fix: lower anonymous limit to 250

MartinKolarik · MartinKolarik · commit 53052321f27a · 2025-01-15T15:29:22.000+01:00
diff --git a/config/default.cjs b/config/default.cjs
@@ -85,7 +85,7 @@ module.exports = {
 		resultTTL: 7 * 24 * 60 * 60, // 7 days
 		rateLimit: {
 			post: {
-				anonymousLimit: 10000,
+				anonymousLimit: 250,
 				authenticatedLimit: 500,
 				reset: 3600,
 			},
diff --git a/config/test.cjs b/config/test.cjs
@@ -44,9 +44,6 @@ module.exports = {
 	measurement: {
 		maxInProgressTests: 2,
 		rateLimit: {
-			post: {
-				anonymousLimit: 100000,
-			},
 			getPerMeasurement: {
 				limit: 1000,
 			},
diff --git a/test/e2e/cases/limits.test.ts b/test/e2e/cases/limits.test.ts
@@ -22,8 +22,8 @@ describe('/limits endpoint', () => {
 				measurements: {
 					create: {
 						type: 'ip',
-						limit: 100000,
-						remaining: 100000,
+						limit: 250,
+						remaining: 250,
 						reset: 0,
 					},
 				},
@@ -46,8 +46,8 @@ describe('/limits endpoint', () => {
 
 		expect(response.body.rateLimit.measurements.create).to.deep.include({
 			type: 'ip',
-			limit: 100000,
-			remaining: 99999,
+			limit: 250,
+			remaining: 249,
 		});
 	});
 });
diff --git a/test/tests/integration/limits.test.ts b/test/tests/integration/limits.test.ts
@@ -61,8 +61,8 @@ describe('rate limiter', () => {
 						measurements: {
 							create: {
 								type: 'ip',
-								limit: 100000,
-								remaining: 100000,
+								limit: 250,
+								remaining: 250,
 								reset: 0,
 							},
 						},
@@ -82,8 +82,8 @@ describe('rate limiter', () => {
 						measurements: {
 							create: {
 								type: 'ip',
-								limit: 100000,
-								remaining: 99999,
+								limit: 250,
+								remaining: 249,
 								reset: 3600,
 							},
 						},
diff --git a/test/tests/integration/middleware/authenticate.test.ts b/test/tests/integration/middleware/authenticate.test.ts
@@ -225,7 +225,7 @@ describe('authenticate', () => {
 				});
 
 			expect(response.status).to.equal(202);
-			expect(response.headers['x-ratelimit-limit']).to.equal('100000');
+			expect(response.headers['x-ratelimit-limit']).to.equal('250');
 		});
 
 		it('should ignore if invalid cookie was passed', async () => {
@@ -241,7 +241,7 @@ describe('authenticate', () => {
 				});
 
 			expect(response.status).to.equal(202);
-			expect(response.headers['x-ratelimit-limit']).to.equal('100000');
+			expect(response.headers['x-ratelimit-limit']).to.equal('250');
 		});
 
 		it('should ignore if cookie signed with a different key was passed', async () => {
@@ -257,7 +257,7 @@ describe('authenticate', () => {
 				});
 
 			expect(response.status).to.equal(202);
-			expect(response.headers['x-ratelimit-limit']).to.equal('100000');
+			expect(response.headers['x-ratelimit-limit']).to.equal('250');
 		});
 	});
 });
diff --git a/test/tests/integration/ratelimit.test.ts b/test/tests/integration/ratelimit.test.ts
@@ -122,9 +122,9 @@ describe('rate limiter', () => {
 				target: 'jsdelivr.com',
 			}).expect(202) as Response;
 
-			expect(response.headers['x-ratelimit-limit']).to.equal('100000');
+			expect(response.headers['x-ratelimit-limit']).to.equal('250');
 			expect(response.headers['x-ratelimit-consumed']).to.equal('1');
-			expect(response.headers['x-ratelimit-remaining']).to.equal('99999');
+			expect(response.headers['x-ratelimit-remaining']).to.equal('249');
 			expect(response.headers['x-ratelimit-reset']).to.equal('3600');
 			expect(response.headers['x-request-cost']).to.equal('1');
 
@@ -133,9 +133,9 @@ describe('rate limiter', () => {
 				target: 'jsdelivr.com',
 			}).expect(202) as Response;
 
-			expect(response2.headers['x-ratelimit-limit']).to.equal('100000');
+			expect(response2.headers['x-ratelimit-limit']).to.equal('250');
 			expect(response.headers['x-ratelimit-consumed']).to.equal('1');
-			expect(response2.headers['x-ratelimit-remaining']).to.equal('99998');
+			expect(response2.headers['x-ratelimit-remaining']).to.equal('248');
 			expect(response2.headers['x-ratelimit-reset']).to.equal('3600');
 			expect(response.headers['x-request-cost']).to.equal('1');
 		});
@@ -190,11 +190,11 @@ describe('rate limiter', () => {
 				target: 'jsdelivr.com',
 			}).expect(202) as Response;
 
-			expect(response.headers['x-ratelimit-remaining']).to.equal('99999');
+			expect(response.headers['x-ratelimit-remaining']).to.equal('249');
 		});
 
 		it('should fail (limit reached)', async () => {
-			await anonymousPostRateLimiter.set(clientIpv6, 100000, 0);
+			await anonymousPostRateLimiter.set(clientIpv6, 250, 0);
 
 			const response = await requestAgent.post('/v1/measurements').send({
 				type: 'ping',
@@ -205,7 +205,7 @@ describe('rate limiter', () => {
 		});
 
 		it('should consume all points successfully or none at all (cost > remaining > 0)', async () => {
-			await anonymousPostRateLimiter.set(clientIpv6, 99999, 0); // 1 remaining
+			await anonymousPostRateLimiter.set(clientIpv6, 249, 0); // 1 remaining
 
 			const response = await requestAgent.post('/v1/measurements').send({
 				type: 'ping',
@@ -293,7 +293,7 @@ describe('rate limiter', () => {
 				}).expect(202) as Response;
 
 			const rateLimiterRes = await anonymousPostRateLimiter.get(`1CJTN06QAyM2JYA3r2FwaSytXEWg1r50xNlUyC1G98w=`);
-			expect(rateLimiterRes?.remainingPoints).to.equal(99999);
+			expect(rateLimiterRes?.remainingPoints).to.equal(249);
 		});
 	});
 
