diff --git a/app/app.js b/app/app.js index 7a787470c..c9f41e61a 100644 --- a/app/app.js +++ b/app/app.js @@ -8,6 +8,7 @@ const querystring = require('querystring'); const log = require('./src/components/log')(module.filename); const httpLogger = require('./src/components/log').httpLogger; const middleware = require('./src/forms/common/middleware'); +const rateLimiter = require('./src/forms/common/middleware').apiKeyRateLimiter; const v1Router = require('./src/routes/v1'); const DataConnection = require('./src/db/dataConnection'); @@ -52,6 +53,8 @@ app.use((_req, res, next) => { } }); +app.use(config.get('server.basePath') + config.get('server.apiPath'), rateLimiter); + // Frontend configuration endpoint apiRouter.use('/config', (_req, res, next) => { try { diff --git a/app/src/forms/admin/routes.js b/app/src/forms/admin/routes.js index 438202449..638075ac4 100644 --- a/app/src/forms/admin/routes.js +++ b/app/src/forms/admin/routes.js @@ -2,13 +2,10 @@ const routes = require('express').Router(); const jwtService = require('../../components/jwtService'); const currentUser = require('../auth/middleware/userAccess').currentUser; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const userController = require('../user/controller'); const controller = require('./controller'); -routes.use(rateLimiter); - // Routes under /admin fetch data without doing form permission checks. All // routes in this file should remain under the "admin" role check, with the // "admin" role only given to people who have permission to read all data. diff --git a/app/src/forms/file/routes.js b/app/src/forms/file/routes.js index ae65e0b19..95e21c232 100644 --- a/app/src/forms/file/routes.js +++ b/app/src/forms/file/routes.js @@ -3,13 +3,11 @@ const routes = require('express').Router(); const apiAccess = require('../auth/middleware/apiAccess'); const { currentUser } = require('../auth/middleware/userAccess'); const P = require('../common/constants').Permissions; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const controller = require('./controller'); const { currentFileRecord, hasFileCreate, hasFilePermissions } = require('./middleware/filePermissions'); const fileUpload = require('./middleware/upload').fileUpload; -routes.use(rateLimiter); routes.use(currentUser); routes.param('fileId', validateParameter.validateFileId); diff --git a/app/src/forms/form/routes.js b/app/src/forms/form/routes.js index d462e338b..10c3572bc 100644 --- a/app/src/forms/form/routes.js +++ b/app/src/forms/form/routes.js @@ -4,11 +4,9 @@ const jwtService = require('../../components/jwtService'); const apiAccess = require('../auth/middleware/apiAccess'); const { currentUser, hasFormPermissions } = require('../auth/middleware/userAccess'); const P = require('../common/constants').Permissions; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const controller = require('./controller'); -routes.use(rateLimiter); routes.use(currentUser); routes.param('documentTemplateId', validateParameter.validateDocumentTemplateId); diff --git a/app/src/forms/permission/routes.js b/app/src/forms/permission/routes.js index fe6205497..02a43e39f 100644 --- a/app/src/forms/permission/routes.js +++ b/app/src/forms/permission/routes.js @@ -2,11 +2,9 @@ const routes = require('express').Router(); const jwtService = require('../../components/jwtService'); const currentUser = require('../auth/middleware/userAccess').currentUser; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const controller = require('./controller'); -routes.use(rateLimiter); routes.use(jwtService.protect('admin')); routes.use(currentUser); diff --git a/app/src/forms/role/routes.js b/app/src/forms/role/routes.js index 56262bbb3..86540f0b2 100644 --- a/app/src/forms/role/routes.js +++ b/app/src/forms/role/routes.js @@ -2,11 +2,9 @@ const routes = require('express').Router(); const jwtService = require('../../components/jwtService'); const currentUser = require('../auth/middleware/userAccess').currentUser; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const controller = require('./controller'); -routes.use(rateLimiter); routes.use(currentUser); routes.param('code', validateParameter.validateRoleCode); diff --git a/app/src/forms/submission/routes.js b/app/src/forms/submission/routes.js index 17d973105..b4c3e3f34 100644 --- a/app/src/forms/submission/routes.js +++ b/app/src/forms/submission/routes.js @@ -3,11 +3,9 @@ const routes = require('express').Router(); const apiAccess = require('../auth/middleware/apiAccess'); const { currentUser, hasSubmissionPermissions, filterMultipleSubmissions } = require('../auth/middleware/userAccess'); const P = require('../common/constants').Permissions; -const rateLimiter = require('../common/middleware').apiKeyRateLimiter; const validateParameter = require('../common/middleware/validateParameter'); const controller = require('./controller'); -routes.use(rateLimiter); routes.use(currentUser); routes.param('documentTemplateId', validateParameter.validateDocumentTemplateId); diff --git a/app/tests/unit/forms/file/routes.spec.js b/app/tests/unit/forms/file/routes.spec.js index 19a00ed35..59c5a3b4c 100644 --- a/app/tests/unit/forms/file/routes.spec.js +++ b/app/tests/unit/forms/file/routes.spec.js @@ -5,7 +5,6 @@ const { expressHelper } = require('../../../common/helper'); const apiAccess = require('../../../../src/forms/auth/middleware/apiAccess'); const userAccess = require('../../../../src/forms/auth/middleware/userAccess'); -const rateLimiter = require('../../../../src/forms/common/middleware/rateLimiter'); const validateParameter = require('../../../../src/forms/common/middleware/validateParameter'); const controller = require('../../../../src/forms/file/controller'); const filePermissions = require('../../../../src/forms/file/middleware/filePermissions'); @@ -36,10 +35,6 @@ filePermissions.hasFilePermissions = jest.fn(() => { return hasFilePermissionsMock; }); -rateLimiter.apiKeyRateLimiter = jest.fn((_req, _res, next) => { - next(); -}); - upload.fileUpload.upload = jest.fn((_req, _res, next) => { next(); }); @@ -80,7 +75,6 @@ describe(`${basePath}`, () => { expect(filePermissions.currentFileRecord).toBeCalledTimes(0); expect(filePermissions.hasFileCreate).toBeCalledTimes(1); expect(hasFilePermissionsMock).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(upload.fileUpload.upload).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateFileId).toBeCalledTimes(0); @@ -103,7 +97,6 @@ describe(`${basePath}/:id`, () => { expect(filePermissions.currentFileRecord).toBeCalledTimes(1); expect(filePermissions.hasFileCreate).toBeCalledTimes(0); expect(hasFilePermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(upload.fileUpload.upload).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateFileId).toBeCalledTimes(1); @@ -121,7 +114,6 @@ describe(`${basePath}/:id`, () => { expect(filePermissions.currentFileRecord).toBeCalledTimes(1); expect(filePermissions.hasFileCreate).toBeCalledTimes(0); expect(hasFilePermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(upload.fileUpload.upload).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateFileId).toBeCalledTimes(1); diff --git a/app/tests/unit/forms/form/externalApi/routes.spec.js b/app/tests/unit/forms/form/externalApi/routes.spec.js index d31ac02ef..f7878945e 100644 --- a/app/tests/unit/forms/form/externalApi/routes.spec.js +++ b/app/tests/unit/forms/form/externalApi/routes.spec.js @@ -6,7 +6,6 @@ const { expressHelper } = require('../../../../common/helper'); const jwtService = require('../../../../../src/components/jwtService'); const apiAccess = require('../../../../../src/forms/auth/middleware/apiAccess'); const userAccess = require('../../../../../src/forms/auth/middleware/userAccess'); -const rateLimiter = require('../../../../../src/forms/common/middleware/rateLimiter'); const validateParameter = require('../../../../../src/forms/common/middleware/validateParameter'); const controller = require('../../../../../src/forms/form/externalApi/controller'); @@ -28,10 +27,6 @@ jwtService.protect = jest.fn(() => { }); }); -rateLimiter.apiKeyRateLimiter = jest.fn((_req, _res, next) => { - next(); -}); - const hasFormPermissionsMock = jest.fn((_req, _res, next) => { next(); }); @@ -82,7 +77,6 @@ describe(`${basePath}/:formId/externalAPIs`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.listExternalAPIs).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -98,7 +92,6 @@ describe(`${basePath}/:formId/externalAPIs`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.createExternalAPI).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -126,7 +119,6 @@ describe(`${basePath}/:formId/externalAPIs/:externalAPIId`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.deleteExternalAPI).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(1); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -154,7 +146,6 @@ describe(`${basePath}/:formId/externalAPIs/:externalAPIId`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.updateExternalAPI).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(1); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -182,7 +173,6 @@ describe(`${basePath}/:formId/externalAPIs/algorithms`, () => { expect(validateParameter.validateFormId).