fix(worker): add rate limiter error handling and invalid purpose test

wgordon17 · wgordon17 · commit 39215e464ad6 · 2026-04-09T08:44:28.000-04:00
diff --git a/src/worker/index.ts b/src/worker/index.ts
@@ -704,8 +704,18 @@ export default {
       const { sessionId, setCookie } = await ensureSession(request, env);
 
       // Step 4: Rate limiting using session ID as key
-      const { success } = await env.PROXY_RATE_LIMITER.limit({ key: sessionId });
-      if (!success) {
+      let rateLimited = false;
+      try {
+        const { success } = await env.PROXY_RATE_LIMITER.limit({ key: sessionId });
+        rateLimited = !success;
+      } catch (err) {
+        log("error", "rate_limiter_failed", {
+          error: err instanceof Error ? err.message : "unknown",
+        }, request);
+        // Fail open — rate limiter misconfiguration should not block all proxy requests.
+        // Turnstile and session binding still protect the seal endpoint.
+      }
+      if (rateLimited) {
         log("warn", "proxy_rate_limited", { pathname: url.pathname }, request);
         const rateLimitResponse = errorResponse("rate_limited", 429);
         const headers = new Headers(rateLimitResponse.headers);
diff --git a/tests/worker/seal.test.ts b/tests/worker/seal.test.ts
@@ -227,6 +227,19 @@ describe("Worker /api/proxy/seal endpoint", () => {
     expect(json["error"]).toBe("invalid_request");
   });
 
+  it("request with invalid purpose (not in VALID_PURPOSES) returns 400", async () => {
+    globalThis.fetch = vi.fn().mockResolvedValue(
+      new Response(JSON.stringify({ success: true }), { status: 200 })
+    );
+
+    const req = makeSealRequest({ body: { token: "ghp_test", purpose: "github-pat" } });
+    const res = await worker.fetch(req, makeEnv());
+
+    expect(res.status).toBe(400);
+    const json = await res.json() as Record<string, unknown>;
+    expect(json["error"]).toBe("invalid_request");
+  });
+
   it("request with missing token returns 400 with invalid_request", async () => {
     globalThis.fetch = vi.fn().mockResolvedValue(
       new Response(JSON.stringify({ success: true }), { status: 200 })
