := r.Header.Get("X-User-ID"); uid != "" {
t.Errorf("X-User-ID = %q, want empty", uid)
}
if err := json.NewDecoder(r.Body).Decode(&got); err != nil {
t.Errorf("decode report: %v", err)
}
}))
defer srv.Close()
c, err := backendclient.New(srv.URL, "localhost:9090", 2*time.Second)
if err != nil {
t.Fatalf("backendclient: %v", err)
}
defer func() { _ = c.Close() }()
entries := []ratelimit.Rejection{{Class: "user", Key: "u-1", Rejected: 5}}
if err := c.ReportRateLimited(context.Background(), 30, entries); err != nil {
t.Fatalf("ReportRateLimited: %v", err)
}
if got.WindowSeconds != 30 || len(got.Entries) != 1 || got.Entries[0] != entries[0] {
t.Fatalf("backend received %+v, want window 30 + %+v", got, entries[0])
}
}
Reference in New Issue View Git Blame Copy Permalink