]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { expect } from 'chai' | |
4 | import { wait } from '@shared/core-utils' | |
5 | import { HttpStatusCode } from '@shared/models' | |
6 | import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' | |
7 | ||
8 | describe('Test application behind a reverse proxy', function () { | |
9 | let server: PeerTubeServer | |
10 | let userAccessToken: string | |
11 | let videoId: string | |
12 | ||
13 | before(async function () { | |
14 | this.timeout(30000) | |
15 | ||
16 | const config = { | |
17 | rates_limit: { | |
18 | api: { | |
19 | max: 50, | |
20 | window: 5000 | |
21 | }, | |
22 | signup: { | |
23 | max: 3, | |
24 | window: 5000 | |
25 | }, | |
26 | login: { | |
27 | max: 20 | |
28 | } | |
29 | }, | |
30 | signup: { | |
31 | limit: 20 | |
32 | } | |
33 | } | |
34 | ||
35 | server = await createSingleServer(1, config) | |
36 | await setAccessTokensToServers([ server ]) | |
37 | ||
38 | userAccessToken = await server.users.generateUserAndToken('user') | |
39 | ||
40 | const { uuid } = await server.videos.upload() | |
41 | videoId = uuid | |
42 | }) | |
43 | ||
44 | it('Should view a video only once with the same IP by default', async function () { | |
45 | this.timeout(20000) | |
46 | ||
47 | await server.views.simulateView({ id: videoId }) | |
48 | await server.views.simulateView({ id: videoId }) | |
49 | ||
50 | // Wait the repeatable job | |
51 | await wait(8000) | |
52 | ||
53 | const video = await server.videos.get({ id: videoId }) | |
54 | expect(video.views).to.equal(1) | |
55 | }) | |
56 | ||
57 | it('Should view a video 2 times with the X-Forwarded-For header set', async function () { | |
58 | this.timeout(20000) | |
59 | ||
60 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) | |
61 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) | |
62 | ||
63 | // Wait the repeatable job | |
64 | await wait(8000) | |
65 | ||
66 | const video = await server.videos.get({ id: videoId }) | |
67 | expect(video.views).to.equal(3) | |
68 | }) | |
69 | ||
70 | it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { | |
71 | this.timeout(20000) | |
72 | ||
73 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) | |
74 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) | |
75 | ||
76 | // Wait the repeatable job | |
77 | await wait(8000) | |
78 | ||
79 | const video = await server.videos.get({ id: videoId }) | |
80 | expect(video.views).to.equal(4) | |
81 | }) | |
82 | ||
83 | it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { | |
84 | this.timeout(20000) | |
85 | ||
86 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) | |
87 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) | |
88 | ||
89 | // Wait the repeatable job | |
90 | await wait(8000) | |
91 | ||
92 | const video = await server.videos.get({ id: videoId }) | |
93 | expect(video.views).to.equal(6) | |
94 | }) | |
95 | ||
96 | it('Should rate limit logins', async function () { | |
97 | const user = { username: 'root', password: 'fail' } | |
98 | ||
99 | for (let i = 0; i < 18; i++) { | |
100 | await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
101 | } | |
102 | ||
103 | await server.login.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
104 | }) | |
105 | ||
106 | it('Should rate limit signup', async function () { | |
107 | for (let i = 0; i < 10; i++) { | |
108 | try { | |
109 | await server.users.register({ username: 'test' + i }) | |
110 | } catch { | |
111 | // empty | |
112 | } | |
113 | } | |
114 | ||
115 | await server.users.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
116 | }) | |
117 | ||
118 | it('Should not rate limit failed signup', async function () { | |
119 | this.timeout(30000) | |
120 | ||
121 | await wait(7000) | |
122 | ||
123 | for (let i = 0; i < 3; i++) { | |
124 | await server.users.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 }) | |
125 | } | |
126 | ||
127 | await server.users.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 }) | |
128 | ||
129 | }) | |
130 | ||
131 | it('Should rate limit API calls', async function () { | |
132 | this.timeout(30000) | |
133 | ||
134 | await wait(7000) | |
135 | ||
136 | for (let i = 0; i < 100; i++) { | |
137 | try { | |
138 | await server.videos.get({ id: videoId }) | |
139 | } catch { | |
140 | // don't care if it fails | |
141 | } | |
142 | } | |
143 | ||
144 | await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
145 | }) | |
146 | ||
147 | it('Should rate limit API calls with a user but not with an admin', async function () { | |
148 | await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
149 | ||
150 | await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
151 | }) | |
152 | ||
153 | after(async function () { | |
154 | await cleanupTests([ server ]) | |
155 | }) | |
156 | }) |