search

adonisjs / limiter

The official rate limiter package for AdonisJS
MIT License
32 stars 3 forks source link

Clear limiter in Japa apiClient #11

Open alessandroOniartiEventzradar opened 4 months ago

alessandroOniartiEventzradar commented 4 months ago

Package version

2.3.0

Describe the bug

I implemented the limiter to limit auth attempts in my controller. I'm writing tests with Japa plugin for the auth functionality. I implemented the limiter clearing as in the documentation as follow

test.group('User login', (group) => {
  group.each.setup(() => {
    return () => limiter.clear(['memory'])
  })
  ...
})

But when I execute this test:

test('Too many attempts', async ({ client }) => {
    let i = 0
    while (i < loginLimiterRequests) {
      await client
        .post(
          router
            .builderForDomain(env.get('API_DOMAIN'))
            .prefixUrl(env.get('API_DOMAIN_FULL'))
            .make('login')
        )
        .json({
          email: 'mail@gmail.com',
          password: 'wrong',
        })
      i++
    }
    const response = await client
      .post(
        router
          .builderForDomain(env.get('API_DOMAIN'))
          .prefixUrl(env.get('API_DOMAIN_FULL'))
          .make('login')
      )
      .json({
        email: 'mail@gmail.com',
        password: 'wrong',
      })
    response.assertStatus(429)
    response.assertHeader('retry-after')
  })

All the following tests fails due to limit reach, like it is not resetted between a test and another. Even re-running the tests it seems that the limiter is not cleared. Im I missing somethig?

In the .env.test I'm using memory as limit LIMITER_STORE

Reproduction repo

No response

thetutlage commented 4 months ago

Please format the code blocks properly. https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks

alessandroOniartiEventzradar commented 4 months ago

Sorry, added block code.

RomainLanz commented 4 months ago

Can you please show your config/limiter.ts file?

alessandroOniartiEventzradar commented 3 months ago

Here is the config

import env from '#start/env'
import { defineConfig, stores } from '@adonisjs/limiter'

const limiterConfig = defineConfig({
  default: env.get('LIMITER_STORE'),
  stores: {
    /**
     * Redis store to save rate limiting data inside a
     * redis database.
     *
     * It is recommended to use a separate database for
     * the limiter connection.
     */
    redis: stores.redis({
      connectionName: 'limiter',
    }),

    /**
     * Memory store could be used during
     * testing
     */
    memory: stores.memory({}),
  },
})

export default limiterConfig

declare module '@adonisjs/limiter/types' {
  export interface LimitersList extends InferLimiters<typeof limiterConfig> {}
}

In my .env.test I have LIMITER_STORE=memory

lecoueyl commented 1 week ago

It didn’t work when clearing before the test, but it did work after the test, like this.

  group.each.teardown(async () => {
    limiter.clear()
  })