diff options
Diffstat (limited to 'spec/requests/product_analytics/collector_app_attack_spec.rb')
-rw-r--r-- | spec/requests/product_analytics/collector_app_attack_spec.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/spec/requests/product_analytics/collector_app_attack_spec.rb b/spec/requests/product_analytics/collector_app_attack_spec.rb new file mode 100644 index 00000000000..6f86e39c295 --- /dev/null +++ b/spec/requests/product_analytics/collector_app_attack_spec.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'ProductAnalytics::CollectorApp throttle' do + include RackAttackSpecHelpers + + include_context 'rack attack cache store' + + let(:project1) { create(:project) } + let(:project2) { create(:project) } + + before do + allow(ProductAnalyticsEvent).to receive(:create).and_return(true) + end + + context 'per application id' do + let(:params) do + { + aid: project1.id, + eid: SecureRandom.uuid + } + end + + it 'throttles the endpoint' do + # Allow requests under the rate limit. + 100.times do + expect_ok { get '/-/collector/i', params: params } + end + + # Ensure its not related to ip address + random_next_ip + + # Reject request over the limit + expect_rejection { get '/-/collector/i', params: params } + + # But allows request for different aid + expect_ok { get '/-/collector/i', params: params.merge(aid: project2.id) } + end + end +end |