discourse/spec/components/middleware/anonymous_cache_spec.rb

require "rails_helper"
require_dependency "middleware/anonymous_cache"

describe Middleware::AnonymousCache::Helper do

  def env(opts = {})
    {
      "HTTP_HOST" => "http://test.com",
      "REQUEST_URI" => "/path?bla=1",
      "REQUEST_METHOD" => "GET",
      "rack.input" => ""
    }.merge(opts)
  end

  def new_helper(opts = {})
    Middleware::AnonymousCache::Helper.new(env(opts))
  end

  context "cachable?" do
    it "true by default" do
      expect(new_helper.cacheable?).to eq(true)
    end

    it "is false for non GET" do
      expect(new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?).to eq(false)
    end

    it "is false if it has an auth cookie" do
      expect(new_helper("HTTP_COOKIE" => "jack=1; _t=#{"1" * 32}; jill=2").cacheable?).to eq(false)
    end
  end

  context "per theme cache" do
    it "handles theme keys" do
      theme = Theme.create(name: "test", user_id: -1, user_selectable: true)

      with_bad_theme_key = new_helper("HTTP_COOKIE" => "theme_key=abc").cache_key
      with_no_theme_key = new_helper().cache_key

      expect(with_bad_theme_key).to eq(with_no_theme_key)

      with_good_theme_key = new_helper("HTTP_COOKIE" => "theme_key=#{theme.key}").cache_key

      expect(with_good_theme_key).not_to eq(with_no_theme_key)
    end
  end

  context 'force_anonymous!' do
    before do
      RateLimiter.enable
    end

    after do
      RateLimiter.disable
    end

    it 'will revert to anonymous once we reach the limit' do

      RateLimiter.clear_all!

      is_anon = false

      app = Middleware::AnonymousCache.new(
        lambda do |env|
          is_anon = env["HTTP_COOKIE"].nil?
          [200, {}, ["ok"]]
        end
      )

      global_setting :force_anonymous_min_per_10_seconds, 2
      global_setting :force_anonymous_min_queue_seconds, 1

      env = {
        "HTTP_COOKIE" => "_t=#{SecureRandom.hex}",
        "HOST" => "site.com",
        "REQUEST_METHOD" => "GET",
        "REQUEST_URI" => "/somewhere/rainbow",
        "REQUEST_QUEUE_SECONDS" => 2.1,
        "rack.input" => StringIO.new
      }

      is_anon = false
      app.call(env.dup)
      expect(is_anon).to eq(false)

      is_anon = false
      app.call(env.dup)
      expect(is_anon).to eq(false)

      is_anon = false
      app.call(env.dup)
      expect(is_anon).to eq(true)

      is_anon = false
      _status, headers, _body = app.call(env.dup)
      expect(is_anon).to eq(true)
      expect(headers['Set-Cookie']).to eq('dosp=1')

      # tricky change, a 50ms delay still will trigger protection
      # once it is tripped

      env["REQUEST_QUEUE_SECONDS"] = 0.05
      is_anon = false

      app.call(env.dup)
      expect(is_anon).to eq(true)

      is_anon = false
      env["REQUEST_QUEUE_SECONDS"] = 0.01

      app.call(env.dup)
      expect(is_anon).to eq(false)
    end
  end

  context "cached" do
    let!(:helper) do
      new_helper("ANON_CACHE_DURATION" => 10)
    end

    let!(:crawler) do
      new_helper("ANON_CACHE_DURATION" => 10, "HTTP_USER_AGENT" => "AdsBot-Google (+http://www.google.com/adsbot.html)")
    end

    after do
      helper.clear_cache
      crawler.clear_cache
    end

    it "handles brotli switching" do
      helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])

      helper = new_helper("ANON_CACHE_DURATION" => 10)
      expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])

      helper = new_helper("ANON_CACHE_DURATION" => 10, "HTTP_ACCEPT_ENCODING" => "gz, br")
      expect(helper.cached).to eq(nil)
    end

    it "returns cached data for cached requests" do
      helper.is_mobile = true
      expect(helper.cached).to eq(nil)
      helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])

      helper = new_helper("ANON_CACHE_DURATION" => 10)
      helper.is_mobile = true
      expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])

      expect(crawler.cached).to eq(nil)
      crawler.cache([200, { "HELLO" => "WORLD" }, ["hello ", "world"]])
      expect(crawler.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello world"]])
    end
  end

end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require "rails_helper"`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`require_dependency "middleware/anonymous_cache"`

			`describe Middleware::AnonymousCache::Helper do`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def env(opts = {})`
FEATURE: rudimentary view tracking wired in 2015-02-04 00:14:56 -05:00			`{`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`"HTTP_HOST" => "http://test.com",`
			`"REQUEST_URI" => "/path?bla=1",`
FEATURE: rudimentary view tracking wired in 2015-02-04 00:14:56 -05:00			`"REQUEST_METHOD" => "GET",`
			`"rack.input" => ""`
			`}.merge(opts)`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def new_helper(opts = {})`
FEATURE: rudimentary view tracking wired in 2015-02-04 00:14:56 -05:00			`Middleware::AnonymousCache::Helper.new(env(opts))`
			`end`

remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`context "cachable?" do`
			`it "true by default" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(new_helper.cacheable?).to eq(true)`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`end`

