fix(finale): ceremony-day rate-limit bucket — venue NAT would 429 audience polling

Requests consisting only of cheap public ceremony reads (+ token-gated vote casts) get a 6000/min per-IP budget instead of 100/min. Vote integrity is enforced by the token + AudienceFavoriteVote IP cap, not the rate limiter. Found live: big-screen polling hit 429 within minutes in verification. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 18:45:15 +02:00
parent f7fdfdec9b
commit 160333c2f9
3 changed files with 80 additions and 2 deletions
--- a/tests/unit/ceremony-rate-limit.test.ts
+++ b/tests/unit/ceremony-rate-limit.test.ts
@@ -0,0 +1,39 @@
+/**
+ * Ceremony traffic classifier — these requests bypass the 100/min-per-IP tRPC
+ * budget (whole venues share one IP). A single non-ceremony procedure in a
+ * batch must fall back to the strict bucket.
+ */
+import { describe, it, expect } from 'vitest'
+import { isCeremonyTraffic } from '@/lib/rate-limit'
+
+describe('isCeremonyTraffic', () => {
+  it('accepts single ceremony procedures', () => {
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.getCeremonyState')).toBe(true)
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.getAudienceWindow')).toBe(true)
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.castFavoriteVote')).toBe(true)
+    expect(isCeremonyTraffic('/api/trpc/live.getCursor')).toBe(true)
+  })
+
+  it('accepts batched requests of only ceremony procedures', () => {
+    expect(
+      isCeremonyTraffic('/api/trpc/live.getCursor,liveVoting.getSessionForVotingByRound')
+    ).toBe(true)
+  })
+
+  it('rejects any batch containing a non-ceremony procedure', () => {
+    expect(isCeremonyTraffic('/api/trpc/live.getCursor,user.me')).toBe(false)
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.getResults')).toBe(false)
+    expect(isCeremonyTraffic('/api/trpc/deliberation.submitVote')).toBe(false)
+  })
+
+  it('rejects admin/state-changing live procedures', () => {
+    expect(isCeremonyTraffic('/api/trpc/live.startPresentation')).toBe(false)
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.openAudienceWindow')).toBe(false)
+    expect(isCeremonyTraffic('/api/trpc/liveVoting.revealNext')).toBe(false)
+  })
+
+  it('rejects empty and malformed paths', () => {
+    expect(isCeremonyTraffic('/api/trpc/')).toBe(false)
+    expect(isCeremonyTraffic('/api/trpc')).toBe(false)
+  })
+})