2021-11-22 19:56:12 -05:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const assert = require('assert');
|
2022-03-17 21:42:26 -04:00
|
|
|
const nconf = require('nconf');
|
2023-12-18 12:08:34 -05:00
|
|
|
|
2021-11-22 19:56:12 -05:00
|
|
|
const db = require('./mocks/databasemock');
|
2022-08-10 13:24:16 -04:00
|
|
|
|
2021-11-22 19:56:12 -05:00
|
|
|
const user = require('../src/user');
|
|
|
|
|
const groups = require('../src/groups');
|
2022-03-17 21:42:26 -04:00
|
|
|
const utils = require('../src/utils');
|
2023-12-18 12:08:34 -05:00
|
|
|
const request = require('../src/request');
|
2022-03-17 21:42:26 -04:00
|
|
|
const helpers = require('./helpers');
|
2021-11-22 19:56:12 -05:00
|
|
|
|
|
|
|
|
describe('Middlewares', () => {
|
2022-03-17 21:42:26 -04:00
|
|
|
describe('expose', () => {
|
|
|
|
|
let adminUid;
|
2021-11-26 13:53:53 -05:00
|
|
|
|
2022-03-17 21:42:26 -04:00
|
|
|
before(async () => {
|
|
|
|
|
adminUid = await user.create({ username: 'admin', password: '123456' });
|
|
|
|
|
await groups.join('administrators', adminUid);
|
|
|
|
|
});
|
2021-11-26 13:53:53 -05:00
|
|
|
|
2021-11-22 19:56:12 -05:00
|
|
|
it('should expose res.locals.isAdmin = false', (done) => {
|
2022-08-10 13:24:16 -04:00
|
|
|
const middleware = require('../src/middleware');
|
2021-11-22 19:56:12 -05:00
|
|
|
const resMock = { locals: {} };
|
|
|
|
|
middleware.exposeAdmin({}, resMock, () => {
|
|
|
|
|
assert.strictEqual(resMock.locals.isAdmin, false);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should expose res.locals.isAdmin = true', (done) => {
|
2022-08-10 13:24:16 -04:00
|
|
|
const middleware = require('../src/middleware');
|
2021-11-22 19:56:12 -05:00
|
|
|
const reqMock = { user: { uid: adminUid } };
|
|
|
|
|
const resMock = { locals: {} };
|
|
|
|
|
middleware.exposeAdmin(reqMock, resMock, () => {
|
|
|
|
|
assert.strictEqual(resMock.locals.isAdmin, true);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should expose privileges in res.locals.privileges and isSelf=true', (done) => {
|
2022-08-10 13:24:16 -04:00
|
|
|
const middleware = require('../src/middleware');
|
2021-11-22 19:56:12 -05:00
|
|
|
const reqMock = { user: { uid: adminUid }, params: { uid: adminUid } };
|
|
|
|
|
const resMock = { locals: {} };
|
|
|
|
|
middleware.exposePrivileges(reqMock, resMock, () => {
|
|
|
|
|
assert(resMock.locals.privileges);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isAdmin, true);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isGmod, false);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isPrivileged, true);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isSelf, true);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should expose privileges in res.locals.privileges and isSelf=false', (done) => {
|
2022-08-10 13:24:16 -04:00
|
|
|
const middleware = require('../src/middleware');
|
2021-11-22 19:56:12 -05:00
|
|
|
const reqMock = { user: { uid: 0 }, params: { uid: adminUid } };
|
|
|
|
|
const resMock = { locals: {} };
|
|
|
|
|
middleware.exposePrivileges(reqMock, resMock, () => {
|
|
|
|
|
assert(resMock.locals.privileges);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isAdmin, false);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isGmod, false);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isPrivileged, false);
|
|
|
|
|
assert.strictEqual(resMock.locals.privileges.isSelf, false);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should expose privilege set', (done) => {
|
2022-08-10 13:24:16 -04:00
|
|
|
const middleware = require('../src/middleware');
|
2021-11-22 19:56:12 -05:00
|
|
|
const reqMock = { user: { uid: adminUid } };
|
|
|
|
|
const resMock = { locals: {} };
|
|
|
|
|
middleware.exposePrivilegeSet(reqMock, resMock, () => {
|
|
|
|
|
assert(resMock.locals.privileges);
|
|
|
|
|
assert.deepStrictEqual(resMock.locals.privileges, {
|
|
|
|
|
chat: true,
|
2023-10-17 13:19:25 -04:00
|
|
|
'chat:privileged': true,
|
2021-11-22 19:56:12 -05:00
|
|
|
'upload:post:image': true,
|
|
|
|
|
'upload:post:file': true,
|
|
|
|
|
