Add rate limit to registration and API endpoints

author: Chocobozzz <me@florianbigard.com> 2019-07-04 16:42:40 +0200
committer: Chocobozzz <me@florianbigard.com> 2019-07-04 16:42:40 +0200
commit: c1340a6ac35f924161e6ec2a1d728e20c89e55c8 (patch)
tree: 8f0a6b72b36be586422002039720d3a08309cbea /server/tests
parent: fd0bfc3ac43eb0c0c2ac0b21bc2e0670f546384f (diff)
download: PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.gz
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.zst
PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.zip
1 files changed, 55 insertions, 2 deletions
diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts
index 987538237..00d9fca23 100644
--- a/server/tests/api/server/reverse-proxy.ts
+++ b/server/tests/api/server/reverse-proxy.ts
@@ -2,7 +2,7 @@
 import 'mocha'
 import * as chai from 'chai'
-import { cleanupTests, getVideo, uploadVideo, userLogin, viewVideo, wait } from '../../../../shared/extra-utils'
+import { cleanupTests, getVideo, registerUser, uploadVideo, userLogin, viewVideo, wait } from '../../../../shared/extra-utils'
 import { flushAndRunServer, setAccessTokensToServers } from '../../../../shared/extra-utils/index'
 const expect = chai.expect
@@ -13,7 +13,27 @@ describe('Test application behind a reverse proxy', function () {
  before(async function () {
    this.timeout(30000)
-    server = await flushAndRunServer(1)
+    const config = {
+      rates_limit: {
+        api: {
+          max: 50,
+          window: 5000
+        },
+        signup: {
+          max: 3,
+          window: 5000
+        },
+        login: {
+          max: 20
+        }
+      },
+      signup: {
+        limit: 20
+      }
+    }
+    server = await flushAndRunServer(1, config)
    await setAccessTokensToServers([ server ])
    const { body } = await uploadVideo(server.url, server.accessToken, {})
@@ -82,6 +102,39 @@ describe('Test application behind a reverse proxy', function () {
    await userLogin(server, user, 429)
  })
+  it('Should rate limit signup', async function () {
+    for (let i = 0; i < 3; i++) {
+      await registerUser(server.url, 'test' + i, 'password')
+    }
+    await registerUser(server.url, 'test42', 'password', 429)
+  })
+  it('Should not rate limit failed signup', async function () {
+    this.timeout(30000)
+    await wait(7000)
+    for (let i = 0; i < 3; i++) {
+      await registerUser(server.url, 'test' + i, 'password', 409)
+    }
+    await registerUser(server.url, 'test43', 'password', 204)
+  })
+  it('Should rate limit API calls', async function () {
+    this.timeout(30000)
+    await wait(7000)
+    for (let i = 0; i < 50; i++) {
+      await getVideo(server.url, videoId)
+    }
+    await getVideo(server.url, videoId, 429)
+  })
  after(async function () {
    await cleanupTests([ server ])
  })
author	Chocobozzz <me@florianbigard.com>	2019-07-04 16:42:40 +0200
committer	Chocobozzz <me@florianbigard.com>	2019-07-04 16:42:40 +0200
commit	c1340a6ac35f924161e6ec2a1d728e20c89e55c8 (patch)
tree	8f0a6b72b36be586422002039720d3a08309cbea /server/tests
parent	fd0bfc3ac43eb0c0c2ac0b21bc2e0670f546384f (diff)
download	PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.gz PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.tar.zst PeerTube-c1340a6ac35f924161e6ec2a1d728e20c89e55c8.zip

diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts index 987538237..00d9fca23 100644 --- a/server/tests/api/server/reverse-proxy.ts +++ b/server/tests/api/server/reverse-proxy.ts
@@ -2,7 +2,7 @@
2		2
3	import 'mocha'	3	import 'mocha'
4	import * as chai from 'chai'	4	import * as chai from 'chai'
5	import { cleanupTests, getVideo, uploadVideo, userLogin, viewVideo, wait } from '../../../../shared/extra-utils'	5	import { cleanupTests, getVideo, registerUser, uploadVideo, userLogin, viewVideo, wait } from '../../../../shared/extra-utils'
6	import { flushAndRunServer, setAccessTokensToServers } from '../../../../shared/extra-utils/index'	6	import { flushAndRunServer, setAccessTokensToServers } from '../../../../shared/extra-utils/index'
7		7
8	const expect = chai.expect	8	const expect = chai.expect
@@ -13,7 +13,27 @@ describe('Test application behind a reverse proxy', function () {
13		13
14	before(async function () {	14	before(async function () {
15	this.timeout(30000)	15	this.timeout(30000)
16	server = await flushAndRunServer(1)	16
		17	const config = {
		18	rates_limit: {
		19	api: {
		20	max: 50,
		21	window: 5000
		22	},
		23	signup: {
		24	max: 3,
		25	window: 5000
		26	},
		27	login: {
		28	max: 20
		29	}
		30	},
		31	signup: {
		32	limit: 20
		33	}
		34	}
		35
		36	server = await flushAndRunServer(1, config)
17	await setAccessTokensToServers([ server ])	37	await setAccessTokensToServers([ server ])
18		38
19	const { body } = await uploadVideo(server.url, server.accessToken, {})	39	const { body } = await uploadVideo(server.url, server.accessToken, {})
@@ -82,6 +102,39 @@ describe('Test application behind a reverse proxy', function () {
82	await userLogin(server, user, 429)	102	await userLogin(server, user, 429)
83	})	103	})
84		104
		105	it('Should rate limit signup', async function () {
		106	for (let i = 0; i < 3; i++) {
		107	await registerUser(server.url, 'test' + i, 'password')
		108	}
		109
		110	await registerUser(server.url, 'test42', 'password', 429)
		111	})
		112
		113	it('Should not rate limit failed signup', async function () {
		114	this.timeout(30000)
		115
		116	await wait(7000)
		117
		118	for (let i = 0; i < 3; i++) {
		119	await registerUser(server.url, 'test' + i, 'password', 409)
		120	}
		121
		122	await registerUser(server.url, 'test43', 'password', 204)
		123
		124	})
		125
		126	it('Should rate limit API calls', async function () {
		127	this.timeout(30000)
		128
		129	await wait(7000)
		130
		131	for (let i = 0; i < 50; i++) {
		132	await getVideo(server.url, videoId)
		133	}
		134
		135	await getVideo(server.url, videoId, 429)
		136	})
		137
85	after(async function () {	138	after(async function () {
86	await cleanupTests([ server ])	139	await cleanupTests([ server ])
87	})	140	})