2017-12-11 14:52:48 +08:00
|
|
|
# encoding: UTF-8
|
|
|
|
|
|
|
|
require 'rails_helper'
|
|
|
|
|
2018-02-10 08:09:54 +08:00
|
|
|
describe 'rate limiter integration' do
|
2017-12-11 14:52:48 +08:00
|
|
|
|
|
|
|
before do
|
|
|
|
RateLimiter.enable
|
2018-02-10 08:09:54 +08:00
|
|
|
RateLimiter.clear_all!
|
2017-12-11 14:52:48 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
RateLimiter.disable
|
|
|
|
end
|
|
|
|
|
2018-02-10 08:09:54 +08:00
|
|
|
it "will clear the token cookie if invalid" do
|
|
|
|
name = Auth::DefaultCurrentUserProvider::TOKEN_COOKIE
|
|
|
|
|
|
|
|
# we try 11 times because the rate limit is 10
|
|
|
|
11.times {
|
|
|
|
cookies[name] = SecureRandom.hex
|
|
|
|
get '/categories.json'
|
|
|
|
expect(response.cookies.has_key?(name)).to eq(true)
|
|
|
|
expect(response.cookies[name]).to be_nil
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2017-12-11 14:52:48 +08:00
|
|
|
it 'can cleanly limit requests' do
|
2018-02-14 12:29:50 +08:00
|
|
|
freeze_time
|
2018-01-12 11:15:10 +08:00
|
|
|
#request.set_header("action_dispatch.show_exceptions", true)
|
2017-12-11 14:52:48 +08:00
|
|
|
|
|
|
|
admin = Fabricate(:admin)
|
|
|
|
api_key = Fabricate(:api_key, key: SecureRandom.hex, user: admin)
|
|
|
|
|
|
|
|
global_setting :max_admin_api_reqs_per_key_per_minute, 1
|
|
|
|
|
2018-01-12 11:15:10 +08:00
|
|
|
get '/admin/api/keys.json', params: {
|
2017-12-11 14:52:48 +08:00
|
|
|
api_key: api_key.key,
|
|
|
|
api_username: admin.username
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
|
2018-01-12 11:15:10 +08:00
|
|
|
get '/admin/api/keys.json', params: {
|
2017-12-11 14:52:48 +08:00
|
|
|
api_key: api_key.key,
|
|
|
|
api_username: admin.username
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(response.status).to eq(429)
|
2018-02-14 12:29:50 +08:00
|
|
|
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
|
|
|
|
expect(data["extras"]["wait_seconds"]).to eq(60)
|
2017-12-11 14:52:48 +08:00
|
|
|
end
|
|
|
|
end
|