Compare commits

...

12 commits

Author SHA1 Message Date
d1bab7a929 formidable: Add support for site-specific filesize
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-29 21:57:14 +00:00
afde7fb89a cors: Add proper full cors support to all the media routes
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-15 13:21:22 +00:00
bf522833a8 package: Trigger new release
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-15 10:35:12 +00:00
5d57db6f32 appveyor: Migrate to new app2
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-15 10:34:21 +00:00
8d0265d0fe cors: Fix cors to allow any if site allows cors
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-15 10:07:20 +00:00
81c9603ea0 Add cors support for sites that request it
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2023-11-15 08:52:58 +00:00
ec81950c42 formidable: Fix typo in regex
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2022-10-17 09:47:03 +00:00
9e6d6f505d package: Trigger a new version
Some checks failed
continuous-integration/appveyor/branch AppVeyor build failed
2022-10-17 09:46:01 +00:00
a578e2fd80 formidable: Replace spaces and other illegal characters with url cleaner version.
Some checks failed
continuous-integration/appveyor/branch AppVeyor build failed
resize: Auto filter out null values
2022-10-17 09:45:28 +00:00
75929e7c17 routes: Fix path joining when removing files and traverse detection
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2022-08-16 08:36:08 +00:00
b931dfb784 unlinkFile: Fix so it decodes the uri path. Also add some safety checks
Some checks failed
continuous-integration/appveyor/branch AppVeyor build failed
2022-08-16 08:30:27 +00:00
f1be7e0d79 server: Fix logging for health, aggregate them into 12 * 60 * 60 instances
All checks were successful
continuous-integration/appveyor/branch AppVeyor build succeeded
2022-08-15 20:22:21 +00:00
16 changed files with 746 additions and 113 deletions

3
.gitignore vendored
View file

@ -60,9 +60,6 @@ typings/
# Local development config file
config/*.json
# Public folder should be ignored
public/*
# lol
package-lock.json

View file

@ -39,10 +39,21 @@ export function uploadFile(ctx, siteName, noprefix = false) {
form.uploadDir = `${config.get('uploadFolder')}/${siteName}`
form.maxFileSize = config.get('fileSize')
let siteSize = config.get(`sites:${siteName}:fileSize`)
if (siteSize && typeof(siteSize) === 'number') {
form.maxFileSize = siteSize
}
form.parse(ctx.req, function(err, fields, files) {
if (err) return rej(err)
if (!files || !files.file) return rej(new HttpError(422, 'File in body was missing'))
let file = files.file
let filename = file.name.replace(/ /g, '_')
.replace(/&/g, 'and')
.replace(/'/g, '')
.replace(/"/g, '')
.replace(/\?/g, '')
Object.keys(fields).forEach(function(key) {
try {
@ -51,14 +62,14 @@ export function uploadFile(ctx, siteName, noprefix = false) {
})
ctx.req.body = fields
if (!noprefix || fs.existsSync(`${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`)) {
if (!noprefix || fs.existsSync(`${config.get('uploadFolder')}/${siteName}/${prefix}${filename}`)) {
prefix = getPrefix()
}
fs.rename(files.file.path, `${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`, function(err) {
fs.rename(files.file.path, `${config.get('uploadFolder')}/${siteName}/${prefix}${filename}`, function(err) {
if (err) return rej(err)
file.path = `${config.get('uploadFolder')}/${siteName}/${prefix}${file.name}`
file.filename = `${prefix}${file.name}`
file.path = `${config.get('uploadFolder')}/${siteName}/${prefix}${filename}`
file.filename = `${prefix}${filename}`
return res(file)
})

