feat(api): .NET 10 multi-tenant REST API

Full backend implementation: - Multi-tenant cafe/restaurant management (menus, orders, tables, staff) - POS order flow with ZarinPal and Snappfood payment integration - OTP authentication via Kavenegar SMS - QR digital menu with public discover/finder endpoints - Customer loyalty, coupons, CRM - PostgreSQL via EF Core, Redis for caching/sessions - Background jobs, webhook handlers - Full migration history Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-05-27 21:33:48 +03:30
parent 03376b3ea1
commit ef15fd6247
472 changed files with 120358 additions and 0 deletions
@@ -0,0 +1,29 @@
+# Meezi load tests (k6)
+
+Smoke-test public endpoints and verify rate limiting under abuse.
+
+## Prerequisites
+
+Install [k6](https://k6.io/docs/get-started/installation/).
+
+## Run
+
+```powershell
+# API must be running (e.g. docker compose or dotnet run)
+$env:BASE_URL = "http://localhost:5080"
+k6 run tests/load/public-abuse.js
+```
+
+## Variables
+
+| Env | Default | Description |
+|-----|---------|-------------|
+| `BASE_URL` | `http://localhost:5080` | API root |
+| `QR_CODE` | `demo_table_01` | QR resolver code |
+
+## Expected
+
+- Most requests succeed under normal VUs.
+- At high rate, some responses return **429** with `RATE_LIMITED` (ASP.NET or Redis limits).
+
+See `docs/SECURITY.md` for limit values.
@@ -0,0 +1,40 @@
+import http from "k6/http";
+import { check, sleep } from "k6";
+
+const baseUrl = __ENV.BASE_URL || "http://localhost:5080";
+const qrCode = __ENV.QR_CODE || "demo_table_01";
+
+export const options = {
+  stages: [
+    { duration: "15s", target: 5 },
+    { duration: "30s", target: 20 },
+    { duration: "15s", target: 0 },
+  ],
+  thresholds: {
+    http_req_failed: ["rate<0.15"],
+    http_req_duration: ["p(95)<3000"],
+  },
+};
+
+export default function () {
+  const health = http.get(`${baseUrl}/health`);
+  check(health, { "health ok": (r) => r.status === 200 });
+
+  const discover = http.get(
+    `${baseUrl}/api/public/discover?city=${encodeURIComponent("تهران")}&requireProfile=false`
+  );
+  check(discover, {
+    "discover ok": (r) => r.status === 200,
+    "discover json": (r) => r.json("success") === true,
+  });
+
+  const qr = http.get(`${baseUrl}/api/q/${qrCode}`);
+  check(qr, {
+    "qr ok or not found": (r) => r.status === 200 || r.status === 404,
+  });
+
+  const security = http.get(`${baseUrl}/api/public/security-config`);
+  check(security, { "security-config ok": (r) => r.status === 200 });
+
+  sleep(0.3);
+}