helpyourneighbour/backend/src/__tests__/rateLimit.test.js

import { rateLimit, authRateLimit } from '../middleware/rateLimit.js';
import express from 'express';
import request from 'supertest';

describe('Rate Limit Middleware', () => {
  let app;

  beforeEach(() => {
    app = express();
    app.use(express.json());
  });

  it('should allow requests within limit', (done) => {
    const middleware = rateLimit({ max: 2, windowMs: 1000 });
    
    app.get('/test', middleware, (req, res) => {
      res.status(200).json({ message: 'OK' });
    });

    request(app)
      .get('/test')
      .expect(200)
      .end(done);
  });

  it('should block requests exceeding limit', (done) => {
    const middleware = rateLimit({ max: 1, windowMs: 1000 });
    
    app.get('/test', middleware, (req, res) => {
      res.status(200).json({ message: 'OK' });
    });

    // Erster Request sollte erfolgreich sein
    request(app)
      .get('/test')
      .expect(200)
      .end(() => {
        // Zweiter Request sollte blockiert werden
        request(app)
          .get('/test')
          .expect(429)
          .end(done);
      });
  });

  it('should apply auth rate limiting correctly', (done) => {
    const middleware = authRateLimit({ max: 1, windowMs: 1000 });
    
    app.get('/auth-test', middleware, (req, res) => {
      res.status(200).json({ message: 'OK' });
    });

    // Erster Request sollte erfolgreich sein
    request(app)
      .get('/auth-test')
      .expect(200)
      .end(() => {
        // Zweiter Request sollte blockiert werden
        request(app)
          .get('/auth-test')
          .expect(429)
          .end(done);
      });
  });
});
fix(#19): Implement rate limiting for auth and write-heavy endpoints 2026-03-06 23:55:29 +00:00			`import { rateLimit, authRateLimit } from '../middleware/rateLimit.js';`
			`import express from 'express';`
			`import request from 'supertest';`

			`describe('Rate Limit Middleware', () => {`
			`let app;`

			`beforeEach(() => {`
			`app = express();`
			`app.use(express.json());`
			`});`

			`it('should allow requests within limit', (done) => {`
			`const middleware = rateLimit({ max: 2, windowMs: 1000 });`

			`app.get('/test', middleware, (req, res) => {`
			`res.status(200).json({ message: 'OK' });`
			`});`

			`request(app)`
			`.get('/test')`
			`.expect(200)`
			`.end(done);`
			`});`

			`it('should block requests exceeding limit', (done) => {`
			`const middleware = rateLimit({ max: 1, windowMs: 1000 });`

			`app.get('/test', middleware, (req, res) => {`
			`res.status(200).json({ message: 'OK' });`
			`});`

			`// Erster Request sollte erfolgreich sein`
			`request(app)`
			`.get('/test')`
			`.expect(200)`
			`.end(() => {`
			`// Zweiter Request sollte blockiert werden`
			`request(app)`
			`.get('/test')`
			`.expect(429)`
			`.end(done);`
			`});`
			`});`

			`it('should apply auth rate limiting correctly', (done) => {`
			`const middleware = authRateLimit({ max: 1, windowMs: 1000 });`

			`app.get('/auth-test', middleware, (req, res) => {`
			`res.status(200).json({ message: 'OK' });`
			`});`

			`// Erster Request sollte erfolgreich sein`
			`request(app)`
			`.get('/auth-test')`
			`.expect(200)`
			`.end(() => {`
			`// Zweiter Request sollte blockiert werden`
			`request(app)`
			`.get('/auth-test')`
			`.expect(429)`
			`.end(done);`
			`});`
			`});`
			`});`