unpkg/server/__tests__/server-test.js

const request = require("supertest");
const createServer = require("../createServer");
const clearBlacklist = require("./utils/clearBlacklist");
const withBlacklist = require("./utils/withBlacklist");
const withRevokedToken = require("./utils/withRevokedToken");
const withToken = require("./utils/withToken");

describe("The server", () => {
  let server;
  beforeEach(() => {
    server = createServer();
  });

  it("rejects invalid package names", done => {
    request(server)
      .get("/_invalid/index.js")
      .end((err, res) => {
        expect(res.statusCode).toBe(403);
        done();
      });
  });

  it("redirects invalid query params", done => {
    request(server)
      .get("/react?main=index&invalid")
      .end((err, res) => {
        expect(res.statusCode).toBe(302);
        expect(res.headers.location).toBe("/react?main=index");
        done();
      });
  });

  it("redirects /_meta to ?meta", done => {
    request(server)
      .get("/_meta/react?main=index")
      .end((err, res) => {
        expect(res.statusCode).toBe(302);
        expect(res.headers.location).toBe("/react?main=index&meta");
        done();
      });
  });

  it("does not serve blacklisted packages", done => {
    withBlacklist(["bad-package"], () => {
      request(server)
        .get("/bad-package/index.js")
        .end((err, res) => {
          expect(res.statusCode).toBe(403);
          done();
        });
    });
  });

  describe("POST /_auth", () => {
    it("creates a new auth token", done => {
      request(server)
        .post("/_auth")
        .end((err, res) => {
          expect(res.body).toHaveProperty("token");
          done();
        });
    });
  });

  describe("GET /_auth", () => {
    describe("with no auth", () => {
      it("echoes back null", done => {
        request(server)
          .get("/_auth")
          .end((err, res) => {
            expect(res.body).toHaveProperty("auth");
            expect(res.body.auth).toBe(null);
            done();
          });
      });
    });

    describe("with a revoked auth token", () => {
      it("echoes back null", done => {
        withRevokedToken({ some: { scope: true } }, token => {
          request(server)
            .get("/_auth?token=" + token)
            .end((err, res) => {
              expect(res.body).toHaveProperty("auth");
              expect(res.body.auth).toBe(null);
              done();
            });
        });
      });
    });

    describe("with a valid auth token", () => {
      it("echoes back the auth payload", done => {
        withToken({ some: { scope: true } }, token => {
          request(server)
            .get("/_auth?token=" + token)
            .end((err, res) => {
              expect(res.body).toHaveProperty("auth");
              expect(typeof res.body.auth).toBe("object");
              done();
            });
        });
      });
    });
  });

  describe("GET /_publicKey", () => {
    it("echoes the public key", done => {
      request(server)
        .get("/_publicKey")
        .end((err, res) => {
          expect(res.text).toMatch(/PUBLIC KEY/);
          done();
        });
    });
  });

  describe("POST /_blacklist", () => {
    afterEach(clearBlacklist);

    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .post("/_blacklist")
          .end((err, res) => {
            expect(res.statusCode).toBe(403);
            done();
          });
      });
    });

    describe('with the "blacklist.add" scope', () => {
      it("can add to the blacklist", done => {
        withToken({ blacklist: { add: true } }, token => {
          request(server)
            .post("/_blacklist")
            .send({ token, packageName: "bad-package" })
            .end((err, res) => {
              expect(res.statusCode).toBe(200);
              expect(res.headers["content-location"]).toEqual(
                "/_blacklist/bad-package"
              );
              expect(res.body.ok).toBe(true);
              done();
            });
        });
      });
    });
  });

  describe("GET /_blacklist", () => {
    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .get("/_blacklist")
          .end((err, res) => {
            expect(res.statusCode).toBe(403);
            done();
          });
      });
    });

    describe('with the "blacklist.read" scope', () => {
      it("can read the blacklist", done => {
        withToken({ blacklist: { read: true } }, token => {
          request(server)
            .get("/_blacklist?token=" + token)
            .end((err, res) => {
              expect(res.statusCode).toBe(200);
              done();
            });
        });
      });
    });
  });

  describe("DELETE /_blacklist/:packageName", () => {
    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .delete("/_blacklist/bad-package")
          .end((err, res) => {
            expect(res.statusCode).toBe(403);
            done();
          });
      });
    });

    describe('with the "blacklist.remove" scope', () => {
      it("can remove a package from the blacklist", done => {
        withToken({ blacklist: { remove: true } }, token => {
          request(server)
            .delete("/_blacklist/bad-package")
            .send({ token })
            .end((err, res) => {
              expect(res.statusCode).toBe(200);
              expect(res.body.ok).toBe(true);
              done();
            });
        });
      });

