diff options
author | Chocobozzz <me@florianbigard.com> | 2018-03-29 10:58:24 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-03-29 11:03:30 +0200 |
commit | 490b595a01c5824ff63ffb87f0efdfca95f4bf3b (patch) | |
tree | 3ad716fbb97a8b4ee946ad907202b82934a33d7c /server/tests/api | |
parent | 23f4c3d412974fa5fda52589d1192e098e260f1a (diff) | |
download | PeerTube-490b595a01c5824ff63ffb87f0efdfca95f4bf3b.tar.gz PeerTube-490b595a01c5824ff63ffb87f0efdfca95f4bf3b.tar.zst PeerTube-490b595a01c5824ff63ffb87f0efdfca95f4bf3b.zip |
Prevent brute force login attack
Diffstat (limited to 'server/tests/api')
-rw-r--r-- | server/tests/api/server/reverse-proxy.ts | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts new file mode 100644 index 000000000..aa4b3ae81 --- /dev/null +++ b/server/tests/api/server/reverse-proxy.ts | |||
@@ -0,0 +1,82 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import 'mocha' | ||
4 | import * as chai from 'chai' | ||
5 | import { About } from '../../../../shared/models/server/about.model' | ||
6 | import { CustomConfig } from '../../../../shared/models/server/custom-config.model' | ||
7 | import { deleteCustomConfig, getAbout, getVideo, killallServers, login, reRunServer, uploadVideo, userLogin, viewVideo } from '../../utils' | ||
8 | const expect = chai.expect | ||
9 | |||
10 | import { | ||
11 | getConfig, | ||
12 | flushTests, | ||
13 | runServer, | ||
14 | registerUser, getCustomConfig, setAccessTokensToServers, updateCustomConfig | ||
15 | } from '../../utils/index' | ||
16 | |||
17 | describe('Test application behind a reverse proxy', function () { | ||
18 | let server = null | ||
19 | let videoId | ||
20 | |||
21 | before(async function () { | ||
22 | this.timeout(30000) | ||
23 | |||
24 | await flushTests() | ||
25 | server = await runServer(1) | ||
26 | await setAccessTokensToServers([ server ]) | ||
27 | |||
28 | const { body } = await uploadVideo(server.url, server.accessToken, {}) | ||
29 | videoId = body.video.uuid | ||
30 | }) | ||
31 | |||
32 | it('Should view a video only once with the same IP by default', async function () { | ||
33 | await viewVideo(server.url, videoId) | ||
34 | await viewVideo(server.url, videoId) | ||
35 | |||
36 | const { body } = await getVideo(server.url, videoId) | ||
37 | expect(body.views).to.equal(1) | ||
38 | }) | ||
39 | |||
40 | it('Should view a video 2 times with the X-Forwarded-For header set', async function () { | ||
41 | await viewVideo(server.url, videoId, 204, '0.0.0.1,127.0.0.1') | ||
42 | await viewVideo(server.url, videoId, 204, '0.0.0.2,127.0.0.1') | ||
43 | |||
44 | const { body } = await getVideo(server.url, videoId) | ||
45 | expect(body.views).to.equal(3) | ||
46 | }) | ||
47 | |||
48 | it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () { | ||
49 | await viewVideo(server.url, videoId, 204, '0.0.0.4,0.0.0.3,::ffff:127.0.0.1') | ||
50 | await viewVideo(server.url, videoId, 204, '0.0.0.5,0.0.0.3,127.0.0.1') | ||
51 | |||
52 | const { body } = await getVideo(server.url, videoId) | ||
53 | expect(body.views).to.equal(4) | ||
54 | }) | ||
55 | |||
56 | it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () { | ||
57 | await viewVideo(server.url, videoId, 204, '0.0.0.8,0.0.0.6,127.0.0.1') | ||
58 | await viewVideo(server.url, videoId, 204, '0.0.0.8,0.0.0.7,127.0.0.1') | ||
59 | |||
60 | const { body } = await getVideo(server.url, videoId) | ||
61 | expect(body.views).to.equal(6) | ||
62 | }) | ||
63 | |||
64 | it('Should rate limit logins', async function () { | ||
65 | const user = { username: 'root', password: 'fail' } | ||
66 | |||
67 | for (let i = 0; i < 9; i++) { | ||
68 | await userLogin(server, user, 400) | ||
69 | } | ||
70 | |||
71 | await userLogin(server, user, 429) | ||
72 | }) | ||
73 | |||
74 | after(async function () { | ||
75 | process.kill(-server.app.pid) | ||
76 | |||
77 | // Keep the logs if the test failed | ||
78 | if (this['ok']) { | ||
79 | await flushTests() | ||
80 | } | ||
81 | }) | ||
82 | }) | ||