Acasă Explorează Ajutor
Autentificare
wiki
/
weseek__growi
oglindă de https://github.com/weseek/growi
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

add spec.tsx

yusa-a 8 luni în urmă
părinte
b000f5f6e4
comite
016d183ac5
1 a modificat fișierele cu 218 adăugiri și 0 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 218 0
      apps/app/src/server/util/is-simple-request.spec.ts

+ 218 - 0
apps/app/src/server/util/is-simple-request.spec.ts
Vizualizați fișierul 

@@ -0,0 +1,218 @@
 
+import type { Request } from 'express';
 
+import { mock } from 'vitest-mock-extended';
 
+
 
+import isSimpleRequest from '~/server/util/is-simple-request';
 
+
 
+describe('isSimpleRequest', () => {
 
+
 
+
 
+  // method
 
+  describe('When request method is checked', () => {
 
+
 
+    // allow
 
+    describe('When allowed method is given', () => {
 
+      const allowedMethods = ['GET', 'HEAD', 'POST'];
 
+      it.each(allowedMethods)('returns true for %s method', (method) => {
 
+        const reqMock = mock<Request>({
 
+          method,
 
+          headers: { 'content-type': 'text/plain' },
 
+        });
 
+
 
+        console.log('Method:', reqMock.method);
 
+        console.log('Headers:', reqMock.headers);
 
+        console.log('Object.keys(headers):', Object.keys(reqMock.headers));
 
+        console.log('Headers length:', Object.keys(reqMock.headers).length);
 
+        console.log('Result:', isSimpleRequest(reqMock));
 
+
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+    });
 
+
 
+    // disallow
 
+    describe('When disallowed method is given', () => {
 
+      const disallowedMethods = ['PUT', 'DELETE', 'PATCH', 'OPTIONS', 'TRACE'];
 
+
 
+      it.each(disallowedMethods)('returns false for %s method', (method) => {
 
+        const reqMock = mock<Request>({
 
+          method,
 
+          headers: {},
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+    });
 
+
 
+  });
 
+
 
+
 
+  // headers
 
+  describe('When request headers are checked', () => {
 
+
 
+    // allow(Other than content-type)
 
+    describe('When only safe headers are given', () => {
 
+      const safeHeaders = [
 
+        'accept',
 
+        'accept-language',
 
+        'content-language',
 
+        'range',
 
+        'referer',
 
+        'dpr',
 
+        'downlink',
 
+        'save-data',
 
+        'viewport-width',
 
+        'width',
 
+      ];
 
+      it.each(safeHeaders)('returns true for safe header: %s', (headerName) => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { [headerName]: 'test-value' },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+      // content-type
 
+      it('returns true for valid content-type values', () => {
 
+        const validContentTypes = [
 
+          'application/x-www-form-urlencoded',
 
+          'multipart/form-data',
 
+          'text/plain',
 
+        ];
 
+        validContentTypes.forEach((contentType) => {
 
+          const reqMock = mock<Request>({
 
+            method: 'POST',
 
+            headers: { 'content-type': contentType },
 
+          });
 
+          expect(isSimpleRequest(reqMock)).toBe(true);
 
+        });
 
+      });
 
+      // combination
 
+      it('returns true for combination of safe headers', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: {
 
+            Accept: 'application/json',
 
+            'Content-Type': 'text/plain',
 
+            'Accept-Language': 'en-US',
 
+          },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+    });
 
+
 
+    // disallow
 
+    describe('When unsafe headers are given', () => {
 
+      const unsafeHeaders = [
 
+        'X-Custom-Header',
 
+        'Authorization',
 
+        'X-Requested-With',
 
+        'X-CSRF-Token',
 
+      ];
 
+      it.each(unsafeHeaders)('returns false for unsafe header: %s', (headerName) => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { [headerName]: 'test-value' },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+      // combination
 
+      it('returns false when safe and unsafe headers are mixed', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: {
 
+            Accept: 'application/json', // Safe
 
+            'X-Custom-Header': 'custom-value', // Unsafe
 
+          },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+    });
 
+
 
+  });
 
+
 
+
 
+  // content-type
 
+  describe('When content-type is checked', () => {
 
+
 
+    // allow
 
+    describe('When a safe content-type is given', () => {
 
+      const safeContentTypes = [
 
+        'application/x-www-form-urlencoded',
 
+        'multipart/form-data',
 
+        'text/plain',
 
+        // parameters
 
+        'application/x-www-form-urlencoded; charset=UTF-8',
 
+        'multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW',
 
+        'text/plain; charset=iso-8859-1',
 
+      ];
 
+      it.each(safeContentTypes)('returns true for %s', (contentType) => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { 'Content-Type': contentType },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+    });
 
+
 
+    // absent
 
+    describe('When content-type is absent', () => {
 
+      it('returns true when no content-type header is set', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: {},
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+    });
 
+
 
+    // disallow
 
+    describe('When disallowed content-type is given', () => {
 
+      const disallowedContentTypes = [
 
+        'application/json',
 
+        'application/xml',
 
+        'text/html',
 
+        'application/octet-stream',
 
+      ];
 
+      it.each(disallowedContentTypes)('returns false for %s', (contentType) => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { 'Content-Type': contentType },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+    });
 
+
 
+  });
 
+
 
+
 
+  // integration
 
+  describe('When multiple conditions are checked', () => {
 
+
 
+    describe('When all conditions are met', () => {
 
+      it('returns true', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(true);
 
+      });
 
+    });
 
+
 
+    describe('When method is disallowed but headers are safe', () => {
 
+      it('returns false', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'PUT',
 
+          headers: { 'Content-Type': 'text/plain' },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+    });
 
+
 
+    describe('When method is allowed but headers are non-safe', () => {
 
+      it('returns false', () => {
 
+        const reqMock = mock<Request>({
 
+          method: 'POST',
 
+          headers: { 'X-Custom-Header': 'custom-value' },
 
+        });
 
+        expect(isSimpleRequest(reqMock)).toBe(false);
 
+      });
 
+    });
 
+  });
 
+});