fix(dash): address safety constraints, validation, and test quality issues

web/src/server.test.ts

@@ -0,0 +1,75 @@
+import { describe, test, expect, afterAll, mock } from "bun:test";
+
+// Mock the services directly to stay focused on server limits
+mock.module("@shared/modules/dashboard/dashboard.service", () => ({
+    dashboardService: {
+        getActiveUserCount: mock(() => Promise.resolve(5)),
+        getTotalUserCount: mock(() => Promise.resolve(10)),
+        getEconomyStats: mock(() => Promise.resolve({ totalWealth: 1000n, avgLevel: 5, topStreak: 2 })),
+        getRecentEvents: mock(() => Promise.resolve([])),
+    }
+}));
+
+mock.module("../../bot/lib/clientStats", () => ({
+    getClientStats: mock(() => ({
+        bot: { name: "TestBot", avatarUrl: null },
+        guilds: 5,
+        ping: 42,
+        cachedUsers: 100,
+        commandsRegistered: 10,
+        uptime: 3600,
+        lastCommandTimestamp: Date.now(),
+    })),
+}));
+
+// Ensure @shared/lib/events is mocked if needed
+mock.module("@shared/lib/events", () => ({
+    systemEvents: { on: mock(() => { }) },
+    EVENTS: { DASHBOARD: { NEW_EVENT: "dashboard:new_event" } }
+}));
+
+import { createWebServer } from "./server";
+
+describe("WebServer Security & Limits", () => {
+    const port = 3001;
+    let serverInstance: any;
+
+    afterAll(async () => {
+        if (serverInstance) {
+            await serverInstance.stop();
+        }
+    });
+
+    test("should reject more than 10 concurrent WebSocket connections", async () => {
+        serverInstance = await createWebServer({ port, hostname: "localhost" });
+        const wsUrl = `ws://localhost:${port}/ws`;
+        const sockets: WebSocket[] = [];
+
+        try {
+            // Attempt to open 12 connections (limit is 10)
+            for (let i = 0; i < 12; i++) {
+                const ws = new WebSocket(wsUrl);
+                sockets.push(ws);
+                await new Promise(resolve => setTimeout(resolve, 10));
+            }
+
+            // Give connections time to settle
+            await new Promise(resolve => setTimeout(resolve, 500));
+
+            // Should be exactly 10 or less
+            expect(serverInstance.server.pendingWebSockets).toBeLessThanOrEqual(10);
+        } finally {
+            sockets.forEach(s => s.close());
+        }
+    });
+
+    test("should return 200 for health check", async () => {
+        if (!serverInstance) {
+            serverInstance = await createWebServer({ port, hostname: "localhost" });
+        }
+        const response = await fetch(`http://localhost:${port}/api/health`);
+        expect(response.status).toBe(200);
+        const data = await response.json();
+        expect(data.status).toBe("ok");
+    });
+});