mirror of
https://github.com/gethomepage/homepage.git
synced 2026-02-07 16:30:52 +08:00
Remove old tests
This commit is contained in:
shamoon
@@ -8,7 +8,6 @@ let warnedAllowedHosts = false;
|
||||
export async function middleware(req) {
|
||||
if (!warnedAllowedHosts && process.env.HOMEPAGE_ALLOWED_HOSTS) {
|
||||
warnedAllowedHosts = true;
|
||||
// eslint-disable-next-line no-console
|
||||
console.warn(
|
||||
"HOMEPAGE_ALLOWED_HOSTS is deprecated. To secure a publicly accessible homepage, configure authentication instead.",
|
||||
);
|
||||
|
||||
@@ -1,70 +1,89 @@
|
||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||
|
||||
const { NextResponse } = vi.hoisted(() => ({
|
||||
const { NextResponse, getToken } = vi.hoisted(() => ({
|
||||
NextResponse: {
|
||||
json: vi.fn((body, init) => ({ type: "json", body, init })),
|
||||
next: vi.fn(() => ({ type: "next" })),
|
||||
redirect: vi.fn((url) => ({ type: "redirect", url })),
|
||||
},
|
||||
getToken: vi.fn(),
|
||||
}));
|
||||
|
||||
vi.mock("next/server", () => ({ NextResponse }));
|
||||
vi.mock("next-auth/jwt", () => ({ getToken }));
|
||||
|
||||
import { middleware } from "./middleware";
|
||||
async function loadMiddleware() {
|
||||
vi.resetModules();
|
||||
const mod = await import("./middleware");
|
||||
return mod.middleware;
|
||||
}
|
||||
|
||||
function createReq(host) {
|
||||
function createReq(url = "http://localhost:3000/") {
|
||||
return {
|
||||
url,
|
||||
headers: {
|
||||
get: (key) => (key === "host" ? host : null),
|
||||
get: () => null,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
describe("middleware", () => {
|
||||
const originalEnv = process.env;
|
||||
const originalConsoleError = console.error;
|
||||
const originalConsoleWarn = console.warn;
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks();
|
||||
process.env = { ...originalEnv };
|
||||
console.error = originalConsoleError;
|
||||
console.warn = originalConsoleWarn;
|
||||
});
|
||||
|
||||
it("allows requests for default localhost hosts", () => {
|
||||
process.env.PORT = "3000";
|
||||
const res = middleware(createReq("localhost:3000"));
|
||||
it("allows requests when auth is disabled", async () => {
|
||||
const middleware = await loadMiddleware();
|
||||
const res = await middleware(createReq());
|
||||
|
||||
expect(NextResponse.next).toHaveBeenCalled();
|
||||
expect(res).toEqual({ type: "next" });
|
||||
});
|
||||
|
||||
it("blocks requests when host is not allowed", () => {
|
||||
process.env.PORT = "3000";
|
||||
const errSpy = vi.spyOn(console, "error").mockImplementation(() => {});
|
||||
it("warns once when HOMEPAGE_ALLOWED_HOSTS is set, but does not block", async () => {
|
||||
const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
|
||||
process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com";
|
||||
|
||||
const res = middleware(createReq("evil.com"));
|
||||
|
||||
expect(errSpy).toHaveBeenCalled();
|
||||
expect(NextResponse.json).toHaveBeenCalledWith(
|
||||
{ error: "Host validation failed. See logs for more details." },
|
||||
{ status: 400 },
|
||||
);
|
||||
expect(res.type).toBe("json");
|
||||
expect(res.init.status).toBe(400);
|
||||
});
|
||||
|
||||
it("allows requests when HOMEPAGE_ALLOWED_HOSTS is '*'", () => {
|
||||
process.env.HOMEPAGE_ALLOWED_HOSTS = "*";
|
||||
const res = middleware(createReq("anything.example"));
|
||||
const middleware = await loadMiddleware();
|
||||
const res1 = await middleware(createReq());
|
||||
const res2 = await middleware(createReq());
|
||||
|
||||
expect(warnSpy).toHaveBeenCalledTimes(1);
|
||||
expect(NextResponse.next).toHaveBeenCalled();
|
||||
expect(res).toEqual({ type: "next" });
|
||||
expect(res1).toEqual({ type: "next" });
|
||||
expect(res2).toEqual({ type: "next" });
|
||||
});
|
||||
|
||||
it("allows requests when host is included in HOMEPAGE_ALLOWED_HOSTS", () => {
|
||||
process.env.PORT = "3000";
|
||||
process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com:3000,other:3000";
|
||||
it("redirects to signin when auth is enabled and no token is present", async () => {
|
||||
process.env.HOMEPAGE_AUTH_ENABLED = "true";
|
||||
process.env.HOMEPAGE_AUTH_SECRET = "secret";
|
||||
|
||||
const res = middleware(createReq("example.com:3000"));
|
||||
getToken.mockResolvedValueOnce(null);
|
||||
|
||||
const middleware = await loadMiddleware();
|
||||
const res = await middleware(createReq("http://localhost:3000/some"));
|
||||
|
||||
expect(getToken).toHaveBeenCalledWith({
|
||||
req: expect.objectContaining({ url: "http://localhost:3000/some" }),
|
||||
secret: "secret",
|
||||
});
|
||||
expect(NextResponse.redirect).toHaveBeenCalled();
|
||||
expect(res.type).toBe("redirect");
|
||||
expect(String(res.url)).toContain("/auth/signin");
|
||||
});
|
||||
|
||||
it("allows requests when auth is enabled and a token is present", async () => {
|
||||
process.env.HOMEPAGE_AUTH_ENABLED = "true";
|
||||
process.env.HOMEPAGE_AUTH_SECRET = "secret";
|
||||
|
||||
getToken.mockResolvedValueOnce({ sub: "user" });
|
||||
|
||||
const middleware = await loadMiddleware();
|
||||
const res = await middleware(createReq("http://localhost:3000/"));
|
||||
|
||||
expect(NextResponse.next).toHaveBeenCalled();
|
||||
expect(res).toEqual({ type: "next" });
|
||||
|
||||
Reference in New Issue
Block a user