1 files changed, 156 insertions, 0 deletions
diff --git a/packages/tests/src/api/server/reverse-proxy.ts b/packages/tests/src/api/server/reverse-proxy.ts
new file mode 100644
index 000000000..7e334cc3e
--- /dev/null
+++ b/packages/tests/src/api/server/reverse-proxy.ts
@@ -0,0 +1,156 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { expect } from 'chai'
+import { wait } from '@peertube/peertube-core-utils'
+import { HttpStatusCode } from '@peertube/peertube-models'
+import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@peertube/peertube-server-commands'
+describe('Test application behind a reverse proxy', function () {
+  let server: PeerTubeServer
+  let userAccessToken: string
+  let videoId: string
+  before(async function () {
+    this.timeout(60000)
+    const config = {
+      rates_limit: {
+        api: {
+          max: 50,
+          window: 5000
+        },
+        signup: {
+          max: 3,
+          window: 5000
+        },
+        login: {
+          max: 20
+        }
+      },
+      signup: {
+        limit: 20
+      }
+    }
+    server = await createSingleServer(1, config)
+    await setAccessTokensToServers([ server ])
+    userAccessToken = await server.users.generateUserAndToken('user')
+    const { uuid } = await server.videos.upload()
+    videoId = uuid
+  })
+  it('Should view a video only once with the same IP by default', async function () {
+    this.timeout(40000)
+    await server.views.simulateView({ id: videoId })
+    await server.views.simulateView({ id: videoId })
+    // Wait the repeatable job
+    await wait(8000)
+    const video = await server.videos.get({ id: videoId })
+    expect(video.views).to.equal(1)
+  })
+  it('Should view a video 2 times with the X-Forwarded-For header set', async function () {
+    this.timeout(20000)
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' })
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' })
+    // Wait the repeatable job
+    await wait(8000)
+    const video = await server.videos.get({ id: videoId })
+    expect(video.views).to.equal(3)
+  })
+  it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () {
+    this.timeout(20000)
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' })
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' })
+    // Wait the repeatable job
+    await wait(8000)
+    const video = await server.videos.get({ id: videoId })
+    expect(video.views).to.equal(4)
+  })
+  it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () {
+    this.timeout(20000)
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' })
+    await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' })
+    // Wait the repeatable job
+    await wait(8000)
+    const video = await server.videos.get({ id: videoId })
+    expect(video.views).to.equal(6)
+  })
+  it('Should rate limit logins', async function () {
+    const user = { username: 'root', password: 'fail' }
+    for (let i = 0; i < 18; i++) {
+      await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    }
+    await server.login.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
+  })
+  it('Should rate limit signup', async function () {
+    for (let i = 0; i < 10; i++) {
+      try {
+        await server.registrations.register({ username: 'test' + i })
+      } catch {
+        // empty
+      }
+    }
+    await server.registrations.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
+  })
+  it('Should not rate limit failed signup', async function () {
+    this.timeout(30000)
+    await wait(7000)
+    for (let i = 0; i < 3; i++) {
+      await server.registrations.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 })
+    }
+    await server.registrations.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
+  })
+  it('Should rate limit API calls', async function () {
+    this.timeout(30000)
+    await wait(7000)
+    for (let i = 0; i < 100; i++) {
+      try {
+        await server.videos.get({ id: videoId })
+      } catch {
+        // don't care if it fails
+      }
+    }
+    await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
+  })
+  it('Should rate limit API calls with a user but not with an admin', async function () {
+    await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
+    await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+  })
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})

diff --git a/packages/tests/src/api/server/reverse-proxy.ts b/packages/tests/src/api/server/reverse-proxy.ts new file mode 100644 index 000000000..7e334cc3e --- /dev/null +++ b/packages/tests/src/api/server/reverse-proxy.ts
