mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 07:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

caching_middleware:

Browse source 
ensure parameter v contains the random version string
forbid any parameter except v and callback
on error, call `next` with an error instead of sending an error response
directly
This commit is contained in:
webzwo0i 2020-12-24 00:12:24 +01:00
parent 5133a86798
commit 5efaa97f4e
3 changed files with 90 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

70
tests/backend/specs/caching_middleware.js
View file

@ -134,24 +134,49 @@ describe(__filename, function () {
const expectedResource = "require.define({\n \"ep_etherpad-lite/static/js/ace2_inner2.js\": null\n});\n";
await agent.get(missingResource)
.then((res) => {
assert.equal(expectedResource, res.text);
assert.equal(res.statusCode, 200);
assert.equal(expectedResource, res.text);
assert.equal(res.statusCode, 200);
});
});
it('should return 400 for unknown and known resources without jsonp callback', async function() {
it('should return 400 for resources without jsonp callback', async function() {
const missingCallbackUnknownFile = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner2.js';
const missingCallbackKnownFile = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js';
await agent.get(missingCallbackUnknownFile)
.then((res) => {
assert.equal(res.statusCode, 400);
assert.equal(res.statusCode, 500);
});
await agent.get(missingCallbackKnownFile)
.then((res) => {
assert.equal(res.statusCode, 400);
assert.equal(res.statusCode, 500);
});
});
it('if a query parameter v is given, it must equal the versionString', async function() {
const vQueryWrong = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=123';
const vQueryRight = `/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}`;
await agent.get(vQueryRight)
.then((res) => {
assert.equal(res.statusCode, 200);
});
await agent.get(vQueryWrong)
.then((res) => {
assert.equal(res.statusCode, 500);
});
});
it('any parameter except v and callback is forbidden', async function() {
const notAllowed = [ `/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}&anotherParam`,
`/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}&anotherParam=123`,
]
await Promise.all(notAllowed.map(async (resource) =>
await agent.get(resource)
.then((res) => {
assert.equal(res.statusCode, 500)
})
));
});
context('expiration', function(){
it('has date, last-modified and expires header', async function() {
await Promise.all(packages.map(async (resource) => await agent.get(resource)
@ -163,7 +188,7 @@ describe(__filename, function () {
assert.notEqual(lastModified, 'Invalid Date');
assert.notEqual(expires, 'Invalid Date');
})));
});
});
it('maxAge is set and limits the expires value', async function() {
await Promise.all(packages.map(async (resource) => await agent.get(resource)
@ -266,24 +291,47 @@ describe(__filename, function () {
const expectedResource = "require.define({\n \"ep_etherpad-lite/static/js/ace2_inner2.js\": null\n});\n";
await agent.get(missingResource)
.then((res) => {
assert.equal(expectedResource, res.text);
assert.equal(res.statusCode, 200);
assert.equal(expectedResource, res.text);
assert.equal(res.statusCode, 200);
});
});
it('should return 400 for unknown and known resources without jsonp callback', async function() {
it('should return 400 for resources without jsonp callback', async function() {
const missingCallbackUnknownFile = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner2.js';
const missingCallbackKnownFile = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js';
await agent.get(missingCallbackUnknownFile)
.then((res) => {
assert.equal(res.statusCode, 400);
assert.equal(res.statusCode, 500);
});
await agent.get(missingCallbackKnownFile)
.then((res) => {
assert.equal(res.statusCode, 400);
assert.equal(res.statusCode, 500);
});
});
it('if a query parameter v is given, it must equal the versionString', async function() {
const vQueryWrong = '/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=123';
const vQueryRight = `/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}`;
await agent.get(vQueryRight)
.then((res) => {
assert.equal(res.statusCode, 200);
});
await agent.get(vQueryWrong)
.then((res) => {
assert.equal(res.statusCode, 500);
});
});
it('any parameter except v and callback is forbidden', async function() {
const notAllowed = [ `/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}&anotherParam`,
`/javascripts/lib/ep_etherpad-lite/static/js/ace2_inner.js?callback=require.define&v=${settings.randomVersionString}&anotherParam=123`,
]
await Promise.all(notAllowed.map(async (resource) => await agent.get(resource)
.then((res) => {
assert.equal(res.statusCode, 500)
})));
});
context('expiration', function(){
it('has date, last-modified and expires header', async function() {
await Promise.all(packages.map(async (resource) => await agent.get(resource)