@quake2ts/server 0.0.754 → 0.0.757

package/tests/unit/ratelimit.test.ts

@@ -0,0 +1,106 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { DedicatedServer } from '../../src/dedicated';
+import { ClientState } from '../../src/client';
+import { NetworkTransport } from '../../src/transport';
+import { NetDriver } from '@quake2ts/shared';
+import { MockNetDriver } from '@quake2ts/test-utils';
+
+// Mock Transport (Server Side)
+class MockServerTransport implements NetworkTransport {
+    listen(port: number): Promise<void> { return Promise.resolve(); }
+    close(): void {}
+    onConnection(cb: (driver: NetDriver, info?: any) => void): void { this.connCb = cb; }
+    onError(cb: (err: Error) => void): void {}
+
+    public connCb: ((driver: NetDriver, info?: any) => void) | null = null;
+}
+
+describe('Rate Limiting', () => {
+    let server: DedicatedServer;
+    let transport: MockServerTransport;
+
+    beforeEach(() => {
+        transport = new MockServerTransport();
+        server = new DedicatedServer({ transport, maxPlayers: 1, floodLimit: 200 });
+    });
+
+    it('should kick a client that sends too many commands in a second', async () => {
+        const s = server as any;
+        s.svs.initialized = true;
+
+        const driver = new MockNetDriver();
+        s.handleConnection(driver);
+
+        const client = s.svs.clients[0];
+        expect(client).toBeDefined();
+
+        client.state = ClientState.Active;
+        client.edict = {};
+
+        // Scenario 1: Flood within the window
+        client.commandCount = 201;
+        client.lastCommandTime = Date.now();
+
+        const dropSpy = vi.spyOn(s, 'dropClient');
+
+        // Execute logic (mimicking FIXED runFrame)
+        const runLogic = () => {
+             const now = Date.now();
+
+             // FIXED ORDER
+             const limit = s.options.floodLimit ?? 200;
+             if (client.commandCount > limit) {
+                  s.dropClient(client);
+                  return;
+             }
+
+             if (now - client.lastCommandTime >= 1000) {
+                 client.lastCommandTime = now;
+                 client.commandCount = 0;
+             }
+        };
+
+        runLogic();
+        expect(dropSpy).toHaveBeenCalledWith(client);
+    });
+
+    it('should kick even if flood is detected after window reset (Loophole Fixed)', async () => {
+        const s = server as any;
+        s.svs.initialized = true;
+
+        const driver = new MockNetDriver();
+        s.handleConnection(driver);
+
+        const client = s.svs.clients[0];
+        client.state = ClientState.Active;
+        client.edict = {};
+
+        const dropSpy = vi.spyOn(s, 'dropClient');
+
+        // Scenario 2: Flood accumulated, but window expires right as we check
+        client.commandCount = 300;
+        client.lastCommandTime = Date.now() - 1100; // Window expired
+
+        // Execute logic (mimicking FIXED runFrame)
+        const runLogic = () => {
+             const now = Date.now();
+
+             // FIXED ORDER
+             const limit = s.options.floodLimit ?? 200;
+             if (client.commandCount > limit) {
+                  s.dropClient(client);
+                  return;
+             }
+
+             if (now - client.lastCommandTime >= 1000) {
+                 client.lastCommandTime = now;
+                 client.commandCount = 0;
+             }
+        };
+
+        runLogic();
+
+        // NOW we expect it to be called
+        expect(dropSpy).toHaveBeenCalledWith(client);
+    });
+});

package/tests/unit/ratelimit_full.test.ts

@@ -0,0 +1,116 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { DedicatedServer } from '../../src/dedicated';
+import { ClientState } from '../../src/client';
+import { NetworkTransport } from '../../src/transport';
+import { NetDriver, NetChan, ClientCommand, BinaryWriter } from '@quake2ts/shared';
+import { MockNetDriver } from '@quake2ts/test-utils';
+
+// Mock Transport (Server Side)
+class MockServerTransport implements NetworkTransport {
+    listen(port: number): Promise<void> { return Promise.resolve(); }
+    close(): void {}
+    onConnection(cb: (driver: NetDriver, info?: any) => void): void { this.connCb = cb; }
+    onError(cb: (err: Error) => void): void {}
+
+    public connCb: ((driver: NetDriver, info?: any) => void) | null = null;
+}
+
+describe('Full Stack Rate Limiting', () => {
+    let server: DedicatedServer;
+    let transport: MockServerTransport;
+    let driver: MockNetDriver;
+    let clientNetChan: NetChan;
+
+    beforeEach(() => {
+        transport = new MockServerTransport();
+        server = new DedicatedServer({ transport, maxPlayers: 1, floodLimit: 200 });
+        driver = new MockNetDriver();
+        clientNetChan = new NetChan();
+        // Setup client netchan (qport 0 for simplicity)
+        clientNetChan.setup(0);
+    });
+
+    it('should process packets through netchan and kick client on flood', async () => {
+        const s = server as any;
+        s.svs.initialized = true;
+
+        // 1. Connect Client
+        // Manually trigger handleConnection
+        s.handleConnection(driver);
+        const client = s.svs.clients[0];
+        expect(client).toBeDefined();
+        client.state = ClientState.Active;
+        client.edict = {}; // Mock edict
+
+        // 2. Prepare a movement packet
+        const writer = new BinaryWriter();
+        writer.writeByte(ClientCommand.move);
+        writer.writeByte(0); // Checksum
+        writer.writeLong(0); // LastFrame
+        // UserCommand
+        writer.writeByte(16); // msec
+        writer.writeByte(0); // buttons
+        writer.writeAngle16(0); // angles
+        writer.writeAngle16(0);
+        writer.writeAngle16(0);
+        writer.writeShort(0); // forward
+        writer.writeShort(0); // side
+        writer.writeShort(0); // up
+        writer.writeByte(0); // impulse
+        writer.writeByte(0); // lightlevel
+
+        const packetData = writer.getData();
+
+        // 3. Flood packets
+        // Send 300 packets via NetChan
+        const packetCount = 300;
+
+        for (let i = 0; i < packetCount; i++) {
+            // NetChan wraps it
+            const netPacket = clientNetChan.transmit(packetData);
+
+            // Simulate receiving on server driver
+            // MockNetDriver.receiveMessage calls handlers
+            driver.receiveMessage(netPacket);
+        }
+
+        // At this point, packets are in client.messageQueue
+        expect(client.messageQueue.length).toBe(packetCount);
+
+        // 4. Run Server Frame
+        // This triggers SV_ReadPackets -> handleMove -> increment count -> check limit
+        // We can't call runFrame directly as it's private and loops.
+        // But we can call the methods it calls if we cast to any,
+        // OR we can spy on dropClient and emulate runFrame logic.
+
+        // Let's emulate runFrame logic exactly as implemented in dedicated.ts
+        const dropSpy = vi.spyOn(s, 'dropClient');
+
+        // Emulate SV_ReadPackets
+        s.SV_ReadPackets();
+
+        // Check if commands were processed
+        expect(client.commandCount).toBe(packetCount);
+
+        // Emulate Rate Check logic
+        const runLogic = () => {
+             const now = Date.now();
+
+             // Logic from dedicated.ts
+             const limit = s.options.floodLimit ?? 200;
+             if (client.commandCount > limit) {
+                  s.dropClient(client);
+                  return;
+             }
+
+             if (now - client.lastCommandTime >= 1000) {
+                 client.lastCommandTime = now;
+                 client.commandCount = 0;
+             }
+        };
+
+        runLogic();
+
+        expect(dropSpy).toHaveBeenCalledWith(client);
+    });
+});