@@ -0,0 +1,156 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@peertube/peertube-core-utils'
	5	import { HttpStatusCode } from '@peertube/peertube-models'
	6	import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@peertube/peertube-server-commands'
	7
	8	describe('Test application behind a reverse proxy', function () {
	9	let server: PeerTubeServer
	10	let userAccessToken: string
	11	let videoId: string
	12
	13	before(async function () {
	14	this.timeout(60000)
	15
	16	const config = {
	17	rates_limit: {
	18	api: {
	19	max: 50,
	20	window: 5000
	21	},
	22	signup: {
	23	max: 3,
	24	window: 5000
	25	},
	26	login: {
	27	max: 20
	28	}
	29	},
	30	signup: {
	31	limit: 20
	32	}
	33	}
	34
	35	server = await createSingleServer(1, config)
	36	await setAccessTokensToServers([ server ])
	37
	38	userAccessToken = await server.users.generateUserAndToken('user')
	39
	40	const { uuid } = await server.videos.upload()
	41	videoId = uuid
	42	})
	43
	44	it('Should view a video only once with the same IP by default', async function () {
	45	this.timeout(40000)
	46
	47	await server.views.simulateView({ id: videoId })
	48	await server.views.simulateView({ id: videoId })
	49
	50	// Wait the repeatable job
	51	await wait(8000)
	52
	53	const video = await server.videos.get({ id: videoId })
	54	expect(video.views).to.equal(1)
	55	})
	56
	57	it('Should view a video 2 times with the X-Forwarded-For header set', async function () {
	58	this.timeout(20000)
	59
	60	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.1,127.0.0.1' })
	61	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.2,127.0.0.1' })
	62
	63	// Wait the repeatable job
	64	await wait(8000)
	65
	66	const video = await server.videos.get({ id: videoId })
	67	expect(video.views).to.equal(3)
	68	})
	69
	70	it('Should view a video only once with the same client IP in the X-Forwarded-For header', async function () {
	71	this.timeout(20000)
	72
	73	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.4,0.0.0.3,::ffff:127.0.0.1' })
	74	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.5,0.0.0.3,127.0.0.1' })
	75
	76	// Wait the repeatable job
	77	await wait(8000)
	78
	79	const video = await server.videos.get({ id: videoId })
	80	expect(video.views).to.equal(4)
	81	})
	82
	83	it('Should view a video two times with a different client IP in the X-Forwarded-For header', async function () {
	84	this.timeout(20000)
	85
	86	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.6,127.0.0.1' })
	87	await server.views.simulateView({ id: videoId, xForwardedFor: '0.0.0.8,0.0.0.7,127.0.0.1' })
	88
	89	// Wait the repeatable job
	90	await wait(8000)
	91
	92	const video = await server.videos.get({ id: videoId })
	93	expect(video.views).to.equal(6)
	94	})
	95
	96	it('Should rate limit logins', async function () {
	97	const user = { username: 'root', password: 'fail' }
	98
	99	for (let i = 0; i < 18; i++) {
	100	await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	101	}
	102
	103	await server.login.login({ user, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
	104	})
	105
	106	it('Should rate limit signup', async function () {
	107	for (let i = 0; i < 10; i++) {
	108	try {
	109	await server.registrations.register({ username: 'test' + i })
	110	} catch {
	111	// empty
	112	}
	113	}
	114
	115	await server.registrations.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
	116	})
	117
	118	it('Should not rate limit failed signup', async function () {
	119	this.timeout(30000)
	120
	121	await wait(7000)
	122
	123	for (let i = 0; i < 3; i++) {
	124	await server.registrations.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 })
	125	}
	126
	127	await server.registrations.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
	128
	129	})
	130
	131	it('Should rate limit API calls', async function () {
	132	this.timeout(30000)
	133
	134	await wait(7000)
	135
	136	for (let i = 0; i < 100; i++) {
	137	try {
	138	await server.videos.get({ id: videoId })
	139	} catch {
	140	// don't care if it fails
	141	}
	142	}
	143
	144	await server.videos.get({ id: videoId, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
	145	})
	146
	147	it('Should rate limit API calls with a user but not with an admin', async function () {
	148	await server.videos.get({ id: videoId, token: userAccessToken, expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
	149
	150	await server.videos.get({ id: videoId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
	151	})
	152
	153	after(async function () {
	154	await cleanupTests([ server ])
	155	})
	156	})