Skip to content

Commit

Permalink
feat(tests): add rate limiting tests for multiple users
Browse files Browse the repository at this point in the history
  • Loading branch information
naftis committed Oct 30, 2024
1 parent 02b2eee commit e59435e
Showing 1 changed file with 83 additions and 9 deletions.
92 changes: 83 additions & 9 deletions packages/gateway/src/rate-limit.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import {
flushAll
} from './utils/redis-test-utils'
import { StartedTestContainer } from 'testcontainers'
import { savedAdministrativeLocation } from '@opencrvs/commons/fixtures'

const fetch = fetchAny as any
const resolvers = rootResolvers as any
Expand All @@ -38,6 +37,7 @@ jest.mock('./constants', () => {
})
describe('Rate limit', () => {
let authHeaderRegAgent: { Authorization: string }
let authHeaderRegAgent2: { Authorization: string }

beforeAll(async () => {
container = await startContainer()
Expand All @@ -63,6 +63,20 @@ describe('Rate limit', () => {
authHeaderRegAgent = {
Authorization: `Bearer ${validateToken}`
}

const validateToken2 = jwt.sign(
{ scope: ['validate'] },
readFileSync('./test/cert.key'),
{
subject: '5bdc55ece42c82de9a529c36',
algorithm: 'RS256',
issuer: 'opencrvs:auth-service',
audience: 'opencrvs:gateway-user'
}
)
authHeaderRegAgent2 = {
Authorization: `Bearer ${validateToken2}`
}
})

it('allows 10 calls and then throws RateLimitError', async () => {
Expand Down Expand Up @@ -143,18 +157,78 @@ describe('Rate limit', () => {
).resolves.not.toThrowError()
})

it('does not throw RateLimitError when a non-rate-limited route is being called 20 times', async () => {
const resolverCalls = Array.from({ length: 20 }, async () => {
it('does not throw RateLimitError when different users try to access the same route', async () => {
const users = [
{ username: 'sakibal.hasan', id: '0' },
{ username: 'p.rouvila', id: '1' }
]

// Call the route 7 times for all users, it should not throw RateLimitError for this user yet
for (let i = 1; i <= 7; i++) {
fetch.mockResponseOnce(
JSON.stringify({
username: users[0].username,
id: users[0].id,
scope: ['declare'],
status: 'active'
})
)

await resolvers.Query.verifyPasswordById(
{},
{ id: users[0].id, password: 'test' },
{ headers: authHeaderRegAgent },
{ fieldName: 'verifyPasswordById' }
)
}

// ...now call the same route 7 times for the second user, it should not throw RateLimitError for this user either
for (let i = 1; i <= 7; i++) {
fetch.mockResponseOnce(
JSON.stringify([
savedAdministrativeLocation({ partOf: { reference: 'Location/1' } })
])
JSON.stringify({
username: users[1].username,
id: users[1].id,
scope: ['declare'],
status: 'active'
})
)

await resolvers.Query.verifyPasswordById(
{},
{ id: users[1].id, password: 'test' },
{ headers: authHeaderRegAgent2 },
{ fieldName: 'verifyPasswordById' }
)
}

// ...now call the same route for the first user again, it should not still throw RateLimitError
fetch.mockResponseOnce(
JSON.stringify({
username: users[0].username,
id: users[0].id,
scope: ['declare'],
status: 'active'
})
)

return expect(
resolvers.Query.verifyPasswordById(
{},
{ id: users[0].id, password: 'test' },
{ headers: authHeaderRegAgent },
{ fieldName: 'verifyPasswordById' }
)
await locationResolvers.Query!.isLeafLevelLocation(
).resolves.not.toThrowError()
})

it('does not throw RateLimitError when a non-rate-limited route is being called 20 times', async () => {
const resolverCalls = Array.from({ length: 20 }, async () => {
fetch.mockResponseOnce(JSON.stringify([{ resourceType: 'Location' }]))
await locationResolvers.Query.hasChildLocation(
{},
{ locationId: '1' },
{ parentId: '1' },
{ headers: authHeaderRegAgent },
{ fieldName: 'isLeafLevelLocation' }
{ fieldName: 'hasChildLocation' }
)
})

Expand Down

0 comments on commit e59435e

Please sign in to comment.