feat: add integration and setup tests and complete code review fixes
This commit is contained in:
Ayobami
@@ -61,6 +61,10 @@ The following environment variables can be configured in your `.env` file:
|
||||
| `PDF_OUTPUT_DIR` | `tickets` | Directory for generated PDF tickets |
|
||||
| `PDF_CLEANUP_MAX_AGE_HOURS` | `24` | Maximum age for PDF cleanup |
|
||||
| `TEST_URL` | `http://localhost:3049` | Base URL for load testing |
|
||||
| `ALLOWED_ORIGINS` | `localhost:3000,3049` | CORS allowed origins |
|
||||
| `RATE_LIMIT_ENABLED` | `true` | Enable rate limiting |
|
||||
| `SECURITY_HEADERS_ENABLED` | `true` | Enable security headers |
|
||||
| `REDIS_SCAN_BATCH_SIZE` | `100` | Redis SCAN batch size for performance |
|
||||
|
||||
### Quick Start
|
||||
|
||||
@@ -169,6 +173,26 @@ node tests/load-test.js --event 2 --connections 1000 --duration 10
|
||||
# Test fallback store functionality
|
||||
npm run test:fallback
|
||||
|
||||
# Test security features
|
||||
npm run test:security
|
||||
|
||||
# Run comprehensive test suite
|
||||
npm test
|
||||
|
||||
# Run specific test categories
|
||||
npm run test:unit # Unit tests only
|
||||
npm run test:integration # Integration tests only
|
||||
npm run test:performance # Performance tests only
|
||||
|
||||
# Run critical duplicate prevention tests
|
||||
npm run test:duplicate-prevention
|
||||
|
||||
# Run with coverage report
|
||||
npm run test:coverage
|
||||
|
||||
# Run tests in watch mode (development)
|
||||
npm run test:watch
|
||||
|
||||
### Monitoring & Metrics
|
||||
|
||||
#### Application Metrics
|
||||
@@ -226,6 +250,88 @@ docker-compose up -d --build
|
||||
- **Logging & Metrics:** Proper logging of operations and a functional metrics endpoint suitable for Prometheus scraping.
|
||||
- **Design Rationale:** The design document (`design.md`) should clearly articulate your architectural decisions, potential bottlenecks, and design solutions.
|
||||
|
||||
## Testing Suite
|
||||
|
||||
The project includes a comprehensive testing framework to ensure reliability and prevent critical issues:
|
||||
|
||||
### Test Categories
|
||||
|
||||
- **Unit Tests** (`tests/unit/`): Test individual components in isolation
|
||||
- **Integration Tests** (`tests/integration/`): Test component interactions and API endpoints
|
||||
- **Performance Tests** (`tests/performance/`): Verify system behavior under high load
|
||||
|
||||
### Critical Test Coverage
|
||||
|
||||
- **Duplicate Prevention**: Automated verification that no ticket is sold more than once
|
||||
- **High Concurrency**: Tests with 100+ concurrent requests to ensure data integrity
|
||||
- **Fallback Mode**: Comprehensive testing of Redis failure scenarios
|
||||
- **API Endpoints**: Full coverage of all REST endpoints with edge case handling
|
||||
- **Security Features**: Validation of rate limiting, input validation, and security headers
|
||||
|
||||
### Running Tests
|
||||
|
||||
```bash
|
||||
# Run all tests
|
||||
npm test
|
||||
|
||||
# Run specific test categories
|
||||
npm run test:unit # Unit tests only
|
||||
npm run test:integration # Integration tests only
|
||||
npm run test:performance # Performance tests only
|
||||
|
||||
# Run critical duplicate prevention tests
|
||||
npm run test:duplicate-prevention
|
||||
|
||||
# Generate coverage report
|
||||
npm run test:coverage
|
||||
|
||||
# Run tests in watch mode (development)
|
||||
npm run test:watch
|
||||
|
||||
# Use the test runner script for easier test execution
|
||||
node run-tests.js all # Run all tests
|
||||
node run-tests.js validate # Run core requirement validation
|
||||
node run-tests.js duplicate # Run duplicate prevention tests only
|
||||
node run-tests.js quick # Run quick test suite
|
||||
```
|
||||
|
||||
### Test Requirements
|
||||
|
||||
- **No Duplicate Tickets**: Core requirement verified by automated tests
|
||||
- **High Concurrency**: System tested with 100+ concurrent requests
|
||||
- **Data Consistency**: Redis and fallback store synchronization verified
|
||||
- **Performance**: Response times and memory usage monitored under load
|
||||
- **Security**: All security features validated with comprehensive tests
|
||||
|
||||
## Security Features
|
||||
|
||||
The system includes comprehensive security measures to protect against common threats:
|
||||
|
||||
### Rate Limiting
|
||||
|
||||
- **General API**: 100 requests per 15 minutes
|
||||
- **Purchase Endpoints**: 10 requests per minute
|
||||
- **Admin Endpoints**: 20 requests per 5 minutes
|
||||
|
||||
### Input Validation
|
||||
|
||||
- **Event IDs**: Must be positive integers
|
||||
- **Purchase IDs**: Must be valid UUIDs
|
||||
- **Request Parameters**: Validated and sanitized
|
||||
|
||||
### Security Headers
|
||||
|
||||
- **Content Security Policy**: Prevents XSS attacks
|
||||
- **HSTS**: Enforces HTTPS connections
|
||||
- **XSS Protection**: Additional XSS prevention
|
||||
- **Frame Guard**: Prevents clickjacking
|
||||
|
||||
### Request Security
|
||||
|
||||
- **Size Limits**: Maximum 1MB request size
|
||||
- **CORS Protection**: Configurable allowed origins
|
||||
- **Security Logging**: Suspicious request monitoring
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Common Issues
|
||||
|
||||
Reference in New Issue
Block a user