nfp/storage-upload
1
0
Fork 0
Code Issues Pull requests Projects Releases 13 Wiki Activity

Compare commits

base: nfp:master
Branches Tags
nfp:master
nfp:dev
nfp:v2.2.12
nfp:v2.2.11
nfp:v2.2.10
nfp:v2.2.9
nfp:v2.2.8
nfp:v2.2.7
nfp:v2.2.6
nfp:v2.2.5
nfp:v2.2.4
nfp:v2.2.3
nfp:v2.2.2
nfp:v2.2.1
nfp:v2.2.0
nfp:v1.0
..
compare: nfp:v2.2.3
Branches Tags
nfp:master
nfp:dev
nfp:v2.2.12
nfp:v2.2.11
nfp:v2.2.10
nfp:v2.2.9
nfp:v2.2.8
nfp:v2.2.7
nfp:v2.2.6
nfp:v2.2.5
nfp:v2.2.4
nfp:v2.2.3
nfp:v2.2.2
nfp:v2.2.1
nfp:v2.2.0
nfp:v1.0

No commits in common. "master" and "v2.2.3" have entirely different histories.
master ... v2.2.3

16 changed files with 139 additions and 772 deletions
Show stats Expand all files Collapse all files

3
.gitignore vendored
View file

@ -60,6 +60,9 @@ typings/
# Local development config file # Local development config file
config/*.json config/*.json
# Public folder should be ignored
public/*
# lol # lol
package-lock.json package-lock.json

19
api/media/formidable.mjs
View file

@ -39,21 +39,10 @@ export function uploadFile(ctx, siteName, noprefix = false) {
form.uploadDir = `${config.get('uploadFolder')}/${siteName}` form.uploadDir = `${config.get('uploadFolder')}/${siteName}`
form.maxFileSize = config.get('fileSize') form.maxFileSize = config.get('fileSize')
let siteSize = config.get(`sites:${siteName}:fileSize`)
if (siteSize && typeof(siteSize) === 'number') {
form.maxFileSize = siteSize
}
form.parse(ctx.req, function(err, fields, files) { form.parse(ctx.req, function(err, fields, files) {
if (err) return rej(err) if (err) return rej(err)
if (!files || !files.file) return rej(new HttpError(422, 'File in body was missing')) if (!files || !files.file) return rej(new HttpError(422, 'File in body was missing'))
let file = files.file let file = files.file
let filename = file.name.replace(/ /g, '_')
.replace(/&/g, 'and')
.replace(/'/g, '')
.replace(/"/g, '')
.replace(/\?/g, '')
Object.keys(fields).forEach(function(key) { Object.keys(fields).forEach(function(key) {
try { try {
@ -62,14 +51,14 @@ export function uploadFile(ctx, siteName, noprefix = false) {
}) })
ctx.req.body = fields ctx.req.body = fields
if (!noprefix || fs.existsSync(`${config.get('uploadFolder')}/${siteName}/${prefix}${filename}`)) { if (!noprefix || fs.existsSync(`${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`)) {
prefix = getPrefix() prefix = getPrefix()
} }
fs.rename(files.file.path, `${config.get('uploadFolder')}/${siteName}/${prefix}${filename}`, function(err) { fs.rename(files.file.path, `${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`, function(err) {
if (err) return rej(err) if (err) return rej(err)
file.path = `${config.get('uploadFolder')}/${siteName}/${prefix}${filename}` file.path = `${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`
file.filename = `${prefix}${filename}` file.filename = `${prefix}${file.name}`
return res(file) return res(file)
}) })

73
api/media/routes.mjs
View file

@ -2,7 +2,7 @@ import path from 'path'
import sharp from 'sharp' import sharp from 'sharp'
import fs from 'fs/promises' import fs from 'fs/promises'
import config from '../config.mjs' import config from '../config.mjs'
import { HttpError, CorsHandler } from 'flaska' import { HttpError } from 'flaska'
import * as security from './security.mjs' import * as security from './security.mjs'
import * as formidable from './formidable.mjs' import * as formidable from './formidable.mjs'
@ -16,11 +16,10 @@ export default class MediaRoutes {
}) })
this.siteCache = new Map() this.siteCache = new Map()
this.collator = new Intl.Collator('is-IS', { numeric: false, sensitivity: 'accent' }) this.collator = new Intl.Collator('is-IS', { numeric: false, sensitivity: 'accent' })
this.cors = CorsHandler({ allowedOrigins: ['*'] })
} }
register(server) { register(server) {
this.init(server).then(function() {}, function(err) { this.init().then(function() {}, function(err) {
server.core.log.error(err, 'Error initing media') server.core.log.error(err, 'Error initing media')
}) })
@ -31,27 +30,26 @@ export default class MediaRoutes {
server.flaska.post('/media/resize', [server.queryHandler()], this.resize.bind(this)) server.flaska.post('/media/resize', [server.queryHandler()], this.resize.bind(this))
server.flaska.post('/media/resize/:filename', [server.queryHandler(), server.jsonHandler()], this.resizeExisting.bind(this)) server.flaska.post('/media/resize/:filename', [server.queryHandler(), server.jsonHandler()], this.resizeExisting.bind(this))
server.flaska.delete('/media/:filename', [server.queryHandler()], this.remove.bind(this)) server.flaska.delete('/media/:filename', [server.queryHandler()], this.remove.bind(this))
server.flaska.options('/::path', [server.queryHandler(), this.security.verifyCorsEnabled], this.cors)
} }
init(server) { init() {
let folders = Object.keys(config.get('sites')) return fs.readdir(config.get('uploadFolder')).then(folders => {
return Promise.all(folders.map(folder => {
return Promise.all(folders.map(folder => { return fs.readdir(config.get('uploadFolder') + '/' + folder)
return fs.readdir(config.get('uploadFolder') + '/' + folder) .then(files => {
.then(files => { return Promise.all(files.map(file => {
return files.map(file => { return fs.stat(`${config.get('uploadFolder')}/${folder}/${file}`)
return { filename: file, size: null } .then(function(stat) {
return { filename: file, size: stat.size }
})
}))
}) })
}) .then(files => {
.catch(err => { this.siteCache.set(folder, files)
server.core.log.error(err, `Error reading folder "${config.get('uploadFolder')}/${folder}"`) })
return [] .catch(function() {})
}) }))
.then(files => { })
this.siteCache.set(folder, files)
})
}))
} }
filesCacheGet(site) { filesCacheGet(site) {
@ -91,32 +89,20 @@ export default class MediaRoutes {
} }
} }
getSite(ctx) {
let site = this.security.verifyToken(ctx)
if (this.security.hasCors(site)) {
this.cors(ctx)
}
return site
}
async listFiles(ctx) { async listFiles(ctx) {
let site = this.getSite(ctx) let site = await this.security.verifyToken(ctx)
ctx.body = this.filesCacheGet(site) ctx.body = this.filesCacheGet(site)
} }
async listPublicFiles(ctx) { async listPublicFiles(ctx) {
this.security.throwIfNotPublic(ctx.params.site) this.security.throwIfNotPublic(ctx.params.site)
if (this.security.hasCors(ctx.params.site)) {
this.cors(ctx)
}
ctx.body = this.filesCacheGet(ctx.params.site) ctx.body = this.filesCacheGet(ctx.params.site)
} }
async upload(ctx, noprefix = false) { async upload(ctx, noprefix = false) {
let site = this.getSite(ctx) let site = await this.security.verifyToken(ctx)
ctx.state.site = site ctx.state.site = site
let result = await this.formidable.uploadFile(ctx, ctx.state.site, noprefix) let result = await this.formidable.uploadFile(ctx, ctx.state.site, noprefix)
@ -149,7 +135,7 @@ export default class MediaRoutes {
'extend', 'extend',
] ]
await Promise.all(keys.filter(key => ctx.req.body[key]).map(key => { await Promise.all(keys.map(key => {
return Promise.resolve() return Promise.resolve()
.then(async () => { .then(async () => {
let item = ctx.req.body[key] let item = ctx.req.body[key]
@ -195,7 +181,7 @@ export default class MediaRoutes {
} }
async resizeExisting(ctx) { async resizeExisting(ctx) {
let site = this.getSite(ctx) let site = await this.security.verifyToken(ctx)
ctx.state.site = site ctx.state.site = site
ctx.body = {} ctx.body = {}
@ -209,20 +195,13 @@ export default class MediaRoutes {
} }
async remove(ctx) { async remove(ctx) {
let site = this.getSite(ctx) let site = await this.security.verifyToken(ctx)
this.filesCacheRemove(site, ctx.params.filename) this.filesCacheRemove(site, ctx.params.filename)
let root = path.join(config.get('uploadFolder'), site) await this.fs.unlink(`${config.get('uploadFolder')}/${site}/${ctx.params.filename}`)
var unlinkPath = path.join(root, decodeURIComponent(ctx.params.filename))
if (unlinkPath.indexOf(root) !== 0) {
throw new HttpError(403, `Error removing ${unlinkPath}: Traversing folder is not allowed`)
}
await this.fs.unlink(unlinkPath)
.catch(function(err) { .catch(function(err) {
throw new HttpError(422, `Error removing ${unlinkPath}: ${err.message}`) throw new HttpError(422, `Error removing ${site}/${ctx.params.filename}: ${err.message}`)
}) })
ctx.status = 204 ctx.status = 204

