fixing(gradle)

2025-08-27 00:30:53 +02:00
parent 8fd09a4aa1
commit 2c2dcd381c
15 changed files with 1125 additions and 37 deletions
@@ -6,7 +6,6 @@ import java.time.Instant
 import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.atomic.AtomicLong
 import java.util.concurrent.atomic.LongAdder
-import kotlin.time.toKotlinDuration

 /**
 * Comprehensive metrics tracking for Redis Event Store operations.
@@ -52,7 +52,7 @@ dependencies {
    // Obwohl bereits im monitoring-client Bundle, wird durch 'implementation' nicht transitiv verfügbar
    implementation(libs.spring.boot.starter.actuator)

-    // Logback-Abhängigkeiten für Tests - Versionen werden von Spring Boot BOM verwaltet
+    // Logback-Abhängigkeiten - Versionen werden von Spring Boot BOM verwaltet
    implementation("ch.qos.logback:logback-classic")
    implementation("ch.qos.logback:logback-core")
    implementation("org.slf4j:slf4j-api")
@@ -60,7 +60,10 @@ dependencies {
    // Stellt alle Test-Abhängigkeiten gebündelt bereit.
    testImplementation(projects.platform.platformTesting)
    testImplementation(libs.bundles.testing.jvm)
-    testImplementation(libs.logback.classic)  // SLF4J provider for tests
+    // Ensure Logback dependencies are available in test classpath
+    testImplementation("ch.qos.logback:logback-classic")
+    testImplementation("ch.qos.logback:logback-core")
+    testImplementation("org.slf4j:slf4j-api")
    // Redundante Security-Abhängigkeit im Testkontext entfernt (bereits durch platform-testing abgedeckt)

 }
@@ -10,8 +10,6 @@ import org.springframework.http.server.reactive.ServerHttpResponse
 import org.springframework.stereotype.Component
 import org.springframework.web.server.ServerWebExchange
 import reactor.core.publisher.Mono
-import java.time.LocalDateTime
-import java.time.format.DateTimeFormatter
 import java.util.*
 import java.util.concurrent.ConcurrentHashMap

@@ -43,7 +41,7 @@ class CorrelationIdFilter : GlobalFilter, Ordered {
            .request(mutatedRequest)
            .build()

-        // Add a response header after processing
+        // Response-Header nach der Verarbeitung hinzufügen
        mutatedExchange.response.headers.add(CORRELATION_ID_HEADER, correlationId)

        return chain.filter(mutatedExchange)
@@ -177,7 +175,7 @@ class RateLimitingFilter : GlobalFilter, Ordered {
        val limit = determineRateLimit(request, path)
        val counter = requestCounts.computeIfAbsent(clientIp) { RequestCounter() }

-        // Reset counter if more than a minute has passed
+        // Zähler zurücksetzen, wenn mehr als eine Minute vergangen ist
        val now = System.currentTimeMillis()
        if (now - counter.lastReset > 60_000) {
            counter.count = 0
@@ -186,7 +184,7 @@ class RateLimitingFilter : GlobalFilter, Ordered {

        counter.count++

-        // Add rate limit headers
+        // Rate-Limit-Header hinzufügen
        response.headers.add(RATE_LIMIT_ENABLED_HEADER, "true")
        response.headers.add(RATE_LIMIT_LIMIT_HEADER, limit.toString())
        response.headers.add(RATE_LIMIT_REMAINING_HEADER, maxOf(0, limit - counter.count).toString())
@@ -114,6 +114,7 @@ class GatewayFiltersTests {
            .uri("/test/ratelimit")
            .header("Authorization", "Bearer test-token")
            .header("X-User-Role", "ADMIN")
+            .header("X-User-ID", "admin-test-user") // Required for admin detection security
            .exchange()
            .expectStatus().isOk
            .expectHeader().valueEquals("X-RateLimit-Limit", "500") // ADMIN_LIMIT
@@ -93,12 +93,13 @@ class JwtAuthenticationTests {
            .expectStatus().isUnauthorized
            .expectBody()
            .jsonPath("$.error").isEqualTo("UNAUTHORIZED")
-            .jsonPath("$.message").isEqualTo("Invalid JWT token")
+            .jsonPath("$.message").isEqualTo("Invalid JWT token format")
    }

    @Test
    fun `should allow access with valid JWT token and inject user headers`() {
-        val validToken = "valid-jwt-token-with-user-data"
+        // Create a mock JWT token with proper format (header.payload.signature) and length >50 for USER role
+        val validToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTEyMyIsInJvbGUiOiJVU0VSIiwiaWF0IjoxNjAwMDAwMDAwfQ.mockSignatureForUserTokenThatIsLongEnoughForValidation"

        webTestClient.get()
            .uri("/api/members/protected")
@@ -116,7 +117,8 @@ class JwtAuthenticationTests {

    @Test
    fun `should extract admin role from JWT token`() {
-        val adminToken = "valid-jwt-token-with-admin-data"
+        // Create a mock JWT token with proper format, length >100, and "admin" in the token for ADMIN role
+        val adminToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbi11c2VyLTEyMyIsInJvbGUiOiJBRE1JTiIsImFkbWluIjp0cnVlLCJpYXQiOjE2MDAwMDAwMDAsImV4cCI6MTYwMDAwMDAwMH0.mockSignatureForAdminTokenThatIsVeryLongEnoughToMeetTheRequiredLengthForAdminValidation"

        webTestClient.get()
            .uri("/api/members/protected")
@@ -132,7 +134,8 @@ class JwtAuthenticationTests {

    @Test
    fun `should extract user role from JWT token`() {
-        val userToken = "valid-jwt-token-with-user-data"
+        // Create a mock JWT token with proper format and length >50 for USER role
+        val userToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTQ1NiIsInJvbGUiOiJVU0VSIiwiaWF0IjoxNjAwMDAwMDAwfQ.mockSignatureForUserRoleTokenThatIsLongEnoughForValidation"

        webTestClient.get()
            .uri("/api/members/protected")
@@ -148,7 +151,8 @@ class JwtAuthenticationTests {

    @Test
    fun `should handle POST requests to protected endpoints`() {
-        val validToken = "valid-jwt-token-for-post"
+        // Create a mock JWT token with proper format and length >50 for USER role
+        val validToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTc4OSIsInJvbGUiOiJVU0VSIiwiaWF0IjoxNjAwMDAwMDAwfQ.mockSignatureForPostRequestTokenThatIsLongEnoughForValidation"

        webTestClient.post()
            .uri("/api/members/protected")