4eadb91a64
- Added rate limiting for outbound email sends to prevent abuse, implemented in `internal/api/mail/sendguard`. - Introduced idempotency key support for email sending to avoid duplicate submissions. - Enhanced attachment handling with new limits and validation in `internal/api/mail/limits`. - Updated outbox processing to include retry logic and circuit breaker for SMTP failures. - Improved HTML sanitization for email content to enhance security. - Added unit tests for new features, ensuring robust functionality and error handling. - Updated configuration options in `.env.example` for new mail settings.
29 lines
638 B
Go
29 lines
638 B
Go
package sendguard
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestRateLimiter_blocksBurst(t *testing.T) {
|
|
lim := NewRateLimiter(60, 2)
|
|
if err := lim.Allow("user-1"); err != nil {
|
|
t.Fatalf("first: %v", err)
|
|
}
|
|
if err := lim.Allow("user-1"); err != nil {
|
|
t.Fatalf("second: %v", err)
|
|
}
|
|
if err := lim.Allow("user-1"); err == nil {
|
|
t.Fatal("expected rate limit on third immediate request")
|
|
}
|
|
}
|
|
|
|
func TestRateLimiter_perUser(t *testing.T) {
|
|
lim := NewRateLimiter(60, 1)
|
|
if err := lim.Allow("a"); err != nil {
|
|
t.Fatalf("user a: %v", err)
|
|
}
|
|
if err := lim.Allow("b"); err != nil {
|
|
t.Fatalf("user b should have separate bucket: %v", err)
|
|
}
|
|
}
|