feat: implement bounce crawler logic with unit tests and add structured logging test suite

Author: maatini

.scannerwork/report-task.txt

@@ -2,5 +2,5 @@ projectKey=dispatch
 serverUrl=http://10.27.27.202:9000
 serverVersion=26.4.0.121862
 dashboardUrl=http://10.27.27.202:9000/dashboard?id=dispatch
-ceTaskId=68fb8656-1ed5-4f18-83e6-c1bb725748fe
-ceTaskUrl=http://10.27.27.202:9000/api/ce/task?id=68fb8656-1ed5-4f18-83e6-c1bb725748fe
+ceTaskId=dd9293ab-92fb-4d30-9020-34e36ede6c6c
+ceTaskUrl=http://10.27.27.202:9000/api/ce/task?id=dd9293ab-92fb-4d30-9020-34e36ede6c6c

internal/admin/auth_test.go

@@ -9,7 +9,10 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
-const authTestSecret = "test-secret-key"
+const (
+	authTestSecret = "test-secret-key"
+	bearerPrefix   = "Bearer "
+)
 
 func signedToken(t *testing.T, secret string, expiry time.Time) string {
 	t.Helper()
@@ -31,10 +34,10 @@ func TestAuthMiddleware(t *testing.T) {
 		authHeader string
 		wantStatus int
 	}{
-		{"valid token", "Bearer " + validToken, http.StatusOK},
+		{"valid token", bearerPrefix + validToken, http.StatusOK},
 		{"no token", "", http.StatusUnauthorized},
-		{"wrong secret", "Bearer " + wrongSecretToken, http.StatusUnauthorized},
-		{"expired token", "Bearer " + expiredToken, http.StatusUnauthorized},
+		{"wrong secret", bearerPrefix + wrongSecretToken, http.StatusUnauthorized},
+		{"expired token", bearerPrefix + expiredToken, http.StatusUnauthorized},
 		{"malformed token", "Bearer notajwt", http.StatusUnauthorized},
 		{"missing bearer prefix", validToken, http.StatusUnauthorized},
 	}

internal/bounce/crawler.go

@@ -23,6 +23,10 @@ type graphClient interface {
 	MarkAsRead(ctx context.Context, mailbox, messageID string) error
 }
 
+type jsPublisher interface {
+	Publish(subj string, data []byte, opts ...nats.PubOpt) (*nats.PubAck, error)
+}
+
 // NDRMessage represents a non-delivery report from MS Graph.
 type NDRMessage struct {
 	ID      string
@@ -33,11 +37,11 @@ type NDRMessage struct {
 // Crawler reads NDR messages from a bounce mailbox and writes BounceRecords to NATS.
 type Crawler struct {
 	graph   graphClient
-	js      nats.JetStreamContext
+	js      jsPublisher
 	mailbox string
 }
 
-func NewCrawler(graph graphClient, js nats.JetStreamContext, mailbox string) *Crawler {
+func NewCrawler(graph graphClient, js jsPublisher, mailbox string) *Crawler {
 	return &Crawler{graph: graph, js: js, mailbox: mailbox}
 }
 

