# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.RateLimiterTest do
use Pleroma.Web.ConnCase
alias Phoenix.ConnTest
- alias Pleroma.Config
alias Pleroma.Web.Plugs.RateLimiter
alias Plug.Conn
setup do: clear_config([Pleroma.Web.Plugs.RemoteIp, :enabled])
test "config is required for plug to work" do
- Config.put([:rate_limit, @limiter_name], {1, 1})
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, @limiter_name], {1, 1})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
assert %{limits: {1, 1}, name: :test_init, opts: [name: :test_init]} ==
[name: @limiter_name]
scale = 80
limit = 5
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
- Config.put([:rate_limit, limiter_name], {scale, limit})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {127, 0, 0, 1})
+ clear_config([:rate_limit, limiter_name], {scale, limit})
plug_opts = RateLimiter.init(name: limiter_name)
conn = build_conn(:get, "/")
- for i <- 1..5 do
- conn = RateLimiter.call(conn, plug_opts)
- assert {^i, _} = RateLimiter.inspect_bucket(conn, limiter_name, plug_opts)
- Process.sleep(10)
+ for _ <- 1..5 do
+ conn_limited = RateLimiter.call(conn, plug_opts)
+
+ refute conn_limited.status == Conn.Status.code(:too_many_requests)
+ refute conn_limited.resp_body
+ refute conn_limited.halted
end
- conn = RateLimiter.call(conn, plug_opts)
- assert %{"error" => "Throttled"} = ConnTest.json_response(conn, :too_many_requests)
- assert conn.halted
+ conn_limited = RateLimiter.call(conn, plug_opts)
+ assert %{"error" => "Throttled"} = ConnTest.json_response(conn_limited, :too_many_requests)
+ assert conn_limited.halted
- Process.sleep(50)
+ expire_ttl(conn, limiter_name)
- conn = build_conn(:get, "/")
+ for _ <- 1..5 do
+ conn_limited = RateLimiter.call(conn, plug_opts)
- conn = RateLimiter.call(conn, plug_opts)
- assert {1, 4} = RateLimiter.inspect_bucket(conn, limiter_name, plug_opts)
+ refute conn_limited.status == Conn.Status.code(:too_many_requests)
+ refute conn_limited.resp_body
+ refute conn_limited.halted
+ end
- refute conn.status == Conn.Status.code(:too_many_requests)
- refute conn.resp_body
- refute conn.halted
+ conn_limited = RateLimiter.call(conn, plug_opts)
+ assert %{"error" => "Throttled"} = ConnTest.json_response(conn_limited, :too_many_requests)
+ assert conn_limited.halted
end
describe "options" do
test "`bucket_name` option overrides default bucket name" do
limiter_name = :test_bucket_name
- Config.put([:rate_limit, limiter_name], {1000, 5})
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], {1000, 5})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
base_bucket_name = "#{limiter_name}:group1"
plug_opts = RateLimiter.init(name: limiter_name, bucket_name: base_bucket_name)
test "`params` option allows different queries to be tracked independently" do
limiter_name = :test_params
- Config.put([:rate_limit, limiter_name], {1000, 5})
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], {1000, 5})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
plug_opts = RateLimiter.init(name: limiter_name, params: ["id"])
test "it supports combination of options modifying bucket name" do
limiter_name = :test_options_combo
- Config.put([:rate_limit, limiter_name], {1000, 5})
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], {1000, 5})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
base_bucket_name = "#{limiter_name}:group1"
end
describe "unauthenticated users" do
+ @tag :erratic
test "are restricted based on remote IP" do
limiter_name = :test_unauthenticated
- Config.put([:rate_limit, limiter_name], [{1000, 5}, {1, 10}])
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], [{1000, 5}, {1, 10}])
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
plug_opts = RateLimiter.init(name: limiter_name)
:ok
end
+ @tag :erratic
test "can have limits separate from unauthenticated connections" do
limiter_name = :test_authenticated1
scale = 50
limit = 5
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
- Config.put([:rate_limit, limiter_name], [{1000, 1}, {scale, limit}])
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], [{1000, 1}, {scale, limit}])
plug_opts = RateLimiter.init(name: limiter_name)
assert conn.halted
end
+ @tag :erratic
test "different users are counted independently" do
limiter_name = :test_authenticated2
- Config.put([:rate_limit, limiter_name], [{1, 10}, {1000, 5}])
- Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], [{1, 10}, {1000, 5}])
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
plug_opts = RateLimiter.init(name: limiter_name)
test "doesn't crash due to a race condition when multiple requests are made at the same time and the bucket is not yet initialized" do
limiter_name = :test_race_condition
- Pleroma.Config.put([:rate_limit, limiter_name], {1000, 5})
- Pleroma.Config.put([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+ clear_config([:rate_limit, limiter_name], {1000, 5})
+ clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
opts = RateLimiter.init(name: limiter_name)
refute {:err, :not_found} == RateLimiter.inspect_bucket(conn, limiter_name, opts)
end
+
+ def expire_ttl(%{remote_ip: remote_ip} = _conn, bucket_name_root) do
+ bucket_name = "anon:#{bucket_name_root}" |> String.to_atom()
+ key_name = "ip::#{remote_ip |> Tuple.to_list() |> Enum.join(".")}"
+
+ {:ok, bucket_value} = Cachex.get(bucket_name, key_name)
+ Cachex.put(bucket_name, key_name, bucket_value, ttl: -1)
+ end
end
projects / akkoma / blobdiff