Initial tests for middleware funcitonality.

shalarewicz · shalarewicz · commit 6a5593379710 · 2022-05-25T19:35:59.000-04:00
diff --git a/package.json b/package.json
@@ -6,7 +6,7 @@
     "scripts": {
         "test": "jest --passWithNoTests",
         "lint": "eslint src test",
-        "lint:fix": "eslint --fix src test",
+        "lint:fix": "eslint --fix src test @types",
         "prettier": "prettier --write .",
         "prepare": "husky install"
     },
diff --git a/src/@types/rateLimit.d.ts b/src/@types/rateLimit.d.ts
@@ -40,4 +40,6 @@ interface TokenBucketOptions {
 }
 
 // TODO: This will be a union type where we can specify Option types for other Rate Limiters
-type RateLimiterOptions = TokenBucketOptions;
+// Record<string, never> represents the empty object for alogorithms that don't require settings
+// and might be able to be removed in the future.
+type RateLimiterOptions = TokenBucketOptions | Record<string, never>;
diff --git a/src/middleware/index.ts b/src/middleware/index.ts
@@ -17,7 +17,8 @@ import { defaultTypeWeightsConfig } from '../analysis/buildTypeWeights';
  * Defaults to {mutation: 10, object: 1, field: 0, connection: 2}
  * @returns {RequestHandler} express middleware that computes the complexity of req.query and calls the next middleware
  * if the query is allowed or sends a 429 status if the request is blocked
- * @throws ValidationError if GraphQL Schema is invalid
+ * FIXME: How about the specific GraphQLError?
+ * @throws ValidationError if GraphQL Schema is invalid.
  */
 export function expressRateLimiter(
     rateLimiter: RateLimiterSelection,
@@ -31,7 +32,6 @@ export function expressRateLimiter(
     // TODO: Connect to Redis store using provided options. Default to localhost:6379
     // TODO: Configure the selected RateLimtier
     // TODO: Configure the complexity analysis algorithm to run for incoming requests
-
     const middleware: RequestHandler = (req: Request, res: Response, next: NextFunction) => {
         // TODO: Parse query from req.query, compute complexity and pass necessary info to rate limiter
         // TODO: Call next if query is successful, send 429 status if query blocked, call next(err) with any thrown errors
diff --git a/test/middleware/express.test.ts b/test/middleware/express.test.ts
@@ -0,0 +1,341 @@
+import { Request, Response, NextFunction, RequestHandler } from 'express';
+import { GraphQLSchema, buildSchema } from 'graphql';
+import redis from 'redis-mock';
+import { RedisClientType } from 'redis';
+import expressRateLimitMiddleware from '../../src/middleware/index';
+import { Socket } from 'net';
+
+let middleware: RequestHandler;
+let mockRequest: Partial<Request>;
+let complexRequest: Partial<Request>;
+let mockResponse: Partial<Response>;
+const nextFunction: NextFunction = jest.fn();
+const schema: GraphQLSchema = buildSchema(`
+                type Query {
+                    hero(episode: Episode): Character
+                    reviews(episode: Episode!, first: Int): [Review]
+                    search(text: String): [SearchResult]
+                    character(id: ID!): Character
+                    droid(id: ID!): Droid
+                    human(id: ID!): Human
+                    scalars: Scalars
+                }    
+                enum Episode {
+                    NEWHOPE
+                    EMPIRE
+                    JEDI
+                }
+                interface Character {
+                    id: ID!
+                    name: String!
+                    friends: [Character]
+                    appearsIn: [Episode]!
+                }
+                type Human implements Character {
+                    id: ID!
+                    name: String!
+                    homePlanet: String
+                    friends: [Character]
+                    appearsIn: [Episode]!
+                }
+                type Droid implements Character {
+                    id: ID!
+                    name: String!
+                    friends: [Character]
+                    primaryFunction: String
+                    appearsIn: [Episode]!
+                }
+                type Review {
+                    episode: Episode
+                    stars: Int!
+                    commentary: String
+                }
+                union SearchResult = Human | Droid
+                type Scalars {
+                    num: Int,
+                    id: ID,
+                    float: Float,
+                    bool: Boolean,
+                    string: String
+                    test: Test,
+                }
+                type Test {
+                    name: String,
+                    variable: Scalars
+                }
+            `);
+
+describe('Express Middleware tests', () => {
+    xdescribe('Middleware is configurable...', () => {
+        describe('...successfully connects to redis using standard connection options', () => {
+            beforeEach(() => {
+                // TODO: Setup mock redis store.