internal/bounce/crawler_test.go

@@ -0,0 +1,159 @@
+package bounce
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"testing"
+
+	"github.com/nats-io/nats.go"
+
+	"dispatch/internal/domain"
+)
+
+const (
+	testCrawlerMailbox = "bounce@example.com"
+	errUnexpected      = "unexpected error: %v"
+)
+
+// --- stubs ---
+
+type stubGraph struct {
+	msgs []NDRMessage
+	err  error
+}
+
+func (s *stubGraph) GetUnreadMessages(_ context.Context, _ string) ([]NDRMessage, error) {
+	return s.msgs, s.err
+}
+func (s *stubGraph) MarkAsRead(_ context.Context, _, _ string) error { return s.err }
+
+type captureJS struct {
+	published [][]byte
+	err       error
+}
+
+func (c *captureJS) Publish(_ string, data []byte, _ ...nats.PubOpt) (*nats.PubAck, error) {
+	if c.err != nil {
+		return nil, c.err
+	}
+	c.published = append(c.published, data)
+	return &nats.PubAck{}, nil
+}
+
+// --- extractTraceID ---
+
+func TestExtractTraceID_Found(t *testing.T) {
+	body := "Some NDR text\nX-Dispatch-TraceId: 550e8400-e29b-41d4-a716-446655440000\nMore text"
+	got := extractTraceID(body)
+	if got != "550e8400-e29b-41d4-a716-446655440000" {
+		t.Errorf("want trace ID, got %q", got)
+	}
+}
+
+func TestExtractTraceID_NotFound(t *testing.T) {
+	got := extractTraceID("no trace id here")
+	if got != "" {
+		t.Errorf("want empty, got %q", got)
+	}
+}
+
+func TestExtractTraceID_Empty(t *testing.T) {
+	got := extractTraceID("")
+	if got != "" {
+		t.Errorf("want empty string, got %q", got)
+	}
+}
+
+// --- Crawler.Run ---
+
+func TestRun_NoMessages(t *testing.T) {
+	crawler := NewCrawler(&stubGraph{msgs: []NDRMessage{}}, &captureJS{}, testCrawlerMailbox)
+	if err := crawler.Run(context.Background()); err != nil {
+		t.Fatalf(errUnexpected, err)
+	}
+}
+
+func TestRun_GraphError(t *testing.T) {
+	crawler := NewCrawler(&stubGraph{err: errors.New("graph down")}, &captureJS{}, testCrawlerMailbox)
+	if err := crawler.Run(context.Background()); err == nil {
+		t.Fatal("expected error when graph fails")
+	}
+}
+
+func TestRun_PublishesBouncRecord(t *testing.T) {
+	msgs := []NDRMessage{
+		{ID: "m1", Subject: "Undeliverable: Hi", Body: "X-Dispatch-TraceId: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"},
+	}
+	js := &captureJS{}
+	crawler := NewCrawler(&stubGraph{msgs: msgs}, js, testCrawlerMailbox)
+
+	if err := crawler.Run(context.Background()); err != nil {
+		t.Fatalf(errUnexpected, err)
+	}
+	if len(js.published) != 1 {
+		t.Fatalf("want 1 published message, got %d", len(js.published))
+	}
+
+	var rec domain.BounceRecord
+	if err := json.Unmarshal(js.published[0], &rec); err != nil {
+		t.Fatalf("unmarshal bounce record: %v", err)
+	}
+	if rec.OriginalTraceID != "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" {
+		t.Errorf("OriginalTraceID: want trace id, got %q", rec.OriginalTraceID)
+	}
+	if rec.BounceReason != "Undeliverable: Hi" {
+		t.Errorf("BounceReason: want subject, got %q", rec.BounceReason)
+	}
+}
+
+func TestRun_NoTraceID_StillPublishes(t *testing.T) {
+	msgs := []NDRMessage{
+		{ID: "m2", Subject: "NDR", Body: "no trace id in body"},
+	}
+	js := &captureJS{}
+	crawler := NewCrawler(&stubGraph{msgs: msgs}, js, testCrawlerMailbox)
+
+	if err := crawler.Run(context.Background()); err != nil {
+		t.Fatalf(errUnexpected, err)
+	}
+	if len(js.published) != 1 {
+		t.Fatalf("want 1 published message, got %d", len(js.published))
+	}
+
+	var rec domain.BounceRecord
+	_ = json.Unmarshal(js.published[0], &rec)
+	if rec.OriginalTraceID != "" {
+		t.Errorf("OriginalTraceID: want empty, got %q", rec.OriginalTraceID)
+	}
+}
+
+func TestRun_PublishError_ContinuesToNextMessage(t *testing.T) {
+	msgs := []NDRMessage{
+		{ID: "m1", Subject: "NDR1", Body: ""},
+		{ID: "m2", Subject: "NDR2", Body: ""},
+	}
+	js := &captureJS{err: errors.New("NATS down")}
+	crawler := NewCrawler(&stubGraph{msgs: msgs}, js, testCrawlerMailbox)
+
+	// Run must not return an error — publish errors are logged but do not abort the loop
+	if err := crawler.Run(context.Background()); err != nil {
+		t.Fatalf(errUnexpected, err)
+	}
+}
+
+func TestRun_MultipleMessages(t *testing.T) {
+	msgs := []NDRMessage{
+		{ID: "m1", Subject: "NDR1", Body: "X-Dispatch-TraceId: 11111111-1111-1111-1111-111111111111"},
+		{ID: "m2", Subject: "NDR2", Body: "X-Dispatch-TraceId: 22222222-2222-2222-2222-222222222222"},
+	}
+	js := &captureJS{}
+	crawler := NewCrawler(&stubGraph{msgs: msgs}, js, testCrawlerMailbox)
+
+	if err := crawler.Run(context.Background()); err != nil {
+		t.Fatalf(errUnexpected, err)
+	}
+	if len(js.published) != 2 {
+		t.Errorf("want 2 published messages, got %d", len(js.published))
+	}
+}

