karaoke-gen 0.101.0__py3-none-any.whl → 0.105.4__py3-none-any.whl

backend/tests/test_rate_limits_api.py

@@ -0,0 +1,392 @@
+"""
+Unit tests for rate limits admin API endpoints.
+
+Tests the rate limit statistics, blocklist management, and user override endpoints.
+"""
+import pytest
+from unittest.mock import Mock, patch, MagicMock
+from fastapi.testclient import TestClient
+from fastapi import FastAPI
+from datetime import datetime, timezone
+
+from backend.api.routes.rate_limits import router
+from backend.api.dependencies import require_admin
+from backend.services.auth_service import AuthResult, UserType
+
+
+# Create a test app with the rate_limits router
+app = FastAPI()
+app.include_router(router, prefix="/api")
+
+
+def get_mock_admin():
+    """Override for require_admin dependency."""
+    return AuthResult(
+        is_valid=True,
+        user_type=UserType.ADMIN,
+        remaining_uses=-1,
+        message="Admin access granted",
+        user_email="admin@example.com",
+        is_admin=True,
+    )
+
+
+# Override the require_admin dependency
+app.dependency_overrides[require_admin] = get_mock_admin
+
+
+@pytest.fixture
+def client():
+    """Create a test client."""
+    return TestClient(app)
+
+
+@pytest.fixture
+def mock_settings():
+    """Create mock settings."""
+    settings = Mock()
+    settings.enable_rate_limiting = True
+    settings.rate_limit_jobs_per_day = 5
+    settings.rate_limit_youtube_uploads_per_day = 10
+    settings.rate_limit_beta_ip_per_day = 1
+    return settings
+
+
+class TestGetRateLimitStats:
+    """Tests for GET /api/admin/rate-limits/stats endpoint."""
+
+    def test_returns_stats(self, client, mock_settings):
+        """Test successful stats retrieval."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls, \
+             patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs, \
+             patch('backend.api.routes.rate_limits.settings', mock_settings):
+
+            # Setup rate limit service mock
+            mock_rls = Mock()
+            mock_rls.get_youtube_uploads_today.return_value = 3
+            mock_rls.get_all_overrides.return_value = {"user1@example.com": {}}
+            mock_get_rls.return_value = mock_rls
+
+            # Setup email validation service mock
+            mock_evs = Mock()
+            mock_evs.get_blocklist_stats.return_value = {
+                "disposable_domains_count": 100,
+                "blocked_emails_count": 5,
+                "blocked_ips_count": 2,
+                "default_disposable_domains_count": 130,
+            }
+            mock_get_evs.return_value = mock_evs
+
+            response = client.get(
+                "/api/admin/rate-limits/stats",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["jobs_per_day_limit"] == 5
+            assert data["youtube_uploads_per_day_limit"] == 10
+            assert data["youtube_uploads_today"] == 3
+            assert data["youtube_uploads_remaining"] == 7
+            assert data["disposable_domains_count"] == 100
+            assert data["total_overrides"] == 1
+
+
+class TestGetUserRateLimitStatus:
+    """Tests for GET /api/admin/rate-limits/users/{email} endpoint."""
+
+    def test_returns_user_status(self, client, mock_settings):
+        """Test successful user status retrieval."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls, \
+             patch('backend.api.routes.rate_limits.settings', mock_settings):
+
+            mock_rls = Mock()
+            mock_rls.get_user_job_count_today.return_value = 2
+            mock_rls.get_user_override.return_value = None
+            mock_get_rls.return_value = mock_rls
+
+            response = client.get(
+                "/api/admin/rate-limits/users/user@example.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["email"] == "user@example.com"
+            assert data["jobs_today"] == 2
+            assert data["jobs_limit"] == 5
+            assert data["jobs_remaining"] == 3
+            assert data["has_bypass"] is False
+
+    def test_returns_user_with_bypass(self, client, mock_settings):
+        """Test user with bypass override."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls, \
+             patch('backend.api.routes.rate_limits.settings', mock_settings):
+
+            mock_rls = Mock()
+            mock_rls.get_user_job_count_today.return_value = 10
+            mock_rls.get_user_override.return_value = {
+                "bypass_job_limit": True,
+                "reason": "VIP user"
+            }
+            mock_get_rls.return_value = mock_rls
+
+            response = client.get(
+                "/api/admin/rate-limits/users/vip@example.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["has_bypass"] is True
+            assert data["bypass_reason"] == "VIP user"
+            assert data["jobs_remaining"] == -1  # Unlimited
+
+
+class TestBlocklistEndpoints:
+    """Tests for blocklist management endpoints."""
+
+    def test_get_blocklists(self, client):
+        """Test getting all blocklists."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs, \
+             patch('backend.services.firestore_service.get_firestore_client') as mock_get_db:
+
+            mock_evs = Mock()
+            mock_evs.get_blocklist_config.return_value = {
+                "disposable_domains": {"tempmail.com", "mailinator.com"},
+                "blocked_emails": {"spammer@example.com"},
+                "blocked_ips": {"192.168.1.100"},
+            }
+            mock_get_evs.return_value = mock_evs
+
+            # Mock Firestore for metadata
+            mock_db = Mock()
+            mock_doc = Mock()
+            mock_doc.exists = True
+            mock_doc.to_dict.return_value = {
+                "updated_at": datetime.now(timezone.utc),
+                "updated_by": "admin@example.com"
+            }
+            mock_db.collection.return_value.document.return_value.get.return_value = mock_doc
+            mock_get_db.return_value = mock_db
+
+            response = client.get(
+                "/api/admin/rate-limits/blocklists",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert "tempmail.com" in data["disposable_domains"]
+            assert "spammer@example.com" in data["blocked_emails"]
+
+    def test_add_disposable_domain(self, client):
+        """Test adding a disposable domain."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs:
+
+            mock_evs = Mock()
+            mock_evs.add_disposable_domain.return_value = True
+            mock_get_evs.return_value = mock_evs
+
+            response = client.post(
+                "/api/admin/rate-limits/blocklists/disposable-domains",
+                json={"domain": "newtemp.com"},
