github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:21:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: limit assets less that non asset paths

Browse Source 
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
This commit is contained in:
Sam
2018-03-06 15:20:39 +11:00
parent 2658ef5e0b
commit f0d5f83424
7 changed files with 81 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
spec/components/middleware/request_tracker_spec.rb
View File

@ -191,6 +191,28 @@ describe Middleware::RequestTracker do
expect(status).to eq(200)
end
it "allows assets for more requests" do
global_setting :max_reqs_per_ip_per_10_seconds, 1
global_setting :max_reqs_per_ip_mode, 'block'
global_setting :max_asset_reqs_per_ip_per_10_seconds, 3
env1 = env("REMOTE_ADDR" => "1.1.1.1", "DISCOURSE_IS_ASSET_PATH" => 1)
status, _ = middleware.call(env1)
expect(status).to eq(200)
status, _ = middleware.call(env1)
expect(status).to eq(200)
status, _ = middleware.call(env1)
expect(status).to eq(200)
status, _ = middleware.call(env1)
expect(status).to eq(429)
env2 = env("REMOTE_ADDR" => "1.1.1.1")
status, _ = middleware.call(env2)
expect(status).to eq(429)
end
it "does block if rate limiter is enabled" do
global_setting :max_reqs_per_ip_per_10_seconds, 1
global_setting :max_reqs_per_ip_mode, 'block'
@ -199,13 +221,13 @@ describe Middleware::RequestTracker do
env2 = env("REMOTE_ADDR" => "1.1.1.2")
status, _ = middleware.call(env1)
status, _ = middleware.call(env1)
expect(status).to eq(200)
status, _ = middleware.call(env1)
expect(status).to eq(429)
status, _ = middleware.call(env2)
expect(status).to eq(200)
end
end