yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
openclaw-mission-control/backend/tests/test_rate_limit.py

292 lines
10 KiB
Python
Raw Permalink Normal View History

feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
"""Tests for rate limiters (in-memory and Redis-backed)."""
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
from __future__ import annotations
import time
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
from unittest.mock import MagicMock, patch
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
import pytest
from app.core.rate_limit import (
InMemoryRateLimiter,
RedisRateLimiter,
create_rate_limiter,
validate_rate_limit_redis,
)
from app.core.rate_limit_backend import RateLimitBackend
fix(ci): sort rate limit test imports
2026-03-08 00:06:45 +05:30
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
class _FakeRedis:
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
"""Minimal in-process Redis fake supporting the limiter Lua script."""
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
def __init__(self) -> None:
self._sorted_sets: dict[str, dict[str, float]] = {}
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
async def eval(
self,
script: str,
numkeys: int,
key: str,
cutoff: float,
now: float,
member: str,
max_requests: int,
ttl: int,
) -> int:
del script, numkeys, ttl
zset = self._sorted_sets.setdefault(key, {})
expired = [m for m, s in zset.items() if s <= float(cutoff)]
for m in expired:
del zset[m]
if len(zset) < int(max_requests):
zset[member] = float(now)
return 1
oldest_member = min(zset, key=zset.__getitem__)
del zset[oldest_member]
zset[member] = float(now)
return 0
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
def ping(self) -> bool:
return True
def close(self) -> None:
pass
# ---------------------------------------------------------------------------
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
# InMemoryRateLimiter tests
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
# ---------------------------------------------------------------------------
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_allows_requests_within_limit() -> None:
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
limiter = InMemoryRateLimiter(max_requests=5, window_seconds=60.0)
for _ in range(5):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_blocks_requests_over_limit() -> None:
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
limiter = InMemoryRateLimiter(max_requests=3, window_seconds=60.0)
for _ in range(3):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is False
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
@pytest.mark.asyncio()
async def test_blocked_requests_extend_window_without_growing_memory() -> None:
limiter = InMemoryRateLimiter(max_requests=2, window_seconds=1.0)
with patch("time.monotonic", side_effect=[0.0, 0.1, 0.2, 1.05, 1.21]):
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is True
assert len(limiter._buckets["client-a"]) == 2
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_separate_keys_have_independent_limits() -> None:
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
limiter = InMemoryRateLimiter(max_requests=2, window_seconds=60.0)
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
# Different key still allowed
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-b") is True
assert await limiter.is_allowed("client-b") is True
assert await limiter.is_allowed("client-b") is False
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_window_expiry_resets_limit() -> None:
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
limiter = InMemoryRateLimiter(max_requests=2, window_seconds=1.0)
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 13:42:32 -07:00
# Simulate time passing beyond the window
future = time.monotonic() + 2.0
with patch("time.monotonic", return_value=future):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 14:01:18 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_sweep_removes_expired_keys() -> None:
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 14:01:18 -07:00
"""Keys whose timestamps have all expired should be evicted during periodic sweep."""
from app.core.rate_limit import _CLEANUP_INTERVAL
limiter = InMemoryRateLimiter(max_requests=100, window_seconds=1.0)
# Fill with many unique IPs
for i in range(10):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
await limiter.is_allowed(f"stale-{i}")
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 14:01:18 -07:00
assert len(limiter._buckets) == 10
# Advance time so all timestamps expire, then trigger enough calls to
# hit the cleanup interval.
future = time.monotonic() + 2.0
with patch("time.monotonic", return_value=future):
# Drive the call count up to a multiple of _CLEANUP_INTERVAL
remaining = _CLEANUP_INTERVAL - (limiter._call_count % _CLEANUP_INTERVAL)
for i in range(remaining):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
await limiter.is_allowed("trigger-sweep")
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 14:01:18 -07:00
# Stale keys should have been swept; only "trigger-sweep" should remain
assert "stale-0" not in limiter._buckets
assert "trigger-sweep" in limiter._buckets
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
# ---------------------------------------------------------------------------
# RedisRateLimiter tests
# ---------------------------------------------------------------------------
def _make_redis_limiter(
fake: _FakeRedis,
*,
namespace: str = "test",
max_requests: int = 5,
window_seconds: float = 60.0,
) -> RedisRateLimiter:
"""Build a RedisRateLimiter wired to a _FakeRedis instance."""