21
api/media/security.mjs
View file

@ -25,24 +25,6 @@ export function verifyToken(ctx) {
} }
} }
export function hasCors(site) {
let sites = config.get('sites')
return sites[site]?.cors === true
}
export function verifyCorsEnabled(ctx) {
let site
try {
site = verifyToken(ctx)
} catch (err) {
throw new HttpError(404)
}
if (!hasCors(site)) {
throw new HttpError(404)
}
}
export function throwIfNotPublic(site) { export function throwIfNotPublic(site) {
let sites = config.get('sites') let sites = config.get('sites')
if (!sites[site] || sites[site].public !== true) { if (!sites[site] || sites[site].public !== true) {
@ -70,9 +52,8 @@ export function verifyBody(ctx) {
} }
let item = ctx.req.body[key] let item = ctx.req.body[key]
if (item == null) continue
if (typeof(item) !== 'object' if (typeof(item) !== 'object'
|| !item
|| Array.isArray(item)) { || Array.isArray(item)) {
throw new HttpError(422, `Body item ${key} was not valid`) throw new HttpError(422, `Body item ${key} was not valid`)
} }

4
api/server.mjs
View file

@ -43,7 +43,7 @@ export default class Server {
}) })
let healthChecks = 0 let healthChecks = 0
let healthCollectLimit = 60 * 60 * 12 let healthCollectLimit = 10
this.flaska.after(function(ctx) { this.flaska.after(function(ctx) {
let ended = performance.now() - ctx.__started let ended = performance.now() - ctx.__started
@ -60,7 +60,7 @@ export default class Server {
if (ctx.url === '/health') { if (ctx.url === '/health') {
healthChecks++ healthChecks++
if (healthChecks >= healthCollectLimit) { if (healthChecks > healthCollectLimit) {
ctx.log[level]({ ctx.log[level]({
duration: Math.round(ended), duration: Math.round(ended),
status: ctx.status, status: ctx.status,

2
appveyor.yml
View file

@ -66,7 +66,7 @@ on_success:
https://git.nfp.is/api/v1/repos/$APPVEYOR_REPO_NAME/releases/$RELEASE_ID/assets https://git.nfp.is/api/v1/repos/$APPVEYOR_REPO_NAME/releases/$RELEASE_ID/assets
echo "Deplying to production" echo "Deplying to production"
curl -X POST http://192.168.93.51:4010/update/storageupload curl -X POST http://192.168.93.50:4010/update/storageupload
fi fi
# on build failure # on build failure

4
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "storage-upload", "name": "storage-upload",
"version": "2.2.12", "version": "2.2.3",
"description": "Micro service for uploading and image resizing files to a storage server.", "description": "Micro service for uploading and image resizing files to a storage server.",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
@ -42,7 +42,7 @@
}, },
"homepage": "https://github.com/nfp-projects/storage-upload#readme", "homepage": "https://github.com/nfp-projects/storage-upload#readme",
"dependencies": { "dependencies": {
"flaska": "^1.3.5", "flaska": "^1.2.3",
"formidable": "^1.2.2", "formidable": "^1.2.2",
"nconf-lite": "^2.0.0", "nconf-lite": "^2.0.0",
"sharp": "^0.30.3" "sharp": "^0.30.3"

0
public/development_cors/.gitkeep
View file

BIN
public/existing_cors/20220105_101610_test1.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 15 KiB

BIN
public/existing_cors/20220105_101610_test2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 31 KiB

