diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-12 20:32:48 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-13 12:00:16 +0200 |
commit | 66835476b59b8be7593d4cfa03a51c4f265d7e26 (patch) | |
tree | 91770c8fe403da25af50e6336727ab55fe57cd27 /build | |
parent | 5505faa3d7b6f5a95f18fe5027355d700d69f396 (diff) | |
download | nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.tar.gz nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.zip |
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'build')
-rw-r--r-- | build/integration/features/ratelimiting.feature | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/build/integration/features/ratelimiting.feature b/build/integration/features/ratelimiting.feature new file mode 100644 index 00000000000..bd8b2e30a73 --- /dev/null +++ b/build/integration/features/ratelimiting.feature @@ -0,0 +1,58 @@ +Feature: ratelimiting + + Background: + Given user "user0" exists + Given As an "admin" + Given app "testing" is enabled + + Scenario: Accessing a page with only an AnonRateThrottle as user + Given user "user0" exists + # First request should work + When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Second one should fail + When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth + Then the HTTP status code should be "429" + # After 11 seconds the next request should work + And Sleep for "11" seconds + When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + + Scenario: Accessing a page with only an AnonRateThrottle as guest + Given Sleep for "11" seconds + # First request should work + When requesting "/index.php/apps/testing/anonProtected" with "GET" + Then the HTTP status code should be "200" + # Second one should fail + When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth + Then the HTTP status code should be "429" + # After 11 seconds the next request should work + And Sleep for "11" seconds + When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + + Scenario: Accessing a page with UserRateThrottle and AnonRateThrottle + # First request should work as guest + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" + Then the HTTP status code should be "200" + # Second request should fail as guest + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" + Then the HTTP status code should be "429" + # First request should work as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Second request should work as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Third request should work as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Fourth request should work as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Fifth request should work as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth + Then the HTTP status code should be "200" + # Sixth request should fail as user + When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" + Then the HTTP status code should be "429" |