internal/config/config_test.go

@@ -8,6 +8,7 @@ import (
 const (
 	testNatsURL     = "nats://localhost:4222"
 	testSenderEmail = "sender@example.com"
+	testAdminSecret = "test-secret"
 	unexpectedErr   = "unexpected error: %v"
 )
 
@@ -18,7 +19,7 @@ func setRequiredEnv(t *testing.T) {
 	t.Setenv("MS_GRAPH_CLIENT_ID", "client")
 	t.Setenv("MS_GRAPH_CLIENT_SECRET", "secret")
 	t.Setenv("MS_GRAPH_SENDER_EMAIL", testSenderEmail)
-	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", "test-secret")
+	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", testAdminSecret)
 }
 
 func TestLoad_Success(t *testing.T) {
@@ -86,7 +87,7 @@ func TestLoad_MissingNatsURL(t *testing.T) {
 
 func TestLoad_MissingGraphCredentials(t *testing.T) {
 	t.Setenv("NATS_URL", testNatsURL)
-	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", "test-secret")
+	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", testAdminSecret)
 	// MS_GRAPH_MOCK_TOKEN is not set → credentials are required
 
 	cases := []struct {
@@ -119,7 +120,7 @@ func TestLoad_MissingGraphCredentials(t *testing.T) {
 func TestLoad_MockTokenSkipsCredentialCheck(t *testing.T) {
 	t.Setenv("NATS_URL", testNatsURL)
 	t.Setenv("MS_GRAPH_MOCK_TOKEN", "dev-token")
-	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", "test-secret")
+	t.Setenv("DISPATCH_ADMIN_AUTH_SECRET", testAdminSecret)
 	// deliberately leave Graph credentials unset
 
 	cfg, err := Load()

internal/loggy/loggy.go

@@ -183,6 +183,9 @@ func (l *Loggy) RecordApiStart(apiName string) {
 // ExternalApiSuccess logs a successful external API call at INFO level,
 // computing latency from the prior RecordApiStart.
 func (l *Loggy) ExternalApiSuccess(apiName string, httpStatus int) {
+	if l == nil {
+		return
+	}
 	var durationMs int64
 	if v, ok := l.apiStart.LoadAndDelete(apiName); ok {
 		durationMs = time.Since(v.(time.Time)).Milliseconds()
@@ -195,6 +198,9 @@ func (l *Loggy) ExternalApiSuccess(apiName string, httpStatus int) {
 
 // ExternalApiFailure logs a failed external API call (5xx / network) at ERROR level.
 func (l *Loggy) ExternalApiFailure(apiName string, httpStatus int, err error) {
+	if l == nil {
+		return
+	}
 	var durationMs int64
 	if v, ok := l.apiStart.LoadAndDelete(apiName); ok {
 		durationMs = time.Since(v.(time.Time)).Milliseconds()
@@ -207,6 +213,9 @@ func (l *Loggy) ExternalApiFailure(apiName string, httpStatus int, err error) {
 
 // ApiClientError logs a 4xx client error against an external API at WARN level.
 func (l *Loggy) ApiClientError(apiName string, httpStatus int, reason string) {
+	if l == nil {
+		return
+	}
 	var durationMs int64
 	if v, ok := l.apiStart.LoadAndDelete(apiName); ok {
 		durationMs = time.Since(v.(time.Time)).Milliseconds()