X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fserver%2Freverse-proxy.ts;h=0a1565faff36b0e1cc75d0ac7217cee98e60fdc6;hb=4e56f0fff12ab9840574e7a27277fc78b195b3e2;hp=13b22bc0ec4b7c87a78a61910ca56320da906034;hpb=c0e8b12e7fd554ba4d2ceb0c4900804c6a4c63ea;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts index 13b22bc0e..0a1565faf 100644 --- a/server/tests/api/server/reverse-proxy.ts +++ b/server/tests/api/server/reverse-proxy.ts @@ -1,11 +1,13 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ import { expect } from 'chai' +import { wait } from '@shared/core-utils' import { HttpStatusCode } from '@shared/models' -import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, wait } from '@shared/extra-utils' +import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' describe('Test application behind a reverse proxy', function () { let server: PeerTubeServer + let userAccessToken: string let videoId: string before(async function () { @@ -33,6 +35,8 @@ describe('Test application behind a reverse proxy', function () { server = await createSingleServer(1, config) await setAccessTokensToServers([ server ]) + userAccessToken = await server.users.generateUserAndToken('user') + const { uuid } = await server.videos.upload() videoId = uuid }) @@ -40,8 +44,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video only once with the same IP by default', async function () { this.timeout(20000) - await server.videos.view({ id: videoId }) - await server.videos.view({ id: videoId }) + await server.views.simulateView({ id: videoId }) + await server.views.simulateView({ id: videoId }) // Wait the repeatable job await wait(8000) @@ -53,8 +57,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video 2 times with the X-Forwarded-For header set', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -66,8 +70,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -79,8 +83,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -92,7 +96,7 @@ describe('Test application behind a reverse proxy', function () { it('Should rate limit logins', async function () { const user = { username: 'root', password: 'fail' } - for (let i = 0; i < 19; i++) { + for (let i = 0; i < 18; i++) { await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) } @@ -140,6 +144,12 @@ describe('Test application behind a reverse proxy', function () { await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) }) + it('Should rate limit API calls with a user but not with an admin', async function () { + await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) + + await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) + }) + after(async function () { await cleanupTests([ server ]) })