X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fserver%2Freverse-proxy.ts;h=0a1565faff36b0e1cc75d0ac7217cee98e60fdc6;hb=e5a781ec25191c0dbb4a991f25307732d798619d;hp=968d98e96897ba041fc037e7071cb14052a82e86;hpb=c3edc5b074aa4bb1861ed0a94d3713808e87170f;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts index 968d98e96..0a1565faf 100644 --- a/server/tests/api/server/reverse-proxy.ts +++ b/server/tests/api/server/reverse-proxy.ts @@ -7,6 +7,7 @@ import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServ describe('Test application behind a reverse proxy', function () { let server: PeerTubeServer + let userAccessToken: string let videoId: string before(async function () { @@ -34,6 +35,8 @@ describe('Test application behind a reverse proxy', function () { server = await createSingleServer(1, config) await setAccessTokensToServers([ server ]) + userAccessToken = await server.users.generateUserAndToken('user') + const { uuid } = await server.videos.upload() videoId = uuid }) @@ -41,8 +44,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video only once with the same IP by default', async function () { this.timeout(20000) - await server.videos.view({ id: videoId }) - await server.videos.view({ id: videoId }) + await server.views.simulateView({ id: videoId }) + await server.views.simulateView({ id: videoId }) // Wait the repeatable job await wait(8000) @@ -54,8 +57,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video 2 times with the X-Forwarded-For header set', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -67,8 +70,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -80,8 +83,8 @@ describe('Test application behind a reverse proxy', function () { it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { this.timeout(20000) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) - await server.videos.view({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' }) + await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' }) // Wait the repeatable job await wait(8000) @@ -93,7 +96,7 @@ describe('Test application behind a reverse proxy', function () { it('Should rate limit logins', async function () { const user = { username: 'root', password: 'fail' } - for (let i = 0; i < 19; i++) { + for (let i = 0; i < 18; i++) { await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) } @@ -141,6 +144,12 @@ describe('Test application behind a reverse proxy', function () { await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) }) + it('Should rate limit API calls with a user but not with an admin', async function () { + await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) + + await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) + }) + after(async function () { await cleanupTests([ server ]) })