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["success"] is True
+            mock_evs.add_disposable_domain.assert_called_once_with("newtemp.com", "admin@example.com")
+
+    def test_add_disposable_domain_invalid(self, client):
+        """Test adding invalid domain."""
+        response = client.post(
+            "/api/admin/rate-limits/blocklists/disposable-domains",
+            json={"domain": "invalid"},  # No dot
+            headers={"Authorization": "Bearer admin-token"}
+        )
+
+        assert response.status_code == 400
+
+    def test_remove_disposable_domain(self, client):
+        """Test removing a disposable domain."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs:
+
+            mock_evs = Mock()
+            mock_evs.remove_disposable_domain.return_value = True
+            mock_get_evs.return_value = mock_evs
+
+            response = client.delete(
+                "/api/admin/rate-limits/blocklists/disposable-domains/tempmail.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            mock_evs.remove_disposable_domain.assert_called_once()
+
+    def test_remove_disposable_domain_not_found(self, client):
+        """Test removing non-existent domain."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs:
+
+            mock_evs = Mock()
+            mock_evs.remove_disposable_domain.return_value = False
+            mock_get_evs.return_value = mock_evs
+
+            response = client.delete(
+                "/api/admin/rate-limits/blocklists/disposable-domains/notfound.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 404
+
+    def test_add_blocked_email(self, client):
+        """Test adding a blocked email."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs:
+
+            mock_evs = Mock()
+            mock_evs.add_blocked_email.return_value = True
+            mock_get_evs.return_value = mock_evs
+
+            response = client.post(
+                "/api/admin/rate-limits/blocklists/blocked-emails",
+                json={"email": "spammer@example.com"},
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+
+    def test_add_blocked_ip(self, client):
+        """Test adding a blocked IP."""
+        with patch('backend.api.routes.rate_limits.get_email_validation_service') as mock_get_evs:
+
+            mock_evs = Mock()
+            mock_evs.add_blocked_ip.return_value = True
+            mock_get_evs.return_value = mock_evs
+
+            response = client.post(
+                "/api/admin/rate-limits/blocklists/blocked-ips",
+                json={"ip_address": "192.168.1.100"},
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+
+
+class TestUserOverrideEndpoints:
+    """Tests for user override management endpoints."""
+
+    def test_get_all_overrides(self, client):
+        """Test getting all user overrides."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls:
+
+            mock_rls = Mock()
+            mock_rls.get_all_overrides.return_value = {
+                "vip@example.com": {
+                    "bypass_job_limit": True,
+                    "custom_daily_job_limit": None,
+                    "reason": "VIP user",
+                    "created_by": "admin@example.com",
+                    "created_at": datetime.now(timezone.utc),
+                }
+            }
+            mock_get_rls.return_value = mock_rls
+
+            response = client.get(
+                "/api/admin/rate-limits/overrides",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            data = response.json()
+            assert data["total"] == 1
+            assert len(data["overrides"]) == 1
+            assert data["overrides"][0]["email"] == "vip@example.com"
+
+    def test_set_user_override(self, client):
+        """Test setting a user override."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls:
+
+            mock_rls = Mock()
+            mock_get_rls.return_value = mock_rls
+
+            response = client.put(
+                "/api/admin/rate-limits/overrides/user@example.com",
+                json={
+                    "bypass_job_limit": True,
+                    "reason": "Special access granted"
+                },
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            mock_rls.set_user_override.assert_called_once_with(
+                user_email="user@example.com",
+                bypass_job_limit=True,
+                custom_daily_job_limit=None,
+                reason="Special access granted",
+                admin_email="admin@example.com",
+            )
+
+    def test_set_user_override_with_custom_limit(self, client):
+        """Test setting a user override with custom limit."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls:
+
+            mock_rls = Mock()
+            mock_get_rls.return_value = mock_rls
+
+            response = client.put(
+                "/api/admin/rate-limits/overrides/user@example.com",
+                json={
+                    "bypass_job_limit": False,
+                    "custom_daily_job_limit": 20,
+                    "reason": "High volume user"
+                },
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+            mock_rls.set_user_override.assert_called_once()
+
+    def test_set_user_override_missing_reason(self, client):
+        """Test setting override without reason fails."""
+        response = client.put(
+            "/api/admin/rate-limits/overrides/user@example.com",
+            json={
+                "bypass_job_limit": True,
+                "reason": "ab"  # Too short
+            },
+            headers={"Authorization": "Bearer admin-token"}
+        )
+
+        assert response.status_code == 400
+
+    def test_remove_user_override(self, client):
+        """Test removing a user override."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls:
+
+            mock_rls = Mock()
+            mock_rls.remove_user_override.return_value = True
+            mock_get_rls.return_value = mock_rls
+
+            response = client.delete(
+                "/api/admin/rate-limits/overrides/user@example.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 200
+
+    def test_remove_user_override_not_found(self, client):
+        """Test removing non-existent override."""
+        with patch('backend.api.routes.rate_limits.get_rate_limit_service') as mock_get_rls:
+
+            mock_rls = Mock()
+            mock_rls.remove_user_override.return_value = False
+            mock_get_rls.return_value = mock_rls
+
+            response = client.delete(
+                "/api/admin/rate-limits/overrides/notfound@example.com",
+                headers={"Authorization": "Bearer admin-token"}
+            )
+
+            assert response.status_code == 404