29
test/helper.client.mjs
View file

@ -26,9 +26,6 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
host: urlObj.hostname, host: urlObj.hostname,
port: Number(urlObj.port), port: Number(urlObj.port),
path: urlObj.pathname + urlObj.search, path: urlObj.pathname + urlObj.search,
headers: {
origin: 'http://localhost'
}
})) }))
const req = http.request(opts) const req = http.request(opts)
@ -47,9 +44,7 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
}) })
res.on('end', function () { res.on('end', function () {
let headers = opts.includeHeaders ? res.headers : null if (!output) return resolve(null)
if (!output) return resolve(headers ? { headers } : null)
try { try {
output = JSON.parse(output) output = JSON.parse(output)
} catch (e) { } catch (e) {
@ -61,29 +56,29 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
err.status = output.status err.status = output.status
return reject(err) return reject(err)
} }
resolve(headers ? { headers, output } : output) resolve(output)
}) })
}) })
req.end() req.end()
}) })
} }
Client.prototype.get = function(url = '/', options) { Client.prototype.get = function(url = '/') {
return this.customRequest('GET', url, null, options) return this.customRequest('GET', url, null)
} }
Client.prototype.post = function(url = '/', body = {}, options) { Client.prototype.post = function(url = '/', body = {}) {
let parsed = JSON.stringify(body) let parsed = JSON.stringify(body)
return this.customRequest('POST', url, parsed, defaults(options, { return this.customRequest('POST', url, parsed, {
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'Content-Length': parsed.length, 'Content-Length': parsed.length,
}, },
})) })
} }
Client.prototype.del = function(url = '/', body = {}, options) { Client.prototype.del = function(url = '/', body = {}) {
return this.customRequest('DELETE', url, JSON.stringify(body), options) return this.customRequest('DELETE', url, JSON.stringify(body))
} }
const random = (length = 8) => { const random = (length = 8) => {
@ -97,7 +92,7 @@ const random = (length = 8) => {
return str; return str;
} }
Client.prototype.upload = function(url, file, method = 'POST', body = {}, options) { Client.prototype.upload = function(url, file, method = 'POST', body = {}) {
return fs.readFile(file).then(data => { return fs.readFile(file).then(data => {
const crlf = '\r\n' const crlf = '\r\n'
const filename = path.basename(file) const filename = path.basename(file)
@ -119,12 +114,12 @@ Client.prototype.upload = function(url, file, method = 'POST', body = {}, option
Buffer.from(`${crlf}--${boundary}--`), Buffer.from(`${crlf}--${boundary}--`),
]) ])
return this.customRequest(method, url, multipartBody, defaults(options, { return this.customRequest(method, url, multipartBody, {
timeout: 5000, timeout: 5000,
headers: { headers: {
'Content-Type': 'multipart/form-data; boundary=' + boundary, 'Content-Type': 'multipart/form-data; boundary=' + boundary,
'Content-Length': multipartBody.length, 'Content-Length': multipartBody.length,
}, },
})) })
}) })
} }

15
test/helper.server.mjs
View file

@ -35,25 +35,12 @@ export function startServer() {
"default@HS256": "asdf1234" "default@HS256": "asdf1234"
} }
}, },
"development_cors": {
"keys": {
"default@HS256": "asdf1234"
},
"cors": true
},
"existing": { "existing": {
"public": true, "public": true,
"keys": { "keys": {
"default@HS256": "asdf1234" "default@HS256": "asdf1234"
} }
}, }
"existing_cors": {
"public": true,
"keys": {
"default@HS256": "asdf1234"
},
"cors": true
},
}, },
}) })

BIN
test/media/A stray'd cat asked to go & inside a shop during heatwave [oBv38cS-MbM].mp4_snapshot_00.00.164.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1 MiB

