Testing Guide - User Quota System¶
Quick Test Commands¶
1. Check Database Status¶
# View all users in quota system
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c 'SELECT user_id, email, is_internal, tier, use_company_llm, status FROM user_quotas ORDER BY email;'"
# Check quota function
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c \"SELECT email, check_user_quota(user_id, 'context_search', 1) as has_quota FROM user_quotas ORDER BY email;\""
2. Check API Server Status¶
# Check portal auth is enabled
ssh root@192.168.11.132 'systemctl cat cortex-api | grep -E "PORTAL_DB_URL|PORTAL_AUTH_ENABLED"'
ssh root@192.168.11.133 'systemctl cat cortex-api | grep -E "PORTAL_DB_URL|PORTAL_AUTH_ENABLED"'
# Check logs for database connection
ssh root@192.168.11.132 'journalctl -u cortex-api -n 50 --no-pager | grep -i "portal auth\|cloudllm database"'
3. Test Internal User (Company Key)¶
# Get a portal token from https://app.cortex.emshvac.co/dashboard
# Then test:
curl -X POST http://192.168.11.212:8080/api/v1/chat/cloud \
-H "Authorization: Bearer portal_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"messages": [{"role": "user", "content": "Say hello in one word"}],
"task": "chat"
}' | jq '.'
# Expected: Success response with content
# Should NOT require X-LLM-API-Key header
4. Test External User (BYOK Required)¶
# Create a test user in Zitadel that's NOT in user_quotas table
# Get a portal token for that user
# Then test:
curl -X POST http://192.168.11.212:8080/api/v1/chat/cloud \
-H "Authorization: Bearer portal_TEST_USER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"messages": [{"role": "user", "content": "Hello"}],
"task": "chat"
}' | jq '.'
# Expected: Error "X-LLM-API-Key header required"
# Code: "BYOK_REQUIRED"
5. Check Logs for User Type¶
# After making a request, check which key was used:
ssh root@192.168.11.132 'journalctl -u cortex-api --since "1 minute ago" --no-pager | grep -E "Internal user|External user|company API key|BYOK"'
Expected Results¶
Internal User (jeff, bmoore, ben)¶
{
"content": "Hello",
"model": "claude-sonnet-4-20250514",
"provider": "anthropic",
"tier": "sonnet",
"input_tokens": 13,
"output_tokens": 4,
"cost_usd": 0.000099,
"latency_ms": 1023
}
Logs should show:
{"level":"INFO","msg":"Internal user - using company API key","user_id":"352663118893026050","email":"bmoore@emshvac.co"}
External User (not in user_quotas)¶
{
"error": "X-LLM-API-Key header required - please configure your LLM API key in VS Code settings",
"code": "BYOK_REQUIRED"
}
Logs should show:
{"level":"INFO","msg":"External user - using BYOK","user_id":"...","email":"...","provider":"anthropic"}
Troubleshooting¶
Token Validation Failed¶
# Check if token exists in database
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c \"SELECT key_prefix, owner, revoked FROM portal_api_keys WHERE key_prefix = 'portal_XXX...';\""
# Check portal auth logs
ssh root@192.168.11.132 'journalctl -u cortex-api -n 100 --no-pager | grep -i "token\|portal"'
User Not Found in Quota System¶
# Add user to quota system
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c \"
INSERT INTO user_quotas (user_id, email, is_internal, tier, use_company_llm, status)
VALUES ('USER_ID', 'email@example.com', TRUE, 'internal', TRUE, 'active')
ON CONFLICT (user_id) DO NOTHING;
\""
Portal Auth Not Enabled¶
# Enable portal auth
ssh root@192.168.11.132 'cat > /etc/systemd/system/cortex-api.service.d/portal.conf << EOF
[Service]
Environment=PORTAL_DB_URL=postgresql://cortex:cortex@192.168.11.62:5432/cortex?sslmode=disable
Environment=PORTAL_AUTH_ENABLED=true
EOF
systemctl daemon-reload
systemctl restart cortex-api'
# Repeat for server 133
Performance Testing¶
Load Test Internal Users¶
# Test 100 requests from internal user
for i in {1..100}; do
curl -s -X POST http://192.168.11.212:8080/api/v1/chat/cloud \
-H "Authorization: Bearer portal_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"messages": [{"role": "user", "content": "Test '$i'"}], "task": "chat"}' &
done
wait
# Check quota usage
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c \"SELECT email, llm_requests_used, llm_requests_limit FROM user_quotas WHERE email = 'bmoore@emshvac.co';\""
Monitor Database Performance¶
# Check active connections
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c 'SELECT count(*) FROM pg_stat_activity;'"
# Check slow queries
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c 'SELECT query, calls, mean_exec_time FROM pg_stat_statements ORDER BY mean_exec_time DESC LIMIT 10;'"
Automated Test Script¶
#!/bin/bash
# Run all tests
echo "=== Testing User Quota System ==="
echo ""
# Test 1: Database
echo "1. Checking database..."
ssh root@192.168.11.136 "PGPASSWORD=cortex psql -h 192.168.11.62 -U cortex -d cortex -c 'SELECT count(*) as internal_users FROM user_quotas WHERE is_internal = TRUE;'"
# Test 2: Portal Auth
echo "2. Checking portal auth..."
ssh root@192.168.11.132 'journalctl -u cortex-api -n 20 --no-pager | grep -i "portal auth" | tail -1'
# Test 3: API Request
echo "3. Testing API request..."
read -p "Enter your portal token: " TOKEN
curl -s -X POST http://192.168.11.212:8080/api/v1/chat/cloud \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"messages": [{"role": "user", "content": "Test"}], "task": "chat"}' | jq '.content // .error'
echo ""
echo "=== Tests Complete ==="
Save as scripts/test-all.sh and run with chmod +x scripts/test-all.sh && ./scripts/test-all.sh