diff options
| author | Chocobozzz <me@florianbigard.com> | 2023-06-20 14:17:34 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2023-06-20 14:17:34 +0200 |
| commit | e915cde30ec47258a2beeec5ca748c928b59858c (patch) | |
| tree | f5692ab20c534a61487f3bd471bb6105ed58d88a /server/tests/api/runners/runner-common.ts | |
| parent | 923e41fa4f342019298b46e407ea1f0207f74205 (diff) | |
| download | PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.gz PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.tar.zst PeerTube-e915cde30ec47258a2beeec5ca748c928b59858c.zip | |
Fix runner api rate limit bypass
Diffstat (limited to 'server/tests/api/runners/runner-common.ts')
| -rw-r--r-- | server/tests/api/runners/runner-common.ts | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/server/tests/api/runners/runner-common.ts b/server/tests/api/runners/runner-common.ts index 554024190..34a51abe7 100644 --- a/server/tests/api/runners/runner-common.ts +++ b/server/tests/api/runners/runner-common.ts | |||
| @@ -14,7 +14,6 @@ import { | |||
| 14 | import { | 14 | import { |
| 15 | cleanupTests, | 15 | cleanupTests, |
| 16 | createSingleServer, | 16 | createSingleServer, |
| 17 | makePostBodyRequest, | ||
| 18 | PeerTubeServer, | 17 | PeerTubeServer, |
| 19 | setAccessTokensToServers, | 18 | setAccessTokensToServers, |
| 20 | setDefaultVideoChannel, | 19 | setDefaultVideoChannel, |
| @@ -641,24 +640,47 @@ describe('Test runner common actions', function () { | |||
| 641 | }) | 640 | }) |
| 642 | }) | 641 | }) |
| 643 | 642 | ||
| 644 | it('Should rate limit an unknown runner', async function () { | 643 | it('Should rate limit an unknown runner, but not a registered one', async function () { |
| 645 | const path = '/api/v1/ping' | 644 | this.timeout(60000) |
| 646 | const fields = { runnerToken: 'toto' } | 645 | |
| 646 | await server.videos.quickUpload({ name: 'video' }) | ||
| 647 | await waitJobs([ server ]) | ||
| 648 | |||
| 649 | const { job } = await server.runnerJobs.autoAccept({ runnerToken }) | ||
| 647 | 650 | ||
| 648 | for (let i = 0; i < 20; i++) { | 651 | for (let i = 0; i < 20; i++) { |
| 649 | try { | 652 | try { |
| 650 | await makePostBodyRequest({ url: server.url, path, fields, expectedStatus: HttpStatusCode.OK_200 }) | 653 | await server.runnerJobs.request({ runnerToken }) |
| 654 | await server.runnerJobs.update({ runnerToken, jobToken: job.jobToken, jobUUID: job.uuid }) | ||
| 651 | } catch {} | 655 | } catch {} |
| 652 | } | 656 | } |
| 653 | 657 | ||
| 654 | await makePostBodyRequest({ url: server.url, path, fields, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | 658 | // Invalid |
| 655 | }) | 659 | { |
| 660 | await server.runnerJobs.request({ runnerToken: 'toto', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | ||
| 661 | await server.runnerJobs.update({ | ||
| 662 | runnerToken: 'toto', | ||
| 663 | jobToken: job.jobToken, | ||
| 664 | jobUUID: job.uuid, | ||
| 665 | expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 | ||
| 666 | }) | ||
| 667 | } | ||
| 656 | 668 | ||
| 657 | it('Should not rate limit a registered runner', async function () { | 669 | // Not provided |
| 658 | const path = '/api/v1/ping' | 670 | { |
| 671 | await server.runnerJobs.request({ runnerToken: undefined, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 }) | ||
| 672 | await server.runnerJobs.update({ | ||
| 673 | runnerToken: undefined, | ||
| 674 | jobToken: job.jobToken, | ||
| 675 | jobUUID: job.uuid, | ||
| 676 | expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 | ||
| 677 | }) | ||
| 678 | } | ||
| 659 | 679 | ||
| 660 | for (let i = 0; i < 20; i++) { | 680 | // Registered |
| 661 | await makePostBodyRequest({ url: server.url, path, fields: { runnerToken }, expectedStatus: HttpStatusCode.OK_200 }) | 681 | { |
| 682 | await server.runnerJobs.request({ runnerToken }) | ||
| 683 | await server.runnerJobs.update({ runnerToken, jobToken: job.jobToken, jobUUID: job.uuid }) | ||
| 662 | } | 684 | } |
| 663 | }) | 685 | }) |
| 664 | }) | 686 | }) |