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(0); expect(apiAccess).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(controller.listExternalAPIAlgorithms).toBeCalledTimes(1); }); @@ -222,7 +212,6 @@ describe(`${basePath}/:formId/externalAPIs/statusCodes`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.listExternalAPIStatusCodes).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(0); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateExternalAPIId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); diff --git a/app/tests/unit/forms/form/routes.spec.js b/app/tests/unit/forms/form/routes.spec.js index 74eb678d3..91cd650d7 100644 --- a/app/tests/unit/forms/form/routes.spec.js +++ b/app/tests/unit/forms/form/routes.spec.js @@ -6,7 +6,6 @@ const { expressHelper } = require('../../../common/helper'); const jwtService = require('../../../../src/components/jwtService'); const apiAccess = require('../../../../src/forms/auth/middleware/apiAccess'); const userAccess = require('../../../../src/forms/auth/middleware/userAccess'); -const rateLimiter = require('../../../../src/forms/common/middleware/rateLimiter'); const validateParameter = require('../../../../src/forms/common/middleware/validateParameter'); const controller = require('../../../../src/forms/form/controller'); @@ -29,10 +28,6 @@ jwtService.protect = jest.fn(() => { return mockJwtServiceProtect; }); -rateLimiter.apiKeyRateLimiter = jest.fn((_req, _res, next) => { - next(); -}); - const hasFormPermissionsMock = jest.fn((_req, _res, next) => { next(); }); @@ -83,7 +78,6 @@ describe(`${basePath}`, () => { expect(controller.listForms).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(0); expect(mockJwtServiceProtect).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(0); @@ -102,7 +96,6 @@ describe(`${basePath}`, () => { expect(controller.createForm).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(0); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(0); @@ -126,7 +119,6 @@ describe(`${basePath}/:formId`, () => { expect(controller.deleteForm).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -145,7 +137,6 @@ describe(`${basePath}/:formId`, () => { expect(controller.readForm).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -164,7 +155,6 @@ describe(`${basePath}/:formId`, () => { expect(controller.updateForm).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -188,7 +178,6 @@ describe(`${basePath}/:formId/apiKey`, () => { expect(controller.deleteApiKey).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -207,7 +196,6 @@ describe(`${basePath}/:formId/apiKey`, () => { expect(controller.readApiKey).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -226,7 +214,6 @@ describe(`${basePath}/:formId/apiKey`, () => { expect(controller.createOrReplaceApiKey).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -250,7 +237,6 @@ describe(`${basePath}/:formId/apiKey/filesApiAccess`, () => { expect(controller.filesApiKeyAccess).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -274,7 +260,6 @@ describe(`${basePath}/:formId/csvexport/fields`, () => { expect(controller.readFieldsForCSVExport).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -298,7 +283,6 @@ describe(`${basePath}/:formId/documentTemplates`, () => { expect(controller.documentTemplateList).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -317,7 +301,6 @@ describe(`${basePath}/:formId/documentTemplates`, () => { expect(controller.documentTemplateCreate).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -342,7 +325,6 @@ describe(`${basePath}/:formId/documentTemplates/:documentTemplateId`, () => { expect(controller.documentTemplateDelete).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(1); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -361,7 +343,6 @@ describe(`${basePath}/:formId/documentTemplates/:documentTemplateId`, () => { expect(controller.documentTemplateRead).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(1); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -385,7 +366,6 @@ describe(`${basePath}/:formId/drafts`, () => { expect(controller.listDrafts).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -404,7 +384,6 @@ describe(`${basePath}/:formId/drafts`, () => { expect(controller.createDraft).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -429,7 +408,6 @@ describe(`${basePath}/:formId/drafts/:formVersionDraftId`, () => { expect(controller.deleteDraft).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -448,7 +426,6 @@ describe(`${basePath}/:formId/drafts/:formVersionDraftId`, () => { expect(controller.readDraft).