mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 17:20:33 +00:00
quality: MSRV, tarpaulin config, proptest for parsers (#84)
* fix: proxy dedup, multi-registry GC, TOCTOU and credential hygiene - Deduplicate proxy_fetch/proxy_fetch_text into generic proxy_fetch_core with response extractor closure (removes ~50 lines of copy-paste) - GC now scans all registry prefixes, not just docker/ - Add tracing::warn to fire-and-forget cache writes in docker proxy - Mark S3 credentials as skip_serializing to prevent accidental leaks - Remove TOCTOU race in LocalStorage get/delete (redundant exists check) * chore: clean up root directory structure - Move Dockerfile.astra and Dockerfile.redos to deploy/ (niche builds should not clutter the project root) - Harden .gitignore to exclude session files, working notes, and internal review scripts * refactor(metrics): replace 13 atomic fields with CounterMap Per-registry download/upload counters were 13 individual AtomicU64 fields, each duplicated across new(), with_persistence(), save(), record_download(), record_upload(), and get_registry_* (6 touch points per counter). Adding a new registry required changes in 6+ places. Now uses CounterMap (HashMap<String, AtomicU64>) for per-registry counters. Adding a new registry = one entry in REGISTRIES const. Added Go registry to REGISTRIES, gaining go metrics for free. * quality: add MSRV, tarpaulin config, proptest for parsers - Set rust-version = 1.75 in workspace Cargo.toml (MSRV policy) - Add tarpaulin.toml: llvm engine, fail-under=25, json+html output - Add coverage/ to .gitignore - Update CI to use tarpaulin.toml instead of inline flags - Add proptest dev-dependency and property tests: - validation.rs: 16 tests (never-panics + invariants for all 4 validators) - pypi.rs: 5 tests (extract_filename never-panics + format assertions) * test: add unit tests for 14 modules, coverage 21% → 30% Add 149 new tests across auth, backup, gc, metrics, mirror parsers, docker (manifest detection, session cleanup, metadata serde), docker_auth (token cache), maven, npm, pypi (normalize, rewrite, extract), raw (content-type guessing), request_id, and s3 (URI encoding). Update tarpaulin.toml: raise fail-under to 30, exclude UI/main from coverage reporting as they require integration tests. * bench: add criterion benchmarks for validation and manifest parsing Add parsing benchmark suite with 14 benchmarks covering: - Storage key, Docker name, digest, and reference validation - Docker manifest media type detection (v2, OCI index, minimal, invalid) Run with: cargo bench --package nora-registry --bench parsing * test: add 48 integration tests via tower oneshot Add integration tests for all HTTP handlers: - health (3), raw (7), cargo (4), maven (4), request_id (2) - pypi (5), npm (5), docker (12), auth (6) Create test_helpers.rs with TestContext pattern. Add tower and http-body-util dev-dependencies. Update tarpaulin fail-under 30 to 40. Coverage: 29.5% to 43.3% (2089/4825 lines) * fix: clean clippy warnings in tests, fix flaky audit test Add #[allow(clippy::unwrap_used)] to 18 test modules. Fix 3 additional clippy lints: writeln_empty_string, needless_update, unnecessary_get_then_check. Fix flaky audit test: replace single sleep(50ms) with retry loop (max 1s). Prefix unused token variable with underscore. cargo clippy --all-targets = 0 warnings (was 245 errors)
This commit is contained in:
GitHub
@@ -251,6 +251,7 @@ async fn mirror_npm_packages(
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
#[allow(clippy::unwrap_used)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
@@ -324,4 +325,108 @@ mod tests {
|
||||
assert_eq!(targets.len(), 1); // deduplicated
|
||||
assert_eq!(targets[0].name, "debug");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_extract_package_name_simple() {
|
||||
assert_eq!(extract_package_name("node_modules/lodash"), Some("lodash"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_extract_package_name_scoped() {
|
||||
assert_eq!(
|
||||
extract_package_name("node_modules/@babel/core"),
|
||||
Some("@babel/core")
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_extract_package_name_nested() {
|
||||
assert_eq!(
|
||||
extract_package_name("node_modules/foo/node_modules/@scope/bar"),
|
||||
Some("@scope/bar")
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_extract_package_name_no_node_modules() {
|
||||
assert_eq!(extract_package_name("just/a/path"), None);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_extract_package_name_empty_after() {
|
||||
assert_eq!(extract_package_name("node_modules/"), None);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_v2() {
|
||||
let lockfile = serde_json::json!({
|
||||
"lockfileVersion": 2,
|
||||
"packages": {
|
||||
"": {"name": "root"},
|
||||
"node_modules/express": {"version": "4.18.2"},
|
||||
"node_modules/@types/node": {"version": "20.11.0"}
|
||||
}
|
||||
});
|
||||
let targets = parse_npm_lockfile(&lockfile.to_string()).unwrap();
|
||||
assert_eq!(targets.len(), 2);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_empty_packages() {
|
||||
let lockfile = serde_json::json!({
|
||||
"lockfileVersion": 3,
|
||||
"packages": {}
|
||||
});
|
||||
let targets = parse_npm_lockfile(&lockfile.to_string()).unwrap();
|
||||
assert!(targets.is_empty());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_invalid_json() {
|
||||
let result = parse_npm_lockfile("not json at all");
|
||||
assert!(result.is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_v1_nested() {
|
||||
let lockfile = serde_json::json!({
|
||||
"lockfileVersion": 1,
|
||||
"dependencies": {
|
||||
"express": {
|
||||
"version": "4.18.2",
|
||||
"dependencies": {
|
||||
"accepts": {"version": "1.3.8"}
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
let targets = parse_npm_lockfile(&lockfile.to_string()).unwrap();
|
||||
assert_eq!(targets.len(), 2);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_v2_falls_back_to_v1() {
|
||||
// v2 with empty packages should fall back to v1 dependencies
|
||||
let lockfile = serde_json::json!({
|
||||
"lockfileVersion": 2,
|
||||
"packages": {},
|
||||
"dependencies": {
|
||||
"lodash": {"version": "4.17.21"}
|
||||
}
|
||||
});
|
||||
let targets = parse_npm_lockfile(&lockfile.to_string()).unwrap();
|
||||
assert_eq!(targets.len(), 1);
|
||||
assert_eq!(targets[0].name, "lodash");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_parse_lockfile_no_version_field() {
|
||||
let lockfile = serde_json::json!({
|
||||
"packages": {
|
||||
"node_modules/something": {"resolved": "https://example.com"}
|
||||
}
|
||||
});
|
||||
let targets = parse_npm_lockfile(&lockfile.to_string()).unwrap();
|
||||
assert!(targets.is_empty());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user