Randall Sexton

RateLimiter.Tests.Api/Controllers/WeatherForecastController.cs

@@ -0,0 +1,49 @@
+using Microsoft.AspNetCore.Mvc;
+
+using RateLimiter.Config;
+
+namespace RateLimiter.Tests.Api.Controllers
+{
+    //[RateLimitedResource(RuleName = "RequestsPerTimespan-Default")]
+    [ApiController]
+    [Route("[controller]")]
+    public class WeatherForecastController : ControllerBase
+    {
+        private static readonly string[] Summaries = new[]
+        {
+            "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
+        };
+
+        private readonly ILogger<WeatherForecastController> _logger;
+
+        public WeatherForecastController(ILogger<WeatherForecastController> logger)
+        {
+            _logger = logger;
+        }
+
+        [RateLimitedResource(RuleName = "GeoTokenRule")]
+        [HttpGet(Name = "GetWeatherForecast")]
+        public IEnumerable<WeatherForecast> Get()
+        {
+            return Enumerable.Range(1, 5).Select(index => new WeatherForecast
+            {
+                Date = DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
+                TemperatureC = Random.Shared.Next(-20, 55),
+                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+            })
+            .ToArray();
+        }
+
+        [HttpGet("{maxRandom}")]
+        public IEnumerable<WeatherForecast> GetAlt(int maxRandom)
+        {
+            return Enumerable.Range(1, 5).Select(index => new WeatherForecast
+                {
+                    Date = DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
+                    TemperatureC = Random.Shared.Next(-20, 55),
+                    Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+                })
+                .ToArray();
+        }
+    }
+}

RateLimiter.Tests.Api/Middleware/RateLimiting/GeoTokenDiscriminator.cs

@@ -0,0 +1,42 @@
+using RateLimiter.Abstractions;
+using RateLimiter.Discriminators;
+
+using static RateLimiter.Config.RateLimiterConfiguration;
+
+namespace RateLimiter.Tests.Api.Middleware.RateLimiting;
+
+public class GeoTokenDiscriminator : IRateLimitDiscriminator
+{
+    public DiscriminatorConfiguration Configuration { get; set; }
+
+    /// <summary>
+    /// This functionality could have been obtained using <see cref="RequestHeaderDiscriminator"/>, but showing extensibility
+    /// </summary>
+    /// <param name="context"></param>
+    /// <param name="rateLimitRule"></param>
+    /// <returns></returns>
+    public DiscriminatorEvaluationResult Evaluate(HttpContext context)
+    {
+        if (!context.Request.Headers.TryGetValue("x-crexi-token", out var value))
+        {
+            return new DiscriminatorEvaluationResult(Configuration.Name)
+            {
+                IsMatch = false
+            };
+        }
+
+        return value.ToString().StartsWith("US") ?
+            new DiscriminatorEvaluationResult(Configuration.Name)
+            {
+                IsMatch = true,
+                MatchValue = value.ToString(),
+                AlgorithmName = Configuration.AlgorithmNames[0]
+            } :
+            new DiscriminatorEvaluationResult(Configuration.Name)
+            {
+                IsMatch = true,
+                MatchValue = value.ToString(),
+                AlgorithmName = Configuration.AlgorithmNames[1]
+            };
+    }
+}

RateLimiter.Tests.Api/Program.cs

@@ -0,0 +1,30 @@
+using RateLimiter.Config;
+using RateLimiter.DependencyInjection;
+using RateLimiter.Tests.Api.Middleware.RateLimiting;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Services.AddControllers();
+builder.Services.AddOpenApi();
+builder.Services.AddSwaggerGen();
+
+builder.Services.AddRateLimiting()
+    .WithCustomDiscriminator<GeoTokenDiscriminator>()
+    .WithConfiguration<RateLimiterConfiguration>(builder.Configuration.GetSection("RateLimiter"));
+
+var app = builder.Build();
+
+if (app.Environment.IsDevelopment())
+{
+    app.MapOpenApi();
+    app.UseSwagger();
+    app.UseSwaggerUI();
+}
+
+app.UseAuthorization();
+
+app.MapControllers();
+
+app.UseRateLimiting();
+
+app.Run();

RateLimiter.Tests.Api/Properties/launchSettings.json

@@ -0,0 +1,15 @@
+{
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "launchBrowser": false,
+      "launchUrl": "swagger",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "dotnetRunMessages": true,
+      "applicationUrl": "http://localhost:5252"
+    }
+  },
+  "$schema": "https://json.schemastore.org/launchsettings.json"
+}

RateLimiter.Tests.Api/RateLimiter.Tests.Api.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.1" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\RateLimiter\RateLimiter.csproj" />
+  </ItemGroup>
+	<ItemGroup>
+		<InternalsVisibleTo Include="RateLimiter.Tests.Integration"></InternalsVisibleTo>
+	</ItemGroup>
+
+</Project>

RateLimiter.Tests.Api/RateLimiter.Tests.Api.csproj.user

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ActiveDebugProfile>https</ActiveDebugProfile>
+  </PropertyGroup>
+</Project>

