WIP: implement certifySharedFileMiddleware

apps/app/src/server/middlewares/certify-shared-file/certify-shared-file.spec.ts

@@ -2,14 +2,17 @@ import type { Response } from 'express';
 import { mock } from 'vitest-mock-extended';
 
 import { certifySharedFileMiddleware, type RequestToAllowShareLink } from './certify-shared-file';
+import { ValidReferer } from './interfaces';
 
 const mocks = vi.hoisted(() => {
   return {
     validateRefererMock: vi.fn(),
+    retrieveValidShareLinkByRefererMock: vi.fn(),
   };
 });
 
 vi.mock('./validate-referer', () => ({ validateReferer: mocks.validateRefererMock }));
+vi.mock('./retrieve-valid-share-link', () => ({ retrieveValidShareLinkByReferer: mocks.retrieveValidShareLinkByRefererMock }));
 
 
 describe('certifySharedFileMiddleware', () => {
@@ -48,5 +51,30 @@ describe('certifySharedFileMiddleware', () => {
       expect(next).toHaveBeenCalledOnce();
     });
 
+    it('when retrieveValidShareLinkByReferer returns null', async() => {
+      // setup
+      const req = mock<RequestToAllowShareLink>();
+      req.params = { id: 'file id string' };
+      req.headers = { referer: 'referer string' };
+
+      const validReferer: ValidReferer = {
+        referer: 'referer string',
+        shareLinkId: 'ffffffffffffffffffffffff',
+      };
+      mocks.validateRefererMock.mockImplementation(() => validReferer);
+
+      mocks.retrieveValidShareLinkByRefererMock.mockResolvedValue(null);
+
+      // when
+      await certifySharedFileMiddleware(req, res, next);
+
+      // then
+      expect(mocks.validateRefererMock).toHaveBeenCalledOnce();
+      expect(mocks.validateRefererMock).toHaveBeenCalledWith('referer string');
+      expect(mocks.retrieveValidShareLinkByRefererMock).toHaveBeenCalledOnce();
+      expect(mocks.retrieveValidShareLinkByRefererMock).toHaveBeenCalledWith(validReferer);
+      expect(next).toHaveBeenCalledOnce();
+    });
+
   });
 });

apps/app/src/server/middlewares/certify-shared-file/certify-shared-file.ts

@@ -32,28 +32,16 @@ export const certifySharedFileMiddleware = async(req: RequestToAllowShareLink, r
 
   logger.info('referer is valid.');
 
-  // // Attachments cannot be viewed by clients who do not send referer.
-  // // https://github.com/weseek/growi/issues/2819
-  // if (referer == null) {
-  //   return next();
-  // }
-
-  // const refererUrl = new URL(referer);
-
-  // if (!refererUrl.pathname.startsWith('/share/')) {
-  //   return next();
-  // }
-
-  const shareLink = retrieveValidShareLinkByReferer(validReferer);
+  const shareLink = await retrieveValidShareLinkByReferer(validReferer);
   if (shareLink == null) {
     logger.info(`No valid ShareLink document found by the referer (${validReferer.referer}})`);
     return next();
   }
 
-  if (!validateAttachment(fileId, shareLink)) {
-    logger.info(`No valid ShareLink document found by the fileId (${fileId}) and referer (${validReferer.referer}})`);
-    return next();
-  }
+  // if (!validateAttachment(fileId, shareLink)) {
+  //   logger.info(`No valid ShareLink document found by the fileId (${fileId}) and referer (${validReferer.referer}})`);
+  //   return next();
+  // }
 
   // const Attachment = getModelSafely<IAttachment>('Attachment');
   // if (Attachment == null) {