Having multiple request IPs in Spring WebTestClient

Question

I'm introducing Bucket4J in my Spring Web application. A basic test setup can be found here:

• https://github.com/MarcGiffing/bucket4j-spring-boot-starter-examples/blob/master/bucket4j-spring-boot-starter-example-webflux/src/test/java/com/giffing/bucket4j/spring/boot/starter/examples/webflux/WebfluxRateLimitTest.java

Bucket4J offers to rate limit on IP basis - so every IP gets its own pool of tokens. This can be done by adding expression: "getRemoteAddress()" to the config:

bucket4j:
enabled: true
filters:
  - metrics:
    types:
      - consumed-counter
      - rejected-counter
  - cache-name: buckets
    filter-method: webflux
    url: .*
    filter-order: 1
    rate-limits:
      - bandwidths:
          - capacity: 1
            time: 10
            unit: seconds
        expression: "getRemoteAddress()"

I'm having a hard time figuring out how to programmatically test if filter by IP is working.

The test for a single IP looks like this:

@ActiveProfiles("test")
@SpringBootTest
class RateLimitTest(
    @Autowired val context: ApplicationContext
) {

@Test
fun `FAILS with status code 429 if rate limit is exceeded`() {
    // arrange
    val client = WebTestClient
        .bindToApplicationContext(context)
        .configureClient()
        .build()

    // ac
    client.get()
        .uri("/api/someendpoint")
        .exchange()
        .expectStatus().isOk
        .expectHeader().valueEquals("X-Rate-Limit-Remaining", "0")

    client.get()
        .uri("/api/someendpoint")
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.TOO_MANY_REQUESTS)
        .expectBody().jsonPath("error", "Too many requests!")

    // assert

}

What should a test look like that verifies behaviour for multiple IPs / IP rate limiting?
FAILS with status code 429 if rate limit * for IP * is exceeded

Answer 1

Actually my approach was wrong in general. The application in question is behind a load balancer so querying getRemoteAddress() will only give me the IP of the load balancer.

I had to use the header X-FORWARDED-FOR and this made it super easy to create a test for it

bucket4j:
  enabled: true
  filters:
    - metrics:
        types:
          - consumed-counter
          - rejected-counter
    - cache-name: buckets
      filter-method: webflux
      url: ^(/api/someendpoint).*
      filter-order: 1
      rate-limits:
        - bandwidths:
            - capacity: 1
              time: 10
              unit: seconds
          expression: "getHeaders()['X-FORWARDED-FOR']"

and the test for this is

   @Test
    fun `SUCCESSFULLY rate by X-FORWARDED-FOR header`() {
    // arrange
   val endpoint = "/api/someendpoint"

    // act
    WebTestClient
        .bindToApplicationContext(context)
        .configureClient()
        .defaultHeader("X-FORWARDED-FOR", "1.1.1.1")
        .build()
        .get()
        .uri(endpoint)
        .exchange()
        .expectStatus().isOk
        .expectHeader().valueEquals("X-Rate-Limit-Remaining", "0")

    WebTestClient
        .bindToApplicationContext(context)
        .configureClient()
        .defaultHeader("X-FORWARDED-FOR", "1.1.1.2")
        .build()
        .get()
        .uri(endpoint)
        .exchange()
        .expectStatus().isOk
        .expectHeader().valueEquals("X-Rate-Limit-Remaining", "0")

    WebTestClient
        .bindToApplicationContext(context)
        .configureClient()
        .defaultHeader("X-FORWARDED-FOR", "1.1.1.1")
        .build()
        .get()
        .uri(endpoint)
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.TOO_MANY_REQUESTS)
        .expectBody().jsonPath("error", "Too many requests!")

    // assert

}