overleaf/services/web/test/unit/coffee/Security/RateLimiterMiddlewearTests.coffee

119 lines
3.3 KiB
CoffeeScript
Raw Normal View History

2015-02-04 15:05:26 +00:00
SandboxedModule = require('sandboxed-module')
sinon = require('sinon')
require('chai').should()
modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/RateLimiterMiddlewear'
describe "RateLimiterMiddlewear", ->
beforeEach ->
2016-09-07 15:40:49 +00:00
@AuthenticationController =
getLoggedInUserId: () =>
@req?.session?.user?._id
2015-02-04 15:05:26 +00:00
@RateLimiterMiddlewear = SandboxedModule.require modulePath, requires:
'../../infrastructure/RateLimiter' : @RateLimiter = {}
2015-02-05 09:52:40 +00:00
"logger-sharelatex": @logger = {warn: sinon.stub()}
2016-09-07 15:40:49 +00:00
'../Authentication/AuthenticationController': @AuthenticationController
2015-02-04 15:05:26 +00:00
@req =
params: {}
@res =
status: sinon.stub()
write: sinon.stub()
end: sinon.stub()
@next = sinon.stub()
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
describe "rateLimit", ->
beforeEach ->
@rateLimiter = @RateLimiterMiddlewear.rateLimit({
endpointName: "test-endpoint"
params: ["project_id", "doc_id"]
timeInterval: 42
maxRequests: 12
})
@req.params = {
project_id: @project_id = "project-id"
doc_id: @doc_id = "doc-id"
}
2016-09-07 15:40:49 +00:00
describe "when there is no session", ->
beforeEach ->
@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
@req.ip = @ip = "1.2.3.4"
@rateLimiter(@req, @res, @next)
it "should call the rate limiter backend with the ip address", ->
@RateLimiter.addCount
.calledWith({
endpointName: "test-endpoint"
timeInterval: 42
throttle: 12
subjectName: "#{@project_id}:#{@doc_id}:#{@ip}"
})
.should.equal true
2016-09-07 15:40:49 +00:00
it "should pass on to next()", ->
2015-02-04 15:05:26 +00:00
describe "when under the rate limit with logged in user", ->
beforeEach ->
@req.session =
2016-09-07 15:40:49 +00:00
user :
_id: @user_id = "user-id"
2015-02-04 15:05:26 +00:00
@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
@rateLimiter(@req, @res, @next)
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should call the rate limiter backend with the user_id", ->
@RateLimiter.addCount
.calledWith({
endpointName: "test-endpoint"
timeInterval: 42
throttle: 12
subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"
})
.should.equal true
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should pass on to next()", ->
@next.called.should.equal true
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
describe "when under the rate limit with anonymous user", ->
beforeEach ->
@req.ip = @ip = "1.2.3.4"
@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
@rateLimiter(@req, @res, @next)
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should call the rate limiter backend with the ip address", ->
@RateLimiter.addCount
.calledWith({
endpointName: "test-endpoint"
timeInterval: 42
throttle: 12
subjectName: "#{@project_id}:#{@doc_id}:#{@ip}"
})
.should.equal true
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should pass on to next()", ->
@next.called.should.equal true
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
describe "when over the rate limit", ->
beforeEach ->
2016-09-07 15:40:49 +00:00
@req.session =
user :
_id: @user_id = "user-id"
2015-02-04 15:05:26 +00:00
@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, false)
@rateLimiter(@req, @res, @next)
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should return a 429", ->
@res.status.calledWith(429).should.equal true
@res.end.called.should.equal true
2016-09-07 15:40:49 +00:00
2015-02-04 15:05:26 +00:00
it "should not continue", ->
@next.called.should.equal false
2016-09-07 15:40:49 +00:00
2015-02-05 09:52:40 +00:00
it "should log a warning", ->
@logger.warn
.calledWith({
endpointName: "test-endpoint"
timeInterval: 42
throttle: 12
subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"
}, "rate limit exceeded")
.should.equal true