      it("can remove a scoped package from the blacklist", done => {
        withToken({ blacklist: { remove: true } }, token => {
          request(server)
            .delete("/_blacklist/@scope/bad-package")
            .send({ token })
            .end((err, res) => {
              expect(res.statusCode).toBe(200);
              expect(res.body.ok).toBe(true);
              done();
            });
        });
      });
    });
  });
});
Prettify everything 2018-02-18 02:00:56 +00:00			`const request = require("supertest");`
			`const createServer = require("../createServer");`
			`const clearBlacklist = require("./utils/clearBlacklist");`
			`const withBlacklist = require("./utils/withBlacklist");`
			`const withRevokedToken = require("./utils/withRevokedToken");`
			`const withToken = require("./utils/withToken");`
Prettify 2017-11-25 21:25:01 +00:00
			`describe("The server", () => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`let server;`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`beforeEach(() => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`server = createServer();`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`it("rejects invalid package names", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_invalid/index.js")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(403);`
			`done();`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`it("redirects invalid query params", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/react?main=index&invalid")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(302);`
			`expect(res.headers.location).toBe("/react?main=index");`
			`done();`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`it("redirects /_meta to ?meta", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_meta/react?main=index")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(302);`
			`expect(res.headers.location).toBe("/react?main=index&meta");`
			`done();`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`it("does not serve blacklisted packages", done => {`
			`withBlacklist(["bad-package"], () => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/bad-package/index.js")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(403);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("POST /_auth", () => {`
			`it("creates a new auth token", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.post("/_auth")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.body).toHaveProperty("token");`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("GET /_auth", () => {`
			`describe("with no auth", () => {`
			`it("echoes back null", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_auth")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.body).toHaveProperty("auth");`
			`expect(res.body.auth).toBe(null);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("with a revoked auth token", () => {`
			`it("echoes back null", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`withRevokedToken({ some: { scope: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_auth?token=" + token)`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.body).toHaveProperty("auth");`
			`expect(res.body.auth).toBe(null);`
			`done();`
			`});`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("with a valid auth token", () => {`
			`it("echoes back the auth payload", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`withToken({ some: { scope: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_auth?token=" + token)`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.body).toHaveProperty("auth");`
			`expect(typeof res.body.auth).toBe("object");`
			`done();`
			`});`
			`});`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("GET /_publicKey", () => {`
			`it("echoes the public key", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_publicKey")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.text).toMatch(/PUBLIC KEY/);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("POST /_blacklist", () => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`afterEach(clearBlacklist);`
Clear blacklist after tests 2017-11-15 00:46:59 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("with no auth", () => {`
			`it("is forbidden", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.post("/_blacklist")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(403);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
			`describe('with the "blacklist.add" scope', () => {`
Prettify 2017-11-25 21:25:01 +00:00			`it("can add to the blacklist", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`withToken({ blacklist: { add: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.post("/_blacklist")`
			`.send({ token, packageName: "bad-package" })`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(200);`
			`expect(res.headers["content-location"]).toEqual(`
			`"/_blacklist/bad-package"`
			`);`
			`expect(res.body.ok).toBe(true);`
			`done();`
			`});`
			`});`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("GET /_blacklist", () => {`
			`describe("with no auth", () => {`
			`it("is forbidden", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_blacklist")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(403);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
			`describe('with the "blacklist.read" scope', () => {`
Prettify 2017-11-25 21:25:01 +00:00			`it("can read the blacklist", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`withToken({ blacklist: { read: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.get("/_blacklist?token=" + token)`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(200);`
			`done();`
			`});`
			`});`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`describe("DELETE /_blacklist/:packageName", () => {`
			`describe("with no auth", () => {`
			`it("is forbidden", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.delete("/_blacklist/bad-package")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(403);`
			`done();`
			`});`
			`});`
			`});`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00
			`describe('with the "blacklist.remove" scope', () => {`
Prettify 2017-11-25 21:25:01 +00:00			`it("can remove a package from the blacklist", done => {`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`withToken({ blacklist: { remove: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.delete("/_blacklist/bad-package")`
Add auth and blacklist APIs 2017-11-11 20:18:13 +00:00			`.send({ token })`
			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(200);`
			`expect(res.body.ok).toBe(true);`
			`done();`
			`});`
			`});`
			`});`
Add support for scoped packages in blacklist URLs 2017-11-15 00:47:57 +00:00
Prettify 2017-11-25 21:25:01 +00:00			`it("can remove a scoped package from the blacklist", done => {`
Add support for scoped packages in blacklist URLs 2017-11-15 00:47:57 +00:00			`withToken({ blacklist: { remove: true } }, token => {`
			`request(server)`
Prettify 2017-11-25 21:25:01 +00:00			`.delete("/_blacklist/@scope/bad-package")`
Add support for scoped packages in blacklist URLs 2017-11-15 00:47:57 +00:00			`.send({ token })`
			`.end((err, res) => {`
Prettify everything 2018-02-18 02:00:56 +00:00			`expect(res.statusCode).toBe(200);`
			`expect(res.body.ok).toBe(true);`
			`done();`
			`});`
			`});`
			`});`
			`});`
			`});`
			`});`