UNPKG

hapi-rate-limitor

Version:

Rate limiting for hapi/hapi.js to prevent brute-force attacks

github.com/futurestudio/hapi-rate-limitor

futurestudio/hapi-rate-limitor

88 lines (74 loc) 2.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
'use strict' const Test = require('ava') const Hapi = require('@hapi/hapi') Test.before(async ({ context }) => { const server = new Hapi.Server() await server.register({ plugin: require('../lib/index'), options: { max: 1000, duration: 5 * 1000, namespace: 'success-response-headers' } }) server.route({ method: 'GET', path: '/', handler: () => { return 'This is rate limitoooooooor!' } }) await server.initialize() context.server = server }) Test('succeeds a request and sends rate limit response headers', async (t) => { const request = { url: '/', method: 'GET' } const response = await t.context.server.inject(request) t.is(response.statusCode, 200) t.is(response.headers['x-rate-limit-limit'], 1000) t.is(response.headers['x-rate-limit-remaining'], 999) t.not(response.headers['x-rate-limit-reset'], null) }) Test('succeeds requests with different IP addresses and sends rate limit response headers', async (t) => { const first = { url: '/', method: 'GET', headers: { 'X-Client-IP': '1.2.3.4' } } const response1 = await t.context.server.inject(first) t.is(response1.statusCode, 200) t.is(response1.headers['x-rate-limit-limit'], 1000) t.is(response1.headers['x-rate-limit-remaining'], 999) t.not(response1.headers['x-rate-limit-reset'], null) const second = { url: '/', method: 'GET', headers: { 'X-Client-IP': '9.8.7.6' } } const response2 = await t.context.server.inject(second) t.is(response2.statusCode, 200) t.is(response2.headers['x-rate-limit-limit'], 1000) t.is(response2.headers['x-rate-limit-remaining'], 999) t.not(response2.headers['x-rate-limit-reset'], null) }) Test('succeeds a 404 request and sends rate limit response headers', async (t) => { const request = { url: '/404', method: 'GET', headers: { 'X-Client-IP': '11.22.33.44' } } const response = await t.context.server.inject(request) t.is(response.statusCode, 404) t.is(response.headers['x-rate-limit-limit'], undefined) t.is(response.headers['x-rate-limit-remaining'], undefined) t.is(response.headers['x-rate-limit-reset'], undefined) })