View file

@ -2,7 +2,7 @@ import path from 'path'
import sharp from 'sharp'
import fs from 'fs/promises'
import config from '../config.mjs'
import { HttpError } from 'flaska'
import { HttpError, CorsHandler } from 'flaska'
import * as security from './security.mjs'
import * as formidable from './formidable.mjs'
@ -16,6 +16,7 @@ export default class MediaRoutes {
})
this.siteCache = new Map()
this.collator = new Intl.Collator('is-IS', { numeric: false, sensitivity: 'accent' })
this.cors = CorsHandler({ allowedOrigins: ['*'] })
}
register(server) {
@ -30,6 +31,7 @@ export default class MediaRoutes {
server.flaska.post('/media/resize', [server.queryHandler()], this.resize.bind(this))
server.flaska.post('/media/resize/:filename', [server.queryHandler(), server.jsonHandler()], this.resizeExisting.bind(this))
server.flaska.delete('/media/:filename', [server.queryHandler()], this.remove.bind(this))
server.flaska.options('/::path', [server.queryHandler(), this.security.verifyCorsEnabled], this.cors)
}
init(server) {
@ -89,20 +91,32 @@ export default class MediaRoutes {
}
}
getSite(ctx) {
let site = this.security.verifyToken(ctx)
if (this.security.hasCors(site)) {
this.cors(ctx)
}
return site
}
async listFiles(ctx) {
let site = await this.security.verifyToken(ctx)
let site = this.getSite(ctx)
ctx.body = this.filesCacheGet(site)
}
async listPublicFiles(ctx) {
this.security.throwIfNotPublic(ctx.params.site)
if (this.security.hasCors(ctx.params.site)) {
this.cors(ctx)
}
ctx.body = this.filesCacheGet(ctx.params.site)
}
async upload(ctx, noprefix = false) {
let site = await this.security.verifyToken(ctx)
let site = this.getSite(ctx)
ctx.state.site = site
let result = await this.formidable.uploadFile(ctx, ctx.state.site, noprefix)
@ -135,7 +149,7 @@ export default class MediaRoutes {
'extend',
]
await Promise.all(keys.map(key => {
await Promise.all(keys.filter(key => ctx.req.body[key]).map(key => {
return Promise.resolve()
.then(async () => {
let item = ctx.req.body[key]
@ -181,7 +195,7 @@ export default class MediaRoutes {
}
async resizeExisting(ctx) {
let site = await this.security.verifyToken(ctx)
let site = this.getSite(ctx)
ctx.state.site = site
ctx.body = {}
@ -195,13 +209,20 @@ export default class MediaRoutes {
}
async remove(ctx) {
let site = await this.security.verifyToken(ctx)
let site = this.getSite(ctx)
this.filesCacheRemove(site, ctx.params.filename)
await this.fs.unlink(`${config.get('uploadFolder')}/${site}/${ctx.params.filename}`)
let root = path.join(config.get('uploadFolder'), site)
var unlinkPath = path.join(root, decodeURIComponent(ctx.params.filename))
if (unlinkPath.indexOf(root) !== 0) {
throw new HttpError(403, `Error removing ${unlinkPath}: Traversing folder is not allowed`)
}
await this.fs.unlink(unlinkPath)
.catch(function(err) {
throw new HttpError(422, `Error removing ${site}/${ctx.params.filename}: ${err.message}`)
throw new HttpError(422, `Error removing ${unlinkPath}: ${err.message}`)
})
ctx.status = 204

View file

@ -25,6 +25,24 @@ export function verifyToken(ctx) {
}
}
export function hasCors(site) {
let sites = config.get('sites')
return sites[site]?.cors === true
}
export function verifyCorsEnabled(ctx) {
let site
try {
site = verifyToken(ctx)
} catch (err) {
throw new HttpError(404)
}
if (!hasCors(site)) {
throw new HttpError(404)
}
}
export function throwIfNotPublic(site) {
let sites = config.get('sites')
if (!sites[site] || sites[site].public !== true) {
@ -52,8 +70,9 @@ export function verifyBody(ctx) {
}
let item = ctx.req.body[key]
if (item == null) continue
if (typeof(item) !== 'object'
|| !item
|| Array.isArray(item)) {
throw new HttpError(422, `Body item ${key} was not valid`)
}

View file

@ -43,7 +43,7 @@ export default class Server {
})
let healthChecks = 0
let healthCollectLimit = 10
let healthCollectLimit = 60 * 60 * 12
this.flaska.after(function(ctx) {
let ended = performance.now() - ctx.__started
@ -60,7 +60,7 @@ export default class Server {
if (ctx.url === '/health') {
healthChecks++
if (healthChecks > healthCollectLimit) {
if (healthChecks >= healthCollectLimit) {
ctx.log[level]({
duration: Math.round(ended),
status: ctx.status,

