alois/OpenFrontIO
1
0
Fork 0
mirror of https://github.com/openfrontio/OpenFrontIO.git synced 2026-06-21 21:54:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v0.30.6
OpenFrontIO/tests/server/ClientMsgRateLimiter.test.ts
T
Evan 5fb7f75f3d Server-side WebSocket message rate limiting & size enforcement (#3424) 
## Description:

* Adds ClientMsgRateLimiter — a per-client token-bucket rate limiter
that gates all incoming WebSocket messages. Returns "ok", "limit"
(drop), or "kick" based on the violation type.

* Intent messages are capped at 500 bytes each (they are stored in turn
history for the game duration, so oversized intents
accumulate in server RAM). Violations kick the client.

* Winner messages bypass the byte rate limit (they include stats for all
players and can be 100s of KB) but are strictly capped at one per client
— a second winner message kicks the client.

* All other messages go through the standard per-second (10/s) and
per-minute (150/min) rate limits. Violations drop the message; byte
budget exhaustion kicks the client.

* WebSocket maxPayload set to 2 MB on game workers.
Invalid (unparseable) messages now immediately kick the client rather
than being silently dropped.
Unit tests added for all rate limiting behaviors.

## Please complete the following:

- [x] I have added screenshots for all UI updates
- [x] I process any text displayed to the user through translateText()
and I've added it to the en.json file
- [x] I have added relevant tests to the test directory
- [x] I confirm I have thoroughly tested these changes and take full
responsibility for any bugs introduced

## Please put your Discord username so you can be contacted if a bug or
regression is found:

evan
2026-03-13 21:15:10 -07:00

68 lines
2.2 KiB
TypeScript
Raw Permalink Blame History

import { describe, expect, it } from "vitest";
import { ClientMsgRateLimiter } from "../../src/server/ClientMsgRateLimiter";
const CLIENT_A = "clientA" as any;
const CLIENT_B = "clientB" as any;
const SMALL = 100;
const LARGE = 501; // over MAX_INTENT_BYTES
describe("ClientMsgRateLimiter", () => {
describe("intent messages", () => {
it("allows intents within limits", () => {
const limiter = new ClientMsgRateLimiter();
expect(limiter.check(CLIENT_A, "intent", SMALL)).toBe("ok");
});
it("kicks on oversized intent", () => {
const limiter = new ClientMsgRateLimiter();
expect(limiter.check(CLIENT_A, "intent", LARGE)).toBe("kick");
});
it("limits when per-second count exceeded", () => {
const limiter = new ClientMsgRateLimiter();
for (let i = 0; i < 10; i++) {
expect(limiter.check(CLIENT_A, "intent", SMALL)).toBe("ok");
}
expect(limiter.check(CLIENT_A, "intent", SMALL)).toBe("limit");
});
it("rate limits are per client", () => {
const limiter = new ClientMsgRateLimiter();
for (let i = 0; i < 10; i++) {
limiter.check(CLIENT_A, "intent", SMALL);
}
expect(limiter.check(CLIENT_B, "intent", SMALL)).toBe("ok");
});
});
describe("winner messages", () => {
it("allows first winner message", () => {
const limiter = new ClientMsgRateLimiter();
expect(limiter.check(CLIENT_A, "winner", 50000)).toBe("ok");
});
it("kicks on second winner message", () => {
const limiter = new ClientMsgRateLimiter();
limiter.check(CLIENT_A, "winner", 50000);
expect(limiter.check(CLIENT_A, "winner", 50000)).toBe("kick");
});
it("winner does not consume intent rate limit", () => {
const limiter = new ClientMsgRateLimiter();
limiter.check(CLIENT_A, "winner", 50000);
expect(limiter.check(CLIENT_A, "intent", SMALL)).toBe("ok");
});
});
describe("other messages", () => {
it("applies rate limiting to other message types", () => {
const limiter = new ClientMsgRateLimiter();
for (let i = 0; i < 10; i++) {
expect(limiter.check(CLIENT_A, "ping", 50)).toBe("ok");
}
expect(limiter.check(CLIENT_A, "ping", 50)).toBe("limit");
});
});
});
Reference in New Issue View Git Blame Copy Permalink