+            });
+
+            test('...via connection string', () => {
+                // TODO: use event listener to listen for connections to a mock redis store
+                expect(true).toBeFalsy();
+            });
+
+            test('via indiividual parameters', () => {
+                // TODO:
+                expect(true).toBeFalsy();
+            });
+
+            test('defaults to localhost', () => {
+                // TODO:
+                expect(true).toBeFalsy();
+            });
+        });
+
+        describe('...Can be configured to use a valid algorithm', () => {
+            test('... Token Bucket', () => {
+                // FIXME: Is it possible to check which algorithm was chosen beyond error checking?
+                expect(
+                    expressRateLimitMiddleware(
+                        'TOKEN_BUCKET',
+                        { refillRate: 1, bucketSize: 10 },
+                        schema,
+                        { url: '' }
+                    )
+                ).not.toThrow();
+            });
+
+            xtest('...Leaky Bucket', () => {
+                expect(
+                    expressRateLimitMiddleware(
+                        'LEAKY_BUCKET',
+                        { refillRate: 1, bucketSize: 10 }, // FIXME: Replace with valid params
+                        schema,
+                        { url: '' }
+                    )
+                ).not.toThrow();
+            });
+
+            xtest('...Fixed Window', () => {
+                expect(
+                    expressRateLimitMiddleware(
+                        'FIXED_WINDOW',
+                        { refillRate: 1, bucketSize: 10 }, // FIXME: Replace with valid params
+                        schema,
+                        { url: '' }
+                    )
+                ).not.toThrow();
+            });
+
+            xtest('...Sliding Window', () => {
+                expect(
+                    expressRateLimitMiddleware(
+                        'SLIDING_WINDOW_LOG',
+                        { refillRate: 1, bucketSize: 10 }, // FIXME: Replace with valid params
+                        schema,
+                        { url: '' }
+                    )
+                ).not.toThrow();
+            });
+
+            xtest('...Sliding Window Counter', () => {
+                expect(
+                    expressRateLimitMiddleware(
+                        'SLIDING_WINDOW_COUNTER',
+                        { refillRate: 1, bucketSize: 10 }, // FIXME: Replace with valid params
+                        schema,
+                        { url: '' }
+                    )
+                ).not.toThrow();
+            });
+        });
+
+        test('Throw an error for invalid schemas', () => {
+            const invalidSchema: GraphQLSchema = buildSchema(`{Query {name}`);
+
+            expect(
+                expressRateLimitMiddleware('TOKEN_BUCKET', {}, invalidSchema, { url: '' })
+            ).toThrowError('ValidationError');
+        });
+    });
+
+    describe('Middleware is Functional', () => {
+        // Before each test configure a new middleware amd mock req, res objects.
+        beforeAll(() => {
+            jest.useFakeTimers('modern');
+        });
+
+        afterAll(() => {
+            jest.useRealTimers();
+        });
+
+        beforeEach(() => {
+            middleware = expressRateLimitMiddleware(
+                'TOKEN_BUCKET',
+                { refillRate: 1, bucketSize: 10 },
+                schema,
+                {}
+            );
+            mockRequest = {
+                query: {
+                    // complexity should be 2 (1 Query + 1 Scalar)
+                    query: `Query {
+                    scalars: {
+                        num
+                    }
+                `,
+                },
+                ip: '123.456',
+            };
+
+            mockResponse = {
+                json: jest.fn(),
+                send: jest.fn(),
+                sendStatus: jest.fn(),
+                locals: {},
+            };
+
+            complexRequest = {
+                // complexity should be 10 if 'first' is accounted for.
+                // scalars: 1, droid: 1, reviews (4 * (1 Review, 1 episode))
+                query: {
+                    query: `Query {
+                    scalars: {
+                        num
+                    }
+                    droid(id: 1) {
+                        name
+                    }
+                    reviews(episode: 'NEWHOPE', first: 4) {
+                        episode 
+                        stars
+                        commentary
+                    }
+                `,
+                },
+            };
+        });
+
+        xdescribe('Adds expected properties to res.locals', () => {
+            test('Adds UNIX timestamp and complexity', () => {
+                const expectedResponse = {
+                    locals: {},
+                };
+
+                middleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+                // We don't actually call json
+                expect(mockResponse.json).toBeCalledWith(expectedResponse);
+                expect(mockResponse.locals).toHaveProperty('complexity');
+                expect(mockResponse.locals?.complexity).toBeInstanceOf('number');
+                expect(mockResponse.locals?.complexity).toBeGreaterThanOrEqual(0);
+
+                expect(mockResponse.locals).toHaveProperty('timestamp');
+                expect(mockResponse.locals?.timestamp).toBeInstanceOf('number');
+                // confirm that this is timestamp +/- 5 minutes of now.
