1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { wait } from '@shared/core-utils'
5 import { HttpStatusCode } from '@shared/models'
6 import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
8 describe('Test application behind a reverse proxy', function () {
9 let server: PeerTubeServer
10 let userAccessToken: string
13 before(async function () {
35 server = await createSingleServer(1, config)
36 await setAccessTokensToServers([ server ])
38 userAccessToken = await server.users.generateUserAndToken('user')
40 const { uuid } = await server.videos.upload()
44 it('Should view a video only once with the same IP by default', async function () {
47 await server.views.simulateView({ id: videoId })
48 await server.views.simulateView({ id: videoId })
50 // Wait the repeatable job
53 const video = await server.videos.get({ id: videoId })
54 expect(video.views).to.equal(1)
57 it('Should view a video 2 times with the X-Forwarded-For header set', async function () {
60 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' })
61 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' })
63 // Wait the repeatable job
66 const video = await server.videos.get({ id: videoId })
67 expect(video.views).to.equal(3)
70 it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () {
73 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' })
74 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' })
76 // Wait the repeatable job
79 const video = await server.videos.get({ id: videoId })
80 expect(video.views).to.equal(4)
83 it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () {
86 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' })
87 await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' })
89 // Wait the repeatable job
92 const video = await server.videos.get({ id: videoId })
93 expect(video.views).to.equal(6)
96 it('Should rate limit logins', async function () {
97 const user = { username: 'root', password: 'fail' }
99 for (let i = 0; i < 18; i++) {
100 await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
103 await server.login.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
106 it('Should rate limit signup', async function () {
107 for (let i = 0; i < 10; i++) {
109 await server.registrations.register({ username: 'test' + i })
115 await server.registrations.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
118 it('Should not rate limit failed signup', async function () {
123 for (let i = 0; i < 3; i++) {
124 await server.registrations.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 })
127 await server.registrations.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
131 it('Should rate limit API calls', async function () {
136 for (let i = 0; i < 100; i++) {
138 await server.videos.get({ id: videoId })
140 // don't care if it fails
144 await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
147 it('Should rate limit API calls with a user but not with an admin', async function () {
148 await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
150 await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
153 after(async function () {
154 await cleanupTests([ server ])