Add rate limiting to all repp actions

2025-07-29 22:16:19 +02:00 · 2022-08-02 06:14:47 -03:00 · 2022-08-02 06:14:47 -03:00 · 2a58bf3849
commit 2a58bf3849
parent fb60466194
48 changed files with 757 additions and 16 deletions
--- a/test/integration/repp/v1/contacts/check_test.rb
+++ b/test/integration/repp/v1/contacts/check_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsCheckTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_code_based_check_returns_true_for_available_contact
@ -27,4 +30,20 @@ class ReppV1ContactsCheckTest < ActionDispatch::IntegrationTest
    assert_equal contact.code, json[:data][:contact][:code]
    assert_equal false, json[:data][:contact][:available]
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    contact = contacts(:jack)
+    get "/repp/v1/contacts/check/#{contact.code}", headers: @auth_headers
+    get "/repp/v1/contacts/check/#{contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/contacts/create_test.rb
+++ b/test/integration/repp/v1/contacts/create_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsCreateTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_creates_new_contact
@ -153,4 +156,32 @@ class ReppV1ContactsCreateTest < ActionDispatch::IntegrationTest
    contact = Contact.find_by(code: json[:data][:contact][:code])
    assert contact.legal_documents.any?
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    request_body =  {
+      contact: {
+        name: 'Donald Trump',
+        phone: '+372.51111112',
+        email: 'donald@trumptower.com',
+        ident: {
+          ident_type: 'priv',
+          ident_country_code: 'EE',
+          ident: '39708290069',
+        },
+      },
+    }
+
+    post '/repp/v1/contacts', headers: @auth_headers, params: request_body
+    post '/repp/v1/contacts', headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/contacts/delete_test.rb
+++ b/test/integration/repp/v1/contacts/delete_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsDeleteTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_deletes_unassociated_contact
@ -44,4 +47,19 @@ class ReppV1ContactsDeleteTest < ActionDispatch::IntegrationTest

    assert_response :not_found
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    delete "/repp/v1/contacts/#{contacts(:invalid_email).code}", headers: @auth_headers
+    delete "/repp/v1/contacts/#{contacts(:john).code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/contacts/list_test.rb
+++ b/test/integration/repp/v1/contacts/list_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsListTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_registrar_contacts
@ -79,4 +82,19 @@ class ReppV1ContactsListTest < ActionDispatch::IntegrationTest
    assert_equal @user.registrar.contacts.count, json[:data][:contacts].length
    assert_equal json[:data][:contacts][0][:code], contact.code
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get repp_v1_contacts_path, headers: @auth_headers
+    get repp_v1_contacts_path, headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/contacts/search_test.rb
+++ b/test/integration/repp/v1/contacts/search_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsSearchTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_searches_all_contacts_by_id
@ -40,4 +43,18 @@ class ReppV1ContactsSearchTest < ActionDispatch::IntegrationTest
    assert json[:data].is_a? Array
    assert_equal json[:data].length, 0
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get '/repp/v1/contacts/search', headers: @auth_headers, params: { query: '000' }
+    get '/repp/v1/contacts/search', headers: @auth_headers, params: { query: 'j' }
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/contacts/show_test.rb
+++ b/test/integration/repp/v1/contacts/show_test.rb
@ -7,6 +7,9 @@ class ReppV1ContactsShowTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_error_when_not_found
@ -42,4 +45,21 @@ class ReppV1ContactsShowTest < ActionDispatch::IntegrationTest
    assert_equal 2303, json[:code]
    assert_equal 'Object does not exist', json[:message]
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    contact = @user.registrar.contacts.first
+
+    get repp_v1_contact_path(id: contact.code), headers: @auth_headers
+    get repp_v1_contact_path(id: contact.code), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end
--- a/test/integration/repp/v1/contacts/update_test.rb
+++ b/test/integration/repp/v1/contacts/update_test.rb
@ -8,6 +8,9 @@ class ReppV1ContactsUpdateTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_updates_contact
@ -118,4 +121,25 @@ class ReppV1ContactsUpdateTest < ActionDispatch::IntegrationTest
    assert_equal 2308, json[:code]
    assert_equal 'Ident update is not allowed. Consider creating new contact object', json[:message]
  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    request_body =  {
+      "contact": {
+        "email": "donaldtrump@yandex.ru"
+      }
+    }
+
+    put "/repp/v1/contacts/#{@contact.code}", headers: @auth_headers, params: request_body
+    put "/repp/v1/contacts/#{@contact.code}", headers: @auth_headers, params: request_body
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end