Skip to content

Add test coverage for the rate limiter, pause guard, and 503 behaviour #44

Description

@mikewheeleer

Test the rate limiter and pause-guard middleware

Description

The in-process rate limiter (60 req/IP/60s) and the pause guard (503 on writes when paused, with /admin/unpause exempted) in src/index.ts are core protective middleware, yet src/health.test.ts only checks one pause/unpause happy path and never exercises the limiter's 429. This issue adds focused coverage.

Requirements and context

  • Repository scope: Agentpay-Org/Agentpay-backend only.
  • Test that exceeding the limit yields 429 rate_limited with a Retry-After header and requestId, and that GET requests below the limit pass.
  • Test the pause guard: writes return 503 service_paused, GET/HEAD/OPTIONS still pass, and POST /api/v1/admin/unpause is exempt.
  • Test that GET /api/v1/admin/status reflects the current pause flag.
  • Keep tests deterministic (no real sleeping); reset state between cases as needed.

Suggested execution

  • Fork the repo and create a branch
  • git checkout -b test/testing-14-ratelimit-pause
  • Implement changes
    • Write comprehensive tests in: new src/middleware.test.ts using supertest.
    • Write code in: no production change expected; if the limiter is hard to test deterministically, note the limitation in the PR.
    • Add documentation: none beyond test descriptions.
    • Add clear test titles.
    • Validate security assumptions: confirm the limiter and pause guard cannot be bypassed via method casing or path tricks.
  • Test and commit

Test and commit

  • Run npm run build, npm test, and npm run lint.
  • Cover edge cases: exactly at the limit, just over, unpause recovery, status reflects flag.
  • Include the full npm test output in the PR description.

Example commit message

test: cover rate limiter and pause-guard middleware

Guidelines

  • Minimum 95 percent test coverage for impacted modules.
  • Clear, reviewer-focused documentation.
  • Timeframe: 96 hours.

Community & contribution rewards

  • 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
  • ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions