From 99d386bda1d130e563ee58eedea09b678d9db948 Mon Sep 17 00:00:00 2001 From: Anton Khorev Date: Sun, 4 May 2025 03:42:42 +0300 Subject: [PATCH] Move api changeset upload rate/size limit tests --- .../api/changesets/uploads_controller_test.rb | 144 +++++++++++++++ .../api/changesets_controller_test.rb | 164 ------------------ 2 files changed, 144 insertions(+), 164 deletions(-) diff --git a/test/controllers/api/changesets/uploads_controller_test.rb b/test/controllers/api/changesets/uploads_controller_test.rb index 97c614d05..807dec421 100644 --- a/test/controllers/api/changesets/uploads_controller_test.rb +++ b/test/controllers/api/changesets/uploads_controller_test.rb @@ -1098,6 +1098,150 @@ module Api assert_not node.visible end + # ------------------------------------- + # Test upload rate/size limits. + # ------------------------------------- + + def test_upload_initial_rate_limit + user = create(:user) + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset that puts us near the initial rate limit + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => Settings.initial_changes_per_hour - 2) + + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + auth_header = bearer_authorization_header user + + post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_response :too_many_requests, "upload did not hit rate limit" + end + + def test_upload_maximum_rate_limit + user = create(:user) + node = create(:node) + way = create(:way_with_nodes, :nodes_count => 2) + relation = create(:relation) + + # create a changeset to establish our initial edit time + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 28.days) + + # create changeset to put us near the maximum rate limit + total_changes = Settings.max_changes_per_hour - 2 + while total_changes.positive? + changes = [total_changes, Changeset::MAX_ELEMENTS].min + changeset = create(:changeset, :user => user, + :created_at => Time.now.utc - 5.minutes, + :num_changes => changes) + total_changes -= changes + end + + diff = <<~CHANGESET + + + + + + + + + + + + + + + + + + + CHANGESET + + auth_header = bearer_authorization_header user + + post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_response :too_many_requests, "upload did not hit rate limit" + end + + def test_upload_initial_size_limit + user = create(:user) + + # create a changeset that puts us near the initial size limit + changeset = create(:changeset, :user => user, + :min_lat => (-0.5 * GeoRecord::SCALE).round, :min_lon => (0.5 * GeoRecord::SCALE).round, + :max_lat => (0.5 * GeoRecord::SCALE).round, :max_lon => (2.5 * GeoRecord::SCALE).round) + + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + auth_header = bearer_authorization_header user + + post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_response :payload_too_large, "upload did not hit size limit" + end + + def test_upload_size_limit_after_one_week + user = create(:user) + + # create a changeset to establish our initial edit time + create(:changeset, :user => user, :created_at => Time.now.utc - 7.days) + + # create a changeset that puts us near the initial size limit + changeset = create(:changeset, :user => user, :bbox => [0.5, -0.5, 2.5, 0.5]) + + diff = <<~CHANGESET + + + + + + + + + CHANGESET + + auth_header = bearer_authorization_header user + + post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header + + assert_response :payload_too_large, "upload did not hit size limit" + end + private def check_upload_results_in_not_found(&) diff --git a/test/controllers/api/changesets_controller_test.rb b/test/controllers/api/changesets_controller_test.rb index aecfa18ab..fe85ee277 100644 --- a/test/controllers/api/changesets_controller_test.rb +++ b/test/controllers/api/changesets_controller_test.rb @@ -787,170 +787,6 @@ module Api assert_equal 0.3 * GeoRecord::SCALE, changeset.max_lat, "max_lat should be 0.3 degrees" end - ## - # test initial rate limit - def test_upload_initial_rate_limit - # create a user - user = create(:user) - - # create some objects to use - node = create(:node) - way = create(:way_with_nodes, :nodes_count => 2) - relation = create(:relation) - - # create a changeset that puts us near the initial rate limit - changeset = create(:changeset, :user => user, - :created_at => Time.now.utc - 5.minutes, - :num_changes => Settings.initial_changes_per_hour - 2) - - # create authentication header - auth_header = bearer_authorization_header user - - # simple diff to create a node way and relation using placeholders - diff = <<~CHANGESET - - - - - - - - - - - - - - - - - - - CHANGESET - - # upload it - post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header - assert_response :too_many_requests, "upload did not hit rate limit" - end - - ## - # test maximum rate limit - def test_upload_maximum_rate_limit - # create a user - user = create(:user) - - # create some objects to use - node = create(:node) - way = create(:way_with_nodes, :nodes_count => 2) - relation = create(:relation) - - # create a changeset to establish our initial edit time - changeset = create(:changeset, :user => user, - :created_at => Time.now.utc - 28.days) - - # create changeset to put us near the maximum rate limit - total_changes = Settings.max_changes_per_hour - 2 - while total_changes.positive? - changes = [total_changes, Changeset::MAX_ELEMENTS].min - changeset = create(:changeset, :user => user, - :created_at => Time.now.utc - 5.minutes, - :num_changes => changes) - total_changes -= changes - end - - # create authentication header - auth_header = bearer_authorization_header user - - # simple diff to create a node way and relation using placeholders - diff = <<~CHANGESET - - - - - - - - - - - - - - - - - - - CHANGESET - - # upload it - post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header - assert_response :too_many_requests, "upload did not hit rate limit" - end - - ## - # test initial size limit - def test_upload_initial_size_limit - # create a user - user = create(:user) - - # create a changeset that puts us near the initial size limit - changeset = create(:changeset, :user => user, - :min_lat => (-0.5 * GeoRecord::SCALE).round, :min_lon => (0.5 * GeoRecord::SCALE).round, - :max_lat => (0.5 * GeoRecord::SCALE).round, :max_lon => (2.5 * GeoRecord::SCALE).round) - - # create authentication header - auth_header = bearer_authorization_header user - - # simple diff to create a node - diff = <<~CHANGESET - - - - - - - - - CHANGESET - - # upload it - post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header - assert_response :payload_too_large, "upload did not hit size limit" - end - - ## - # test size limit after one week - def test_upload_week_size_limit - # create a user - user = create(:user) - - # create a changeset to establish our initial edit time - create(:changeset, :user => user, :created_at => Time.now.utc - 7.days) - - # create a changeset that puts us near the initial size limit - changeset = create(:changeset, :user => user, :bbox => [0.5, -0.5, 2.5, 0.5]) - - # create authentication header - auth_header = bearer_authorization_header user - - # simple diff to create a node way and relation using placeholders - diff = <<~CHANGESET - - - - - - - - - CHANGESET - - # upload it - post api_changeset_upload_path(changeset), :params => diff, :headers => auth_header - assert_response :payload_too_large, "upload did not hit size limit" - end - ## # when we make some simple changes we get the same changes back from the # diff download. -- 2.39.5