Fix Rate Limiting Issues

- Updated Definition of Done report with detailed checks and results for backend and frontend tests.
- Documented issues related to race conditions and test failures in QA reports.
- Improved security scan notes and code cleanup status in QA reports.
- Added summaries for rate limit integration test fixes, including root causes and resolutions.
- Introduced new debug and integration scripts for rate limit testing.
- Updated security documentation to reflect changes in configuration and troubleshooting steps.
- Enhanced troubleshooting guides for CrowdSec and Go language server (gopls) errors.
- Improved frontend and scripts README files for clarity and usage instructions.
This commit is contained in:
GitHub Actions
2025-12-12 19:21:44 +00:00
parent b47541e493
commit 9ad3afbd22
86 changed files with 9257 additions and 1107 deletions

View File

@@ -4,6 +4,7 @@ Current (QA): statements 84.54%, branches 75.85%, functions 78.97%.
Goal: reach >=85% with the smallest number of high-yield tests.
## Targeted Tests (minimal set with maximum lift)
- **API units (fast, high gap)**
- [src/api/notifications.ts](frontend/src/api/notifications.ts): cover payload branches in `previewProvider` (with/without `data`) and `previewExternalTemplate` (id vs inline template vs both), plus happy-path CRUD wrappers to verify endpoint URLs.
- [src/api/logs.ts](frontend/src/api/logs.ts): assert `getLogContent` query param building (search/host/status/level/sort), `downloadLog` sets `window.location.href`, and `connectLiveLogs` callbacks for `onOpen`, `onMessage` (valid JSON), parse error branch, `onError`, and `onClose` (closing when readyState OPEN/CONNECTING).
@@ -38,12 +39,14 @@ Goal: reach >=85% with the smallest number of high-yield tests.
- `Summary.tsx`, `FeatureFlagProvider.tsx`, `useFeatureFlags.ts`, `LiveLogViewerRow.tsx`: confirm current paths (may have been renamed). Add light RTL/unit tests mirroring above patterns if still present (e.g., summary widget rendering counts, provider supplying default flags).
## SMTPSettings Deflake Strategy
- Wait for data: use `await screen.findByText('Email (SMTP) Settings')` and `await waitFor(() => expect(hostInput).toHaveValue('...'))` after mocking `getSMTPConfig` to resolve once.
- Avoid racing mutations: wrap `vi.useFakeTimers()` only if timers are used; otherwise keep real timers and `await act(async () => ...)` on mutations.
- Reset query cache per test (`queryClient.clear()` or `QueryClientProvider` fresh instance) and isolate toast spies.
- Prefer role/label queries (`getByLabelText('SMTP Host')`) over brittle text selectors; ensure `toast` mocks are flushed before assertions.
## Ordered Phases (minimal steps to >=85%)
- Phase 1 (API unit bursts) — expected +0.30 to statements: notifications.ts, logs.ts, users.ts.
- Phase 2 (UI quick wins) — expected +0.50: SMTPSettings, LiveLogViewer, UsersPage.
- Phase 3 (Security shell) — expected +0.40: CrowdSecConfig, Security page.