fix(core): Use rate limiter for task runner endpoints (#12486)

2025-12-21 03:42:16 +00:00 · 2025-01-08 10:06:36 +02:00
parent b1d17f5201
commit 491cb605e3
2 changed files with 32 additions and 0 deletions
--- a/packages/cli/test/integration/runners/task-runner-server.test.ts
+++ b/packages/cli/test/integration/runners/task-runner-server.test.ts
@@ -19,4 +19,26 @@ describe('TaskRunnerServer', () => {
 			await agent.get('/healthz').expect(200);
 		});
 	});
+
+	describe('/runners/_ws', () => {
+		it('should return 429 when too many requests are made', async () => {
+			await agent.post('/runners/_ws').send({}).expect(401);
+			await agent.post('/runners/_ws').send({}).expect(401);
+			await agent.post('/runners/_ws').send({}).expect(401);
+			await agent.post('/runners/_ws').send({}).expect(401);
+			await agent.post('/runners/_ws').send({}).expect(401);
+			await agent.post('/runners/_ws').send({}).expect(429);
+		});
+	});
+
+	describe('/runners/auth', () => {
+		it('should return 429 when too many requests are made', async () => {
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(403);
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(403);
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(403);
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(403);
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(403);
+			await agent.post('/runners/auth').send({ token: 'invalid' }).expect(429);
+		});
+	});
 });