1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { HttpStatusCode } from '@shared/core-utils'
10 setAccessTokensToServers,
14 } from '@shared/extra-utils'
16 describe('Test application behind a reverse proxy', function () {
20 before(async function () {
42 server = await flushAndRunServer(1, config)
43 await setAccessTokensToServers([ server ])
45 const { body } = await uploadVideo(server.url, server.accessToken, {})
46 videoId = body.video.uuid
49 it('Should view a video only once with the same IP by default', async function () {
52 await viewVideo(server.url, videoId)
53 await viewVideo(server.url, videoId)
55 // Wait the repeatable job
58 const { body } = await getVideo(server.url, videoId)
59 expect(body.views).to.equal(1)
62 it('Should view a video 2 times with the X-Forwarded-For header set', async function () {
65 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.1,127.0.0.1')
66 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.2,127.0.0.1')
68 // Wait the repeatable job
71 const { body } = await getVideo(server.url, videoId)
72 expect(body.views).to.equal(3)
75 it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () {
78 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.4,0.0.0.3,::ffff:127.0.0.1')
79 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.5,0.0.0.3,127.0.0.1')
81 // Wait the repeatable job
84 const { body } = await getVideo(server.url, videoId)
85 expect(body.views).to.equal(4)
88 it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () {
91 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.6,127.0.0.1')
92 await viewVideo(server.url, videoId, HttpStatusCode.NO_CONTENT_204, '0.0.0.8,0.0.0.7,127.0.0.1')
94 // Wait the repeatable job
97 const { body } = await getVideo(server.url, videoId)
98 expect(body.views).to.equal(6)
101 it('Should rate limit logins', async function () {
102 const user = { username: 'root', password: 'fail' }
104 for (let i = 0; i < 19; i++) {
105 await server.loginCommand.getAccessToken(user, HttpStatusCode.BAD_REQUEST_400)
108 await server.loginCommand.getAccessToken(user, HttpStatusCode.TOO_MANY_REQUESTS_429)
111 it('Should rate limit signup', async function () {
112 for (let i = 0; i < 10; i++) {
114 await registerUser(server.url, 'test' + i, 'password')
120 await registerUser(server.url, 'test42', 'password', HttpStatusCode.TOO_MANY_REQUESTS_429)
123 it('Should not rate limit failed signup', async function () {
128 for (let i = 0; i < 3; i++) {
129 await registerUser(server.url, 'test' + i, 'password', HttpStatusCode.CONFLICT_409)
132 await registerUser(server.url, 'test43', 'password', HttpStatusCode.NO_CONTENT_204)
136 it('Should rate limit API calls', async function () {
141 for (let i = 0; i < 100; i++) {
143 await getVideo(server.url, videoId)
145 // don't care if it fails
149 await getVideo(server.url, videoId, HttpStatusCode.TOO_MANY_REQUESTS_429)
152 after(async function () {
153 await cleanupTests([ server ])