View file

@ -66,7 +66,7 @@ on_success:
https://git.nfp.is/api/v1/repos/$APPVEYOR_REPO_NAME/releases/$RELEASE_ID/assets
echo "Deplying to production"
curl -X POST http://192.168.93.50:4010/update/storageupload
curl -X POST http://192.168.93.51:4010/update/storageupload
fi
# on build failure

View file

@ -1,6 +1,6 @@
{
"name": "storage-upload",
"version": "2.2.4",
"version": "2.2.12",
"description": "Micro service for uploading and image resizing files to a storage server.",
"main": "index.js",
"scripts": {
@ -42,7 +42,7 @@
},
"homepage": "https://github.com/nfp-projects/storage-upload#readme",
"dependencies": {
"flaska": "^1.2.3",
"flaska": "^1.3.5",
"formidable": "^1.2.2",
"nconf-lite": "^2.0.0",
"sharp": "^0.30.3"

View file

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 31 KiB

View file

@ -26,6 +26,9 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
host: urlObj.hostname,
port: Number(urlObj.port),
path: urlObj.pathname + urlObj.search,
headers: {
origin: 'http://localhost'
}
}))
const req = http.request(opts)
@ -44,7 +47,9 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
})
res.on('end', function () {
if (!output) return resolve(null)
let headers = opts.includeHeaders ? res.headers : null
if (!output) return resolve(headers ? { headers } : null)
try {
output = JSON.parse(output)
} catch (e) {
@ -56,29 +61,29 @@ Client.prototype.customRequest = function(method = 'GET', path, body, options) {
err.status = output.status
return reject(err)
}
resolve(output)
resolve(headers ? { headers, output } : output)
})
})
req.end()
})
}
Client.prototype.get = function(url = '/') {
return this.customRequest('GET', url, null)
Client.prototype.get = function(url = '/', options) {
return this.customRequest('GET', url, null, options)
}
Client.prototype.post = function(url = '/', body = {}) {
Client.prototype.post = function(url = '/', body = {}, options) {
let parsed = JSON.stringify(body)
return this.customRequest('POST', url, parsed, {
return this.customRequest('POST', url, parsed, defaults(options, {
headers: {
'Content-Type': 'application/json',
'Content-Length': parsed.length,
},
})
}))
}
Client.prototype.del = function(url = '/', body = {}) {
return this.customRequest('DELETE', url, JSON.stringify(body))
Client.prototype.del = function(url = '/', body = {}, options) {
return this.customRequest('DELETE', url, JSON.stringify(body), options)
}
const random = (length = 8) => {
@ -92,7 +97,7 @@ const random = (length = 8) => {
return str;
}
Client.prototype.upload = function(url, file, method = 'POST', body = {}) {
Client.prototype.upload = function(url, file, method = 'POST', body = {}, options) {
return fs.readFile(file).then(data => {
const crlf = '\r\n'
const filename = path.basename(file)
@ -114,12 +119,12 @@ Client.prototype.upload = function(url, file, method = 'POST', body = {}) {
Buffer.from(`${crlf}--${boundary}--`),
])
return this.customRequest(method, url, multipartBody, {
return this.customRequest(method, url, multipartBody, defaults(options, {
timeout: 5000,
headers: {
'Content-Type': 'multipart/form-data; boundary=' + boundary,
'Content-Length': multipartBody.length,
},
})
}))
})
}

View file

@ -35,12 +35,25 @@ export function startServer() {
"default@HS256": "asdf1234"
}
},
"development_cors": {
"keys": {
"default@HS256": "asdf1234"
},
"cors": true
},
"existing": {
"public": true,
"keys": {
"default@HS256": "asdf1234"
}
}
},
"existing_cors": {
"public": true,
"keys": {
"default@HS256": "asdf1234"
},
"cors": true
},
},
})

Binary file not shown.

