hapi-rate-limitor
Version:
Rate limiting for hapi/hapi.js to prevent brute-force attacks
52 lines (42 loc) • 1.29 kB
JavaScript
const Test = require('ava')
const Hapi = require('@hapi/hapi')
Test('works with other plugins', async (t) => {
const pluginA = {
name: 'plugin-a',
register: (server) => {
server.ext('onPreResponse', (request, h) => {
request.response.isBoom
? request.response.output.statusCode = 418
: request.response.statusCode = 418
return h.continue
})
}
}
const server = new Hapi.Server()
await server.register({
plugin: require('../lib'),
options: {
namespace: `route-limits-${Date.now()}`
}
})
await server.register({ plugin: pluginA })
await server.initialize()
server.route({
method: 'GET',
path: '/',
handler: () => {
throw new Error('This should create a 500 HTTP status, but we’re overwriting it in pluginA to status 418')
}
})
const request = {
url: '/',
method: 'GET'
}
// assert the response has the changed HTTP status code from pluginA and the rate limit headers from hapi-rate-limitor
const response = await server.inject(request)
t.is(response.statusCode, 418)
t.is(response.headers['x-rate-limit-limit'], 60)
t.is(response.headers['x-rate-limit-remaining'], 59)
t.not(response.headers['x-rate-limit-reset'], null)
})