backend/tests/test_stripe_service.py

@@ -0,0 +1,205 @@
+"""
+Tests for StripeService.
+
+Tests cover:
+- Made-for-you checkout session URL generation
+- Credit purchase checkout session URL generation
+- Package validation
+"""
+
+import pytest
+from unittest.mock import Mock, patch, MagicMock
+import os
+
+
+class TestStripeServiceUrls:
+    """Tests for checkout session URL generation."""
+
+    @pytest.fixture
+    def stripe_service(self):
+        """Create a StripeService instance with mocked Stripe."""
+        # Set required env vars
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://gen.nomadkaraoke.com',
+        }):
+            # Import here to pick up env vars
+            from backend.services.stripe_service import StripeService
+            service = StripeService()
+            return service
+
+    def test_made_for_you_success_url_uses_frontend_url(self, stripe_service):
+        """Test that made-for-you checkout uses frontend_url, not hardcoded domain."""
+        # Mock stripe.checkout.Session.create to capture the params
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            success, url, message = stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            # Verify the call was made
+            assert mock_create.called
+            call_kwargs = mock_create.call_args[1]
+
+            # Verify success_url uses frontend_url and correct path
+            success_url = call_kwargs['success_url']
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+            assert '/order/success' in success_url
+            assert 'session_id=' in success_url
+
+    def test_made_for_you_success_url_not_hardcoded_to_marketing_site(self, stripe_service):
+        """Test that success_url is NOT the old hardcoded marketing site URL."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # The bug was: success_url = "https://nomadkaraoke.com/order/success/"
+            # (note: nomadkaraoke.com WITHOUT the 'gen.' prefix - that's the marketing site)
+            # This should NOT be the case anymore - should use gen.nomadkaraoke.com
+            assert not success_url.startswith('https://nomadkaraoke.com/')
+            # Should use the frontend URL (gen.nomadkaraoke.com)
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+
+    def test_made_for_you_respects_custom_frontend_url(self):
+        """Test that made-for-you checkout uses custom FRONTEND_URL if set."""
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://custom.example.com',
+        }):
+            from backend.services.stripe_service import StripeService
+            service = StripeService()
+
+            with patch('stripe.checkout.Session.create') as mock_create:
+                mock_session = MagicMock()
+                mock_session.id = 'cs_test_123'
+                mock_session.url = 'https://checkout.stripe.com/test'
+                mock_create.return_value = mock_session
+
+                service.create_made_for_you_checkout_session(
+                    customer_email='customer@example.com',
+                    artist='Test Artist',
+                    title='Test Song',
+                )
+
+                call_kwargs = mock_create.call_args[1]
+                success_url = call_kwargs['success_url']
+                assert success_url.startswith('https://custom.example.com')
+
+    def test_credit_purchase_success_url_uses_payment_success(self, stripe_service):
+        """Test that credit purchase checkout uses /payment/success path."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            success, url, message = stripe_service.create_checkout_session(
+                package_id='1_credit',
+                user_email='user@example.com',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # Credit purchases go to /payment/success
+            assert '/payment/success' in success_url
+            assert success_url.startswith('https://gen.nomadkaraoke.com')
+
+    def test_made_for_you_uses_order_success_path(self, stripe_service):
+        """Test that made-for-you uses /order/success path (not /payment/success)."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            success_url = call_kwargs['success_url']
+
+            # Made-for-you orders go to /order/success (different messaging)
+            assert '/order/success' in success_url
+            # Should NOT go to /payment/success
+            assert '/payment/success' not in success_url
+
+
+class TestStripeServiceMetadata:
+    """Tests for checkout session metadata."""
+
+    @pytest.fixture
+    def stripe_service(self):
+        """Create a StripeService instance with mocked Stripe."""
+        with patch.dict(os.environ, {
+            'STRIPE_SECRET_KEY': 'sk_test_fake',
+            'FRONTEND_URL': 'https://gen.nomadkaraoke.com',
+        }):
+            from backend.services.stripe_service import StripeService
+            return StripeService()
+
+    def test_made_for_you_includes_order_type_metadata(self, stripe_service):
+        """Test that made-for-you checkout includes order_type in metadata."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+                notes='Special request',
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            metadata = call_kwargs['metadata']
+
+            assert metadata['order_type'] == 'made_for_you'
+            assert metadata['customer_email'] == 'customer@example.com'
+            assert metadata['artist'] == 'Test Artist'
+            assert metadata['title'] == 'Test Song'
+            assert metadata['notes'] == 'Special request'
+
+    def test_made_for_you_truncates_long_notes(self, stripe_service):
+        """Test that notes longer than 500 chars are truncated."""
+        with patch('stripe.checkout.Session.create') as mock_create:
+            mock_session = MagicMock()
+            mock_session.id = 'cs_test_123'
+            mock_session.url = 'https://checkout.stripe.com/test'
+            mock_create.return_value = mock_session
+
+            long_notes = 'x' * 600
+
+            stripe_service.create_made_for_you_checkout_session(
+                customer_email='customer@example.com',
+                artist='Test Artist',
+                title='Test Song',
+                notes=long_notes,
+            )
+
+            call_kwargs = mock_create.call_args[1]
+            metadata = call_kwargs['metadata']
+
+            assert len(metadata['notes']) == 500

backend/workers/video_worker_orchestrator.py

@@ -479,10 +479,37 @@ class VideoWorkerOrchestrator:
         if self.config.gdrive_folder_id:
             await self._upload_to_gdrive()
 
+        # Clear outputs_deleted_at if set (job was re-processed after output deletion)
+        # Only clear if we actually uploaded something
+        uploads_happened = (
+            self.result.youtube_url or
+            self.result.dropbox_link or
+            self.result.gdrive_files
+        )
+        if uploads_happened and self.job_manager:
+            job = self.job_manager.get_job(self.config.job_id)
+            if job and job.outputs_deleted_at:
+                self.job_manager.update_job(self.config.job_id, {
+                    "outputs_deleted_at": None,
+                    "outputs_deleted_by": None,
+                })
+                self.job_log.info("Cleared outputs_deleted_at flag (job was re-processed)")
+
     async def _upload_to_youtube(self):
         """Upload video to YouTube."""
         self.job_log.info("Uploading to YouTube")
 
+        # Check YouTube upload rate limit (system-wide)
+        try:
+            from backend.services.rate_limit_service import get_rate_limit_service
+            rate_limit_service = get_rate_limit_service()
+            allowed, remaining, message = rate_limit_service.check_youtube_upload_limit()
+            if not allowed:
+                self.job_log.warning(f"YouTube upload skipped: {message}")
+                return
+        except Exception as e:
+            self.job_log.warning(f"Rate limit check failed, proceeding with upload: {e}")
+
         # Find the best video file to upload (prefer MKV for FLAC audio, then lossless MP4)
         video_to_upload = None
         if self.result.final_video_mkv and os.path.isfile(self.result.final_video_mkv):
@@ -520,6 +547,21 @@ class VideoWorkerOrchestrator:
             if video_url:
                 self.result.youtube_url = video_url
                 self.job_log.info(f"Uploaded to YouTube: {video_url}")
+
+                # Record the upload for rate limiting
+                try:
+                    # Get user_email from job if available
+                    user_email = "unknown"
+                    if self.job_manager:
+                        job = self.job_manager.get_job(self.config.job_id)
+                        if job and job.user_email:
+                            user_email = job.user_email
+                    rate_limit_service.record_youtube_upload(
+                        job_id=self.config.job_id,
+                        user_email=user_email
+                    )
+                except Exception as e:
+                    self.job_log.warning(f"Failed to record YouTube upload for rate limiting: {e}")
             else:
                 self.job_log.warning("YouTube upload did not return a URL")