From 4abe43d7b2a2bceae41a53e4b7c922aa3d83fe51 Mon Sep 17 00:00:00 2001
From: starsky77 <ziqiwen77@gmail.com>
Date: Tue, 10 Dec 2024 06:13:18 +0000
Subject: [PATCH]  Disable CSRF Protection

---
 app/controllers/application_controller.rb   |  1 +
 app/controllers/chat_messages_controller.rb |  1 +
 app/controllers/chat_rooms_controller.rb    |  1 +
 app/controllers/comments_controller.rb      |  1 +
 app/controllers/posts_controller.rb         |  1 +
 app/controllers/sessions_controller.rb      |  1 +
 app/controllers/users_controller.rb         |  1 +
 tsung_scripts/tsung_auth_login.xml          | 61 +++++++++++++++++++++
 tsung_scripts/tsung_unauth.xml              | 61 +++++++++++++++++++++
 9 files changed, 129 insertions(+)
 create mode 100755 tsung_scripts/tsung_auth_login.xml
 create mode 100755 tsung_scripts/tsung_unauth.xml

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0309d1e..f240a2e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  skip_forgery_protection
   skip_before_action :verify_authenticity_token
   
   private
diff --git a/app/controllers/chat_messages_controller.rb b/app/controllers/chat_messages_controller.rb
index dfe823b..6602ecb 100644
--- a/app/controllers/chat_messages_controller.rb
+++ b/app/controllers/chat_messages_controller.rb
@@ -1,4 +1,5 @@
 class ChatMessagesController < ApplicationController
+  skip_forgery_protection
   before_action :require_login
   before_action :set_chat_room
   before_action :check_membership
diff --git a/app/controllers/chat_rooms_controller.rb b/app/controllers/chat_rooms_controller.rb
index db5a9b8..bfdd9c1 100644
--- a/app/controllers/chat_rooms_controller.rb
+++ b/app/controllers/chat_rooms_controller.rb
@@ -1,4 +1,5 @@
 class ChatRoomsController < ApplicationController
+  skip_forgery_protection
   before_action :require_login
   before_action :set_chat_room, only: [:show]
   before_action :check_membership, only: [:show]
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index e724206..74cdc22 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,4 +1,5 @@
 class CommentsController < ApplicationController
+  skip_forgery_protection
   before_action :require_login, only: [:update, :destroy]
   before_action :set_post
   before_action :set_comment, only: [:update, :destroy]
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 3d6c466..1b58915 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -1,4 +1,5 @@
 class PostsController < ApplicationController
+  skip_forgery_protection
   before_action :require_login, only: [:update, :destroy, :like, :unlike]
   before_action :set_post, only: [:show, :update, :destroy, :like, :unlike]
   before_action :check_ownership, only: [:update, :destroy]
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d54e6d8..b8eee61 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,4 +1,5 @@
 class SessionsController < ApplicationController
+  skip_forgery_protection
   def create
     user = User.find_by(username: params[:username])
     if user && user.authenticate(params[:password])
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 3dfb475..bfd966d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  skip_forgery_protection
   before_action :require_login, only: [:potential_chat_members]
 
