refactor: use routePrefixMap instead of routeRegexpMap, +tests (#10035)

* refactor: use routePrefixMap instead of routeRegexpMap, +tests Currently tests fail because privilege pages resolve if passed garbage... hmm * fix: priv check paths remove /v3 from path as well Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
2025-10-31 02:55:58 +01:00 · 2021-11-26 13:53:53 -05:00
parent d378bf4c9c
commit 6c07433dea
4 changed files with 71 additions and 47 deletions
--- a/test/controllers-admin.js
+++ b/test/controllers-admin.js
@@ -811,41 +811,71 @@ describe('Admin Controllers', () => {
 			userJar = (await helpers.loginUser('regularjoe', 'barbar')).jar;
 		});

-		it('should allow normal user access to admin pages', async function () {
-			this.timeout(50000);
-			function makeRequest(url) {
-				return new Promise((resolve, reject) => {
-					request(url, { jar: userJar, json: true }, (err, res, body) => {
-						if (err) reject(err);
-						else resolve(res);
+		describe('routeMap parsing', () => {
+			it('should allow normal user access to admin pages', async function () {
+				this.timeout(50000);
+				function makeRequest(url) {
+					return new Promise((resolve, reject) => {
+						request(url, { jar: userJar, json: true }, (err, res, body) => {
+							if (err) reject(err);
+							else resolve(res);
+						});
 					});
-				});
-			}
-			for (const route of Object.keys(privileges.admin.routeMap)) {
-				/* eslint-disable no-await-in-loop */
-				await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
-				let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`);
-				assert.strictEqual(res.statusCode, 403);
+				}
+				for (const route of Object.keys(privileges.admin.routeMap)) {
+					/* eslint-disable no-await-in-loop */
+					await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
+					let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`);
+					assert.strictEqual(res.statusCode, 403);

-				await privileges.admin.give([privileges.admin.routeMap[route]], uid);
-				res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`);
-				assert.strictEqual(res.statusCode, 200);
+					await privileges.admin.give([privileges.admin.routeMap[route]], uid);
+					res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`);
+					assert.strictEqual(res.statusCode, 200);

-				await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
-			}
+					await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
+				}

-			for (const route of Object.keys(privileges.admin.routeMap)) {
-				/* eslint-disable no-await-in-loop */
-				await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
-				let res = await makeRequest(`${nconf.get('url')}/api/admin`);
-				assert.strictEqual(res.statusCode, 403);
+				for (const route of Object.keys(privileges.admin.routeMap)) {
+					/* eslint-disable no-await-in-loop */
+					await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
+					let res = await makeRequest(`${nconf.get('url')}/api/admin`);
+					assert.strictEqual(res.statusCode, 403);

-				await privileges.admin.give([privileges.admin.routeMap[route]], uid);
-				res = await makeRequest(`${nconf.get('url')}/api/admin`);
-				assert.strictEqual(res.statusCode, 200);
+					await privileges.admin.give([privileges.admin.routeMap[route]], uid);
+					res = await makeRequest(`${nconf.get('url')}/api/admin`);
+					assert.strictEqual(res.statusCode, 200);

-				await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
-			}
+					await privileges.admin.rescind([privileges.admin.routeMap[route]], uid);
+				}
+			});
+		});
+
+		describe('routePrefixMap parsing', () => {
+			it('should allow normal user access to admin pages', async () => {
+				// this.timeout(50000);
+				function makeRequest(url) {
+					return new Promise((resolve, reject) => {
+						process.stdout.write(`calling ${url} `);
+						request(url, { jar: userJar, json: true }, (err, res, body) => {
+							process.stdout.write(`got ${res.statusCode}\n`);
+							if (err) reject(err);
+							else resolve(res);
+						});
+					});
+				}
+				for (const route of Object.keys(privileges.admin.routePrefixMap)) {
+					/* eslint-disable no-await-in-loop */
+					await privileges.admin.rescind([privileges.admin.routePrefixMap[route]], uid);
+					let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}foobar/derp`);
+					assert.strictEqual(res.statusCode, 403);
+
+					await privileges.admin.give([privileges.admin.routePrefixMap[route]], uid);
+					res = await makeRequest(`${nconf.get('url')}/api/admin/${route}foobar/derp`);
+					assert.strictEqual(res.statusCode, 404);
+
+					await privileges.admin.rescind([privileges.admin.routePrefixMap[route]], uid);
+				}
+			});
 		});
 	});
 });