After

Width:  |  Height:  |  Size: 1 MiB

View file

@ -15,7 +15,7 @@ function resolve(file) {
const currYear = new Date().getFullYear().toString()
t.describe('Media (API)', () => {
t.timeout(10000).describe('Media (API)', () => {
let client
let secret = 'asdf1234'
let testFiles = []
@ -34,7 +34,82 @@ t.describe('Media (API)', () => {
})
})
t.timeout(10000).describe('POST /media', function temp() {
t.describe('OPTIONS', function() {
t.test('should fail options for every single route', async () => {
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let err = await assert.isRejected(
client.customRequest('OPTIONS', path, null)
)
assert.strictEqual(err.status, 404)
}
})
t.test('should fail options for every single route even with token', async () => {
let token = encode(null, { iss: 'development' }, secret)
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let err = await assert.isRejected(
client.customRequest('OPTIONS', path + `?token=${token}`, null)
)
assert.strictEqual(err.status, 404)
}
})
t.test('should work if specified has cors enabled', async () => {
const assertOrigin = 'http://localhost:9999'
let token = encode(null, { iss: 'development_cors' }, secret)
const testPaths = [
'/media',
'/media/:site',
'/media',
'/media/noprefix',
'/media/resize',
'/media/resize/:filename',
'/media/:filename',
]
for (let path of testPaths) {
let res = await client.customRequest('OPTIONS', path + `?token=${token}`, null, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.strictEqual(res.headers['access-control-allow-origin'], assertOrigin)
assert.match(res.headers['access-control-allow-methods'], /post/i)
}
})
})
t.describe('POST /media', function temp() {
let config
t.before(async () => {
config = (await import('../../api/config.mjs')).default
})
t.afterEach(function() {
config.sources[2].store.fileSize = 524288000
delete config.sources[1].store.sites.development.fileSize
})
t.test('should require authentication', async () => {
resetLog()
assert.strictEqual(log.error.callCount, 0)
@ -85,6 +160,108 @@ t.describe('Media (API)', () => {
t.test('should upload file and create file', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png'),
'POST',
{ },
{ includeHeaders: true }
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload file and create file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
t.test('should properly replace spaces and other stuff', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('A stray\'d cat asked to go & inside a shop during heatwave [oBv38cS-MbM].mp4_snapshot_00.00.164.png')
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
assert.notOk(data.filename.includes(' '))
assert.ok(data.filename.includes('A_strayd_cat_asked_to_go_and_inside_a_shop_during_heatwave_[oBv38cS-MbM].mp4_snapshot_00.00.164.png'))
let stats = await Promise.all([
fs.stat(resolve('A stray\'d cat asked to go & inside a shop during heatwave [oBv38cS-MbM].mp4_snapshot_00.00.164.png')),
fs.stat(resolve(`../../public/${data.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.path}`)).metadata()
assert.strictEqual(img.width, 1280)
assert.strictEqual(img.height, 720)
assert.strictEqual(img.format, 'png')
})
t.test('should return cors for cors-enabled sites', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
@ -110,9 +287,38 @@ t.describe('Media (API)', () => {
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
})
t.test('should support site-specific fileSize', async () => {
let token = encode(null, { iss: 'development' }, secret)
config.sources[2].store.fileSize = 1000
let err = await assert.isRejected(
client.upload(
`/media?token=${token}`,
resolve('test.png')
)
)
assert.match(err.message, /maxFileSize exceeded/)
config.sources[1].store.sites.development.fileSize = 524288000
let data = await assert.isFulfilled(
client.upload(
`/media?token=${token}`,
resolve('test.png')
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
})
})
t.timeout(10000).describe('POST /media/noprefix', function temp() {
t.describe('POST /media/noprefix', function temp() {
t.test('should require authentication', async () => {
resetLog()
assert.strictEqual(log.error.callCount, 0)
@ -166,15 +372,18 @@ t.describe('Media (API)', () => {
let data = await assert.isFulfilled(
client.upload(
`/media/noprefix?token=${token}`,
resolve('test.png')
resolve('test.png'),
'POST',
{ },
{ includeHeaders: true }
)
)
testFiles.push(data.path)
testFiles.push(data?.output?.path)
assert.ok(data)
assert.strictEqual(data.filename, 'test.png')
assert.ok(data.path)
assert.ok(data.output)
assert.strictEqual(data.output.filename, 'test.png')
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
@ -186,6 +395,44 @@ t.describe('Media (API)', () => {
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload and create file with no prefix', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/noprefix?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.strictEqual(data.output.filename, 'test.png')
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve('../../public/development/test.png')),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve('../../public/development/test.png')).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
t.test('should upload and create file with prefix if exists', async () => {
@ -228,7 +475,7 @@ t.describe('Media (API)', () => {
})
})
t.timeout(10000).describe('POST /media/resize', function temp() {
t.describe('POST /media/resize', function temp() {
t.test('should require authentication', async () => {
resetLog()
assert.strictEqual(log.error.callCount, 0)
@ -284,27 +531,66 @@ t.describe('Media (API)', () => {
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ }
{ },
{ includeHeaders: true }
)
)
testFiles.push(data.path)
testFiles.push(data?.output?.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.path}`)),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.path}`)).metadata()
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should upload file and create file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ },
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data?.output?.path)
assert.ok(data.output)
assert.ok(data.output.filename)
assert.ok(data.output.filename.startsWith(currYear))
assert.ok(data.output.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.output.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.output.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
t.test('should upload file and create multiple sizes for file', async () => {
@ -431,13 +717,8 @@ t.describe('Media (API)', () => {
assert.strictEqual(img.height, 12)
assert.strictEqual(img.format, 'jpeg')
})
})
t.timeout(10000).describe('POST /media/resize/:filename', function temp() {
let sourceFilename
let sourcePath
t.before(async function() {
t.test('should upload file and filter out null sizes', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await assert.isFulfilled(
@ -445,19 +726,70 @@ t.describe('Media (API)', () => {
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ }
{
outtest: null,
bla: null,
test: null,
}
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
sourceFilename = data.filename
sourcePath = data.path
testFiles.push(data.path)
let stats = await Promise.all([
fs.stat(resolve('test.png')),
fs.stat(resolve(`../../public/${data.path}`)),
])
assert.strictEqual(stats[0].size, stats[1].size)
let img = await sharp(resolve(`../../public/${data.path}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
})
})
t.describe('POST /media/resize/:filename', function temp() {
let sourceFilename
let sourceFilenameCors
let sourcePath
let sourcePathCors
t.before(async function() {
let issuers = ['development', 'development_cors']
for (let iss of issuers) {
let token = encode(null, { iss }, secret)
let data = await assert.isFulfilled(
client.upload(
`/media/resize?token=${token}`,
resolve('test.png'),
'POST',
{ }
)
)
testFiles.push(data.path)
assert.ok(data)
assert.ok(data.filename)
assert.ok(data.filename.startsWith(currYear))
assert.ok(data.path)
if (iss === 'development') {
sourceFilename = data.filename
sourcePath = data.path
} else {
sourceFilenameCors = data.filename
sourcePathCors = data.path
}
}
})
t.test('should require authentication', async () => {
@ -533,34 +865,75 @@ t.describe('Media (API)', () => {
compressionLevel: 9,
}
},
}
},
{ includeHeaders: true }
)
)
testFiles.push(data.test1.path)
testFiles.push(data.test2.path)
testFiles.push(data.output.test1.path)
testFiles.push(data.output.test2.path)
assert.ok(data.test1.filename)
assert.ok(data.test1.filename.startsWith(currYear))
assert.ok(data.test1.path)
assert.ok(data.test2.filename)
assert.ok(data.test2.filename.startsWith(currYear))
assert.ok(data.test2.path)
assert.ok(data.output.test1.filename)
assert.ok(data.output.test1.filename.startsWith(currYear))
assert.ok(data.output.test1.path)
assert.ok(data.output.test2.filename)
assert.ok(data.output.test2.filename.startsWith(currYear))
assert.ok(data.output.test2.path)
let img = await sharp(resolve(`../../public/${sourcePath}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
img = await sharp(resolve(`../../public/${data.test1.path}`)).metadata()
img = await sharp(resolve(`../../public/${data.output.test1.path}`)).metadata()
assert.strictEqual(img.width, 320)
assert.strictEqual(img.height, 413)
assert.strictEqual(img.format, 'jpeg')
img = await sharp(resolve(`../../public/${data.test2.path}`)).metadata()
img = await sharp(resolve(`../../public/${data.output.test2.path}`)).metadata()
assert.strictEqual(img.width, 150)
assert.strictEqual(img.height, 175)
assert.strictEqual(img.format, 'png')
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should create sizes for existing file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await assert.isFulfilled(
client.post(
`/media/resize/${sourceFilenameCors}?token=${token}`,
{
test2: {
format: 'png',
resize: { width: 150 },
png: { compressionLevel: 9 }
},
},
{
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
}
)
)
testFiles.push(data.output.test2.path)
assert.ok(data.output.test2.filename)
assert.ok(data.output.test2.filename.startsWith(currYear))
assert.ok(data.output.test2.path)
let img = await sharp(resolve(`../../public/${sourcePath}`)).metadata()
assert.strictEqual(img.width, 600)
assert.strictEqual(img.height, 700)
assert.strictEqual(img.format, 'png')
img = await sharp(resolve(`../../public/${data.output.test2.path}`)).metadata()
assert.strictEqual(img.width, 150)
assert.strictEqual(img.height, 175)
assert.strictEqual(img.format, 'png')
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
t.test('should base64 output of existing file', async () => {
@ -597,7 +970,7 @@ t.describe('Media (API)', () => {
})
})
t.timeout(10000).describe('DELETE /media/:filename', function temp() {
t.describe('DELETE /media/:filename', function temp() {
t.test('should require authentication', async () => {
resetLog()
assert.strictEqual(log.error.callCount, 0)
@ -646,7 +1019,7 @@ t.describe('Media (API)', () => {
})
t.test('should remove the file', async () => {
let token = encode(null, { iss: 'existing' }, secret)
let token = encode(null, { iss: 'development' }, secret)
let data = await client.upload(
`/media/noprefix?token=${token}`,
@ -656,11 +1029,11 @@ t.describe('Media (API)', () => {
let filepath = data.path
testFiles.push(filepath)
let files = await client.get('/media/existing')
let files = await client.get('/media?token=' + token)
let found = false
for (let file of files) {
if (file.filename === 'test.png') {
if (file.filename === data.filename) {
found = true
}
}
@ -670,17 +1043,19 @@ t.describe('Media (API)', () => {
fs.stat(resolve(`../../public/${filepath}`))
)
await assert.isFulfilled(
client.del(`/media/test.png?token=${token}`)
let res = await assert.isFulfilled(
client.del(`/media/${data.filename}?token=${token}`, {}, {
includeHeaders: true
})
)
testFiles.splice(testFiles.length - 1)
files = await client.get('/media/existing')
files = await client.get('/media?token=' + token)
found = false
for (let file of files) {
if (file.filename === 'test.png') {
if (file.filename === data.filename) {
found = true
}
}
@ -689,6 +1064,58 @@ t.describe('Media (API)', () => {
await assert.isRejected(
fs.stat(resolve(`../../public/${filepath}`))
)
assert.notOk(res.headers['access-control-allow-origin'])
})
t.test('should remove the file and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await client.upload(
`/media/noprefix?token=${token}`,
resolve('test.png')
)
let filepath = data.path
testFiles.push(filepath)
let files = await client.get('/media?token=' + token)
let found = false
for (let file of files) {
if (file.filename === data.filename) {
found = true
}
}
assert.ok(found)
await assert.isFulfilled(
fs.stat(resolve(`../../public/${filepath}`))
)
let res = await assert.isFulfilled(
client.del(`/media/${data.filename}?token=${token}`, {}, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
)
testFiles.splice(testFiles.length - 1)
files = await client.get('/media?token=' + token)
found = false
for (let file of files) {
if (file.filename === data.filename) {
found = true
}
}
assert.notOk(found)
await assert.isRejected(
fs.stat(resolve(`../../public/${filepath}`))
)
assert.strictEqual(res.headers['access-control-allow-origin'], assertOrigin)
})
})
@ -735,17 +1162,39 @@ t.describe('Media (API)', () => {
t.test('should return list of files in specified folder', async () => {
let token = encode(null, { iss: 'development' }, secret)
let data = await client.get('/media?token=' + token)
let data = await client.get('/media?token=' + token, { includeHeaders: true })
assert.ok(data.length)
assert.ok(data.output.length)
let found = false
for (let file of data) {
for (let file of data.output) {
if (file.filename === '.gitkeep') {
found = true
break
}
}
assert.ok(found)
assert.notOk(data.headers['access-control-allow-origin'])
})
t.test('should return list of files in specified folder and return cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let token = encode(null, { iss: 'development_cors' }, secret)
let data = await client.get('/media?token=' + token, {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.ok(data.output.length)
let found = false
for (let file of data.output) {
if (file.filename === '.gitkeep') {
found = true
break
}
}
assert.ok(found)
assert.strictEqual(data.headers['access-control-allow-origin'], assertOrigin)
})
})
@ -765,11 +1214,25 @@ t.describe('Media (API)', () => {
})
t.test('should otherwise return list of files for a public site', async () => {
let files = await client.get('/media/existing')
assert.strictEqual(files[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files[0].size, null)
assert.strictEqual(files[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files[1].size, null)
let files = await client.get('/media/existing', { includeHeaders: true })
assert.strictEqual(files.output[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files.output[0].size, null)
assert.strictEqual(files.output[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files.output[1].size, null)
assert.notOk(files.headers['access-control-allow-origin'])
})
t.test('should otherwise return list of files for a public site and cors if site has cors', async () => {
const assertOrigin = 'http://localhost:9000'
let files = await client.get('/media/existing_cors', {
includeHeaders: true,
headers: { origin: assertOrigin, 'access-control-request-method': 'POST' },
})
assert.strictEqual(files.output[0].filename, '20220105_101610_test1.jpg')
assert.strictEqual(files.output[0].size, null)
assert.strictEqual(files.output[1].filename, '20220105_101610_test2.png')
assert.strictEqual(files.output[1].size, null)
assert.strictEqual(files.headers['access-control-allow-origin'], assertOrigin)
})
})
})

