Add rate limiting to all repp actions

2025-07-29 05:56:20 +02:00 · 2022-08-02 06:14:47 -03:00 · 2022-08-02 06:14:47 -03:00 · 2a58bf3849
commit 2a58bf3849
parent fb60466194
48 changed files with 757 additions and 16 deletions
--- a/test/integration/repp/v1/accounts/activities_list_test.rb
+++ b/test/integration/repp/v1/accounts/activities_list_test.rb
@ -7,6 +7,9 @@ class ReppV1AccountsActivitiesListTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_account_activities
@ -67,4 +70,19 @@ class ReppV1AccountsActivitiesListTest < ActionDispatch::IntegrationTest
    assert_equal @user.registrar.cash_account.activities.count, json[:data][:activities].length
    assert_equal json[:data][:activities][0][:description], activity.description
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get repp_v1_accounts_path, headers: @auth_headers
+    get repp_v1_accounts_path, headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/accounts/balance_test.rb
+++ b/test/integration/repp/v1/accounts/balance_test.rb
@ -8,9 +8,12 @@ class ReppV1BalanceTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

-  
+

  def test_can_query_balance
    get '/repp/v1/accounts/balance', headers: @auth_headers
@ -49,5 +52,20 @@ class ReppV1BalanceTest < ActionDispatch::IntegrationTest
      assert trans[:created_at].to_date.to_s(:db) >= started_from
      assert trans[:created_at].to_date.to_s(:db) >= end_to
    end
+
+    def test_returns_error_response_if_throttled
+      ENV["shunter_default_threshold"] = '1'
+      ENV["shunter_enabled"] = 'true'
+
+      get '/repp/v1/accounts/balance', headers: @auth_headers
+      get '/repp/v1/accounts/balance', headers: @auth_headers
+      json = JSON.parse(response.body, symbolize_names: true)
+
+      assert_response :bad_request
+      assert_equal json[:code], 2502
+      assert response.body.include?(Shunter.default_error_message)
+      ENV["shunter_default_threshold"] = '10000'
+      ENV["shunter_enabled"] = 'false'
+    end
  end
 end
--- a/test/integration/repp/v1/accounts/details_test.rb
+++ b/test/integration/repp/v1/accounts/details_test.rb
@ -7,6 +7,9 @@ class ReppV1AccountsDetailsTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_account_details
@ -19,4 +22,19 @@ class ReppV1AccountsDetailsTest < ActionDispatch::IntegrationTest

    assert_equal @user.registrar.billing_email, json[:data][:account][:billing_email]
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get '/repp/v1/accounts/details', headers: @auth_headers
+    get '/repp/v1/accounts/details', headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/accounts/switch_user_test.rb
+++ b/test/integration/repp/v1/accounts/switch_user_test.rb
@ -7,6 +7,9 @@ class ReppV1AccountsSwitchUserTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_switches_to_linked_api_user
@ -48,4 +51,27 @@ class ReppV1AccountsSwitchUserTest < ActionDispatch::IntegrationTest
    assert_response :bad_request
    assert_equal 'Cannot switch to unlinked user', json[:message]
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    new_user = users(:api_goodnames)
+    new_user.update(identity_code: '1234')
+    request_body = {
+      account: {
+        new_user_id: new_user.id,
+      },
+    }
+
+    put '/repp/v1/accounts/switch_user', headers: @auth_headers, params: request_body
+    put '/repp/v1/accounts/switch_user', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/accounts/update_auto_reload_balance_test.rb
+++ b/test/integration/repp/v1/accounts/update_auto_reload_balance_test.rb
@ -7,6 +7,9 @@ class ReppV1AccountsUpdateAutoReloadBalanceTest < ActionDispatch::IntegrationTes
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_updates_auto_reload_balance
@ -66,4 +69,45 @@ class ReppV1AccountsUpdateAutoReloadBalanceTest < ActionDispatch::IntegrationTes

    assert_nil @user.registrar.settings['balance_auto_reload']
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    amount = 100
+    threshold = 10
+    request_body = {
+      type: {
+        amount: amount,
+        threshold: threshold,
+      },
+    }
+
+    post '/repp/v1/accounts/update_auto_reload_balance', headers: @auth_headers,
+                                                        params: request_body
+    post '/repp/v1/accounts/update_auto_reload_balance', headers: @auth_headers,
+                                                        params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get '/repp/v1/accounts/disable_auto_reload_balance', headers: @auth_headers
+    get '/repp/v1/accounts/disable_auto_reload_balance', headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/accounts/update_details_test.rb
+++ b/test/integration/repp/v1/accounts/update_details_test.rb
@ -7,6 +7,9 @@ class ReppV1AccountsUpdateDetailsTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_updates_details
@ -27,4 +30,26 @@ class ReppV1AccountsUpdateDetailsTest < ActionDispatch::IntegrationTest
    assert_equal(request_body[:account][:billing_email], @user.registrar.billing_email)
    assert_equal(request_body[:account][:iban], @user.registrar.iban)
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    request_body =  {
+      account: {
+        billing_email: 'donaldtrump@yandex.ru',
+        iban: 'GB331111111111111111',
+      },
+    }
+
+    put '/repp/v1/accounts', headers: @auth_headers, params: request_body
+    put '/repp/v1/accounts', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end