577
test/media/api.test.mjs
View file

@ -15,7 +15,7 @@ function resolve(file) {
const currYear = new Date().getFullYear().toString() const currYear = new Date().getFullYear().toString()
t.timeout(10000).describe('Media (API)', () => { t.describe('Media (API)', () => {
let client let client
let secret = 'asdf1234' let secret = 'asdf1234'
let testFiles = [] let testFiles = []
@ -34,82 +34,7 @@ t.timeout(10000).describe('Media (API)', () => {
}) })
}) })
t.describe('OPTIONS', function() { t.timeout(10000).describe('POST /media', function temp() {
t.test('should fail options for every single route', async () => {
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let err = await assert.isRejected(
client.customRequest('OPTIONS', path, null)
)
assert.strictEqual(err.status, 404)
}
})
t.test('should fail options for every single route even with token', async () => {
let token = encode(null, { iss: 'development' }, secret)
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let err = await assert.isRejected(
client.customRequest('OPTIONS', path + `?token=${token}`, null)
)
assert.strictEqual(err.status, 404)
}
})
t.test('should work if specified has cors enabled', async () => {
const assertOrigin = 'http://localhost:9999'
let token = encode(null, { iss: 'development_cors' }, secret)
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let res = await client.customRequest('OPTIONS', path + `?token=${token}`, null, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.strictEqual(res.headers['access-control-allow-origin'], assertOrigin)
assert.match(res.headers['access-control-allow-methods'], /post/i)
}
})
})
t.describe('POST /media', function temp() {
let config
t.before(async () => {
config = (await import('../../api/config.mjs')).default
})
t.afterEach(function() {
config.sources[2].store.fileSize = 524288000
delete config.sources[1].store.sites.development.fileSize
})
t.test('should require authentication', async () => { t.test('should require authentication', async () => {
resetLog() resetLog()
assert.strictEqual(log.error.callCount, 0) assert.strictEqual(log.error.callCount, 0)
@ -160,108 +85,6 @@ t.timeout(10000).describe('Media (API)', () => {
t.test('should upload file and create file', async () => { t.test('should upload file and create file', async () => {
let token = encode(null, { iss: 'development' }, secret) let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png'),
'POST',
{ },
{ includeHeaders: true }
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload file and create file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
t.test('should properly replace spaces and other stuff', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('A stray\'d cat asked to go & inside a shop during heatwave [oBv38cS-MbM].mp4_snapshot_00.00.164.png')
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
assert.notOk(data.filename.includes(' '))
assert.ok(data.filename.includes('A_strayd_cat_asked_to_go_and_inside_a_shop_during_heatwave_[oBv38cS-MbM].mp4_snapshot_00.00.164.png'))
let stats = await Promise.all([
fs.stat(resolve('A stray\'d cat asked to go & inside a shop during heatwave [oBv38cS-MbM].mp4_snapshot_00.00.164.png')),
fs.stat(resolve(`../../public/${data.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.path}`)).metadata()
assert.strictEqual(img.width, 1280)
assert.strictEqual(img.height, 720)
assert.strictEqual(img.format, 'png')
})
t.test('should return cors for cors-enabled sites', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled( let data = await assert.isFulfilled(
client.upload( client.upload(
`/media?token=${token}`, `/media?token=${token}`,
@ -287,38 +110,9 @@ t.timeout(10000).describe('Media (API)', () => {
assert.strictEqual(img.height, 700) assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png') assert.strictEqual(img.format, 'png')
}) })
t.test('should support site-specific fileSize', async () => {
let token = encode(null, { iss: 'development' }, secret)
config.sources[2].store.fileSize = 1000
let err = await assert.isRejected(
client.upload(
`/media?token=${token}`,
resolve('test.png')
)
)
assert.match(err.message, /maxFileSize exceeded/)
config.sources[1].store.sites.development.fileSize = 524288000
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png')
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
})
}) })
t.describe('POST /media/noprefix', function temp() { t.timeout(10000).describe('POST /media/noprefix', function temp() {
t.test('should require authentication', async () => { t.test('should require authentication', async () => {
resetLog() resetLog()
assert.strictEqual(log.error.callCount, 0) assert.strictEqual(log.error.callCount, 0)
@ -372,18 +166,15 @@ t.timeout(10000).describe('Media (API)', () => {
let data = await assert.isFulfilled( let data = await assert.isFulfilled(
client.upload( client.upload(
`/media/noprefix?token=${token}`, `/media/noprefix?token=${token}`,
resolve('test.png'), resolve('test.png')
'POST',
{ },
{ includeHeaders: true }
) )
) )
testFiles.push(data?.output?.path) testFiles.push(data.path)
assert.ok(data.output) assert.ok(data)
assert.strictEqual(data.output.filename, 'test.png') assert.strictEqual(data.filename, 'test.png')
assert.ok(data.output.path) assert.ok(data.path)
let stats = await Promise.all([ let stats = await Promise.all([
fs.stat(resolve('test.png')), fs.stat(resolve('test.png')),
@ -395,44 +186,6 @@ t.timeout(10000).describe('Media (API)', () => {
assert.strictEqual(img.width, 600) assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700) assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png') assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload and create file with no prefix', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/noprefix?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.strictEqual(data.output.filename, 'test.png')
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve('../../public/development/test.png')),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve('../../public/development/test.png')).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
}) })
t.test('should upload and create file with prefix if exists', async () => { t.test('should upload and create file with prefix if exists', async () => {
@ -475,7 +228,7 @@ t.timeout(10000).describe('Media (API)', () => {
}) })
}) })
t.describe('POST /media/resize', function temp() { t.timeout(10000).describe('POST /media/resize', function temp() {
t.test('should require authentication', async () => { t.test('should require authentication', async () => {
resetLog() resetLog()
assert.strictEqual(log.error.callCount, 0) assert.strictEqual(log.error.callCount, 0)
@ -531,66 +284,27 @@ t.timeout(10000).describe('Media (API)', () => {
`/media/resize?token=${token}`, `/media/resize?token=${token}`,
resolve('test.png'), resolve('test.png'),
'POST', 'POST',
{ }, { }
{ includeHeaders: true }
) )
) )
testFiles.push(data?.output?.path) testFiles.push(data.path)
assert.ok(data.output) assert.ok(data)
assert.ok(data.output.filename) assert.ok(data.filename)
assert.ok(data.output.filename.startsWith(currYear)) assert.ok(data.filename.startsWith(currYear))
assert.ok(data.output.path) assert.ok(data.path)
let stats = await Promise.all([ let stats = await Promise.all([
fs.stat(resolve('test.png')), fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)), fs.stat(resolve(`../../public/${data.path}`)),
]) ])
assert.strictEqual(stats[0].size, stats[1].size) assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata() let img = await sharp(resolve(`../../public/${data.path}`)).metadata()
assert.strictEqual(img.width, 600) assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700) assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png') assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload file and create file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
}) })
t.test('should upload file and create multiple sizes for file', async () => { t.test('should upload file and create multiple sizes for file', async () => {
@ -717,8 +431,13 @@ t.timeout(10000).describe('Media (API)', () => {
assert.strictEqual(img.height, 12) assert.strictEqual(img.height, 12)
assert.strictEqual(img.format, 'jpeg') assert.strictEqual(img.format, 'jpeg')
}) })
})
t.test('should upload file and filter out null sizes', async () => { t.timeout(10000).describe('POST /media/resize/:filename', function temp() {
let sourceFilename
let sourcePath
t.before(async function() {
let token = encode(null, { iss: 'development' }, secret) let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled( let data = await assert.isFulfilled(
@ -726,70 +445,19 @@ t.timeout(10000).describe('Media (API)', () => {
`/media/resize?token=${token}`, `/media/resize?token=${token}`,
resolve('test.png'), resolve('test.png'),
'POST', 'POST',
{ { }
outtest: null,
bla: null,
test: null,
}
) )
) )
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.path)
testFiles.push(data.path) testFiles.push(data.path)
let stats = await Promise.all([ assert.ok(data)
fs.stat(resolve('test.png')), assert.ok(data.filename)
fs.stat(resolve(`../../public/${data.path}`)), assert.ok(data.filename.startsWith(currYear))
]) assert.ok(data.path)
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.path}`)).metadata() sourceFilename = data.filename
assert.strictEqual(img.width, 600) sourcePath = data.path
