Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix the Fraud tests #3171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steven-tey merged 3 commits into from
Nov 28, 2025
Merged

Fix the Fraud tests #3171

steven-tey merged 3 commits into from
Nov 28, 2025

Conversation

@devkiran
Copy link
Collaborator

@devkiran devkiran commented Nov 28, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Refactor

    • Simplified identity hashing: now derived only from client IP and user agent; removed test-only override logic.

  • Tests

    • Updated fraud test suite to use multiple test link entries and removed injecting a test identity header.
    • Reshaped test data for clearer, more granular test links and removed unused test helpers.

✏️ Tip: You can customize this high-level summary in your review settings.

@vercel
Copy link
Contributor

vercel bot commented Nov 28, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
dub Ready Ready Preview Nov 28, 2025 4:47am

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 28, 2025
edited
Loading

Walkthrough

Removed E2E/test identity header override from identity-hash middleware; updated tests and test utilities to stop relying on that header and changed the E2E fraud partner test data shape to use a links object with four named entries.

Changes

Cohort / File(s) Summary
Identity hash middleware simplification
apps/web/lib/middleware/utils/get-identity-hash.ts		 Removed environment checks and test-header override logic; identity hash now derived deterministically from client IP (or localhost fallback) and user agent only.
Test utility updates
apps/web/tests/utils/resource.ts		 Removed exported DUB_TEST_IDENTITY_HEADER constant; replaced single link property with a links object containing customerEmailMatch, customerEmailSuspiciousDomain, referralSourceBanned, and paidTrafficDetected entries.
Fraud detection test updates
apps/web/tests/fraud/index.test.ts		 Removed import/usages of DUB_TEST_IDENTITY_HEADER; updated references to use E2E_FRAUD_PARTNER.links.<rule> instead of .link; removed test header injections and randomId(10) usage in requests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Areas needing attention:
    • get-identity-hash.ts β€” ensure hash inputs (IP and UA) and fallback logic remain correct and deterministic.
    • apps/web/tests/utils/resource.ts β€” verify the new links shape is used consistently across tests.
    • apps/web/tests/fraud/index.test.ts β€” confirm each test uses the correct links.<rule> entry and that removed test-header behavior does not change test intent.

Possibly related PRs

Suggested reviewers

  • steven-tey

Poem

🐰 I hopped through headers, sniffed the air,
Found no more test keys hiding there.
I bunched the links in tidy rows,
Washed the hashes until they glowed.
A cleaner trail for code to share πŸ₯•βœ¨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Fix the Fraud tests' is vague and generic, using imprecise language that doesn't convey the specific technical changes made in the changeset. Provide a more specific title that describes the actual changes, such as 'Remove E2E test identity override logic from fraud detection' or 'Refactor fraud test partner configuration and remove identity header override'.
βœ… Passed checks (2 passed)
Check name Status Explanation
Description Check βœ… Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage βœ… Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • πŸ“ Generate docstrings
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-the-tests
πŸ“œ Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between 3599f9d and 241b62c.

πŸ“’ Files selected for processing (2)
  • apps/web/tests/fraud/index.test.ts (5 hunks)
  • apps/web/tests/utils/resource.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • apps/web/tests/fraud/index.test.ts
🧰 Additional context used
🧠 Learnings (3)
πŸ“š Learning: 2025-11-24T09:10:12.536Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 3089
File: apps/web/lib/api/fraud/fraud-rules-registry.ts:17-25
Timestamp: 2025-11-24T09:10:12.536Z
Learning: In apps/web/lib/api/fraud/fraud-rules-registry.ts, the fraud rules `partnerCrossProgramBan` and `partnerDuplicatePayoutMethod` intentionally have stub implementations that return `{ triggered: false }` because they are partner-scoped rules handled separately during partner application/onboarding flows (e.g., in detect-record-fraud-application.ts), rather than being evaluated per conversion event like other rules in the registry. The stubs exist only to satisfy the `Record<FraudRuleType, ...>` type constraint.

Applied to files:

  • apps/web/tests/utils/resource.ts
πŸ“š Learning: 2025-08-21T03:03:39.879Z 
Learnt from: steven-tey
Repo: dubinc/dub PR: 2737
File: apps/web/lib/api/cors.ts:1-5
Timestamp: 2025-08-21T03:03:39.879Z
Learning: Dub publishable keys are sent via Authorization header using Bearer token format, not via custom X-Dub-Publishable-Key header. The publishable key middleware extracts keys using req.headers.get("Authorization")?.replace("Bearer ", "") and validates they start with "dub_pk_".

Applied to files:

  • apps/web/tests/utils/resource.ts
πŸ“š Learning: 2025-05-29T04:45:18.504Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 2448
File: packages/email/src/templates/partner-program-summary.tsx:0-0
Timestamp: 2025-05-29T04:45:18.504Z
Learning: In the PartnerProgramSummary email template (packages/email/src/templates/partner-program-summary.tsx), the stat titles are hardcoded constants ("Clicks", "Leads", "Sales", "Earnings") that will always match the ICONS object keys after toLowerCase() conversion, so icon lookup failures are not possible.

Applied to files:

  • apps/web/tests/utils/resource.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
πŸ”‡ Additional comments (1)
apps/web/tests/utils/resource.ts (1)

213-230: Refactoring successfully completed and verified.

