fix(#19): Implement rate limiting for auth and write-heavy endpoints

2026-03-06 23:55:29 +00:00 · 2026-03-06 23:55:29 +00:00 · 2b09cf05eb
commit 2b09cf05eb
parent a0fc6fe236
3 changed files with 128 additions and 7 deletions
--- a/backend/src/tests/rateLimit.test.js
+++ b/backend/src/tests/rateLimit.test.js
@ -0,0 +1,65 @@
+import { rateLimit, authRateLimit } from '../middleware/rateLimit.js';
+import express from 'express';
+import request from 'supertest';
+
+describe('Rate Limit Middleware', () => {
+  let app;
+
+  beforeEach(() => {
+    app = express();
+    app.use(express.json());
+  });
+
+  it('should allow requests within limit', (done) => {
+    const middleware = rateLimit({ max: 2, windowMs: 1000 });
+    
+    app.get('/test', middleware, (req, res) => {
+      res.status(200).json({ message: 'OK' });
+    });
+
+    request(app)
+      .get('/test')
+      .expect(200)
+      .end(done);
+  });
+
+  it('should block requests exceeding limit', (done) => {
+    const middleware = rateLimit({ max: 1, windowMs: 1000 });
+    
+    app.get('/test', middleware, (req, res) => {
+      res.status(200).json({ message: 'OK' });
+    });
+
+    // Erster Request sollte erfolgreich sein
+    request(app)
+      .get('/test')
+      .expect(200)
+      .end(() => {
+        // Zweiter Request sollte blockiert werden
+        request(app)
+          .get('/test')
+          .expect(429)
+          .end(done);
+      });
+  });
+
+  it('should apply auth rate limiting correctly', (done) => {
+    const middleware = authRateLimit({ max: 1, windowMs: 1000 });
+    
+    app.get('/auth-test', middleware, (req, res) => {
+      res.status(200).json({ message: 'OK' });
+    });
+
+    // Erster Request sollte erfolgreich sein
+    request(app)
+      .get('/auth-test')
+      .expect(200)
+      .end(() => {
+        // Zweiter Request sollte blockiert werden
+        request(app)
+          .get('/auth-test')
+          .expect(429)
+          .end(done);
+      });
+  });
+});