1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.RateLimiterTest do
6 use ExUnit.Case, async: true
9 alias Pleroma.Plugs.RateLimiter
11 import Pleroma.Factory
13 # Note: each example must work with separate buckets in order to prevent concurrency issues
16 test "config is required for plug to work" do
17 limiter_name = :test_init
18 Pleroma.Config.put([:rate_limit, limiter_name], {1, 1})
20 assert %{limits: {1, 1}, name: :test_init, opts: [name: :test_init]} ==
21 RateLimiter.init(name: limiter_name)
23 assert nil == RateLimiter.init(name: :foo)
26 test "it restricts based on config values" do
27 limiter_name = :test_opts
31 Pleroma.Config.put([:rate_limit, limiter_name], {scale, limit})
33 opts = RateLimiter.init(name: limiter_name)
34 conn = conn(:get, "/")
37 conn = RateLimiter.call(conn, opts)
38 assert {^i, _} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
42 conn = RateLimiter.call(conn, opts)
43 assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
48 conn = conn(:get, "/")
50 conn = RateLimiter.call(conn, opts)
51 assert {1, 4} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
53 refute conn.status == Plug.Conn.Status.code(:too_many_requests)
60 test "`bucket_name` option overrides default bucket name" do
61 limiter_name = :test_bucket_name
63 Pleroma.Config.put([:rate_limit, limiter_name], {1000, 5})
65 base_bucket_name = "#{limiter_name}:group1"
66 opts = RateLimiter.init(name: limiter_name, bucket_name: base_bucket_name)
68 conn = conn(:get, "/")
70 RateLimiter.call(conn, opts)
71 assert {1, 4} = RateLimiter.inspect_bucket(conn, base_bucket_name, opts)
72 assert {:err, :not_found} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
75 test "`params` option allows different queries to be tracked independently" do
76 limiter_name = :test_params
77 Pleroma.Config.put([:rate_limit, limiter_name], {1000, 5})
79 opts = RateLimiter.init(name: limiter_name, params: ["id"])
81 conn = conn(:get, "/?id=1")
82 conn = Plug.Conn.fetch_query_params(conn)
83 conn_2 = conn(:get, "/?id=2")
85 RateLimiter.call(conn, opts)
86 assert {1, 4} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
87 assert {0, 5} = RateLimiter.inspect_bucket(conn_2, limiter_name, opts)
90 test "it supports combination of options modifying bucket name" do
91 limiter_name = :test_options_combo
92 Pleroma.Config.put([:rate_limit, limiter_name], {1000, 5})
94 base_bucket_name = "#{limiter_name}:group1"
95 opts = RateLimiter.init(name: limiter_name, bucket_name: base_bucket_name, params: ["id"])
98 conn = conn(:get, "/?id=#{id}")
99 conn = Plug.Conn.fetch_query_params(conn)
100 conn_2 = conn(:get, "/?id=#{101}")
102 RateLimiter.call(conn, opts)
103 assert {1, 4} = RateLimiter.inspect_bucket(conn, base_bucket_name, opts)
104 assert {0, 5} = RateLimiter.inspect_bucket(conn_2, base_bucket_name, opts)
108 describe "unauthenticated users" do
109 test "are restricted based on remote IP" do
110 limiter_name = :test_unauthenticated
111 Pleroma.Config.put([:rate_limit, limiter_name], [{1000, 5}, {1, 10}])
113 opts = RateLimiter.init(name: limiter_name)
115 conn = %{conn(:get, "/") | remote_ip: {127, 0, 0, 2}}
116 conn_2 = %{conn(:get, "/") | remote_ip: {127, 0, 0, 3}}
119 conn = RateLimiter.call(conn, opts)
120 assert {^i, _} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
124 conn = RateLimiter.call(conn, opts)
126 assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
129 conn_2 = RateLimiter.call(conn_2, opts)
130 assert {1, 4} = RateLimiter.inspect_bucket(conn_2, limiter_name, opts)
132 refute conn_2.status == Plug.Conn.Status.code(:too_many_requests)
133 refute conn_2.resp_body
138 describe "authenticated users" do
140 Ecto.Adapters.SQL.Sandbox.checkout(Pleroma.Repo)
145 test "can have limits seperate from unauthenticated connections" do
146 limiter_name = :test_authenticated
150 Pleroma.Config.put([:rate_limit, limiter_name], [{1, 10}, {scale, limit}])
152 opts = RateLimiter.init(name: limiter_name)
155 conn = conn(:get, "/") |> assign(:user, user)
158 conn = RateLimiter.call(conn, opts)
159 assert {^i, _} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
163 conn = RateLimiter.call(conn, opts)
165 assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
170 conn = conn(:get, "/") |> assign(:user, user)
171 conn = RateLimiter.call(conn, opts)
172 assert {1, 4} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
174 refute conn.status == Plug.Conn.Status.code(:too_many_requests)
175 refute conn.resp_body
179 test "diffrerent users are counted independently" do
180 limiter_name = :test_authenticated
181 Pleroma.Config.put([:rate_limit, limiter_name], [{1, 10}, {1000, 5}])
183 opts = RateLimiter.init(name: limiter_name)
186 conn = conn(:get, "/") |> assign(:user, user)
188 user_2 = insert(:user)
189 conn_2 = conn(:get, "/") |> assign(:user, user_2)
192 conn = RateLimiter.call(conn, opts)
193 assert {^i, _} = RateLimiter.inspect_bucket(conn, limiter_name, opts)
196 conn = RateLimiter.call(conn, opts)
197 assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
200 conn_2 = RateLimiter.call(conn_2, opts)
201 assert {1, 4} = RateLimiter.inspect_bucket(conn_2, limiter_name, opts)
202 refute conn_2.status == Plug.Conn.Status.code(:too_many_requests)
203 refute conn_2.resp_body