forked from Rockachopa/Timmy-time-dashboard
9d78eb31d1
* polish: streamline nav, extract inline styles, improve tablet UX - Restructure desktop nav from 8+ flat links + overflow dropdown into 5 grouped dropdowns (Core, Agents, Intel, System, More) matching the mobile menu structure to reduce decision fatigue - Extract all inline styles from mission_control.html and base.html notification elements into mission-control.css with semantic classes - Replace JS-built innerHTML with secure DOM construction in notification loader and chat history - Add CONNECTING state to connection indicator (amber) instead of showing OFFLINE before WebSocket connects - Add tablet breakpoint (1024px) with larger touch targets for Apple Pencil / stylus use and safe-area padding for iPad toolbar - Add active-link highlighting in desktop dropdown menus - Rename "Mission Control" page title to "System Overview" to disambiguate from the chat home page - Add "Home — Timmy Time" page title to index.html https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h * fix(security): move auth-gate credentials to environment variables Hardcoded username, password, and HMAC secret in auth-gate.py replaced with os.environ lookups. Startup now refuses to run if any variable is unset. Added AUTH_GATE_SECRET/USER/PASS to .env.example. https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h * refactor(tooling): migrate from black+isort+bandit to ruff Replace three separate linting/formatting tools with a single ruff invocation. Updates tox.ini (lint, format, pre-push, pre-commit envs), .pre-commit-config.yaml, and CI workflow. Fixes all ruff errors including unused imports, missing raise-from, and undefined names. Ruff config maps existing bandit skips to equivalent S-rules. https://claude.ai/code/session_015uPUoKyYa8M2UAcyk5Gt6h --------- Co-authored-by: Claude <noreply@anthropic.com>
43 lines
1.3 KiB
Python
43 lines
1.3 KiB
Python
"""Tests for API rate limiting in Timmy Serve."""
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
from timmy_serve.app import create_timmy_serve_app
|
|
|
|
|
|
@pytest.fixture
|
|
def client():
|
|
app = create_timmy_serve_app()
|
|
return TestClient(app)
|
|
|
|
|
|
def test_health_check_no_rate_limit(client):
|
|
"""Health check should not be rate limited (or have a very high limit)."""
|
|
for _ in range(10):
|
|
response = client.get("/health")
|
|
assert response.status_code == 200
|
|
|
|
|
|
def test_chat_rate_limiting(client, monkeypatch):
|
|
"""Chat endpoint should be rate limited."""
|
|
# Mock create_timmy to avoid heavy LLM initialization
|
|
monkeypatch.setattr(
|
|
"timmy_serve.app.create_timmy",
|
|
lambda: type(
|
|
"obj",
|
|
(object,),
|
|
{"run": lambda self, m, stream: type("obj", (object,), {"content": "reply"})()},
|
|
)(),
|
|
)
|
|
|
|
# Send requests up to the limit (assuming limit is small for tests or we just test it's there)
|
|
# Since we haven't implemented it yet, this test should fail if we assert 429
|
|
responses = []
|
|
for _ in range(20):
|
|
responses.append(client.post("/serve/chat", json={"message": "hi"}))
|
|
|
|
# If rate limiting is implemented, some of these should be 429
|
|
status_codes = [r.status_code for r in responses]
|
|
assert 429 in status_codes
|