+                const now: number = Date.now().valueOf();
+                const diff: number = Math.abs(now - (mockResponse.locals?.timestamp || 0));
+                expect(diff).toBeLessThan(5 * 60);
+            });
+        });
+
+        describe('Correctly limits requests', () => {
+            describe('Allows requests', () => {
+                test('...a single request', () => {
+                    // successful request calls next without any arguments.
+                    middleware(mockRequest as Request, mockResponse as Response, nextFunction);
+                    expect(nextFunction).toBeCalledTimes(1);
+                    expect(nextFunction).toBeCalledWith();
+                });
+
+                test('Multiple valid requests at > 1 second intervals', () => {
+                    for (let i = 0; i < 3; i++) {
+                        const next: NextFunction = jest.fn();
+                        middleware(complexRequest as Request, mockResponse as Response, next);
+                        expect(next).toBeCalledTimes(1);
+                        expect(next).toBeCalledWith();
+
+                        // advance the timers by 1 second for the next request
+                        jest.advanceTimersByTime(1000);
+                    }
+                });
+
+                test('Multiple valid requests at within one second', () => {
+                    for (let i = 0; i < 3; i++) {
+                        const next: NextFunction = jest.fn();
+                        middleware(complexRequest as Request, mockResponse as Response, next);
+                        expect(next).toBeCalledTimes(1);
+                        expect(next).toBeCalledWith();
+
+                        // advance the timers by 1 second for the next request
+                        jest.advanceTimersByTime(20);
+                    }
+                });
+            });
+
+            describe('BLOCKS requests', () => {
+                test('A single request that exceeds capacity', () => {
+                    complexRequest = {
+                        // complexity should be 12 if 'first' is accounted for.
+                        // scalars: 1, droid: 1, reviews (5 * (1 Review, 1 episode))
+                        query: {
+                            query: `Query {
+                            scalars: {
+                                num
+                            }
+                            droid(id: 1) {
+                                name
+                            }
+                            reviews(episode: 'NEWHOPE', first: 5) {
+                                episode 
+                                stars
+                                commentary
+                            }
+                        `,
+                        },
+                    };
+                    const expectedResponse = {
+                        status: 429,
+                    };
+
+                    middleware(mockRequest as Request, mockResponse as Response, nextFunction);
+                    expect(mockResponse.status).toBe(429);
+                    expect(nextFunction).not.toBeCalled();
+
+                    // FIXME: There are multiple functions to send a response
+                    // json, send html, sendStatus etc. How do we check at least one was called
+                    expect(mockResponse.send).toBeCalled();
+                });
+
+                test('Multiple queries that exceed token limit', () => {
+                    for (let i = 0; i < 5; i++) {
+                        // Send 5 queries of complexity 2. These should all succeed
+                        middleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+                        // advance the timers by 1 second for the next request
+                        jest.advanceTimersByTime(20);
+                    }
+
+                    // Send a 6th request that should be blocked.
+                    const next: NextFunction = jest.fn();
+                    middleware(mockRequest as Request, mockResponse as Response, next);
+                    expect(mockResponse.status).toBe(429);
+                    expect(next).not.toBeCalled();
+
+                    // FIXME: See above comment on sending responses
+                    expect(mockResponse.send).toBeCalled();
+                });
+            });
+        });
+
+        test('Uses User IP Address in Redis', async () => {
+            const client: RedisClientType = redis.createClient();
+            // Check for change in the redis store for the IP key
+            if (!mockRequest.ip) throw new Error('Expected ip to exist on mockRequest');
+            const initialValue: string | null = await client.get(mockRequest?.ip);
+
+            middleware(mockRequest as Request, mockResponse as Response, nextFunction);
+
+            const finalValue: string | null = await client.get(mockRequest?.ip);
+
+            expect(finalValue).not.toBeNull();
+            expect(finalValue).not.toBe(initialValue);
+        });
+    });
+});

Original file line number	Diff line number	Diff line change
`@@ -40,4 +40,6 @@ interface TokenBucketOptions {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`// TODO: This will be a union type where we can specify Option types for other Rate Limiters`
`43`		`-type RateLimiterOptions = TokenBucketOptions;`
	`43`	`+// Record<string, never> represents the empty object for alogorithms that don't require settings`
	`44`	`+// and might be able to be removed in the future.`
	`45`	`+type RateLimiterOptions = TokenBucketOptions \| Record<string, never>;`