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
})
})
t.describe('POST /media/resize/:filename', function temp() {
let sourceFilename
let sourceFilenameCors
let sourcePath
let sourcePathCors
t.before(async function() {
let issuers = ['development', 'development_cors']
for (let iss of issuers) {
let token = encode(null, { iss }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ }
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
if (iss === 'development') {
sourceFilename = data.filename
sourcePath = data.path
} else {
sourceFilenameCors = data.filename
sourcePathCors = data.path
}
}
}) })
t.test('should require authentication', async () => { t.test('should require authentication', async () => {
@ -865,75 +533,34 @@ t.timeout(10000).describe('Media (API)', () => {
compressionLevel: 9, compressionLevel: 9,
} }
}, },
}, }
{ includeHeaders: true }
) )
) )
testFiles.push(data.output.test1.path) testFiles.push(data.test1.path)
testFiles.push(data.output.test2.path) testFiles.push(data.test2.path)
assert.ok(data.output.test1.filename) assert.ok(data.test1.filename)
assert.ok(data.output.test1.filename.startsWith(currYear)) assert.ok(data.test1.filename.startsWith(currYear))
assert.ok(data.output.test1.path) assert.ok(data.test1.path)
assert.ok(data.output.test2.filename) assert.ok(data.test2.filename)
assert.ok(data.output.test2.filename.startsWith(currYear)) assert.ok(data.test2.filename.startsWith(currYear))
assert.ok(data.output.test2.path) assert.ok(data.test2.path)
let img = await sharp(resolve(`../../public/${sourcePath}`)).metadata() let img = await sharp(resolve(`../../public/${sourcePath}`)).metadata()
assert.strictEqual(img.width, 600) assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700) assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png') assert.strictEqual(img.format, 'png')
img = await sharp(resolve(`../../public/${data.output.test1.path}`)).metadata() img = await sharp(resolve(`../../public/${data.test1.path}`)).metadata()
assert.strictEqual(img.width, 320) assert.strictEqual(img.width, 320)
assert.strictEqual(img.height, 413) assert.strictEqual(img.height, 413)
assert.strictEqual(img.format, 'jpeg') assert.strictEqual(img.format, 'jpeg')
img = await sharp(resolve(`../../public/${data.output.test2.path}`)).metadata() img = await sharp(resolve(`../../public/${data.test2.path}`)).metadata()
assert.strictEqual(img.width, 150) assert.strictEqual(img.width, 150)
assert.strictEqual(img.height, 175) assert.strictEqual(img.height, 175)
assert.strictEqual(img.format, 'png') assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should create sizes for existing file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.post(
`/media/resize/${sourceFilenameCors}?token=${token}`,
{
test2: {
format: 'png',
resize: { width: 150 },
png: { compressionLevel: 9 }
},
},
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data.output.test2.path)
assert.ok(data.output.test2.filename)
assert.ok(data.output.test2.filename.startsWith(currYear))
assert.ok(data.output.test2.path)
let img = await sharp(resolve(`../../public/${sourcePath}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
img = await sharp(resolve(`../../public/${data.output.test2.path}`)).metadata()
assert.strictEqual(img.width, 150)
assert.strictEqual(img.height, 175)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
}) })
t.test('should base64 output of existing file', async () => { t.test('should base64 output of existing file', async () => {
@ -970,7 +597,7 @@ t.timeout(10000).describe('Media (API)', () => {
}) })
}) })
t.describe('DELETE /media/:filename', function temp() { t.timeout(10000).describe('DELETE /media/:filename', function temp() {
t.test('should require authentication', async () => { t.test('should require authentication', async () => {
resetLog() resetLog()
assert.strictEqual(log.error.callCount, 0) assert.strictEqual(log.error.callCount, 0)
@ -1019,7 +646,7 @@ t.timeout(10000).describe('Media (API)', () => {
}) })
t.test('should remove the file', async () => { t.test('should remove the file', async () => {
let token = encode(null, { iss: 'development' }, secret) let token = encode(null, { iss: 'existing' }, secret)
let data = await client.upload( let data = await client.upload(
`/media/noprefix?token=${token}`, `/media/noprefix?token=${token}`,
@ -1029,11 +656,11 @@ t.timeout(10000).describe('Media (API)', () => {
let filepath = data.path let filepath = data.path
testFiles.push(filepath) testFiles.push(filepath)
let files = await client.get('/media?token=' + token) let files = await client.get('/media/existing')
let found = false let found = false
for (let file of files) { for (let file of files) {
if (file.filename === data.filename) { if (file.filename === 'test.png') {
found = true found = true
} }
} }
@ -1043,70 +670,17 @@ t.timeout(10000).describe('Media (API)', () => {
fs.stat(resolve(`../../public/${filepath}`)) fs.stat(resolve(`../../public/${filepath}`))
) )
let res = await assert.isFulfilled(
client.del(`/media/${data.filename}?token=${token}`, {}, {
includeHeaders: true
})
)
testFiles.splice(testFiles.length - 1)
files = await client.get('/media?token=' + token)
found = false
for (let file of files) {
if (file.filename === data.filename) {
found = true
}
}
assert.notOk(found)
await assert.isRejected(
fs.stat(resolve(`../../public/${filepath}`))
)
assert.notOk(res.headers['access-control-allow-origin'])
})
t.test('should remove the file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await client.upload(
`/media/noprefix?token=${token}`,
resolve('test.png')
)
let filepath = data.path
testFiles.push(filepath)
let files = await client.get('/media?token=' + token)
let found = false
for (let file of files) {
if (file.filename === data.filename) {
found = true
}
}
assert.ok(found)
await assert.isFulfilled( await assert.isFulfilled(
fs.stat(resolve(`../../public/${filepath}`)) client.del(`/media/test.png?token=${token}`)
)
let res = await assert.isFulfilled(
client.del(`/media/${data.filename}?token=${token}`, {}, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
) )
testFiles.splice(testFiles.length - 1) testFiles.splice(testFiles.length - 1)
files = await client.get('/media?token=' + token) files = await client.get('/media/existing')
found = false found = false
for (let file of files) { for (let file of files) {
if (file.filename === data.filename) { if (file.filename === 'test.png') {
found = true found = true
} }
} }
@ -1115,7 +689,6 @@ t.timeout(10000).describe('Media (API)', () => {
await assert.isRejected( await assert.isRejected(
fs.stat(resolve(`../../public/${filepath}`)) fs.stat(resolve(`../../public/${filepath}`))
) )
assert.strictEqual(res.headers['access-control-allow-origin'], assertOrigin)
}) })
}) })
@ -1162,39 +735,17 @@ t.timeout(10000).describe('Media (API)', () => {
t.test('should return list of files in specified folder', async () => { t.test('should return list of files in specified folder', async () => {
let token = encode(null, { iss: 'development' }, secret) let token = encode(null, { iss: 'development' }, secret)
let data = await client.get('/media?token=' + token, { includeHeaders: true }) let data = await client.get('/media?token=' + token)
assert.ok(data.output.length) assert.ok(data.length)
let found = false let found = false
for (let file of data.output) { for (let file of data) {
if (file.filename === '.gitkeep') { if (file.filename === '.gitkeep' && file.size === 0) {
found = true found = true
break break
} }
} }
assert.ok(found) assert.ok(found)
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should return list of files in specified folder and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await client.get('/media?token=' + token, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.ok(data.output.length)
let found = false
for (let file of data.output) {
if (file.filename === '.gitkeep') {
found = true
break
}
}
assert.ok(found)
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
}) })
}) })
@ -1214,25 +765,11 @@ t.timeout(10000).describe('Media (API)', () => {
}) })
t.test('should otherwise return list of files for a public site', async () => { t.test('should otherwise return list of files for a public site', async () => {
let files = await client.get('/media/existing', { includeHeaders: true }) let files = await client.get('/media/existing')
assert.strictEqual(files.output[0].filename, '20220105_101610_test1.jpg') assert.strictEqual(files[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files.output[0].size, null) assert.strictEqual(files[0].size, 15079)
assert.strictEqual(files.output[1].filename, '20220105_101610_test2.png') assert.strictEqual(files[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files.output[1].size, null) assert.strictEqual(files[1].size, 31705)
assert.notOk(files.headers['access-control-allow-origin'])
})
t.test('should otherwise return list of files for a public site and cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let files = await client.get('/media/existing_cors', {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.strictEqual(files.output[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files.output[0].size, null)
assert.strictEqual(files.output[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files.output[1].size, null)
assert.strictEqual(files.headers['access-control-allow-origin'], assertOrigin)
}) })
}) })
}) })

