File: rate_limiter_spec.rb

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (105 lines) | stat: -rw-r--r-- 3,355 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::Helpers::RateLimiter do
  let(:key) { :some_key }
  let(:scope) { [:some, :scope] }
  let(:request) { instance_double('Rack::Request') }
  let(:user) { build_stubbed(:user) }
  let(:ip) { '0.0.0.0' }

  let(:api_class) do
    Class.new do
      include API::Helpers::RateLimiter

      attr_reader :request, :current_user, :ip_address

      def initialize(request, current_user, ip_address:)
        @request = request
        @current_user = current_user
        @ip_address = ip_address
      end

      def render_api_error!(**args); end
    end
  end

  let(:rate_limiter) { api_class.new(request, user, ip_address: ip) }

  before do
    allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?)
    allow(::Gitlab::ApplicationRateLimiter).to receive(:log_request)
  end

  shared_examples 'checks rate limit by scope' do
    it 'calls ApplicationRateLimiter#throttled_request? with the right arguments' do
      expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled_request?).with(request, user, key, scope: scope).and_return(false)
      expect(rate_limiter).not_to receive(:render_api_error!)

      rate_limit
    end

    it 'renders api error and logs request if throttled' do
      expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(true)
      expect(::Gitlab::ApplicationRateLimiter).to receive(:log_request).with(request, "#{key}_request_limit".to_sym, user)
      expect(rate_limiter).to receive(:render_api_error!).with({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)

      rate_limit
    end

    context 'when the bypass header is set' do
      before do
        allow(Gitlab::Throttle).to receive(:bypass_header).and_return('SOME_HEADER')
      end

      it 'skips rate limit if set to "1"' do
        allow(request).to receive(:get_header).with(Gitlab::Throttle.bypass_header).and_return('1')

        expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?)
        expect(rate_limiter).not_to receive(:render_api_error!)

        rate_limit
      end

      it 'does not skip rate limit if set to something else than "1"' do
        allow(request).to receive(:get_header).with(Gitlab::Throttle.bypass_header).and_return('0')

        expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?)

        rate_limit
      end
    end
  end

  describe '#check_rate_limit!' do
    subject(:rate_limit) { rate_limiter.check_rate_limit!(key, scope: scope) }

    it_behaves_like 'checks rate limit by scope'
  end

  describe '#check_rate_limit_by_user_or_ip!' do
    subject(:rate_limit) { rate_limiter.check_rate_limit_by_user_or_ip!(key) }

    context 'when current user is present' do
      let(:scope) { user }

      it_behaves_like 'checks rate limit by scope'
    end

    context 'when current user is not present rate limits by IP address' do
      let(:scope) { ip }
      let(:user) { nil }

      it_behaves_like 'checks rate limit by scope'
    end
  end

  describe '#mark_throttle!' do
    it 'calls ApplicationRateLimiter#throttle?' do
      expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(false)

      rate_limiter.mark_throttle!(key, scope: scope)
    end
  end
end