View file

@ -1,4 +1,5 @@
import fs from 'fs/promises'
import path from 'path'
import { Eltro as t, assert, stub } from 'eltro'
import { HttpError } from 'flaska'
import { createContext } from '../helper.server.mjs'
@ -72,7 +73,7 @@ t.describe('#listFiles()', function() {
const stubGetCache = stub()
const routes = new MediaRoutes({
security: { verifyToken: stubVerify },
security: { verifyToken: stubVerify, hasCors: stub() },
})
routes.filesCacheGet = stubGetCache
@ -86,7 +87,7 @@ t.describe('#listFiles()', function() {
let ctx = createContext()
const assertError = new Error('temp')
stubVerify.rejects(assertError)
stubVerify.throws(assertError)
let err = await assert.isRejected(routes.listFiles(ctx))
@ -101,7 +102,7 @@ t.describe('#listFiles()', function() {
let ctx = createContext()
const assertSiteName = 'benshapiro'
const assertResult = { a: 1 }
stubVerify.resolves(assertSiteName)
stubVerify.returns(assertSiteName)
stubGetCache.returns(assertResult)
await routes.listFiles(ctx)
@ -117,7 +118,7 @@ t.describe('#listPublicFiles()', function() {
const stubGetCache = stub()
const routes = new MediaRoutes({
security: { throwIfNotPublic: stubSitePublic },
security: { throwIfNotPublic: stubSitePublic, hasCors: stub() },
})
routes.filesCacheGet = stubGetCache
@ -249,6 +250,7 @@ t.describe('#uploadNoPrefix', function() {
security: {
verifyToken: stubVerify,
verifyBody: stub(),
hasCors: stub(),
},
formidable: { uploadFile: stubUpload, },
fs: { stat: stubStat },
@ -266,7 +268,7 @@ t.describe('#uploadNoPrefix', function() {
let ctx = createContext()
const assertSiteName = 'benshapiro'
const assertError = new Error('hello')
stubVerify.resolves(assertSiteName)
stubVerify.returns(assertSiteName)
stubUpload.rejects(assertError)
let err = await assert.isRejected(routes.uploadNoPrefix(ctx))
@ -299,6 +301,7 @@ t.describe('#resizeExisting', function() {
security: {
verifyToken: stubVerifyToken,
verifyBody: stubVerifyBody,
hasCors: stub(),
},
fs: { stat: stubStat },
sharp: stubSharp,
@ -337,7 +340,7 @@ t.describe('#resizeExisting', function() {
let ctx = createContext({ req: { body: