Add rate limiting to all repp actions

2025-07-29 22:16:19 +02:00 · 2022-08-02 06:14:47 -03:00 · 2022-08-02 06:14:47 -03:00 · 2a58bf3849
commit 2a58bf3849
parent fb60466194
48 changed files with 757 additions and 16 deletions
--- a/test/integration/repp/v1/invoices/add_credit_test.rb
+++ b/test/integration/repp/v1/invoices/add_credit_test.rb
@ -24,6 +24,8 @@ class ReppV1InvoicesAddCreditTest < ActionDispatch::IntegrationTest
      message: 'success'
    }
    stub_request(:post, "https://eis_billing_system:3000/api/v1/e_invoice/e_invoice").to_return(status: 200, body: msg2.to_json, headers: {})
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  teardown do
@ -101,4 +103,39 @@ class ReppV1InvoicesAddCreditTest < ActionDispatch::IntegrationTest
    assert_response :bad_request
    assert_equal "Amount is too small. Minimum deposit is #{Setting.minimum_deposit} EUR", json[:message]
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    request_body = {
+      invoice: {
+        amount: 100,
+        description: 'Add credit',
+      },
+    }
+    Setting.registry_vat_prc = 0.1
+    ENV['billing_system_integrated'] = 'true'
+
+    if Feature.billing_system_integrated?
+      invoice_n = Invoice.order(number: :desc).last.number
+      stub_request(:post, 'https://eis_billing_system:3000/api/v1/invoice_generator/invoice_number_generator')
+        .to_return(status: 200, body: "{\"invoice_number\":\"#{invoice_n + 3}\"}", headers: {})
+      stub_request(:post, 'https://eis_billing_system:3000/api/v1/e_invoice/e_invoice')
+        .to_return(status: 200, body: '', headers: {})
+    end
+
+    post '/repp/v1/invoices/add_credit', headers: @auth_headers,
+                                         params: request_body
+    post '/repp/v1/invoices/add_credit', headers: @auth_headers,
+                                         params: request_body
+
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/invoices/cancel_test.rb
+++ b/test/integration/repp/v1/invoices/cancel_test.rb
@ -41,4 +41,4 @@ class ReppV1InvoicesCancelTest < ActionDispatch::IntegrationTest
    invoice.reload
    assert_not invoice.cancelled?
  end
-end
+end
--- a/test/integration/repp/v1/invoices/download_test.rb
+++ b/test/integration/repp/v1/invoices/download_test.rb
@ -7,6 +7,9 @@ class ReppV1InvoicesDownloadTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_invoice_as_pdf
@ -19,4 +22,21 @@ class ReppV1InvoicesDownloadTest < ActionDispatch::IntegrationTest
    assert_equal "attachment; filename=\"Invoice-2.pdf\"; filename*=UTF-8''Invoice-2.pdf", response.headers['Content-Disposition']
    assert_not_empty response.body
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    invoice = @user.registrar.invoices.first
+
+    get "/repp/v1/invoices/#{invoice.id}/download", headers: @auth_headers
+    get "/repp/v1/invoices/#{invoice.id}/download", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/invoices/list_test.rb
+++ b/test/integration/repp/v1/invoices/list_test.rb
@ -7,6 +7,9 @@ class ReppV1InvoicesListTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_registrar_invoices
@ -82,4 +85,19 @@ class ReppV1InvoicesListTest < ActionDispatch::IntegrationTest

    assert_equal (@user.registrar.invoices.count - offset), json[:data][:invoices].length
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    get repp_v1_invoices_path, headers: @auth_headers
+    get repp_v1_invoices_path, headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/invoices/send_test.rb
+++ b/test/integration/repp/v1/invoices/send_test.rb
@ -7,6 +7,9 @@ class ReppV1InvoicesSendTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_sends_invoice_to_recipient
@ -36,4 +39,30 @@ class ReppV1InvoicesSendTest < ActionDispatch::IntegrationTest
    assert_equal 'Invoice no. 1', email.subject
    assert email.attachments['invoice-1.pdf']
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    invoice = invoices(:one)
+    recipient = 'donaldtrump@yandex.ru'
+    request_body = {
+      invoice: {
+        id: invoice.id,
+        recipient: recipient,
+      },
+    }
+    post "/repp/v1/invoices/#{invoice.id}/send_to_recipient", headers: @auth_headers,
+                                                              params: request_body
+    post "/repp/v1/invoices/#{invoice.id}/send_to_recipient", headers: @auth_headers,
+                                                              params: request_body
+
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end
--- a/test/integration/repp/v1/invoices/show_test.rb
+++ b/test/integration/repp/v1/invoices/show_test.rb
@ -7,6 +7,9 @@ class ReppV1InvoicesShowTest < ActionDispatch::IntegrationTest
    token = "Basic #{token}"

    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
  end

  def test_returns_error_when_not_found
@ -30,4 +33,21 @@ class ReppV1InvoicesShowTest < ActionDispatch::IntegrationTest

    assert_equal invoice.id, json[:data][:invoice][:id]
  end
-end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    invoice = @user.registrar.invoices.first
+
+    get repp_v1_invoice_path(id: invoice.id), headers: @auth_headers
+    get repp_v1_invoice_path(id: invoice.id), headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+end