RateLimiter.Tests.Api/RateLimiter.Tests.Api.http

@@ -0,0 +1,6 @@
+@RateLimiter.Tests.Api_HostAddress = http://localhost:5252
+
+GET {{RateLimiter.Tests.Api_HostAddress}}/weatherforecast/
+Accept: application/json
+
+###

RateLimiter.Tests.Api/WeatherForecast.cs

@@ -0,0 +1,13 @@
+namespace RateLimiter.Tests.Api
+{
+    public class WeatherForecast
+    {
+        public DateOnly Date { get; set; }
+
+        public int TemperatureC { get; set; }
+
+        public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
+
+        public string? Summary { get; set; }
+    }
+}

RateLimiter.Tests.Api/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

RateLimiter.Tests.Api/appsettings.json

@@ -0,0 +1,44 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*",
+  "RateLimiter": {
+    "Algorithms": [
+      {
+        "Name": "TSElapsed0",
+        "Type": "TimespanElapsed",
+        "Parameters": {
+          "MinIntervalMS": 3000
+        }
+      },
+      {
+        "Name": "ReqPerTspan0",
+        "Type": "FixedWindow",
+        "Parameters": {
+          "MaxRequests": 2,
+          "WindowDurationMS": 3000
+        }
+      }
+    ],
+    "Discriminators": [
+      {
+        "Name": "GeoTokenDisc",
+        "Type": "Custom",
+        "CustomDiscriminatorType": "GeoTokenDiscriminator",
+        "DiscriminatorKey": null,
+        "DiscriminatorMatch": null,
+        "AlgorithmNames": [ "ReqPerTspan0", "TSElapsed0" ]
+      }
+    ],
+    "Rules": [
+      {
+        "Name": "GeoTokenRule",
+        "Discriminators": [ "GeoTokenDisc" ]
+      }
+    ]
+  }
+}

RateLimiter.Tests.Integration/RateLimiter.Tests.Integration.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="AutoFixture" Version="4.18.1" />
+    <PackageReference Include="FluentAssertions" Version="7.1.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\RateLimiter.Tests.Api\RateLimiter.Tests.Api.csproj" />
+  </ItemGroup>
+
+</Project>

RateLimiter.Tests.Integration/WeatherForecastControllerTests.cs

@@ -0,0 +1,88 @@
+using FluentAssertions;
+
+using Microsoft.AspNetCore.Mvc.Testing;
+
+using System.Net;
+
+using Xunit;
+using Xunit.Abstractions;
+
+namespace RateLimiter.Tests.Integration
+{
+    public class WeatherForecastControllerTests(ITestOutputHelper output)
+    {
+        [Fact]
+        public async Task GetAsync_ReturnsOk()
+        {
+            var factory = new WebApplicationFactory<Program>();
+            var client = factory.CreateClient();
+            var response = await client.GetAsync("WeatherForecast");
+
+            response.StatusCode.Should().Be(HttpStatusCode.OK);
+        }
+
+        /// <summary>
+        /// Represents many unique clients (US and EU) making many calls to our API
+        /// </summary>
+        /// <returns></returns>
+        [Fact]
+        public async Task GetAsync_WhenAllTokensAreUnique_RequestsAreNotRateLimited()
+        {
+            // arrange
+            var factory = new WebApplicationFactory<Program>();
+
+            var tasks = new List<Task<HttpResponseMessage>>();
+
+            for (var i = 0; i < 10_000; i++)
+            {
+                var client = factory.CreateClient();
+                client.DefaultRequestHeaders.Add("x-crexi-token",
+                    i % 2 == 0 ? $"US-{Guid.NewGuid()}" : $"EU-{Guid.NewGuid()}");
+
+                tasks.Add(client.GetAsync("WeatherForecast"));
+            }
+
+            // act
+            await Task.WhenAll(tasks);
+
+            // assert
+            var limited = tasks.Any(t => !t.Result.IsSuccessStatusCode);
+            limited.Should().BeFalse(because: "all clients have unique tokens");
+        }
+
+        /// <summary>
+        /// Represents two clients (one US and one EU) making many calls to our API
+        /// </summary>
+        /// <returns></returns>
+        [Fact]
+        public async Task GetAsync_WhenTokensAreNotUnique_RequestsAreRateLimited()
+        {
+            // arrange
+            var factory = new WebApplicationFactory<Program>();
+
+            var tasks = new List<Task<HttpResponseMessage>>();
+
+            var usToken = $"US-{Guid.NewGuid()}";
+            var euToken = $"EU-{Guid.NewGuid()}";
+
+            for (var i = 0; i < 10_000; i++)
+            {
+                var client = factory.CreateClient();
+                client.DefaultRequestHeaders.Add("x-crexi-token",
+                    i % 2 == 0 ? usToken : euToken);
+                tasks.Add(client.GetAsync("WeatherForecast"));
+            }
+
+            // act
+            await Task.WhenAll(tasks);
+
+            // assert
+            var allowed = tasks.Count(t => t.Result.IsSuccessStatusCode);
+            var limited = tasks.Count(t => !t.Result.IsSuccessStatusCode);
+
+            output.WriteLine($"Allowed: {allowed}\tLimited: {limited}");
+            var percent = ((double)limited / tasks.Count)*100;
+            percent.Should().BeApproximately(99, 2.0, because: "two clients are banging on the door");
+        }
+    }
+}