]>
Commit | Line | Data |
---|---|---|
a1587156 | 1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
490b595a | 2 | |
41d1d075 C |
3 | import { expect } from 'chai' |
4 | import { HttpStatusCode } from '@shared/core-utils' | |
5 | import { | |
6 | cleanupTests, | |
7 | flushAndRunServer, | |
8 | getVideo, | |
7926c5f9 | 9 | ServerInfo, |
41d1d075 C |
10 | setAccessTokensToServers, |
11 | uploadVideo, | |
12 | viewVideo, | |
13 | wait | |
14 | } from '@shared/extra-utils' | |
490b595a C |
15 | |
16 | describe('Test application behind a reverse proxy', function () { | |
7926c5f9 C |
17 | let server: ServerInfo |
18 | let videoId: number | |
490b595a C |
19 | |
20 | before(async function () { | |
21 | this.timeout(30000) | |
c1340a6a C |
22 | |
23 | const config = { | |
24 | rates_limit: { | |
25 | api: { | |
26 | max: 50, | |
27 | window: 5000 | |
28 | }, | |
29 | signup: { | |
30 | max: 3, | |
31 | window: 5000 | |
32 | }, | |
33 | login: { | |
34 | max: 20 | |
35 | } | |
36 | }, | |
37 | signup: { | |
38 | limit: 20 | |
39 | } | |
40 | } | |
41 | ||
42 | server = await flushAndRunServer(1, config) | |
490b595a C |
43 | await setAccessTokensToServers([ server ]) |
44 | ||
45 | const { body } = await uploadVideo(server.url, server.accessToken, {}) | |
46 | videoId = body.video.uuid | |
47 | }) | |
48 | ||
49 | it('Should view a video only once with the same IP by default', async function () { | |
6b616860 C |
50 | this.timeout(20000) |
51 | ||
490b595a C |
52 | await viewVideo(server.url, videoId) |
53 | await viewVideo(server.url, videoId) | |
54 | ||
6b616860 C |
55 | // Wait the repeatable job |
56 | await wait(8000) | |
57 | ||
490b595a C |
58 | const { body } = await getVideo(server.url, videoId) |
59 | expect(body.views).to.equal(1) | |
60 | }) | |
61 | ||
62 | it('Should view a video 2 times with the X-Forwarded-For header set', async function () { | |
6b616860 C |
63 | this.timeout(20000) |
64 | ||
f2eb23cd RK |
65 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.1,127.0.0.1') |
66 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.2,127.0.0.1') | |
490b595a | 67 | |
6b616860 C |
68 | // Wait the repeatable job |
69 | await wait(8000) | |
70 | ||
490b595a C |
71 | const { body } = await getVideo(server.url, videoId) |
72 | expect(body.views).to.equal(3) | |
73 | }) | |
74 | ||
75 | it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { | |
6b616860 C |
76 | this.timeout(20000) |
77 | ||
f2eb23cd RK |
78 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.4,0.0.0.3,::ffff:127.0.0.1') |
79 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.5,0.0.0.3,127.0.0.1') | |
490b595a | 80 | |
6b616860 C |
81 | // Wait the repeatable job |
82 | await wait(8000) | |
83 | ||
490b595a C |
84 | const { body } = await getVideo(server.url, videoId) |
85 | expect(body.views).to.equal(4) | |
86 | }) | |
87 | ||
88 | it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { | |
6b616860 C |
89 | this.timeout(20000) |
90 | ||
f2eb23cd RK |
91 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.6,127.0.0.1') |
92 | await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.7,127.0.0.1') | |
490b595a | 93 | |
6b616860 C |
94 | // Wait the repeatable job |
95 | await wait(8000) | |
96 | ||
490b595a C |
97 | const { body } = await getVideo(server.url, videoId) |
98 | expect(body.views).to.equal(6) | |
99 | }) | |
100 | ||
101 | it('Should rate limit logins', async function () { | |
102 | const user = { username: 'root', password: 'fail' } | |
103 | ||
e79d0ba5 | 104 | for (let i = 0; i < 19; i++) { |
7926c5f9 | 105 | await server.loginCommand.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) |
490b595a C |
106 | } |
107 | ||
7926c5f9 | 108 | await server.loginCommand.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) |
490b595a C |
109 | }) |
110 | ||
c1340a6a | 111 | it('Should rate limit signup', async function () { |
2fa9c40e C |
112 | for (let i = 0; i < 10; i++) { |
113 | try { | |
7926c5f9 | 114 | await server.usersCommand.register({ username: 'test' + i }) |
2fa9c40e C |
115 | } catch { |
116 | // empty | |
117 | } | |
c1340a6a C |
118 | } |
119 | ||
7926c5f9 | 120 | await server.usersCommand.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) |
c1340a6a C |
121 | }) |
122 | ||
123 | it('Should not rate limit failed signup', async function () { | |
124 | this.timeout(30000) | |
125 | ||
126 | await wait(7000) | |
127 | ||
128 | for (let i = 0; i < 3; i++) { | |
7926c5f9 | 129 | await server.usersCommand.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 }) |
c1340a6a C |
130 | } |
131 | ||
7926c5f9 | 132 | await server.usersCommand.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 }) |
c1340a6a C |
133 | |
134 | }) | |
135 | ||
136 | it('Should rate limit API calls', async function () { | |
137 | this.timeout(30000) | |
138 | ||
139 | await wait(7000) | |
140 | ||
c1e5bd23 C |
141 | for (let i = 0; i < 100; i++) { |
142 | try { | |
143 | await getVideo(server.url, videoId) | |
144 | } catch { | |
145 | // don't care if it fails | |
146 | } | |
c1340a6a C |
147 | } |
148 | ||
f2eb23cd | 149 | await getVideo(server.url, videoId, HttpStatusCode.TOO_MANY_REQUESTS_429) |
c1340a6a C |
150 | }) |
151 | ||
7c3b7976 C |
152 | after(async function () { |
153 | await cleanupTests([ server ]) | |
490b595a C |
154 | }) |
155 | }) |