Add test coverage for core server components: annotation scanning, routing, rate limiting, CORS, and JSON handling

src/test/java/dev/coph/nextusweb/server/ratelimit/KeyResolverTest.java

@@ -0,0 +1,53 @@
+package dev.coph.nextusweb.server.ratelimit;
+
+import io.netty.handler.codec.http.DefaultHttpRequest;
+import io.netty.handler.codec.http.HttpMethod;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpVersion;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class KeyResolverTest {
+
+    private HttpRequest req(String header, String value) {
+        HttpRequest r = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/");
+        if (header != null) r.headers().set(header, value);
+        return r;
+    }
+
+    @Test
+    void clientIpUsesRemoteWhenNoForwardedHeader() {
+        assertEquals("10.0.0.1", KeyResolver.clientIp().resolve(req(null, null), "10.0.0.1"));
+    }
+
+    @Test
+    void clientIpUsesForwardedHeaderFirstValue() {
+        HttpRequest r = req("X-Forwarded-For", "1.1.1.1, 2.2.2.2");
+        assertEquals("1.1.1.1", KeyResolver.clientIp().resolve(r, "10.0.0.1"));
+    }
+
+    @Test
+    void clientIpHandlesSingleForwardedValue() {
+        HttpRequest r = req("X-Forwarded-For", "3.3.3.3");
+        assertEquals("3.3.3.3", KeyResolver.clientIp().resolve(r, "10.0.0.1"));
+    }
+
+    @Test
+    void userOrIpReturnsBearerToken() {
+        HttpRequest r = req("Authorization", "Bearer abc123");
+        assertEquals("u:abc123", KeyResolver.userOrIp().resolve(r, "10.0.0.1"));
+    }
+
+    @Test
+    void userOrIpFallsBackToClientIp() {
+        HttpRequest r = req(null, null);
+        assertEquals("ip:10.0.0.1", KeyResolver.userOrIp().resolve(r, "10.0.0.1"));
+    }
+
+    @Test
+    void userOrIpIgnoresNonBearerAuth() {
+        HttpRequest r = req("Authorization", "Basic xyz");
+        assertEquals("ip:10.0.0.1", KeyResolver.userOrIp().resolve(r, "10.0.0.1"));
+    }
+}