]>
Commit | Line | Data |
---|---|---|
a1587156 | 1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
490b595a C |
2 | |
3 | import 'mocha' | |
4 | import * as chai from 'chai' | |
c1340a6a | 5 | import { cleanupTests, getVideo, registerUser, uploadVideo, userLogin, viewVideo, wait } from '../../../../shared/extra-utils' |
7c3b7976 | 6 | import { flushAndRunServer, setAccessTokensToServers } from '../../../../shared/extra-utils/index' |
f2eb23cd | 7 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
490b595a | 8 | |
7c3b7976 | 9 | const expect = chai.expect |
490b595a C |
10 | |
11 | describe('Test application behind a reverse proxy', function () { | |
12 | let server = null | |
13 | let videoId | |
14 | ||
15 | before(async function () { | |
16 | this.timeout(30000) | |
c1340a6a C |
17 | |
18 | const config = { | |
19 | rates_limit: { | |
20 | api: { | |
21 | max: 50, | |
22 | window: 5000 | |
23 | }, | |
24 | signup: { | |
25 | max: 3, | |
26 | window: 5000 | |
27 | }, | |
28 | login: { | |
29 | max: 20 | |
30 | } | |
31 | }, | |
32 | signup: { | |
33 | limit: 20 | |
34 | } | |
35 | } | |
36 | ||
37 | server = await flushAndRunServer(1, config) | |
490b595a C |
38 | await setAccessTokensToServers([ server ]) |
39 | ||
40 | const { body } = await uploadVideo(server.url, server.accessToken, {}) | |
41 | videoId = body.video.uuid | |
42 | }) | |
43 | ||
44 | it('Should view a video only once with the same IP by default', async function () { | |
6b616860 C |
45 | this.timeout(20000) |
46 | ||
490b595a C |
47 | await viewVideo(server.url, videoId) |
48 | await viewVideo(server.url, videoId) | |
49 | ||
6b616860 C |
50 | // Wait the repeatable job |
51 | await wait(8000) | |
52 | ||
490b595a C |
53 | const { body } = await getVideo(server.url, videoId) |
54 | expect(body.views).to.equal(1) | |
55 | }) | |
56 | ||
57 | it('Should view a video 2 times with the X-Forwarded-For header set', async function () { | |
6b616860 C |
58 | this.timeout(20000) |
59 | ||
f2eb23cd RK |
60 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.1,127.0.0.1') |
61 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.2,127.0.0.1') | |
490b595a | 62 | |
6b616860 C |
63 | // Wait the repeatable job |
64 | await wait(8000) | |
65 | ||
490b595a C |
66 | const { body } = await getVideo(server.url, videoId) |
67 | expect(body.views).to.equal(3) | |
68 | }) | |
69 | ||
70 | it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { | |
6b616860 C |
71 | this.timeout(20000) |
72 | ||
f2eb23cd RK |
73 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.4,0.0.0.3,::ffff:127.0.0.1') |
74 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.5,0.0.0.3,127.0.0.1') | |
490b595a | 75 | |
6b616860 C |
76 | // Wait the repeatable job |
77 | await wait(8000) | |
78 | ||
490b595a C |
79 | const { body } = await getVideo(server.url, videoId) |
80 | expect(body.views).to.equal(4) | |
81 | }) | |
82 | ||
83 | it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { | |
6b616860 C |
84 | this.timeout(20000) |
85 | ||
f2eb23cd RK |
86 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.6,127.0.0.1') |
87 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.7,127.0.0.1') | |
490b595a | 88 | |
6b616860 C |
89 | // Wait the repeatable job |
90 | await wait(8000) | |
91 | ||
490b595a C |
92 | const { body } = await getVideo(server.url, videoId) |
93 | expect(body.views).to.equal(6) | |
94 | }) | |
95 | ||
96 | it('Should rate limit logins', async function () { | |
97 | const user = { username: 'root', password: 'fail' } | |
98 | ||
e79d0ba5 | 99 | for (let i = 0; i < 19; i++) { |
f2eb23cd | 100 | await userLogin(server, user, HttpStatusCode.BAD_REQUEST_400) |
490b595a C |
101 | } |
102 | ||
f2eb23cd | 103 | await userLogin(server, user, HttpStatusCode.TOO_MANY_REQUESTS_429) |
490b595a C |
104 | }) |
105 | ||
c1340a6a | 106 | it('Should rate limit signup', async function () { |
2fa9c40e C |
107 | for (let i = 0; i < 10; i++) { |
108 | try { | |
109 | await registerUser(server.url, 'test' + i, 'password') | |
110 | } catch { | |
111 | // empty | |
112 | } | |
c1340a6a C |
113 | } |
114 | ||
f2eb23cd | 115 | await registerUser(server.url, 'test42', 'password', HttpStatusCode.TOO_MANY_REQUESTS_429) |
c1340a6a C |
116 | }) |
117 | ||
118 | it('Should not rate limit failed signup', async function () { | |
119 | this.timeout(30000) | |
120 | ||
121 | await wait(7000) | |
122 | ||
123 | for (let i = 0; i < 3; i++) { | |
f2eb23cd | 124 | await registerUser(server.url, 'test' + i, 'password', HttpStatusCode.CONFLICT_409) |
c1340a6a C |
125 | } |
126 | ||
f2eb23cd | 127 | await registerUser(server.url, 'test43', 'password', HttpStatusCode.NO_CONTENT_204) |
c1340a6a C |
128 | |
129 | }) | |
130 | ||
131 | it('Should rate limit API calls', async function () { | |
132 | this.timeout(30000) | |
133 | ||
134 | await wait(7000) | |
135 | ||
c1e5bd23 C |
136 | for (let i = 0; i < 100; i++) { |
137 | try { | |
138 | await getVideo(server.url, videoId) | |
139 | } catch { | |
140 | // don't care if it fails | |
141 | } | |
c1340a6a C |
142 | } |
143 | ||
f2eb23cd | 144 | await getVideo(server.url, videoId, HttpStatusCode.TOO_MANY_REQUESTS_429) |
c1340a6a C |
145 | }) |
146 | ||
7c3b7976 C |
147 | after(async function () { |
148 | await cleanupTests([ server ]) | |
490b595a C |
149 | }) |
150 | }) |