			`it "is false for non GET" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?).to eq(false)`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`end`
logged in requests were being treated as anon, causing major havoc 2013-10-16 19:37:06 -04:00
			`it "is false if it has an auth cookie" do`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`expect(new_helper("HTTP_COOKIE" => "jack=1; _t=#{"1" * 32}; jill=2").cacheable?).to eq(false)`
logged in requests were being treated as anon, causing major havoc 2013-10-16 19:37:06 -04:00			`end`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`end`

SECURITY: theme key should be an anon cache breaker 2017-06-15 09:36:27 -04:00			`context "per theme cache" do`
			`it "handles theme keys" do`
			`theme = Theme.create(name: "test", user_id: -1, user_selectable: true)`

			`with_bad_theme_key = new_helper("HTTP_COOKIE" => "theme_key=abc").cache_key`
			`with_no_theme_key = new_helper().cache_key`

			`expect(with_bad_theme_key).to eq(with_no_theme_key)`

			`with_good_theme_key = new_helper("HTTP_COOKIE" => "theme_key=#{theme.key}").cache_key`

			`expect(with_good_theme_key).not_to eq(with_no_theme_key)`
			`end`
			`end`

FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`context 'force_anonymous!' do`
			`before do`
			`RateLimiter.enable`
			`end`

			`after do`
			`RateLimiter.disable`
			`end`

			`it 'will revert to anonymous once we reach the limit' do`

			`RateLimiter.clear_all!`

			`is_anon = false`

			`app = Middleware::AnonymousCache.new(`
			`lambda do \|env\|`
			`is_anon = env["HTTP_COOKIE"].nil?`
			`[200, {}, ["ok"]]`
			`end`
			`)`

			`global_setting :force_anonymous_min_per_10_seconds, 2`
			`global_setting :force_anonymous_min_queue_seconds, 1`

			`env = {`
			`"HTTP_COOKIE" => "_t=#{SecureRandom.hex}",`
			`"HOST" => "site.com",`
			`"REQUEST_METHOD" => "GET",`
			`"REQUEST_URI" => "/somewhere/rainbow",`
			`"REQUEST_QUEUE_SECONDS" => 2.1,`
			`"rack.input" => StringIO.new`
			`}`

PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00			`is_anon = false`
			`app.call(env.dup)`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`expect(is_anon).to eq(false)`

PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00			`is_anon = false`
			`app.call(env.dup)`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`expect(is_anon).to eq(false)`

PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00			`is_anon = false`
			`app.call(env.dup)`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`expect(is_anon).to eq(true)`

PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00			`is_anon = false`
			`_status, headers, _body = app.call(env.dup)`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`expect(is_anon).to eq(true)`
			`expect(headers['Set-Cookie']).to eq('dosp=1')`
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00
			`# tricky change, a 50ms delay still will trigger protection`
			`# once it is tripped`

			`env["REQUEST_QUEUE_SECONDS"] = 0.05`
			`is_anon = false`

			`app.call(env.dup)`
			`expect(is_anon).to eq(true)`

			`is_anon = false`
			`env["REQUEST_QUEUE_SECONDS"] = 0.01`

			`app.call(env.dup)`
			`expect(is_anon).to eq(false)`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`end`
			`end`

remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`context "cached" do`
			`let!(:helper) do`
			`new_helper("ANON_CACHE_DURATION" => 10)`
			`end`

BUGFIX: web crawlers messing with anon caching 2014-04-28 20:48:09 -04:00			`let!(:crawler) do`
			`new_helper("ANON_CACHE_DURATION" => 10, "HTTP_USER_AGENT" => "AdsBot-Google (+http://www.google.com/adsbot.html)")`
			`end`

remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`after do`
			`helper.clear_cache`
BUGFIX: web crawlers messing with anon caching 2014-04-28 20:48:09 -04:00			`crawler.clear_cache`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`end`

FEATURE: brotli cdn bypass for assets Allow CDNS that strip out brotli encoding to use brotli regardless 2016-12-04 21:57:09 -05:00			`it "handles brotli switching" do`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])`
FEATURE: brotli cdn bypass for assets Allow CDNS that strip out brotli encoding to use brotli regardless 2016-12-04 21:57:09 -05:00
			`helper = new_helper("ANON_CACHE_DURATION" => 10)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])`
FEATURE: brotli cdn bypass for assets Allow CDNS that strip out brotli encoding to use brotli regardless 2016-12-04 21:57:09 -05:00
			`helper = new_helper("ANON_CACHE_DURATION" => 10, "HTTP_ACCEPT_ENCODING" => "gz, br")`
			`expect(helper.cached).to eq(nil)`
			`end`

remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`it "returns cached data for cached requests" do`
BUGFIX: fix broken spec 2014-01-08 23:11:04 -05:00			`helper.is_mobile = true`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(helper.cached).to eq(nil)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])`
BUGFIX: web crawlers messing with anon caching 2014-04-28 20:48:09 -04:00
			`helper = new_helper("ANON_CACHE_DURATION" => 10)`
			`helper.is_mobile = true`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])`
BUGFIX: web crawlers messing with anon caching 2014-04-28 20:48:09 -04:00
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(crawler.cached).to eq(nil)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`crawler.cache([200, { "HELLO" => "WORLD" }, ["hello ", "world"]])`
			`expect(crawler.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello world"]])`
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created 2013-10-16 01:39:18 -04:00			`end`
			`end`

			`end`