From 322af1e54fa282b442509ed6709898903efd6a59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nuno=20G=C3=B3is?= <github@nunogois.com>
Date: Fri, 3 Mar 2023 12:09:28 +0000
Subject: [PATCH] feat: update rate-limit (#3248)

https://linear.app/unleash/issue/2-732/rate-limit-auth-endpoints-in-enterprise

Updates the rate-limit to reflect the [recent rate-limiting in
Enterprise](https://github.com/ivarconr/unleash-enterprise/pull/381).
---
 src/lib/routes/index.ts                                    | 5 +++--
 src/test/e2e/api/auth/simple-password-provider.e2e.test.ts | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/lib/routes/index.ts b/src/lib/routes/index.ts
index 3cee6a9805..94f3a4de5e 100644
--- a/src/lib/routes/index.ts
+++ b/src/lib/routes/index.ts
@@ -14,6 +14,7 @@ import { conditionalMiddleware } from '../middleware';
 import EdgeController from './edge-api';
 import { PublicInviteController } from './public-invite';
 import { Db } from '../db/db';
+import { minutesToMilliseconds } from 'date-fns';
 
 class IndexRouter extends Controller {
     constructor(config: IUnleashConfig, services: IUnleashServices, db: Db) {
@@ -30,8 +31,8 @@ class IndexRouter extends Controller {
             '/auth/simple',
             new SimplePasswordProvider(config, services).router,
             rateLimit({
-                windowMs: 1 * 60 * 1000,
-                max: 5,
+                windowMs: minutesToMilliseconds(1),
+                max: 10,
                 standardHeaders: true,
                 legacyHeaders: false,
             }),
diff --git a/src/test/e2e/api/auth/simple-password-provider.e2e.test.ts b/src/test/e2e/api/auth/simple-password-provider.e2e.test.ts
index 0b09d8babb..6b4f4bed86 100644
--- a/src/test/e2e/api/auth/simple-password-provider.e2e.test.ts
+++ b/src/test/e2e/api/auth/simple-password-provider.e2e.test.ts
@@ -30,7 +30,7 @@ const password = 'DtUYwi&l5I1KX4@Le';
 let userService: UserService;
 let adminUser: IUser;
 
-beforeAll(async () => {
+beforeEach(async () => {
     db = await dbInit('simple_password_provider_api_serial', getLogger);
     stores = db.stores;
     app = await setupApp(stores);
@@ -72,8 +72,8 @@ test('Can log in', async () => {
         .expect(200);
 });
 
-test('Gets rate limited after 5 tries', async () => {
-    for (let statusCode of [200, 200, 200, 200, 429]) {
+test('Gets rate limited after 10 tries', async () => {
+    for (let statusCode of [...Array(10).fill(200), 429]) {
         await app.request
             .post('/auth/simple/login')
             .send({