signature: true,
|
|
|
|
|
invite: true,
|
|
|
|
|
'group:create': true,
|
|
|
|
|
'search:content': true,
|
|
|
|
|
'search:users': true,
|
|
|
|
|
'search:tags': true,
|
|
|
|
|
'view:users': true,
|
|
|
|
|
'view:tags': true,
|
|
|
|
|
'view:groups': true,
|
|
|
|
|
'local:login': true,
|
|
|
|
|
ban: true,
|
2022-03-11 23:50:28 -05:00
|
|
|
mute: true,
|
2021-11-22 19:56:12 -05:00
|
|
|
'view:users:info': true,
|
|
|
|
|
'admin:dashboard': true,
|
|
|
|
|
'admin:categories': true,
|
|
|
|
|
'admin:privileges': true,
|
|
|
|
|
'admin:admins-mods': true,
|
|
|
|
|
'admin:users': true,
|
|
|
|
|
'admin:groups': true,
|
|
|
|
|
'admin:tags': true,
|
|
|
|
|
'admin:settings': true,
|
|
|
|
|
superadmin: true,
|
|
|
|
|
});
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2022-03-18 11:56:16 -04:00
|
|
|
describe('cache-control header', () => {
|
2022-03-17 21:42:26 -04:00
|
|
|
let uid;
|
|
|
|
|
let jar;
|
|
|
|
|
|
|
|
|
|
before(async () => {
|
|
|
|
|
uid = await user.create({ username: 'testuser', password: '123456' });
|
|
|
|
|
({ jar } = await helpers.loginUser('testuser', '123456'));
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be absent on non-existent routes, for guests', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(`${nconf.get('url')}/${utils.generateUUID()}`);
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 404);
|
|
|
|
|
assert(!Object.keys(response.headers).includes('cache-control'));
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be set to "private" on non-existent routes, for logged in users', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(`${nconf.get('url')}/${utils.generateUUID()}`, {
|
2022-03-17 21:42:26 -04:00
|
|
|
jar,
|
2023-12-18 12:08:34 -05:00
|
|
|
headers: {
|
|
|
|
|
accept: 'text/html',
|
|
|
|
|
},
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 404);
|
|
|
|
|
assert(Object.keys(response.headers).includes('cache-control'));
|
|
|
|
|
assert.strictEqual(response.headers['cache-control'], 'private');
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be absent on regular routes, for guests', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(nconf.get('url'));
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 200);
|
|
|
|
|
assert(!Object.keys(response.headers).includes('cache-control'));
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be absent on api routes, for guests', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(`${nconf.get('url')}/api`);
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 200);
|
|
|
|
|
assert(!Object.keys(response.headers).includes('cache-control'));
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be set to "private" on regular routes, for logged-in users', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(nconf.get('url'), { jar });
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 200);
|
|
|
|
|
assert(Object.keys(response.headers).includes('cache-control'));
|
|
|
|
|
assert.strictEqual(response.headers['cache-control'], 'private');
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be set to "private" on api routes, for logged-in users', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(`${nconf.get('url')}/api`, { jar });
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 200);
|
|
|
|
|
assert(Object.keys(response.headers).includes('cache-control'));
|
|
|
|
|
assert.strictEqual(response.headers['cache-control'], 'private');
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should be set to "private" on apiv3 routes, for logged-in users', async () => {
|
2023-12-18 12:08:34 -05:00
|
|
|
const { response } = await request.get(`${nconf.get('url')}/api/v3/users/${uid}`, { jar });
|
2022-03-17 21:42:26 -04:00
|
|
|
|
2023-12-18 12:08:34 -05:00
|
|
|
assert.strictEqual(response.statusCode, 200);
|
|
|
|
|
assert(Object.keys(response.headers).includes('cache-control'));
|
|
|
|
|
assert.strictEqual(response.headers['cache-control'], 'private');
|
2022-03-17 21:42:26 -04:00
|
|
|
});
|
|
|
|
|
});
|
2021-11-22 19:56:12 -05:00
|
|
|
});
|
|
|
|
|
|