62
test/media/routes.test.mjs
View file

@ -1,5 +1,4 @@
import fs from 'fs/promises' import fs from 'fs/promises'
import path from 'path'
import { Eltro as t, assert, stub } from 'eltro' import { Eltro as t, assert, stub } from 'eltro'
import { HttpError } from 'flaska' import { HttpError } from 'flaska'
import { createContext } from '../helper.server.mjs' import { createContext } from '../helper.server.mjs'
@ -37,11 +36,11 @@ t.describe('#filesCacheGet', function() {
assert.strictEqual(routes.filesCacheGet('nonexisting').length, 0) assert.strictEqual(routes.filesCacheGet('nonexisting').length, 0)
assert.strictEqual(routes.filesCacheGet('development')[0].filename, '.gitkeep') assert.strictEqual(routes.filesCacheGet('development')[0].filename, '.gitkeep')
assert.strictEqual(routes.filesCacheGet('development')[0].size, null) assert.strictEqual(routes.filesCacheGet('development')[0].size, 0)
assert.strictEqual(routes.filesCacheGet('existing')[0].filename, '20220105_101610_test1.jpg') assert.strictEqual(routes.filesCacheGet('existing')[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(routes.filesCacheGet('existing')[0].size, null) assert.strictEqual(routes.filesCacheGet('existing')[0].size, 15079)
assert.strictEqual(routes.filesCacheGet('existing')[1].filename, '20220105_101610_test2.png') assert.strictEqual(routes.filesCacheGet('existing')[1].filename, '20220105_101610_test2.png')
assert.strictEqual(routes.filesCacheGet('existing')[1].size, null) assert.strictEqual(routes.filesCacheGet('existing')[1].size, 31705)
}) })
t.test('should always sort result', async function() { t.test('should always sort result', async function() {
@ -52,9 +51,9 @@ t.describe('#filesCacheGet', function() {
let files = routes.filesCacheGet('existing') let files = routes.filesCacheGet('existing')
assert.strictEqual(files[0].filename, '20220105_101610_test1.jpg') assert.strictEqual(files[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files[0].size, null) assert.strictEqual(files[0].size, 15079)
assert.strictEqual(files[1].filename, '20220105_101610_test2.png') assert.strictEqual(files[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files[1].size, null) assert.strictEqual(files[1].size, 31705)
routes.siteCache.get('existing').push({ filename: '0000.png', size: 0 }) routes.siteCache.get('existing').push({ filename: '0000.png', size: 0 })
@ -62,9 +61,9 @@ t.describe('#filesCacheGet', function() {
assert.strictEqual(files[0].filename, '0000.png') assert.strictEqual(files[0].filename, '0000.png')
assert.strictEqual(files[0].size, 0) assert.strictEqual(files[0].size, 0)
assert.strictEqual(files[1].filename, '20220105_101610_test1.jpg') assert.strictEqual(files[1].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files[1].size, null) assert.strictEqual(files[1].size, 15079)
assert.strictEqual(files[2].filename, '20220105_101610_test2.png') assert.strictEqual(files[2].filename, '20220105_101610_test2.png')
assert.strictEqual(files[2].size, null) assert.strictEqual(files[2].size, 31705)
}) })
}) })
@ -73,7 +72,7 @@ t.describe('#listFiles()', function() {
const stubGetCache = stub() const stubGetCache = stub()
const routes = new MediaRoutes({ const routes = new MediaRoutes({
security: { verifyToken: stubVerify, hasCors: stub() }, security: { verifyToken: stubVerify },
}) })
routes.filesCacheGet = stubGetCache routes.filesCacheGet = stubGetCache
@ -87,7 +86,7 @@ t.describe('#listFiles()', function() {
let ctx = createContext() let ctx = createContext()
const assertError = new Error('temp') const assertError = new Error('temp')
stubVerify.throws(assertError) stubVerify.rejects(assertError)
let err = await assert.isRejected(routes.listFiles(ctx)) let err = await assert.isRejected(routes.listFiles(ctx))
@ -102,7 +101,7 @@ t.describe('#listFiles()', function() {
let ctx = createContext() let ctx = createContext()
const assertSiteName = 'benshapiro' const assertSiteName = 'benshapiro'
const assertResult = { a: 1 } const assertResult = { a: 1 }
stubVerify.returns(assertSiteName) stubVerify.resolves(assertSiteName)
stubGetCache.returns(assertResult) stubGetCache.returns(assertResult)
await routes.listFiles(ctx) await routes.listFiles(ctx)
@ -118,7 +117,7 @@ t.describe('#listPublicFiles()', function() {
const stubGetCache = stub() const stubGetCache = stub()
const routes = new MediaRoutes({ const routes = new MediaRoutes({
security: { throwIfNotPublic: stubSitePublic, hasCors: stub() }, security: { throwIfNotPublic: stubSitePublic },
}) })
routes.filesCacheGet = stubGetCache routes.filesCacheGet = stubGetCache
@ -250,7 +249,6 @@ t.describe('#uploadNoPrefix', function() {
security: { security: {
verifyToken: stubVerify, verifyToken: stubVerify,
verifyBody: stub(), verifyBody: stub(),
hasCors: stub(),
}, },
formidable: { uploadFile: stubUpload, }, formidable: { uploadFile: stubUpload, },
fs: { stat: stubStat }, fs: { stat: stubStat },
@ -268,7 +266,7 @@ t.describe('#uploadNoPrefix', function() {
let ctx = createContext() let ctx = createContext()
const assertSiteName = 'benshapiro' const assertSiteName = 'benshapiro'
const assertError = new Error('hello') const assertError = new Error('hello')
stubVerify.returns(assertSiteName) stubVerify.resolves(assertSiteName)
stubUpload.rejects(assertError) stubUpload.rejects(assertError)
let err = await assert.isRejected(routes.uploadNoPrefix(ctx)) let err = await assert.isRejected(routes.uploadNoPrefix(ctx))
@ -301,7 +299,6 @@ t.describe('#resizeExisting', function() {
security: { security: {
verifyToken: stubVerifyToken, verifyToken: stubVerifyToken,
verifyBody: stubVerifyBody, verifyBody: stubVerifyBody,
hasCors: stub(),
}, },
fs: { stat: stubStat }, fs: { stat: stubStat },
sharp: stubSharp, sharp: stubSharp,
@ -340,7 +337,7 @@ t.describe('#resizeExisting', function() {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
const assertError = new Error('temp') const assertError = new Error('temp')
stubVerifyToken.throws(assertError) stubVerifyToken.rejects(assertError)
let err = await assert.isRejected(routes.resizeExisting(ctx)) let err = await assert.isRejected(routes.resizeExisting(ctx))
@ -369,7 +366,7 @@ t.describe('#resizeExisting', function() {
const assertJpeg = { a: 1 } const assertJpeg = { a: 1 }
const assertFilename = 'asdfsafd' const assertFilename = 'asdfsafd'
const assertSite = 'mario' const assertSite = 'mario'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
let ctx = createContext({ req: { body: { let ctx = createContext({ req: { body: {
[assertKey]: { [assertKey]: {
@ -420,7 +417,7 @@ t.describe('#resizeExisting', function() {
const assertPayload = { a: 1 } const assertPayload = { a: 1 }
const assertFilename = 'asdfsafd' const assertFilename = 'asdfsafd'
const assertSite = 'mario' const assertSite = 'mario'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
let called = 0 let called = 0
stubStat.returnWith(function() { stubStat.returnWith(function() {