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -467,7 +444,6 @@ describe(`${basePath}/:formId/drafts/:formVersionDraftId`, () => { expect(controller.updateDraft).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -492,7 +468,6 @@ describe(`${basePath}/:formId/drafts/:formVersionDraftId/publish`, () => { expect(controller.publishDraft).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -516,7 +491,6 @@ describe(`${basePath}/:formId/emailTemplate`, () => { expect(controller.createOrUpdateEmailTemplate).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -540,7 +514,6 @@ describe(`${basePath}/:formId/emailTemplates`, () => { expect(controller.readEmailTemplates).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -564,7 +537,6 @@ describe(`${basePath}/:formId/export`, () => { expect(controller.export).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -588,7 +560,6 @@ describe(`${basePath}/:formId/export/fields`, () => { expect(controller.exportWithFields).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -612,7 +583,6 @@ describe(`${basePath}/:formId/options`, () => { expect(controller.readFormOptions).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(0); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -636,7 +606,6 @@ describe(`${basePath}/:formId/statusCodes`, () => { expect(controller.getStatusCodes).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -660,7 +629,6 @@ describe(`${basePath}/:formId/submissions`, () => { expect(controller.listFormSubmissions).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -684,7 +652,6 @@ describe(`${basePath}/:formId/subscriptions`, () => { expect(controller.readFormSubscriptionDetails).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -703,7 +670,6 @@ describe(`${basePath}/:formId/subscriptions`, () => { expect(controller.createOrUpdateSubscriptionDetails).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -727,7 +693,6 @@ describe(`${basePath}/:formId/version`, () => { expect(controller.readPublishedForm).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -752,7 +717,6 @@ describe(`${basePath}/:formId/versions/:formVersionId`, () => { expect(controller.readVersion).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -777,7 +741,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/fields`, () => { expect(controller.readVersionFields).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -802,7 +765,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/multiSubmission`, () => { expect(controller.createMultiSubmission).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -827,7 +789,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/publish`, () => { expect(controller.publishVersion).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -852,7 +813,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/submissions`, () => { expect(controller.listSubmissions).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -871,7 +831,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/submissions`, () => { expect(controller.createSubmission).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -896,7 +855,6 @@ describe(`${basePath}/:formId/versions/:formVersionId/submissions/discover`, () expect(controller.listSubmissionFields).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(1); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(1); @@ -920,7 +878,6 @@ describe(`${basePath}/formcomponents/proactivehelp/imageUrl/:componentId`, () => expect(controller.getFCProactiveHelpImageUrl).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(0); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(0); @@ -943,7 +900,6 @@ describe(`${basePath}/formcomponents/proactivehelp/list`, () => { expect(controller.listFormComponentsProactiveHelp).toBeCalledTimes(1); expect(hasFormPermissionsMock).toBeCalledTimes(0); expect(mockJwtServiceProtect).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); expect(validateParameter.validateFormId).toBeCalledTimes(0); diff --git a/app/tests/unit/forms/proxy/routes.spec.js b/app/tests/unit/forms/proxy/routes.spec.js index 1d65140e1..bc4e7fa4c 100644 --- a/app/tests/unit/forms/proxy/routes.spec.js +++ b/app/tests/unit/forms/proxy/routes.spec.js @@ -13,7 +13,6 @@ const { expressHelper } = require('../../../common/helper'); const apiAccess = require('../../../../src/forms/auth/middleware/apiAccess'); const userAccess = require('../../../../src/forms/auth/middleware/userAccess'); -const rateLimiter = require('../../../../src/forms/common/middleware/rateLimiter'); // // Mock out all the middleware - we're testing that the routes are set up @@ -27,10 +26,6 @@ apiAccess.mockImplementation( }) ); -rateLimiter.apiKeyRateLimiter = jest.fn((_req, _res, next) => { - next(); -}); - userAccess.currentUser = jest.fn((_req, _res, next) => { next(); }); diff --git a/app/tests/unit/forms/submission/routes.spec.js b/app/tests/unit/forms/submission/routes.spec.js index 3e3daf62c..9da3c359c 100644 --- a/app/tests/unit/forms/submission/routes.spec.js +++ b/app/tests/unit/forms/submission/routes.spec.js @@ -6,7 +6,6 @@ const { expressHelper } = require('../../../common/helper'); const jwtService = require('../../../../src/components/jwtService'); const apiAccess = require('../../../../src/forms/auth/middleware/apiAccess'); const userAccess = require('../../../../src/forms/auth/middleware/userAccess'); -const rateLimiter = require('../../../../src/forms/common/middleware/rateLimiter'); const validateParameter = require('../../../../src/forms/common/middleware/validateParameter'); const controller = require('../../../../src/forms/submission/controller'); @@ -28,10 +27,6 @@ jwtService.protect = jest.fn(() => { }); }); -rateLimiter.apiKeyRateLimiter = jest.fn((_req, _res, next) => { - next(); -}); - const hasSubmissionPermissionsMock = jest.fn((_req, _res, next) => { next(); }); @@ -82,7 +77,6 @@ describe(`${basePath}/:formSubmissionId`, () => { expect(apiAccess).toBeCalledTimes(1); expect(controller.delete).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -100,7 +94,6 @@ describe(`${basePath}/:formSubmissionId`, () => { expect(apiAccess).toBeCalledTimes(1); expect(controller.read).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -118,7 +111,6 @@ describe(`${basePath}/:formSubmissionId`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.update).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -142,7 +134,6 @@ describe(`${basePath}/:formSubmissionId/:formId/submissions`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.deleteMultipleSubmissions).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -166,7 +157,6 @@ describe(`${basePath}/:formSubmissionId/:formId/submissions/restore`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.restoreMultipleSubmissions).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(1); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -189,7 +179,6 @@ describe(`${basePath}/:formSubmissionId/edits`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.listEdits).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -212,7 +201,6 @@ describe(`${basePath}/:formSubmissionId/email`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.email).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -235,7 +223,6 @@ describe(`${basePath}/:formSubmissionId/notes`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.getNotes).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -253,7 +240,6 @@ describe(`${basePath}/:formSubmissionId/notes`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.addNote).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -276,7 +262,6 @@ describe(`${basePath}/:formSubmissionId/options`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.readOptions).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(0); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -299,7 +284,6 @@ describe(`${basePath}/:formSubmissionId/restore`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.restore).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -322,7 +306,6 @@ describe(`${basePath}/:formSubmissionId/status`, () => { expect(apiAccess).toBeCalledTimes(1); expect(controller.getStatus).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -340,7 +323,6 @@ describe(`${basePath}/:formSubmissionId/status`, () => { expect(apiAccess).toBeCalledTimes(0); expect(controller.addStatus).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0); @@ -364,7 +346,6 @@ describe(`${basePath}/:formSubmissionId/template/:documentTemplateId/render`, () expect(apiAccess).toBeCalledTimes(1); expect(controller.templateRender).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(1); @@ -387,7 +368,6 @@ describe(`${basePath}/:formSubmissionId/template/render`, () => { expect(apiAccess).toBeCalledTimes(1); expect(controller.templateUploadAndRender).toBeCalledTimes(1); expect(hasSubmissionPermissionsMock).toBeCalledTimes(1); - expect(rateLimiter.apiKeyRateLimiter).toBeCalledTimes(1); expect(userAccess.currentUser).toBeCalledTimes(1); expect(userAccess.filterMultipleSubmissions).toBeCalledTimes(0); expect(validateParameter.validateDocumentTemplateId).toBeCalledTimes(0);