fix: share a single async Redis client per URL to avoid duplicate connection pools Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 14:13:45 -07:00
with patch("app.core.rate_limit._get_async_redis", return_value=fake):
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
return RedisRateLimiter(
namespace=namespace,
max_requests=max_requests,
window_seconds=window_seconds,
redis_url="redis://fake:6379/0",
)
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_allows_within_limit() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=5)
for _ in range(5):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_blocks_over_limit() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=3)
for _ in range(3):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is False
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
@pytest.mark.asyncio()
async def test_redis_blocked_requests_extend_window_without_growing_storage() -> None:
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=2, window_seconds=1.0)
redis_key = "ratelimit:test:client-a"
with patch("time.time", side_effect=[0.0, 0.1, 0.2, 1.05, 1.21]):
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is False
assert await limiter.is_allowed("client-a") is True
assert len(fake._sorted_sets[redis_key]) == 2
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_separate_keys_independent() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=2)
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
# Different key still allowed
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-b") is True
assert await limiter.is_allowed("client-b") is True
assert await limiter.is_allowed("client-b") is False
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_window_expiry() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=2, window_seconds=1.0)
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is False
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
# Simulate time passing beyond the window
future = time.time() + 2.0
with patch("time.time", return_value=future):
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_fail_open_on_error() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
"""When Redis is unreachable, requests should be allowed (fail-open)."""
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=1)
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
broken_eval = MagicMock(side_effect=ConnectionError("Redis gone"))
limiter._client.eval = broken_eval # type: ignore[assignment]
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
# Should still allow (fail-open) even though Redis is broken
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
assert await limiter.is_allowed("client-a") is True
assert await limiter.is_allowed("client-a") is True # would normally be blocked
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
@pytest.mark.asyncio()
async def test_redis_fail_open_logs_warning() -> None:
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
"""Verify a warning is logged when Redis is unreachable."""
fake = _FakeRedis()
limiter = _make_redis_limiter(fake, max_requests=1)
fix(security): Address PR review feedback
2026-03-08 00:01:04 +05:30
limiter._client.eval = MagicMock(side_effect=ConnectionError("Redis gone")) # type: ignore[assignment]
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
with patch("app.core.rate_limit.logger") as mock_logger:
refactor: switch RedisRateLimiter to async redis.asyncio client Replace sync redis.Redis with redis.asyncio to avoid blocking the event loop during rate-limit checks. Make RateLimiter.is_allowed async across both backends and update all call sites to await. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 12:53:02 -07:00
await limiter.is_allowed("client-a")
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
mock_logger.warning.assert_called_once()
# ---------------------------------------------------------------------------
# Factory tests
# ---------------------------------------------------------------------------
def test_factory_returns_memory_by_default(monkeypatch: pytest.MonkeyPatch) -> None:
monkeypatch.setattr("app.core.config.settings.rate_limit_backend", RateLimitBackend.MEMORY)
limiter = create_rate_limiter(namespace="test", max_requests=10, window_seconds=60.0)
assert isinstance(limiter, InMemoryRateLimiter)
def test_factory_returns_redis_when_configured(monkeypatch: pytest.MonkeyPatch) -> None:
monkeypatch.setattr("app.core.config.settings.rate_limit_backend", RateLimitBackend.REDIS)
Apply ruff reformatting
2026-03-04 13:44:21 -07:00
monkeypatch.setattr("app.core.config.settings.rate_limit_redis_url", "redis://localhost:6379/0")
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
fake = _FakeRedis()
fix: share a single async Redis client per URL to avoid duplicate connection pools Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 14:13:45 -07:00
with patch("app.core.rate_limit._get_async_redis", return_value=fake):
feat: add Redis-backed rate limiter with configurable backend Add RedisRateLimiter using sorted-set sliding window alongside the existing InMemoryRateLimiter. Users choose via RATE_LIMIT_BACKEND (memory|redis) with RATE_LIMIT_REDIS_URL falling back to RQ_REDIS_URL. Redis backend validates connectivity at startup and fails open on transient errors during requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 02:15:14 -07:00
limiter = create_rate_limiter(namespace="test", max_requests=10, window_seconds=60.0)
assert isinstance(limiter, RedisRateLimiter)
# ---------------------------------------------------------------------------
# Startup validation tests
# ---------------------------------------------------------------------------
def test_validate_redis_succeeds_when_reachable() -> None:
fake = _FakeRedis()
with patch("redis.Redis.from_url", return_value=fake):
validate_rate_limit_redis("redis://localhost:6379/0")
def test_validate_redis_raises_on_unreachable() -> None:
mock_client = MagicMock()
mock_client.ping.side_effect = ConnectionError("refused")
with patch("redis.Redis.from_url", return_value=mock_client):
with pytest.raises(ConnectionError, match="unreachable"):
validate_rate_limit_redis("redis://bad:6379/0")
Reference in New Issue Copy Permalink