chore: add validation tests

[hwbrzzl]

📑 Description

@coderabbitai summary

✅ Checks

• Added test cases for my code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9bf556c4-6b03-4832-ba5e-9e8e4bb81fff

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The PR introduces a new AppendSuffix validation filter, adds an HTTP endpoint for validation uploads, integrates filters into the application bootstrap, adjusts telemetry export intervals, and includes comprehensive feature tests validating rules, filters, and custom validation behavior.

Changes

Cohort / File(s)	Summary
Validation Filter Implementation app/filters/append_suffix.go, bootstrap/filters.go, bootstrap/app.go	Introduces new AppendSuffix filter type with Signature() and Handle() methods. Registers filter in bootstrap via Filters() function and integrates into app setup chain with WithFilters().
Validation Upload Endpoint app/http/controllers/validation_controller.go, routes/api.go	Adds ValidationController.Upload() endpoint that reads rule and optional message from request input, validates presence of rule, constructs validation options via validation.Messages, and returns validation result or error.
Telemetry Configuration config/telemetry.go, tests/feature/telemetry_test.go	Changes default telemetry export intervals from 1s to 10s for both metrics and logs. Adjusts test suite wait time from 2 seconds to 11 seconds to accommodate longer export cycle.
Dependency Management go.mod	Adds replace directive pinning github.com/goravel/framework to specific commit pseudo-version.
Validation Feature Tests tests/feature/validation_test.go	Comprehensive test suite covering validation rules (file, image, custom), filters (including new append_suffix), custom rules with database lookups, type conversion, and error payload verification.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'chore: add validation tests' is misleading. While tests were added (tests/feature/validation_test.go), the PR makes substantial changes beyond tests: new filter implementation (append_suffix.go), new validation controller endpoint, bootstrap configuration changes, telemetry config updates, dependency pinning, and routing additions.	Consider a more accurate title like 'feat: add validation filter, controller endpoint, and comprehensive tests' to reflect all significant changes in the changeset.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bowen/add-tests-for-validation

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[hwbrzzl]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

tests/feature/telemetry_test.go (1)

31-33: Prefer eventual polling over fixed 11s sleep.
A static wait slows the suite and can still flake. Use an eventual check against one telemetry backend signal before assertions.

♻️ Example approach

-	// Wait for telemetry data to be exported
-	time.Sleep(11 * time.Second)
+	// Wait until telemetry data is observable (less flaky than fixed sleep)
+	s.Eventually(func() bool {
+		resp, err := facades.Http().Get("http://localhost:9090/api/v1/query?query=grpc_controller_total")
+		if err != nil {
+			return false
+		}
+		body, err := resp.Body()
+		if err != nil {
+			return false
+		}
+		return len(body) > 0
+	}, 20*time.Second, 1*time.Second)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/feature/telemetry_test.go` around lines 31 - 33, Replace the fixed
time.Sleep(11 * time.Second) in tests/feature/telemetry_test.go with an
eventual-polling loop that repeatedly checks the telemetry backend for the
expected signal until a deadline (e.g. using time.After for timeout and
time.Tick for polling); locate the Sleep call and wrap the existing assertions
to run only after the polling helper (e.g. waitForTelemetrySignal or poll until
checkTelemetryExport returns true) succeeds, returning a test failure on timeout
so the test stops waiting and avoids flakiness and long fixed sleeps.

tests/feature/validation_test.go (1)

401-416: Prefer asserting decoded JSON instead of raw response strings.

These exact string comparisons are brittle to serializer formatting/key-order changes and make failures harder to read. Unmarshal the body and compare the error object shape instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/feature/validation_test.go` around lines 401 - 416, The test is brittle
because it compares raw JSON strings from resp.Content(); instead decode the
response into a Go value and assert the structure instead: call resp.Content()
(or read resp.Body), json.Unmarshal into a map[string]interface{} (or a defined
error struct), use s.Require().NoError(err) on unmarshal, and then assert the
presence and values of keys like "message", "code", "date", and "name" (used in
the ValidateRequest subtest and the second POST response) rather than comparing
the exact serialized string; update the s.Equal assertions to compare the
decoded object fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@app/http/controllers/validation_controller.go`:
- Around line 164-181: The handler currently uses the user-controlled variable
"rule" directly when calling ctx.Request().Validate and building
validation.Messages, which allows execution of arbitrary validators; fix it by
implementing an explicit allowlist (e.g., a slice or map named allowedRules or a
helper isAllowedRule(rule string) bool) containing only permitted rule
identifiers, check rule against that allowlist before proceeding, return a 400
error if not allowed, and only then assemble options (validation.Messages) and
call ctx.Request().Validate with the safe, mapped rule value (keep using "f" as
the field key and the existing variables validator, options, and
validation.Messages).

In `@tests/feature/validation_test.go`:
- Around line 256-259: The test cases for the escape filters (tests named
"escapeJs", "escapeJS", "escapeHtml", "escapeHTML") only assert non-empty via
passRule: "required", so a no-op escape would still pass; update each case to
assert the actual escaped output (add a passAssert or use a stronger passRule)
that verifies the value has been transformed (e.g., contains expected escape
sequences like < > for HTML or backslash/escaped quotes for JS) so the
tests validate the escaping behavior rather than just non-emptiness.
- Around line 225-234: The assertions in the passAssert closures (e.g., for test
cases named
"int","toInt","uint","toUint","int64","toInt64","float","toFloat","bool","toBool","str2time","strToTime")
use cast.ToX helpers which mask whether the filter actually converted the value;
update those assertions to check concrete types/values without casting (or
change the test to bind the filtered result into a typed struct field and assert
that field's static type/value), e.g., replace require.Equal(t, 12,
cast.ToInt(actual)) with an assertion that actual is an int (and equals 12) or
use a typed struct in the test harness to verify the conversion occurred. Ensure
you update all passAssert closures referenced (including the other locations
noted) to remove cast.* calls and assert the concrete type/value directly.

---

Nitpick comments:
In `@tests/feature/telemetry_test.go`:
- Around line 31-33: Replace the fixed time.Sleep(11 * time.Second) in
tests/feature/telemetry_test.go with an eventual-polling loop that repeatedly
checks the telemetry backend for the expected signal until a deadline (e.g.
using time.After for timeout and time.Tick for polling); locate the Sleep call
and wrap the existing assertions to run only after the polling helper (e.g.
waitForTelemetrySignal or poll until checkTelemetryExport returns true)
succeeds, returning a test failure on timeout so the test stops waiting and
avoids flakiness and long fixed sleeps.

In `@tests/feature/validation_test.go`:
- Around line 401-416: The test is brittle because it compares raw JSON strings
from resp.Content(); instead decode the response into a Go value and assert the
structure instead: call resp.Content() (or read resp.Body), json.Unmarshal into
a map[string]interface{} (or a defined error struct), use
s.Require().NoError(err) on unmarshal, and then assert the presence and values
of keys like "message", "code", "date", and "name" (used in the ValidateRequest
subtest and the second POST response) rather than comparing the exact serialized
string; update the s.Equal assertions to compare the decoded object fields.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fc6f94eb-7b2d-4f31-b865-3ea0be5bdf23

📥 Commits

Reviewing files that changed from the base of the PR and between 7b7beca and dbf5f1a.

📒 Files selected for processing (9)

• app/filters/append_suffix.go
• app/http/controllers/validation_controller.go
• bootstrap/app.go
• bootstrap/filters.go
• config/telemetry.go
• go.mod
• routes/api.go
• tests/feature/telemetry_test.go
• tests/feature/validation_test.go