Torben Sorensen
b4306a6092
Some checks failed
Deploy to Test Environment / deploy-to-test (push) Failing after 50s
113 lines
3.5 KiB
TypeScript
113 lines
3.5 KiB
TypeScript
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
|
import supertest from 'supertest';
|
|
import { createTestApp } from '../tests/utils/createTestApp';
|
|
import { createMockUserProfile } from '../tests/utils/mockFactories';
|
|
|
|
// Mock dependencies required by admin.routes.ts
|
|
vi.mock('../services/db/index.db', () => ({
|
|
adminRepo: {},
|
|
flyerRepo: {},
|
|
recipeRepo: {},
|
|
userRepo: {},
|
|
personalizationRepo: {},
|
|
notificationRepo: {},
|
|
}));
|
|
|
|
vi.mock('../services/backgroundJobService', () => ({
|
|
backgroundJobService: {
|
|
runDailyDealCheck: vi.fn(),
|
|
triggerAnalyticsReport: vi.fn(),
|
|
triggerWeeklyAnalyticsReport: vi.fn(),
|
|
},
|
|
}));
|
|
|
|
vi.mock('../services/queueService.server', () => ({
|
|
flyerQueue: { add: vi.fn(), getJob: vi.fn() },
|
|
emailQueue: { add: vi.fn(), getJob: vi.fn() },
|
|
analyticsQueue: { add: vi.fn(), getJob: vi.fn() },
|
|
cleanupQueue: { add: vi.fn(), getJob: vi.fn() },
|
|
weeklyAnalyticsQueue: { add: vi.fn(), getJob: vi.fn() },
|
|
}));
|
|
|
|
vi.mock('../services/geocodingService.server', () => ({
|
|
geocodingService: { clearGeocodeCache: vi.fn() },
|
|
}));
|
|
|
|
vi.mock('../services/logger.server', async () => ({
|
|
logger: (await import('../tests/utils/mockLogger')).mockLogger,
|
|
}));
|
|
|
|
vi.mock('@bull-board/api');
|
|
vi.mock('@bull-board/api/bullMQAdapter');
|
|
vi.mock('@bull-board/express', () => ({
|
|
ExpressAdapter: class {
|
|
setBasePath() {}
|
|
getRouter() { return (req: any, res: any, next: any) => next(); }
|
|
},
|
|
}));
|
|
|
|
vi.mock('node:fs/promises');
|
|
|
|
// Mock Passport to allow admin access
|
|
vi.mock('./passport.routes', () => ({
|
|
default: {
|
|
authenticate: vi.fn(() => (req: any, res: any, next: any) => {
|
|
req.user = createMockUserProfile({ role: 'admin' });
|
|
next();
|
|
}),
|
|
},
|
|
isAdmin: (req: any, res: any, next: any) => next(),
|
|
}));
|
|
|
|
import adminRouter from './admin.routes';
|
|
|
|
describe('Admin Routes Rate Limiting', () => {
|
|
const app = createTestApp({ router: adminRouter, basePath: '/api/admin' });
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
});
|
|
|
|
describe('Trigger Rate Limiting', () => {
|
|
it('should block requests to /trigger/daily-deal-check after exceeding limit', async () => {
|
|
const limit = 30; // Matches adminTriggerLimiter config
|
|
|
|
// Make requests up to the limit
|
|
for (let i = 0; i < limit; i++) {
|
|
await supertest(app)
|
|
.post('/api/admin/trigger/daily-deal-check')
|
|
.set('X-Test-Rate-Limit-Enable', 'true');
|
|
}
|
|
|
|
// The next request should be blocked
|
|
const response = await supertest(app)
|
|
.post('/api/admin/trigger/daily-deal-check')
|
|
.set('X-Test-Rate-Limit-Enable', 'true');
|
|
|
|
expect(response.status).toBe(429);
|
|
expect(response.text).toContain('Too many administrative triggers');
|
|
});
|
|
});
|
|
|
|
describe('Upload Rate Limiting', () => {
|
|
it('should block requests to /brands/:id/logo after exceeding limit', async () => {
|
|
const limit = 20; // Matches adminUploadLimiter config
|
|
const brandId = 1;
|
|
|
|
// Make requests up to the limit
|
|
// Note: We don't need to attach a file to test the rate limiter, as it runs before multer
|
|
for (let i = 0; i < limit; i++) {
|
|
await supertest(app)
|
|
.post(`/api/admin/brands/${brandId}/logo`)
|
|
.set('X-Test-Rate-Limit-Enable', 'true');
|
|
}
|
|
|
|
const response = await supertest(app)
|
|
.post(`/api/admin/brands/${brandId}/logo`)
|
|
.set('X-Test-Rate-Limit-Enable', 'true');
|
|
|
|
expect(response.status).toBe(429);
|
|
expect(response.text).toContain('Too many file uploads');
|
|
});
|
|
});
|
|
}); |