49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
// @ts-check
|
|
import { test, expect } from '@playwright/test';
|
|
import { loadTestUser } from '../utils/testUser.js';
|
|
|
|
test.describe('@p0 Support — burst rate limit', () => {
|
|
test.setTimeout(20000);
|
|
|
|
test('rapid submissions eventually return 429 Too Many Requests', async ({ page }) => {
|
|
const user = loadTestUser();
|
|
const stamp = new Date().toISOString().replace(/[-:TZ.]/g, '');
|
|
|
|
// 1) Sign in to get an auth cookie (support requires auth)
|
|
await page.context().clearCookies();
|
|
await page.goto('/signin', { waitUntil: 'networkidle' });
|
|
await page.getByPlaceholder('Username', { exact: true }).fill(user.username);
|
|
await page.getByPlaceholder('Password', { exact: true }).fill(user.password);
|
|
await page.getByRole('button', { name: /^Sign In$/ }).click();
|
|
await page.waitForURL('**/signin-landing**', { timeout: 15000 });
|
|
|
|
// 2) Fire a small burst of requests to /api/support
|
|
// (Assumption: burst limiter threshold < 10 in your config)
|
|
const tries = 12;
|
|
const statuses = [];
|
|
for (let i = 0; i < tries; i++) {
|
|
const resp = await page.request.post('/api/support', {
|
|
data: {
|
|
subject: `E2E rate limit test ${stamp} #${i}`,
|
|
message: `Automated burst ${i} at ${new Date().toISOString()} — please ignore.`,
|
|
},
|
|
}).catch(() => null);
|
|
|
|
const code = resp ? resp.status() : 0;
|
|
statuses.push(code);
|
|
|
|
// Small pacing to keep the server from batching writes too tightly
|
|
await page.waitForTimeout(100);
|
|
|
|
// Fast-exit if we already hit the limiter
|
|
if (code === 429) break;
|
|
}
|
|
|
|
// Log for report
|
|
console.log('support burst statuses:', statuses.join(', '));
|
|
|
|
// 3) Expect at least one 429 Too Many Requests in the burst
|
|
expect(statuses.some((s) => s === 429)).toBeTruthy();
|
|
});
|
|
});
|