All test usages have been properly migrated from the old E2E_FRAUD_PARTNER.link structure to the new E2E_FRAUD_PARTNER.links format. The verification confirms:

  • βœ“ No references to old pattern remain
  • βœ“ All 4 fraud rule links are correctly used in apps/web/tests/fraud/index.test.ts:
    • customerEmailMatch (line 18)
    • customerEmailSuspiciousDomain (line 60)
    • referralSourceBanned (line 99)
    • paidTrafficDetected (line 139)

The refactoring improves test clarity by explicitly mapping each fraud rule to its dedicated test link, making the test data more maintainable and self-documenting.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
apps/web/tests/utils/resource.ts (1)

210-231: E2E_FRAUD_PARTNER.links shape matches test usage; consider a keyed map for resilience

The new links array and its four entries match exactly how the fraud tests consume them (links[0..3] for the four rule scenarios), so this change is consistent and self-contained.

If you ever expand or reorder these fixtures, you might consider switching links to an object keyed by rule name (e.g., links: { customerEmailMatch: {...}, customerEmailSuspiciousDomain: {...}, ... }) so tests can reference E2E_FRAUD_PARTNER.links.customerEmailMatch instead of relying on array order. Not necessary for this PR, just a small robustness win for later.

πŸ“œ Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between d126bfc and 3599f9d.

πŸ“’ Files selected for processing (3)
  • apps/web/lib/middleware/utils/get-identity-hash.ts (0 hunks)
  • apps/web/tests/fraud/index.test.ts (5 hunks)
  • apps/web/tests/utils/resource.ts (1 hunks)
πŸ’€ Files with no reviewable changes (1)
  • apps/web/lib/middleware/utils/get-identity-hash.ts
🧰 Additional context used
🧠 Learnings (5)
πŸ“š Learning: 2025-11-24T09:10:12.536Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 3089
File: apps/web/lib/api/fraud/fraud-rules-registry.ts:17-25
Timestamp: 2025-11-24T09:10:12.536Z
Learning: In apps/web/lib/api/fraud/fraud-rules-registry.ts, the fraud rules `partnerCrossProgramBan` and `partnerDuplicatePayoutMethod` intentionally have stub implementations that return `{ triggered: false }` because they are partner-scoped rules handled separately during partner application/onboarding flows (e.g., in detect-record-fraud-application.ts), rather than being evaluated per conversion event like other rules in the registry. The stubs exist only to satisfy the `Record<FraudRuleType, ...>` type constraint.

Applied to files:

  • apps/web/tests/fraud/index.test.ts
  • apps/web/tests/utils/resource.ts
πŸ“š Learning: 2025-11-24T08:55:31.332Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 3089
File: apps/web/app/(ee)/api/fraud-rules/route.ts:71-87
Timestamp: 2025-11-24T08:55:31.332Z
Learning: In apps/web/app/(ee)/api/fraud-rules/route.ts, fraud rules cannot be created in a disabled state. When using prisma.fraudRule.upsert, the create branch intentionally omits the disabledAt field (defaulting to null, meaning enabled), while the update branch allows toggling enabled/disabled state via the disabledAt field. This is a business logic constraint.

Applied to files:

  • apps/web/tests/fraud/index.test.ts
πŸ“š Learning: 2025-08-21T03:03:39.879Z 
Learnt from: steven-tey
Repo: dubinc/dub PR: 2737
File: apps/web/lib/api/cors.ts:1-5
Timestamp: 2025-08-21T03:03:39.879Z
Learning: Dub publishable keys are sent via Authorization header using Bearer token format, not via custom X-Dub-Publishable-Key header. The publishable key middleware extracts keys using req.headers.get("Authorization")?.replace("Bearer ", "") and validates they start with "dub_pk_".

Applied to files:

  • apps/web/tests/utils/resource.ts
πŸ“š Learning: 2025-06-06T07:59:03.120Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 2177
File: apps/web/lib/api/links/bulk-create-links.ts:66-84
Timestamp: 2025-06-06T07:59:03.120Z
Learning: In apps/web/lib/api/links/bulk-create-links.ts, the team accepts the risk of potential undefined results from links.find() operations when building invalidLinks arrays, because existing links are fetched from the database based on the input links, so matches are expected to always exist.

Applied to files:

  • apps/web/tests/utils/resource.ts
πŸ“š Learning: 2025-05-29T04:45:18.504Z 
Learnt from: devkiran
Repo: dubinc/dub PR: 2448
File: packages/email/src/templates/partner-program-summary.tsx:0-0
Timestamp: 2025-05-29T04:45:18.504Z
Learning: In the PartnerProgramSummary email template (packages/email/src/templates/partner-program-summary.tsx), the stat titles are hardcoded constants ("Clicks", "Leads", "Sales", "Earnings") that will always match the ICONS object keys after toLowerCase() conversion, so icon lookup failures are not possible.

Applied to files:

  • apps/web/tests/utils/resource.ts
🧬 Code graph analysis (1)
apps/web/tests/fraud/index.test.ts (1)
apps/web/tests/utils/resource.ts (1)
  • E2E_FRAUD_PARTNER (210-231)
πŸ”‡ Additional comments (1)
apps/web/tests/fraud/index.test.ts (1)

3-3: Fraud tests correctly mapped to E2E_FRAUD_PARTNER.links entries

The updated tests cleanly switch to E2E_FRAUD_PARTNER.links[index], and the indices line up with the link keys defined in the test resources (fraud-customer-match, fraud-customer-suspicious, fraud-referral-source-banned, fraud-paid-traffic). The shared E2E_TRACK_CLICK_HEADERS plus per-test link selection should behave identically across runs given the new identity-hash behavior.

No issues spotted in the mapping or in the retry/randomCustomer usage here.

Also applies to: 18-18, 60-60, 99-99, 139-139

@devkiran devkiran requested a review from steven-tey November 28, 2025 05:00
@steven-tey steven-tey merged commit 3aad047 into main Nov 28, 2025
7 of 8 checks passed
@steven-tey steven-tey deleted the fix-the-tests branch November 28, 2025 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@steven-tey steven-tey steven-tey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devkiran @steven-tey