refactor(l4d2-web): tighten console route limit test and dedupe is_error

- ?limit clamp test now actually verifies the clamp instead of just
  passing through 5 rows.
- Single is_error assignment per branch, single db.add path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

l4d2web/routes/console_routes.py

@@ -34,27 +34,9 @@ def run_console_command(server_id: int) -> Response:
         try:
             reply = rcon.execute_command("127.0.0.1", server.port, server.rcon_password, command)
             is_error = False
-            db.add(
-                CommandHistory(
-                    user_id=user.id,
-                    server_id=server_id,
-                    command=command,
-                    reply=reply,
-                    is_error=False,
-                )
-            )
         except (RconAuthError, RconError) as exc:
             reply = str(exc)
             is_error = True
-            db.add(
-                CommandHistory(
-                    user_id=user.id,
-                    server_id=server_id,
-                    command=command,
-                    reply=reply,
-                    is_error=True,
-                )
-            )
         except ValueError:
             # Input validation failure — command never reached the wire; no history row.
             return render_template(
@@ -64,6 +46,16 @@ def run_console_command(server_id: int) -> Response:
                 is_error=True,
             )
 
+        db.add(
+            CommandHistory(
+                user_id=user.id,
+                server_id=server_id,
+                command=command,
+                reply=reply,
+                is_error=is_error,
+            )
+        )
+
     return render_template(
         "_console_line.html",
         command=command,

l4d2web/tests/test_console_routes.py

@@ -387,7 +387,11 @@ def test_get_history_limit_clamped(tmp_path, monkeypatch):
     client = app.test_client()
     _login(client, data["owner_id"])
 
-    # Insert 5 rows — clamp logic is tested without needing 200 rows.
+    # Monkeypatch the max-limit constant to 3 so we can verify the clamp
+    # without inserting 200+ rows.
+    monkeypatch.setattr("l4d2web.routes.console_routes._HISTORY_MAX_LIMIT", 3)
+
+    # Insert 5 rows — more than the patched max of 3.
     with session_scope() as s:
         for i in range(5):
             s.add(
@@ -400,14 +404,12 @@ def test_get_history_limit_clamped(tmp_path, monkeypatch):
                 )
             )
 
-    resp = _get_history(client, data["server_id"], limit=10000)
+    # Request with limit=100 (far above the patched max of 3).
+    resp = _get_history(client, data["server_id"], limit=100)
     assert resp.status_code == 200
     rows = json.loads(resp.get_data(as_text=True))
-    # All 5 rows returned (well within 200 cap), so we confirm the route ran
+    # Clamp must cap at _HISTORY_MAX_LIMIT (3), not at the requested 100.
-    # with the clamped limit of 200 (not 10000) — verified by the route
+    assert len(rows) == 3
-    # accepting the request and not returning more than 200.
-    assert len(rows) <= 200
-    assert len(rows) == 5  # only 5 rows exist
 
 
 # ---------------------------------------------------------------------------