overleaf/services/web/test/UnitTests/coffee/Security/RateLimiterMiddlewearTests.coffee

SandboxedModule = require('sandboxed-module')
sinon = require('sinon')
require('chai').should()
modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/RateLimiterMiddlewear'

describe "RateLimiterMiddlewear", ->
	beforeEach ->
		@RateLimiterMiddlewear = SandboxedModule.require modulePath, requires:
			'../../infrastructure/RateLimiter' : @RateLimiter = {}
			"logger-sharelatex": @logger = {warn: sinon.stub()}
		@req =
			params: {}
			session: {}
		@res =
			status: sinon.stub()
			write: sinon.stub()
			end: sinon.stub()
		@next = sinon.stub()
	
	describe "rateLimit", ->
		beforeEach ->
			@rateLimiter = @RateLimiterMiddlewear.rateLimit({
				endpointName: "test-endpoint"
				params: ["project_id", "doc_id"]
				timeInterval: 42
				maxRequests: 12
			})
			@req.params = {
				project_id: @project_id = "project-id"
				doc_id: @doc_id = "doc-id"
			}
			
		describe "when under the rate limit with logged in user", ->
			beforeEach ->
				@req.session.user = { _id: @user_id = "user-id" }
				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
				@rateLimiter(@req, @res, @next)
				
			it "should call the rate limiter backend with the user_id", ->
				@RateLimiter.addCount
					.calledWith({
						endpointName: "test-endpoint"
						timeInterval: 42
						throttle: 12
						subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"
					})
					.should.equal true
					
			it "should pass on to next()", ->
				@next.called.should.equal true
				
		describe "when under the rate limit with anonymous user", ->
			beforeEach ->
				@req.ip = @ip = "1.2.3.4"
				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
				@rateLimiter(@req, @res, @next)
				
			it "should call the rate limiter backend with the ip address", ->
				@RateLimiter.addCount
					.calledWith({
						endpointName: "test-endpoint"
						timeInterval: 42
						throttle: 12
						subjectName: "#{@project_id}:#{@doc_id}:#{@ip}"
					})
					.should.equal true
					
			it "should pass on to next()", ->
				@next.called.should.equal true
				
		describe "when over the rate limit", ->
			beforeEach ->
				@req.session.user = { _id: @user_id = "user-id" }
				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, false)
				@rateLimiter(@req, @res, @next)
				
			it "should return a 429", ->
				@res.status.calledWith(429).should.equal true
				@res.end.called.should.equal true
				
			it "should not continue", ->
				@next.called.should.equal false
				
			it "should log a warning", ->
				@logger.warn
					.calledWith({
						endpointName: "test-endpoint"
						timeInterval: 42
						throttle: 12
						subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"
					}, "rate limit exceeded")
					.should.equal true
Add in rate limit to opening projets 2015-02-04 10:05:26 -05:00			`SandboxedModule = require('sandboxed-module')`
			`sinon = require('sinon')`
			`require('chai').should()`
			`modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/RateLimiterMiddlewear'`

			`describe "RateLimiterMiddlewear", ->`
			`beforeEach ->`
			`@RateLimiterMiddlewear = SandboxedModule.require modulePath, requires:`
			`'../../infrastructure/RateLimiter' : @RateLimiter = {}`
Log when rate limit is hit 2015-02-05 04:52:40 -05:00			`"logger-sharelatex": @logger = {warn: sinon.stub()}`
Add in rate limit to opening projets 2015-02-04 10:05:26 -05:00			`@req =`
			`params: {}`
			`session: {}`
			`@res =`
			`status: sinon.stub()`
			`write: sinon.stub()`
			`end: sinon.stub()`
			`@next = sinon.stub()`

			`describe "rateLimit", ->`
			`beforeEach ->`
			`@rateLimiter = @RateLimiterMiddlewear.rateLimit({`
			`endpointName: "test-endpoint"`
			`params: ["project_id", "doc_id"]`
			`timeInterval: 42`
			`maxRequests: 12`
			`})`
			`@req.params = {`
			`project_id: @project_id = "project-id"`
			`doc_id: @doc_id = "doc-id"`
			`}`

			`describe "when under the rate limit with logged in user", ->`
			`beforeEach ->`
			`@req.session.user = { _id: @user_id = "user-id" }`
			`@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)`
			`@rateLimiter(@req, @res, @next)`

			`it "should call the rate limiter backend with the user_id", ->`
			`@RateLimiter.addCount`
			`.calledWith({`
			`endpointName: "test-endpoint"`
			`timeInterval: 42`
			`throttle: 12`
			`subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"`
			`})`
			`.should.equal true`

			`it "should pass on to next()", ->`
			`@next.called.should.equal true`

			`describe "when under the rate limit with anonymous user", ->`
			`beforeEach ->`
			`@req.ip = @ip = "1.2.3.4"`
			`@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)`
			`@rateLimiter(@req, @res, @next)`

			`it "should call the rate limiter backend with the ip address", ->`
			`@RateLimiter.addCount`
			`.calledWith({`
			`endpointName: "test-endpoint"`
			`timeInterval: 42`
			`throttle: 12`
			`subjectName: "#{@project_id}:#{@doc_id}:#{@ip}"`
			`})`
			`.should.equal true`

			`it "should pass on to next()", ->`
			`@next.called.should.equal true`

			`describe "when over the rate limit", ->`
			`beforeEach ->`
			`@req.session.user = { _id: @user_id = "user-id" }`
			`@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, false)`
			`@rateLimiter(@req, @res, @next)`

			`it "should return a 429", ->`
			`@res.status.calledWith(429).should.equal true`
			`@res.end.called.should.equal true`

			`it "should not continue", ->`
			`@next.called.should.equal false`
Log when rate limit is hit 2015-02-05 04:52:40 -05:00
			`it "should log a warning", ->`
			`@logger.warn`
			`.calledWith({`
			`endpointName: "test-endpoint"`
			`timeInterval: 42`
			`throttle: 12`
			`subjectName: "#{@project_id}:#{@doc_id}:#{@user_id}"`
			`}, "rate limit exceeded")`
			`.should.equal true`
Add in rate limit to opening projets 2015-02-04 10:05:26 -05:00