UNPKG

hapi-rate-limitor

Version:

Rate limiting for hapi/hapi.js to prevent brute-force attacks

github.com/futurestudio/hapi-rate-limitor

futurestudio/hapi-rate-limitor

114 lines (92 loc) 2.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
'use strict' const Test = require('ava') const Hapi = require('@hapi/hapi') async function initializeServer () { const server = new Hapi.Server() await server.register({ plugin: require('../lib/index'), options: { skip (request) { return request.path.includes('/admin') }, max: 100, namespace: `skip-rate-limiting-${Date.now()}` } }) await server.initialize() return server } Test('Skips rate limiting when skip() returns true', async (t) => { const server = await initializeServer() server.route({ method: 'GET', path: '/admin', handler: () => 'success' }) const request = { url: '/admin', method: 'GET' } const response = await server.inject(request) t.is(response.statusCode, 200) t.is(response.headers['x-rate-limit-limit'], undefined) t.is(response.headers['x-rate-limit-remaining'], undefined) t.is(response.headers['x-rate-limit-reset'], undefined) }) Test('Does not skip rate limiting when skip() returns false', async (t) => { const server = await initializeServer() server.route({ method: 'GET', path: '/', handler: () => 'success' }) const requestDisabled = { url: '/', method: 'GET' } const response = await server.inject(requestDisabled) t.is(response.statusCode, 200) t.is(response.headers['x-rate-limit-limit'], 100) t.is(response.headers['x-rate-limit-remaining'], 99) t.not(response.headers['x-rate-limit-reset'], undefined) }) Test('Skips rate limiting when skip() returns false, but not enabled on route', async (t) => { const server = await initializeServer() server.route({ method: 'GET', path: '/', options: { plugins: { 'hapi-rate-limitor': { enabled: false } }, handler: () => 'success' } }) const requestDisabled = { url: '/', method: 'GET' } const response = await server.inject(requestDisabled) t.is(response.statusCode, 200) t.is(response.headers['x-rate-limit-limit'], undefined) t.is(response.headers['x-rate-limit-remaining'], undefined) t.is(response.headers['x-rate-limit-reset'], undefined) }) Test('Skips rate limiting when enabled on route, but skip() returns true', async (t) => { const server = await initializeServer() server.route({ method: 'GET', path: '/admin', options: { plugins: { 'hapi-rate-limitor': { enabled: true } }, handler: () => 'success' } }) const requestDisabled = { url: '/admin', method: 'GET' } const response = await server.inject(requestDisabled) t.is(response.statusCode, 200) t.is(response.headers['x-rate-limit-limit'], undefined) t.is(response.headers['x-rate-limit-remaining'], undefined) t.is(response.headers['x-rate-limit-reset'], undefined) })