Windshaft-cartodb/test/acceptance/rate-limit.test.js

577 lines
19 KiB
JavaScript

require('../support/test_helper');
const assert = require('../support/assert');
const redis = require('redis');
const RedisPool = require('redis-mpool');
const cartodbRedis = require('cartodb-redis');
const TestClient = require('../support/test-client');
const UserLimitsApi = require('../../lib/cartodb/api/user_limits_api');
const rateLimitMiddleware = require('../../lib/cartodb/middleware/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimitMiddleware;
const { getStoreKey } = require('../../lib/cartodb/api/user_limits_api');
let userLimitsApi;
let rateLimit;
let redisClient;
let testClient;
let keysToDelete = ['user:localhost:mapviews:global'];
const user = 'localhost';
const query = `
SELECT
ST_Transform('SRID=4326;POINT(-180 85.05112877)'::geometry, 3857) the_geom_webmercator,
1 cartodb_id,
2 val
`;
const createMapConfig = ({
version = '1.6.0',
type = 'cartodb',
sql = query,
cartocss = TestClient.CARTOCSS.POINTS,
cartocss_version = '2.3.0',
interactivity = 'cartodb_id',
countBy = 'cartodb_id'
} = {}) => ({
version,
layers: [{
type,
options: {
source: {
id: 'a0'
},
cartocss,
cartocss_version,
interactivity
}
}],
analyses: [
{
id: 'a0',
type: 'source',
params: {
query: sql
}
}
],
dataviews: {
count: {
source: {
id: 'a0'
},
type: 'formula',
options: {
column: countBy,
operation: 'count'
}
}
}
});
function setLimit(count, period, burst) {
redisClient.SELECT(8, err => {
if (err) {
return;
}
const key = getStoreKey(user, RATE_LIMIT_ENDPOINTS_GROUPS.ANONYMOUS);
redisClient.rpush(key, burst);
redisClient.rpush(key, count);
redisClient.rpush(key, period);
keysToDelete.push(key);
});
}
function getReqAndRes() {
return {
req: {},
res: {
headers: {},
set(headers) {
this.headers = headers;
},
locals: {
user: 'localhost'
}
}
};
}
describe('rate limit', function() {
before(function() {
global.environment.enabledFeatures.rateLimitsEnabled = true;
global.environment.enabledFeatures.rateLimitsByEndpoint.anonymous = true;
redisClient = redis.createClient(global.environment.redis.port);
testClient = new TestClient(createMapConfig(), 1234);
});
after(function() {
global.environment.enabledFeatures.rateLimitsEnabled = false;
global.environment.enabledFeatures.rateLimitsByEndpoint.anonymous = false;
});
afterEach(function(done) {
keysToDelete.forEach( key => {
redisClient.del(key);
});
redisClient.SELECT(0, () => {
redisClient.del('user:localhost:mapviews:global');
redisClient.SELECT(5, () => {
redisClient.del('user:localhost:mapviews:global');
done();
});
});
});
it('should not be rate limited', function (done) {
const count = 1;
const period = 1;
const burst = 1;
setLimit(count, period, burst);
let response = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '1',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '-1'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
setTimeout(done, period * 1000);
});
});
it("1 req/sec: 2 req/seg should be limited", function(done) {
const count = 1;
const period = 1;
const burst = 1;
setLimit(count, period, burst);
let response = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '1',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '-1'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
});
setTimeout(
function() {
let response = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '0',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '-1'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
});
},
250
);
setTimeout(
function() {
let response = {
status: 429,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '0',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '0'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
});
},
500
);
setTimeout(
function() {
let response = {
status: 429,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '0',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '0'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
});
},
750
);
setTimeout(
function() {
let response = {
status: 429,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '0',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '0'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
});
},
950
);
setTimeout(
function() {
let response = {
status: 200,
headers: {
'Content-Type': 'application/json; charset=utf-8',
'X-Rate-Limit-Limit': '2',
'X-Rate-Limit-Remaining': '0',
'X-Rate-Limit-Reset': '1',
'X-Rate-Limit-Retry-After': '-1'
}
};
testClient.getLayergroup({ response }, err => {
assert.ifError(err);
setTimeout(done, period * 2 * 1000);
});
},
1050
);
});
});
describe('rate limit middleware', function () {
before(function (done) {
global.environment.enabledFeatures.rateLimitsEnabled = true;
global.environment.enabledFeatures.rateLimitsByEndpoint.anonymous = true;
const redisPool = new RedisPool(global.environment.redis);
const metadataBackend = cartodbRedis({ pool: redisPool });
userLimitsApi = new UserLimitsApi(metadataBackend, {
limits: {
rateLimitsEnabled: global.environment.enabledFeatures.rateLimitsEnabled
}
});
rateLimit = rateLimitMiddleware(userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.ANONYMOUS);
redisClient = redis.createClient(global.environment.redis.port);
testClient = new TestClient(createMapConfig(), 1234);
const count = 1;
const period = 1;
const burst = 0;
setLimit(count, period, burst);
setTimeout(done, 10);
});
after(function () {
global.environment.enabledFeatures.rateLimitsEnabled = false;
global.environment.enabledFeatures.rateLimitsByEndpoint.anonymous = false;
keysToDelete.forEach(key => {
redisClient.del(key);
});
});
it("3 request (1 per second) should not be rate limited", function (done) {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
});
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
});
},
1100
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
setTimeout(done, 1000);
});
},
2 * 1100
);
});
it("1 req/sec: 2 req/seg should be limited", function (done) {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
});
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
250
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
500
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
750
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
950
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
setTimeout(done, 1000);
});
},
1050
);
});
it("1 req/sec: 2 req/seg should be limited, removing script SHA from Redis", function (done) {
userLimitsApi.metadataBackend.redisCmd(
8,
'SCRIPT',
['FLUSH'],
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
});
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
250
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
500
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
750
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ok(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 0,
"X-Rate-Limit-Retry-After": 0
});
assert.equal(err.message, 'You are over the limits.');
assert.equal(err.http_status, 429);
});
},
950
);
setTimeout(
function () {
let { req, res } = getReqAndRes();
rateLimit(req, res, function (err) {
assert.ifError(err);
assert.deepEqual(res.headers, {
"X-Rate-Limit-Limit": 1,
"X-Rate-Limit-Remaining": 0,
"X-Rate-Limit-Reset": 1,
"X-Rate-Limit-Retry-After": -1
});
});
},
1050
);
setTimeout( function() {
userLimitsApi.preprareRateLimit();
setTimeout(done, 1000);
}, 1100);
}
);
});
});