- Created comprehensive filtering and sorting test suite
- Tests cover tracks endpoints: filtering by user_id, genre, format, combined filters
- Tests cover tracks endpoints: sorting by created_at (asc/desc), title, default sort
- Tests cover users endpoints: filtering by role, is_active, is_verified, search
- Tests cover users endpoints: sorting by created_at, username
- Tests cover playlists endpoints: filtering by user_id
- Tests verify invalid sort fields and orders are handled gracefully
- Tests verify combined filtering and sorting work together
- Note: User search test skipped for SQLite (does not support ILIKE operator)
Phase: PHASE-5
Priority: P2
Progress: 141/267 (52.81%)
- Created k6 load test script for concurrent and chunked uploads
- Added Go performance tests for upload endpoints
- Updated README with usage instructions for upload load tests
- Tests cover simple upload, chunked upload (initiate/chunk/complete), and batch upload
- Performance thresholds defined for upload operations
Phase: PHASE-5
Priority: P2
Progress: 136/267 (50.94%)
- Added comprehensive load tests for upload endpoints:
* Concurrent simple uploads (20 concurrent uploads)
* Concurrent chunked uploads (5 uploads with 10 chunks each)
* Chunked upload stress test (10 uploads with 20 chunks each)
* Upload status polling under load (50 concurrent polls)
- All tests measure throughput, success rates, and response times
- Tests use in-memory SQLite and Redis (if available) for fast execution
- All tests tagged with load build tag
- Added comprehensive performance tests for critical endpoints:
* Health check endpoints (/health, /readyz) - threshold: 10ms
* Authentication endpoints (login: 100ms, register: 200ms)
* Track endpoints (list: 50ms, get: 30ms, create: 500ms)
* Playlist endpoints (list: 50ms, create: 200ms)
* User endpoints (list: 50ms, get: 30ms)
- Includes both performance tests (measuring response times against thresholds)
- Includes benchmarks using Go benchmark framework
- All tests tagged with performance build tag
- Tests use in-memory SQLite for fast execution
- Added comprehensive integration tests for CSRF protection middleware:
* GET/HEAD/OPTIONS pass without token (safe methods)
* POST/PUT/DELETE require valid CSRF token
* Requests without token are rejected (403)
* Requests with invalid token are rejected (403)
* Requests with valid token pass
* CSRF token generation endpoint
* Unauthenticated users are not blocked by CSRF
* Public endpoints are not blocked
* Each user has their own token
* Same token can be used multiple times
- Tests use Redis for token storage and validation
- All tests tagged with integration build tag
