package tests import ( "net/http" "testing" "github.com/google/uuid" "github.com/stretchr/testify/require" "github.com/twofas/2fas-server/tests" "golang.org/x/sync/errgroup" ) func Test_MobileApiBandwidthAbuse(t *testing.T) { someId := uuid.New() noOfRequest := 130 noOfWorkers := 20 responseCh := make(chan int, noOfRequest) eg := errgroup.Group{} eg.SetLimit(noOfWorkers) for i := 0; i < noOfRequest; i++ { eg.Go(func() error { resp := tests.DoAPIGet(t, "/mobile/devices/"+someId.String()+"/browser_extensions", nil) responseCh <- resp.StatusCode return nil }) } require.NoError(t, eg.Wait()) close(responseCh) var got404, got429 int for code := range responseCh { switch code { case http.StatusNotFound: got404++ case http.StatusTooManyRequests: got429++ default: t.Fatalf("Unexpected code: %v", code) } } // Default rate limit is 100 per minute. // So we expect around 100 - 404, and around 30 - 429 require.InDelta(t, 100, got404, 2.0) require.InDelta(t, 30, got429, 2.0) } func Test_BrowserExtensionApiBandwidthAbuse(t *testing.T) { someId := uuid.New() noOfRequest := 130 noOfWorkers := 20 responseCh := make(chan int, noOfRequest) eg := errgroup.Group{} eg.SetLimit(noOfWorkers) for i := 0; i < noOfRequest; i++ { eg.Go(func() error { resp := tests.DoAPIGet(t, "/browser_extensions/"+someId.String(), nil) responseCh <- resp.StatusCode return nil }) } require.NoError(t, eg.Wait()) close(responseCh) var got404, got429 int for code := range responseCh { switch code { case http.StatusNotFound: got404++ case http.StatusTooManyRequests: got429++ default: t.Fatalf("Unexpected code: %v", code) } } // Default rate limit is 100 per minute. // So we expect around 100 - 404, and around 30 - 429 require.InDelta(t, 100, got404, 2.0) require.InDelta(t, 30, got429, 2.0) }