205 lines
5.4 KiB
JavaScript
205 lines
5.4 KiB
JavaScript
const request = require('supertest')
|
|
const createServer = require('../createServer')
|
|
const clearBlacklist = require('./utils/clearBlacklist')
|
|
const withBlacklist = require('./utils/withBlacklist')
|
|
const withRevokedToken = require('./utils/withRevokedToken')
|
|
const withToken = require('./utils/withToken')
|
|
|
|
describe('The server', () => {
|
|
let server
|
|
beforeEach(() => {
|
|
server = createServer()
|
|
})
|
|
|
|
it('rejects invalid package names', done => {
|
|
request(server)
|
|
.get('/_invalid/index.js')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(403)
|
|
done()
|
|
})
|
|
})
|
|
|
|
it('redirects invalid query params', done => {
|
|
request(server)
|
|
.get('/react?main=index&invalid')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(302)
|
|
expect(res.headers.location).toBe('/react?main=index')
|
|
done()
|
|
})
|
|
})
|
|
|
|
it('redirects /_meta to ?meta', done => {
|
|
request(server)
|
|
.get('/_meta/react?main=index')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(302)
|
|
expect(res.headers.location).toBe('/react?main=index&meta')
|
|
done()
|
|
})
|
|
})
|
|
|
|
it('does not serve blacklisted packages', done => {
|
|
withBlacklist(['bad-package'], () => {
|
|
request(server)
|
|
.get('/bad-package/index.js')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(403)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('POST /_auth', () => {
|
|
it('creates a new auth token', done => {
|
|
request(server)
|
|
.post('/_auth')
|
|
.end((err, res) => {
|
|
expect(res.body).toHaveProperty('token')
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('GET /_auth', () => {
|
|
describe('with no auth', () => {
|
|
it('echoes back null', done => {
|
|
request(server)
|
|
.get('/_auth')
|
|
.end((err, res) => {
|
|
expect(res.body).toHaveProperty('auth')
|
|
expect(res.body.auth).toBe(null)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('with a revoked auth token', () => {
|
|
it('echoes back null', done => {
|
|
withRevokedToken({ some: { scope: true } }, token => {
|
|
request(server)
|
|
.get('/_auth?token=' + token)
|
|
.end((err, res) => {
|
|
expect(res.body).toHaveProperty('auth')
|
|
expect(res.body.auth).toBe(null)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('with a valid auth token', () => {
|
|
it('echoes back the auth payload', done => {
|
|
withToken({ some: { scope: true } }, token => {
|
|
request(server)
|
|
.get('/_auth?token=' + token)
|
|
.end((err, res) => {
|
|
expect(res.body).toHaveProperty('auth')
|
|
expect(typeof res.body.auth).toBe('object')
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('GET /_publicKey', () => {
|
|
it('echoes the public key', done => {
|
|
request(server)
|
|
.get('/_publicKey')
|
|
.end((err, res) => {
|
|
expect(res.text).toMatch(/PUBLIC KEY/)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('POST /_blacklist', () => {
|
|
afterEach(clearBlacklist)
|
|
|
|
describe('with no auth', () => {
|
|
it('is forbidden', done => {
|
|
request(server)
|
|
.post('/_blacklist')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(403)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('with the "blacklist.add" scope', () => {
|
|
it('can add to the blacklist', done => {
|
|
withToken({ blacklist: { add: true } }, token => {
|
|
request(server)
|
|
.post('/_blacklist')
|
|
.send({ token, packageName: 'bad-package' })
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(200)
|
|
expect(res.headers['content-location']).toEqual(
|
|
'/_blacklist/bad-package'
|
|
)
|
|
expect(res.body.ok).toBe(true)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('GET /_blacklist', () => {
|
|
describe('with no auth', () => {
|
|
it('is forbidden', done => {
|
|
request(server)
|
|
.get('/_blacklist')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(403)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('with the "blacklist.read" scope', () => {
|
|
it('can read the blacklist', done => {
|
|
withToken({ blacklist: { read: true } }, token => {
|
|
request(server)
|
|
.get('/_blacklist?token=' + token)
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(200)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('DELETE /_blacklist/:packageName', () => {
|
|
describe('with no auth', () => {
|
|
it('is forbidden', done => {
|
|
request(server)
|
|
.delete('/_blacklist/bad-package')
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(403)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('with the "blacklist.remove" scope', () => {
|
|
it('can remove a package from the blacklist', done => {
|
|
withToken({ blacklist: { remove: true } }, token => {
|
|
request(server)
|
|
.delete('/_blacklist/bad-package')
|
|
.send({ token })
|
|
.end((err, res) => {
|
|
expect(res.statusCode).toBe(200)
|
|
expect(res.body.ok).toBe(true)
|
|
done()
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|