Merge pull request rails#52825 from fatkodima/include-caching-in-api-controllers

kamipo · web-flow · commit 2ae883cc1624 · 2024-09-07T17:47:34.000+09:00
Fix rate limiting for `ActionController::API` controllers
diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb
@@ -123,6 +123,7 @@ def self.without_modules(*modules)
       BasicImplicitRender,
       StrongParameters,
       RateLimiting,
+      Caching,
 
       DataStreaming,
       DefaultHeaders,
diff --git a/actionpack/test/controller/api/rate_limiting_test.rb b/actionpack/test/controller/api/rate_limiting_test.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+
+class ApiRateLimitedController < ActionController::API
+  self.cache_store = ActiveSupport::Cache::MemoryStore.new
+  rate_limit to: 2, within: 2.seconds, only: :limited_to_two
+
+  def limited_to_two
+    head :ok
+  end
+end
+
+class ApiRateLimitingTest < ActionController::TestCase
+  tests ApiRateLimitedController
+
+  setup do
+    ApiRateLimitedController.cache_store.clear
+  end
+
+  test "exceeding basic limit" do
+    get :limited_to_two
+    get :limited_to_two
+    assert_response :ok
+
+    get :limited_to_two
+    assert_response :too_many_requests
+  end
+
+  test "limit resets after time" do
+    get :limited_to_two
+    get :limited_to_two
+    assert_response :ok
+
+    travel_to Time.now + 3.seconds do
+      get :limited_to_two
+      assert_response :ok
+    end
+  end
+end
