Test the rate limiter and pause-guard middleware
Description
The in-process rate limiter (60 req/IP/60s) and the pause guard (503 on writes when paused, with /admin/unpause exempted) in src/index.ts are core protective middleware, yet src/health.test.ts only checks one pause/unpause happy path and never exercises the limiter's 429. This issue adds focused coverage.
Requirements and context
- Repository scope:
Agentpay-Org/Agentpay-backend only.
- Test that exceeding the limit yields
429 rate_limited with a Retry-After header and requestId, and that GET requests below the limit pass.
- Test the pause guard: writes return
503 service_paused, GET/HEAD/OPTIONS still pass, and POST /api/v1/admin/unpause is exempt.
- Test that
GET /api/v1/admin/status reflects the current pause flag.
- Keep tests deterministic (no real sleeping); reset state between cases as needed.
Suggested execution
- Fork the repo and create a branch
git checkout -b test/testing-14-ratelimit-pause
- Implement changes
- Write comprehensive tests in: new
src/middleware.test.ts using supertest.
- Write code in: no production change expected; if the limiter is hard to test deterministically, note the limitation in the PR.
- Add documentation: none beyond test descriptions.
- Add clear test titles.
- Validate security assumptions: confirm the limiter and pause guard cannot be bypassed via method casing or path tricks.
- Test and commit
Test and commit
- Run
npm run build, npm test, and npm run lint.
- Cover edge cases: exactly at the limit, just over, unpause recovery, status reflects flag.
- Include the full
npm test output in the PR description.
Example commit message
test: cover rate limiter and pause-guard middleware
Guidelines
- Minimum 95 percent test coverage for impacted modules.
- Clear, reviewer-focused documentation.
- Timeframe: 96 hours.
Community & contribution rewards
- 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
- ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.
Test the rate limiter and pause-guard middleware
Description
The in-process rate limiter (60 req/IP/60s) and the pause guard (503 on writes when
paused, with/admin/unpauseexempted) insrc/index.tsare core protective middleware, yetsrc/health.test.tsonly checks one pause/unpause happy path and never exercises the limiter's429. This issue adds focused coverage.Requirements and context
Agentpay-Org/Agentpay-backendonly.429 rate_limitedwith aRetry-Afterheader andrequestId, and that GET requests below the limit pass.503 service_paused, GET/HEAD/OPTIONS still pass, andPOST /api/v1/admin/unpauseis exempt.GET /api/v1/admin/statusreflects the current pause flag.Suggested execution
git checkout -b test/testing-14-ratelimit-pausesrc/middleware.test.tsusingsupertest.Test and commit
npm run build,npm test, andnpm run lint.npm testoutput in the PR description.Example commit message
test: cover rate limiter and pause-guard middlewareGuidelines
Community & contribution rewards