From 570995e57292ccb220dd35131292f9b2ff00b0de Mon Sep 17 00:00:00 2001
From: Sabir Hassan <sabirbk06@gmail.com>
Date: Wed, 29 Mar 2023 23:22:32 +0500
Subject: [PATCH] chore: quick fix

---
 api/src/routes/api/spec/web.spec.ts | 8 ++++----
 api/src/utils/rateLimiter.ts        | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/api/src/routes/api/spec/web.spec.ts b/api/src/routes/api/spec/web.spec.ts
index b70c8d7..e1e98cf 100644
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -82,7 +82,7 @@ describe('web', () => {
       })
     })
 
-    it('should respond with too many requests when attempting with invalid password for a same user 10 times', async () => {
+    it('should respond with too many requests when attempting with invalid password for a same user too many times', async () => {
       await userController.createUser(user)
 
       const promises: request.Test[] = []
@@ -91,7 +91,7 @@ describe('web', () => {
         process.env.MAX_CONSECUTIVE_FAILS_BY_USERNAME_AND_IP
       )
 
-      Array(maxConsecutiveFailsByUsernameAndIp)
+      Array(maxConsecutiveFailsByUsernameAndIp + 1)
         .fill(0)
         .map((_, i) => {
           promises.push(
@@ -117,7 +117,7 @@ describe('web', () => {
         .expect(429)
     })
 
-    it('should respond with too many requests when attempting with invalid credentials for different users but with same ip 100 times', async () => {
+    it('should respond with too many requests when attempting with invalid credentials for different users but with same ip too many times', async () => {
       await userController.createUser(user)
 
       const promises: request.Test[] = []
@@ -126,7 +126,7 @@ describe('web', () => {
         process.env.MAX_WRONG_ATTEMPTS_BY_IP_PER_DAY
       )
 
-      Array(maxWrongAttemptsByIpPerDay)
+      Array(maxWrongAttemptsByIpPerDay + 1)
         .fill(0)
         .map((_, i) => {
           promises.push(
diff --git a/api/src/utils/rateLimiter.ts b/api/src/utils/rateLimiter.ts
index e836cd2..d8b3cb0 100644
--- a/api/src/utils/rateLimiter.ts
+++ b/api/src/utils/rateLimiter.ts
@@ -60,6 +60,11 @@ export class RateLimiter {
       this.limiterConsecutiveFailsByUsernameAndIP.get(usernameIPkey)
     ])
 
+    // NOTE: To make use of blockDuration option from RateLimiterMongo
+    //       comparison in both following if statements should have greater than symbol
+    //       otherwise, blockDuration option will not work
+    // For more info see: https://github.com/animir/node-rate-limiter-flexible/wiki/Options#blockduration
+
     // Check if IP or Username + IP is already blocked
     if (
       resSlowByIP !== null &&