Merge pull request #2181 from overleaf/sk-exclude-smoketest-user-from-rate-limits

Exclude smokeTest user from rate limits GitOrigin-RevId: 01197ce9971477550e73989067adc631189382b1
2025-02-23 10:42:00 +00:00 · 2019-09-26 10:15:58 -04:00 · 2019-09-26 10:15:58 -04:00 · 16ac5126cb
commit 16ac5126cb
parent a10cfcddd5
2 changed files with 39 additions and 0 deletions
--- a/services/web/app/src/Features/Security/RateLimiterMiddleware.js
+++ b/services/web/app/src/Features/Security/RateLimiterMiddleware.js
@ -15,6 +15,7 @@ let RateLimiterMiddleware
 const RateLimiter = require('../../infrastructure/RateLimiter')
 const logger = require('logger-sharelatex')
 const AuthenticationController = require('../Authentication/AuthenticationController')
+const settings = require('settings-sharelatex')

 module.exports = RateLimiterMiddleware = {
  /*
@ -31,6 +32,14 @@ module.exports = RateLimiterMiddleware = {
  rateLimit(opts) {
    return function(req, res, next) {
      const user_id = AuthenticationController.getLoggedInUserId(req) || req.ip
+      if (
+        settings.smokeTest &&
+        settings.smokeTest.userId &&
+        settings.smokeTest.userId.toString() === user_id.toString()
+      ) {
+        // ignore smoke test user
+        return next()
+      }
      const params = (opts.params || []).map(p => req.params[p])
      params.push(user_id)
      let subjectName = params.join(':')
--- a/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js
+++ b/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js
@ -37,6 +37,7 @@ describe('RateLimiterMiddleware', function() {
        console: console
      },
      requires: {
+        'settings-sharelatex': (this.settings = {}),
        '../../infrastructure/RateLimiter': (this.RateLimiter = {}),
        'logger-sharelatex': (this.logger = { warn: sinon.stub() }),
        '../Authentication/AuthenticationController': this
@ -87,6 +88,35 @@ describe('RateLimiterMiddleware', function() {
      it('should pass on to next()', function() {})
    })

+    describe('when smoke test user', function() {
+      beforeEach(function() {
+        this.req.session = {
+          user: {
+            _id: (this.user_id = 'smoke-test-user-id')
+          }
+        }
+        this.settings.smokeTest = { userId: this.user_id }
+        this.RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+        return this.rateLimiter(this.req, this.res, this.next)
+      })
+
+      it('should not call the rate limiter backend with the user_id', function() {
+        this.RateLimiter.addCount
+          .calledWith({
+            endpointName: 'test-endpoint',
+            timeInterval: 42,
+            throttle: 12,
+            subjectName: `${this.project_id}:${this.doc_id}:${this.user_id}`
+          })
+          .should.equal(false)
+        this.RateLimiter.addCount.callCount.should.equal(0)
+      })
+
+      it('should pass on to next()', function() {
+        return this.next.called.should.equal(true)
+      })
+    })
+
    describe('when under the rate limit with logged in user', function() {
      beforeEach(function() {
        this.req.session = {