@ -469,7 +466,7 @@ t.describe('#resizeExisting', function() {
const assertValidKey2 = 'derp' const assertValidKey2 = 'derp'
const assertErrorKey = 'throwmyerr' const assertErrorKey = 'throwmyerr'
const assertErrorMessage = 'some message here' const assertErrorMessage = 'some message here'
stubVerifyToken.returns('asdf') stubVerifyToken.resolves('asdf')
let called = 0 let called = 0
stubStat.returnWith(function() { stubStat.returnWith(function() {
@ -514,7 +511,7 @@ t.describe('#resizeExisting', function() {
const assertFilename = 'asdfsafd.png' const assertFilename = 'asdfsafd.png'
const assertSite = 'mario' const assertSite = 'mario'
const assertBase64Data = 'asdf1234' const assertBase64Data = 'asdf1234'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
let ctx = createContext({ req: { body: { let ctx = createContext({ req: { body: {
[assertKey]: { [assertKey]: {
@ -564,7 +561,6 @@ t.describe('#resize', function() {
security: { security: {
verifyToken: stubVerifyToken, verifyToken: stubVerifyToken,
verifyBody: stubVerifyBody, verifyBody: stubVerifyBody,
hasCors: stub(),
}, },
fs: { stat: stubStat }, fs: { stat: stubStat },
formidable: { uploadFile: stubUpload }, formidable: { uploadFile: stubUpload },
@ -621,7 +617,7 @@ t.describe('#resize', function() {
const assertJpeg = { a: 1 } const assertJpeg = { a: 1 }
const assertFilename = 'asdfsafd' const assertFilename = 'asdfsafd'
const assertSite = 'mario' const assertSite = 'mario'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
stubUpload.resolves({ filename: assertFilename + '.png' }) stubUpload.resolves({ filename: assertFilename + '.png' })
let ctx = createContext({ req: { body: { let ctx = createContext({ req: { body: {
@ -672,7 +668,7 @@ t.describe('#resize', function() {
const assertPayload = { a: 1 } const assertPayload = { a: 1 }
const assertFilename = 'asdfsafd' const assertFilename = 'asdfsafd'
const assertSite = 'mario' const assertSite = 'mario'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
stubUpload.resolves({ filename: assertFilename + '.png' }) stubUpload.resolves({ filename: assertFilename + '.png' })
let called = 0 let called = 0
@ -723,7 +719,7 @@ t.describe('#resize', function() {
const assertValidKey2 = 'derp' const assertValidKey2 = 'derp'
const assertErrorKey = 'throwmyerr' const assertErrorKey = 'throwmyerr'
const assertErrorMessage = 'some message here' const assertErrorMessage = 'some message here'
stubVerifyToken.returns('asdf') stubVerifyToken.resolves('asdf')
stubUpload.resolves({ filename: 'file.png' }) stubUpload.resolves({ filename: 'file.png' })
let called = 0 let called = 0
@ -768,7 +764,7 @@ t.describe('#resize', function() {
const assertFilename = 'asdfsafd.png' const assertFilename = 'asdfsafd.png'
const assertSite = 'mario' const assertSite = 'mario'
const assertBase64Data = 'asdf1234' const assertBase64Data = 'asdf1234'
stubVerifyToken.returns(assertSite) stubVerifyToken.resolves(assertSite)
stubUpload.resolves({ filename: assertFilename }) stubUpload.resolves({ filename: assertFilename })
let ctx = createContext({ req: { body: { let ctx = createContext({ req: { body: {
@ -814,7 +810,6 @@ basicUploadTestRoutes.forEach(function(name) {
security: { security: {
verifyToken: stubVerify, verifyToken: stubVerify,
verifyBody: stub(), verifyBody: stub(),
hasCors: stub(),
}, },
formidable: { uploadFile: stubUpload, }, formidable: { uploadFile: stubUpload, },
fs: { stat: stubStat }, fs: { stat: stubStat },
@ -831,7 +826,7 @@ basicUploadTestRoutes.forEach(function(name) {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
const assertError = new Error('temp') const assertError = new Error('temp')
stubVerify.throws(assertError) stubVerify.rejects(assertError)
let err = await assert.isRejected(routes[name](ctx)) let err = await assert.isRejected(routes[name](ctx))
@ -846,7 +841,7 @@ basicUploadTestRoutes.forEach(function(name) {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
const assertSiteName = 'benshapiro' const assertSiteName = 'benshapiro'
const assertError = new Error('hello') const assertError = new Error('hello')
stubVerify.returns(assertSiteName) stubVerify.resolves(assertSiteName)
stubUpload.rejects(assertError) stubUpload.rejects(assertError)
let err = await assert.isRejected(routes[name](ctx)) let err = await assert.isRejected(routes[name](ctx))
@ -864,7 +859,7 @@ basicUploadTestRoutes.forEach(function(name) {
const assertSize = 1241412 const assertSize = 1241412
const assertFilename = 'asdfsafd' const assertFilename = 'asdfsafd'
const assertSite = 'mario' const assertSite = 'mario'
stubVerify.returns(assertSite) stubVerify.resolves(assertSite)
stubUpload.resolves({ filename: assertFilename }) stubUpload.resolves({ filename: assertFilename })
stubStat.resolves({ size: assertSize }) stubStat.resolves({ size: assertSize })
await routes[name](ctx) await routes[name](ctx)
@ -891,7 +886,6 @@ t.describe('#remove()', function() {
const routes = new MediaRoutes({ const routes = new MediaRoutes({
security: { security: {
verifyToken: stubVerify, verifyToken: stubVerify,
hasCors: stub(),
}, },
fs: { unlink: stubUnlink }, fs: { unlink: stubUnlink },
}) })
@ -910,7 +904,7 @@ t.describe('#remove()', function() {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
const assertError = new Error('temp') const assertError = new Error('temp')
stubVerify.throws(assertError) stubVerify.rejects(assertError)
let err = await assert.isRejected(routes.remove(ctx)) let err = await assert.isRejected(routes.remove(ctx))
@ -929,7 +923,7 @@ t.describe('#remove()', function() {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
ctx.params.filename = assertFilename ctx.params.filename = assertFilename
stubVerify.returns(assertSiteName) stubVerify.resolves(assertSiteName)
stubUnlink.rejects(assertError) stubUnlink.rejects(assertError)
let err = await assert.isRejected(routes.remove(ctx)) let err = await assert.isRejected(routes.remove(ctx))
@ -942,7 +936,7 @@ t.describe('#remove()', function() {
assert.match(err.message, new RegExp(assertFilename)) assert.match(err.message, new RegExp(assertFilename))
assert.match(err.message, new RegExp(assertErrorMessage)) assert.match(err.message, new RegExp(assertErrorMessage))
assert.strictEqual(stubUnlink.firstCall[0], path.join(`./public/${assertSiteName}/`, assertFilename)) assert.strictEqual(stubUnlink.firstCall[0], `./public/${assertSiteName}/${assertFilename}`)
}) })
t.test('should otherwise return 204 status and remove from array', async function() { t.test('should otherwise return 204 status and remove from array', async function() {
@ -953,7 +947,7 @@ t.describe('#remove()', function() {
let ctx = createContext({ req: { body: { } } }) let ctx = createContext({ req: { body: { } } })
ctx.params.filename = assertFilename ctx.params.filename = assertFilename
stubVerify.returns(assertSiteName) stubVerify.resolves(assertSiteName)
await routes.remove(ctx) await routes.remove(ctx)

