Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2026-02-22 13:33:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

MAESTRO: verify bypass token rate limit exemption

Browse Source
This commit is contained in:
Mariusz Banach
2026-02-18 04:25:45 +01:00
parent 640a536bdb
commit 890b14e9cc
2 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
backend/tests/api/test_rate_limiter.py
View File

@@ -7,6 +7,7 @@ import pytest
from httpx import ASGITransport, AsyncClient
from app.core import config as config_module
from app.security.captcha import BYPASS_TOKEN_HEADER, issue_bypass_token
FIXTURES_DIR = Path(__file__).resolve().parents[1] / "fixtures"
@@ -59,3 +60,46 @@ async def test_rate_limiter_returns_captcha_challenge(
challenge = payload["captchaChallenge"]
assert challenge["challengeToken"]
assert challenge["imageBase64"]
@pytest.mark.anyio
async def test_rate_limiter_allows_bypass_token(
monkeypatch: pytest.MonkeyPatch,
) -> None:
app = _load_app(monkeypatch, limit=1, window_seconds=60)
raw_headers = (FIXTURES_DIR / "sample_headers.txt").read_text(encoding="utf-8")
request_payload = {
"headers": raw_headers,
"config": {"testIds": [], "resolve": False, "decodeAll": False},
}
client_ip = "203.0.113.5"
bypass_token = issue_bypass_token(client_ip)
async with AsyncClient(
transport=ASGITransport(app=app),
base_url="http://test",
) as client:
response = await client.post(
"/api/analyse",
json=request_payload,
headers={"x-forwarded-for": client_ip},
)
assert response.status_code == 200
response = await client.post(
"/api/analyse",
json=request_payload,
headers={"x-forwarded-for": client_ip},
)
assert response.status_code == 429
response = await client.post(
"/api/analyse",
json=request_payload,
headers={
"x-forwarded-for": client_ip,
BYPASS_TOKEN_HEADER: bypass_token,
},
)
assert response.status_code == 200