]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { expect } from 'chai' | |
4 | import { wait } from '@shared/core-utils' | |
5 | import { HttpStatusCode } from '@shared/models' | |
6 | import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' | |
7 | ||
8 | describe('Test application behind a reverse proxy', function () { | |
9 | let server: PeerTubeServer | |
10 | let videoId: string | |
11 | ||
12 | before(async function () { | |
13 | this.timeout(30000) | |
14 | ||
15 | const config = { | |
16 | rates_limit: { | |
17 | api: { | |
18 | max: 50, | |
19 | window: 5000 | |
20 | }, | |
21 | signup: { | |
22 | max: 3, | |
23 | window: 5000 | |
24 | }, | |
25 | login: { | |
26 | max: 20 | |
27 | } | |
28 | }, | |
29 | signup: { | |
30 | limit: 20 | |
31 | } | |
32 | } | |
33 | ||
34 | server = await createSingleServer(1, config) | |
35 | await setAccessTokensToServers([ server ]) | |
36 | ||
37 | const { uuid } = await server.videos.upload() | |
38 | videoId = uuid | |
39 | }) | |
40 | ||
41 | it('Should view a video only once with the same IP by default', async function () { | |
42 | this.timeout(20000) | |
43 | ||
44 | await server.views.simulateView({ id: videoId }) | |
45 | await server.views.simulateView({ id: videoId }) | |
46 | ||
47 | // Wait the repeatable job | |
48 | await wait(8000) | |
49 | ||
50 | const video = await server.videos.get({ id: videoId }) | |
51 | expect(video.views).to.equal(1) | |
52 | }) | |
53 | ||
54 | it('Should view a video 2 times with the X-Forwarded-For header set', async function () { | |
55 | this.timeout(20000) | |
56 | ||
57 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) | |
58 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) | |
59 | ||
60 | // Wait the repeatable job | |
61 | await wait(8000) | |
62 | ||
63 | const video = await server.videos.get({ id: videoId }) | |
64 | expect(video.views).to.equal(3) | |
65 | }) | |
66 | ||
67 | it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { | |
68 | this.timeout(20000) | |
69 | ||
70 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) | |
71 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) | |
72 | ||
73 | // Wait the repeatable job | |
74 | await wait(8000) | |
75 | ||
76 | const video = await server.videos.get({ id: videoId }) | |
77 | expect(video.views).to.equal(4) | |
78 | }) | |
79 | ||
80 | it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { | |
81 | this.timeout(20000) | |
82 | ||
83 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) | |
84 | await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) | |
85 | ||
86 | // Wait the repeatable job | |
87 | await wait(8000) | |
88 | ||
89 | const video = await server.videos.get({ id: videoId }) | |
90 | expect(video.views).to.equal(6) | |
91 | }) | |
92 | ||
93 | it('Should rate limit logins', async function () { | |
94 | const user = { username: 'root', password: 'fail' } | |
95 | ||
96 | for (let i = 0; i < 19; i++) { | |
97 | await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
98 | } | |
99 | ||
100 | await server.login.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
101 | }) | |
102 | ||
103 | it('Should rate limit signup', async function () { | |
104 | for (let i = 0; i < 10; i++) { | |
105 | try { | |
106 | await server.users.register({ username: 'test' + i }) | |
107 | } catch { | |
108 | // empty | |
109 | } | |
110 | } | |
111 | ||
112 | await server.users.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
113 | }) | |
114 | ||
115 | it('Should not rate limit failed signup', async function () { | |
116 | this.timeout(30000) | |
117 | ||
118 | await wait(7000) | |
119 | ||
120 | for (let i = 0; i < 3; i++) { | |
121 | await server.users.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 }) | |
122 | } | |
123 | ||
124 | await server.users.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 }) | |
125 | ||
126 | }) | |
127 | ||
128 | it('Should rate limit API calls', async function () { | |
129 | this.timeout(30000) | |
130 | ||
131 | await wait(7000) | |
132 | ||
133 | for (let i = 0; i < 100; i++) { | |
134 | try { | |
135 | await server.videos.get({ id: videoId }) | |
136 | } catch { | |
137 | // don't care if it fails | |
138 | } | |
139 | } | |
140 | ||
141 | await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | |
142 | }) | |
143 | ||
144 | after(async function () { | |
145 | await cleanupTests([ server ]) | |
146 | }) | |
147 | }) |