102
test/media/security.test.mjs
View file

@ -2,7 +2,7 @@ import { Eltro as t, assert} from 'eltro'
import { HttpError } from 'flaska' import { HttpError } from 'flaska'
import { createContext } from '../helper.server.mjs' import { createContext } from '../helper.server.mjs'
import { verifyToken, verifyBody, throwIfNotPublic, verifyCorsEnabled } from '../../api/media/security.mjs' import { verifyToken, verifyBody, throwIfNotPublic } from '../../api/media/security.mjs'
import encode from '../../api/jwt/encode.mjs' import encode from '../../api/jwt/encode.mjs'
import config from '../../api/config.mjs' import config from '../../api/config.mjs'
@ -61,98 +61,6 @@ t.describe('#throwIfNotPublic()', function() {
}) })
}) })
t.describe('#verifyCorsEnabled()', function() {
let ctx
let backup = {}
t.beforeEach(function() {
ctx = createContext({ })
})
t.before(function() {
backup = config.sources[1].store
config.sources[1].store = {
sites: {
justatest: {
keys: {
'default@HS512': 'mysharedkey',
}
},
justatest2: {
keys: {
'default@HS512': 'mysharedkey',
},
cors: false,
},
justatest3: {
keys: {
'default@HS512': 'mysharedkey',
},
cors: true,
},
},
}
})
t.after(function() {
config.sources[1].store = backup
})
t.test('should throw 404 for sites that do not exist or are null', function() {
let tests = [
'justatest',
'justatest2',
'nonexisting1',
null,
]
tests.forEach(function(test) {
ctx.query.set('token', encode({ typ: 'JWT', alg: 'HS512' }, { iss: test }, 'mysharedkey'))
assert.throws(function() { verifyCorsEnabled(ctx) }, function(err) {
assert.ok(err instanceof HttpError)
assert.ok(err instanceof Error)
assert.strictEqual(err.status, 404)
assert.notOk(err.message)
return true
}, `should throw with site ${test}`)
})
})
t.test('should throw 404 for sites that use wrong token', function() {
let tests = [
'justatest',
'justatest2',
'nonexisting1',
null,
]
tests.forEach(function(test) {
ctx.query.set('token', encode({ typ: 'JWT', alg: 'HS512' }, { iss: test }, 'herp'))
assert.throws(function() { verifyCorsEnabled(ctx) }, function(err) {
assert.ok(err instanceof HttpError)
assert.ok(err instanceof Error)
assert.strictEqual(err.status, 404)
assert.notOk(err.message)
return true
}, `should throw with site ${test}`)
})
})
t.test('should pass for sites that have cors enabled', function() {
let tests = [
'justatest3',
]
tests.forEach(function(test) {
ctx.query.set('token', encode({ typ: 'JWT', alg: 'HS512' }, { iss: test }, 'mysharedkey'))
assert.doesNotThrow(function() { verifyCorsEnabled(ctx) }, `should not throw with site ${test}`)
})
})
})
t.describe('#verifyToken()', function() { t.describe('#verifyToken()', function() {
let backup = {} let backup = {}
t.before(function() { t.before(function() {
@ -252,12 +160,6 @@ t.describe('#verifyBody()', function() {
verifyBody(ctx) verifyBody(ctx)
}) })
t.test('should succeed with null values in body', function() {
let ctx = createContext({ req: { body: { test: null } } })
verifyBody(ctx)
})
t.test('should fail with invalid body', function() { t.test('should fail with invalid body', function() {
let ctx = createContext({ req: { body: { let ctx = createContext({ req: { body: {
@ -265,7 +167,7 @@ t.describe('#verifyBody()', function() {
} } }) } } })
let tests = [ let tests = [
// [null, 'null'], [null, 'null'],
['', 'empty string'], ['', 'empty string'],
['asdf', 'string'], ['asdf', 'string'],
[0, 'empty number'], [0, 'empty number'],