mirror of
https://github.com/mgeeky/decode-spam-headers.git
synced 2026-02-22 21:43:30 +01:00
177 lines
5.2 KiB
TypeScript
177 lines
5.2 KiB
TypeScript
import { test, expect } from "@playwright/test";
|
|
import fs from "fs/promises";
|
|
import path from "path";
|
|
|
|
import { AnalyzerPage } from "./pages/analyzer-page";
|
|
|
|
const headersPath = path.resolve(__dirname, "fixtures/sample-headers.txt");
|
|
const rateLimit = 3;
|
|
const bypassToken = "playwright-bypass-token";
|
|
const captchaChallenge = {
|
|
challengeToken: "playwright-challenge-token",
|
|
imageBase64:
|
|
"iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR4nGP4z8DwHwAFgwJ/l0pNqQAAAABJRU5ErkJggg==",
|
|
};
|
|
const successReport = {
|
|
results: [],
|
|
hopChain: [],
|
|
securityAppliances: [],
|
|
metadata: {
|
|
totalTests: 0,
|
|
passedTests: 0,
|
|
failedTests: 0,
|
|
skippedTests: 0,
|
|
elapsedMs: 1,
|
|
timedOut: false,
|
|
incompleteTests: [] as string[],
|
|
},
|
|
};
|
|
|
|
const corsHeaders = {
|
|
"access-control-allow-origin": "http://localhost:3100",
|
|
"access-control-allow-credentials": "true",
|
|
};
|
|
|
|
const successSseBody = `event: result\ndata: ${JSON.stringify(successReport)}\n\n`;
|
|
|
|
test("rate limiting shows captcha and retries successfully", async ({ page }) => {
|
|
const headers = await fs.readFile(headersPath, "utf8");
|
|
const analyzer = new AnalyzerPage(page);
|
|
let analyseCount = 0;
|
|
const bypassTokens: string[] = [];
|
|
|
|
await page.route("**/api/analyse", async (route) => {
|
|
analyseCount += 1;
|
|
const bypassHeader = route.request().headers()["x-captcha-bypass-token"];
|
|
if (bypassHeader) {
|
|
bypassTokens.push(bypassHeader);
|
|
}
|
|
|
|
if (analyseCount === rateLimit + 1) {
|
|
await route.fulfill({
|
|
status: 429,
|
|
contentType: "application/json",
|
|
headers: {
|
|
...corsHeaders,
|
|
"retry-after": "60",
|
|
},
|
|
body: JSON.stringify({
|
|
error: "Too many requests",
|
|
retryAfter: 60,
|
|
captchaChallenge,
|
|
}),
|
|
});
|
|
return;
|
|
}
|
|
|
|
await route.fulfill({
|
|
status: 200,
|
|
contentType: "text/event-stream",
|
|
headers: corsHeaders,
|
|
body: successSseBody,
|
|
});
|
|
});
|
|
|
|
await page.route("**/api/captcha/verify", async (route) => {
|
|
await route.fulfill({
|
|
status: 200,
|
|
contentType: "application/json",
|
|
headers: corsHeaders,
|
|
body: JSON.stringify({ success: true, bypassToken }),
|
|
});
|
|
});
|
|
|
|
await analyzer.goto();
|
|
await analyzer.pasteHeaders(headers);
|
|
|
|
const analyseButton = page.getByRole("button", { name: "Analyse Headers" });
|
|
|
|
const runAnalysis = async () => {
|
|
const responsePromise = page.waitForResponse(
|
|
(response) => response.url().includes("/api/analyse") && response.status() === 200,
|
|
);
|
|
await expect(analyseButton).toBeEnabled({ timeout: 30000 });
|
|
await analyseButton.click();
|
|
await responsePromise;
|
|
await expect(analyseButton).toBeEnabled({ timeout: 30000 });
|
|
};
|
|
|
|
for (let attempt = 0; attempt < rateLimit; attempt += 1) {
|
|
await runAnalysis();
|
|
}
|
|
|
|
const [rateLimitResponse] = await Promise.all([
|
|
page.waitForResponse(
|
|
(response) => response.url().includes("/api/analyse") && response.status() === 429,
|
|
),
|
|
analyseButton.click(),
|
|
]);
|
|
|
|
expect(rateLimitResponse.status()).toBe(429);
|
|
|
|
const captchaModal = analyzer.getCaptchaModal();
|
|
await expect(captchaModal).toBeVisible();
|
|
|
|
const captchaTitle = page.getByRole("heading", { name: "Security Check Required" });
|
|
const captchaImage = page.getByTestId("captcha-image");
|
|
const captchaInput = page.getByTestId("captcha-input");
|
|
const captchaClose = page.getByTestId("captcha-close");
|
|
const captchaSubmit = page.getByTestId("captcha-submit");
|
|
|
|
await expect(captchaTitle).toBeVisible();
|
|
await expect(captchaImage).toBeVisible();
|
|
await expect(captchaImage).toHaveAttribute("src", /^data:image\/png;base64,/);
|
|
await expect(captchaClose).toBeVisible();
|
|
await expect(captchaSubmit).toBeVisible();
|
|
await expect(captchaInput).toBeFocused();
|
|
|
|
await page.keyboard.press("Shift+Tab");
|
|
await expect(captchaClose).toBeFocused();
|
|
|
|
await page.keyboard.press("Shift+Tab");
|
|
await expect(captchaSubmit).toBeFocused();
|
|
|
|
await page.keyboard.press("Tab");
|
|
await expect(captchaClose).toBeFocused();
|
|
|
|
await captchaInput.focus();
|
|
await captchaInput.fill("12345");
|
|
|
|
const retryResponsePromise = page.waitForResponse((response) => {
|
|
if (!response.url().includes("/api/analyse")) {
|
|
return false;
|
|
}
|
|
if (response.status() !== 200) {
|
|
return false;
|
|
}
|
|
const bypassHeader = response.request().headers()["x-captcha-bypass-token"];
|
|
return bypassHeader === bypassToken;
|
|
});
|
|
|
|
await page.keyboard.press("Enter");
|
|
|
|
const retryResponse = await retryResponsePromise;
|
|
expect(retryResponse.status()).toBe(200);
|
|
|
|
await expect(captchaModal).toBeHidden({ timeout: 30000 });
|
|
await expect(analyseButton).toBeEnabled({ timeout: 30000 });
|
|
|
|
const followUpResponsePromise = page.waitForResponse((response) => {
|
|
if (!response.url().includes("/api/analyse")) {
|
|
return false;
|
|
}
|
|
if (response.status() !== 200) {
|
|
return false;
|
|
}
|
|
const bypassHeader = response.request().headers()["x-captcha-bypass-token"];
|
|
return bypassHeader === bypassToken;
|
|
});
|
|
|
|
await analyseButton.click();
|
|
await followUpResponsePromise;
|
|
|
|
const bypassHits = bypassTokens.filter((token) => token === bypassToken);
|
|
expect(bypassHits.length).toBeGreaterThanOrEqual(2);
|
|
await expect(analyseButton).toBeEnabled({ timeout: 30000 });
|
|
});
|