2017-12-11 14:52:48 +08:00
|
|
|
# encoding: UTF-8
|
2019-04-30 08:27:42 +08:00
|
|
|
# frozen_string_literal: true
|
2017-12-11 14:52:48 +08:00
|
|
|
|
2022-07-28 10:27:38 +08:00
|
|
|
RSpec.describe "rate limiter integration" do
|
2023-06-16 10:44:35 +08:00
|
|
|
before { RateLimiter.enable }
|
|
|
|
|
|
|
|
use_redis_snapshotting
|
2017-12-11 14:52:48 +08:00
|
|
|
|
2019-08-09 15:47:44 +08:00
|
|
|
it "will rate limit message bus requests once queueing" do
|
|
|
|
freeze_time
|
|
|
|
|
|
|
|
global_setting :reject_message_bus_queue_seconds, 0.1
|
|
|
|
|
|
|
|
post "/message-bus/#{SecureRandom.hex}/poll",
|
|
|
|
headers: {
|
|
|
|
"HTTP_X_REQUEST_START" => "t=#{Time.now.to_f - 0.2}",
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(429)
|
2021-03-24 03:32:36 +08:00
|
|
|
expect(response.headers["Retry-After"].to_i).to be > 29
|
2019-08-09 15:47:44 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "will not rate limit when all is good" do
|
|
|
|
freeze_time
|
|
|
|
|
|
|
|
global_setting :reject_message_bus_queue_seconds, 0.1
|
|
|
|
|
|
|
|
post "/message-bus/#{SecureRandom.hex}/poll",
|
|
|
|
headers: {
|
|
|
|
"HTTP_X_REQUEST_START" => "t=#{Time.now.to_f - 0.05}",
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
|
2018-02-10 08:09:54 +08:00
|
|
|
it "will clear the token cookie if invalid" do
|
|
|
|
name = Auth::DefaultCurrentUserProvider::TOKEN_COOKIE
|
|
|
|
|
|
|
|
# we try 11 times because the rate limit is 10
|
|
|
|
11.times do
|
|
|
|
cookies[name] = SecureRandom.hex
|
|
|
|
get "/categories.json"
|
|
|
|
expect(response.cookies.has_key?(name)).to eq(true)
|
|
|
|
expect(response.cookies[name]).to be_nil
|
2023-01-09 19:18:21 +08:00
|
|
|
end
|
2018-02-10 08:09:54 +08:00
|
|
|
end
|
|
|
|
|
2018-03-13 23:12:41 +08:00
|
|
|
it "can cleanly limit requests and sets a Retry-After header" do
|
2018-02-14 12:29:50 +08:00
|
|
|
freeze_time
|
2021-06-03 17:52:43 +08:00
|
|
|
|
2017-12-11 14:52:48 +08:00
|
|
|
admin = Fabricate(:admin)
|
2019-11-29 23:16:06 +08:00
|
|
|
api_key = Fabricate(:api_key, user: admin)
|
2017-12-11 14:52:48 +08:00
|
|
|
|
2021-06-03 17:52:43 +08:00
|
|
|
global_setting :max_admin_api_reqs_per_minute, 1
|
2017-12-11 14:52:48 +08:00
|
|
|
|
2020-04-07 06:55:44 +08:00
|
|
|
get "/admin/api/keys.json",
|
|
|
|
headers: {
|
|
|
|
HTTP_API_KEY: api_key.key,
|
|
|
|
HTTP_API_USERNAME: admin.username,
|
2017-12-11 14:52:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
2020-04-07 06:55:44 +08:00
|
|
|
get "/admin/api/keys.json",
|
|
|
|
headers: {
|
|
|
|
HTTP_API_KEY: api_key.key,
|
|
|
|
HTTP_API_USERNAME: admin.username,
|
2017-12-11 14:52:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(429)
|
2018-02-14 12:29:50 +08:00
|
|
|
|
2020-05-07 23:04:12 +08:00
|
|
|
data = response.parsed_body
|
2018-02-14 12:29:50 +08:00
|
|
|
|
2021-03-24 03:32:36 +08:00
|
|
|
expect(response.headers["Retry-After"]).to eq("60")
|
2018-02-14 12:29:50 +08:00
|
|
|
expect(data["extras"]["wait_seconds"]).to eq(60)
|
2017-12-11 14:52:48 +08:00
|
|
|
end
|
|
|
|
end
|