   def index
diff --git a/tsung_scripts/tsung_auth_login.xml b/tsung_scripts/tsung_auth_login.xml
new file mode 100755
index 0000000..2aaeaa4
--- /dev/null
+++ b/tsung_scripts/tsung_auth_login.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<!DOCTYPE tsung SYSTEM "/usr/local/share/tsung/tsung-1.0.dtd" [] >
+<tsung loglevel="notice">
+  <clients>
+    <client host="localhost" maxusers="32768" use_controller_vm="true" />
+  </clients>
+
+  <servers>
+    <server host="ziqi.eba-wqi6mj7g.us-west-2.elasticbeanstalk.com" port="80" type="tcp" />
+  </servers>
+
+  <load>
+    <!-- Phase 1 -->
+    <arrivalphase phase="1" duration="20" unit="second">
+      <users arrivalrate="1" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 2 -->
+    <arrivalphase phase="2" duration="20" unit="second">
+      <users arrivalrate="4" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 3 -->
+    <arrivalphase phase="3" duration="20" unit="second">
+      <users arrivalrate="8" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 4 -->
+    <arrivalphase phase="4" duration="60" unit="second">
+      <users arrivalrate="16" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 5 -->
+    <arrivalphase phase="5" duration="60" unit="second">
+      <users arrivalrate="64" unit="second"></users>
+    </arrivalphase>
+    <arrivalphase phase="6" duration="60" unit="second">
+      <users arrivalrate="128" unit="second"></users>
+    </arrivalphase>
+  </load>
+
+  <options>
+    <!-- Set connection timeout to 2 seconds -->
+    <option name="global_ack_timeout" value="2000"></option>
+  </options>
+
+  <sessions>
+    <session name="register-login-logout" type="ts_http" weight="1">
+      <setdynvars sourcetype="random_string" length="20">
+        <var name="rand_str1" />
+      </setdynvars>
+
+      <request>
+        <dyn_variable name="user_id" jsonpath="$.user.id"/>
+        <http url="/api/signup" method="POST" version="1.1" contents="username=user_%%_rand_str1%%;password=w12345678;password_confirmation=w12345678;"></http>
+      </request>
+      <thinktime value="2" random="true"></thinktime>
+      
+      <request><http url="/api/login" method="POST" version="1.1" contents="username=user_%%_rand_str%%;password=w12345678;"></http></request>
+      <thinktime value="2" random="true"></thinktime>
+
+      <request><http url="/api/logout" method="DELETE" version="1.1" contents="user_id=%%_user_id%%"></http></request>
+    </session>
+  </sessions>
+</tsung>
diff --git a/tsung_scripts/tsung_unauth.xml b/tsung_scripts/tsung_unauth.xml
new file mode 100755
index 0000000..c8c669b
--- /dev/null
+++ b/tsung_scripts/tsung_unauth.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<!DOCTYPE tsung SYSTEM "/usr/local/share/tsung/tsung-1.0.dtd" [] >
+<tsung loglevel="notice">
+  <clients>
+    <client host="localhost" maxusers="32768" use_controller_vm="true" />
+  </clients>
+
+  <servers>
+    <server host="ziqi.eba-wqi6mj7g.us-west-2.elasticbeanstalk.com" port="80" type="tcp" />
+  </servers>
+
+  <load>
+    <!-- Phase 1 -->
+    <arrivalphase phase="1" duration="20" unit="second">
+      <users arrivalrate="1" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 2 -->
+    <arrivalphase phase="2" duration="20" unit="second">
+      <users arrivalrate="4" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 3 -->
+    <arrivalphase phase="3" duration="20" unit="second">
+      <users arrivalrate="8" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 4 -->
+    <arrivalphase phase="4" duration="60" unit="second">
+      <users arrivalrate="16" unit="second"></users>
+    </arrivalphase>
+    <!-- Phase 5 -->
+    <arrivalphase phase="5" duration="60" unit="second">
+      <users arrivalrate="64" unit="second"></users>
+    </arrivalphase>
+    <arrivalphase phase="6" duration="60" unit="second">
+      <users arrivalrate="128" unit="second"></users>
+    </arrivalphase>
+  </load>
+
+  <options>
+    <!-- Set connection timeout to 2 seconds -->
+    <option name="global_ack_timeout" value="2000"></option>
+  </options>
+
+  <sessions>
+    <session name="register-login-logout" type="ts_http" weight="1">
+      <setdynvars sourcetype="random_string" length="13">
+        <var name="rand_str1" />
+      </setdynvars>
+
+      <request>
+        <dyn_variable name="user_id" jsonpath="$.user.id"/>
+        <http url="/api/signup" method="POST" version="1.1" contents="username=user_%%_rand_str1%%;password=w12345678;password_confirmation=w12345678;"></http>
+      </request>
+      <thinktime value="2" random="true"></thinktime>
+      
+      <request><http url="/api/posts" method="POST" version="1.1" contents="content=unauth_%%_rand_str%%"></http></request>
+      <thinktime value="2" random="true"></thinktime>
+
+      <request><http url="/api/logout" method="DELETE" version="1.1" contents="user_id=%%_user_id%%"></http></request>
+    </session>
+  </sessions>
+</tsung>