8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-02-07 08:20:53 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Remove old tests

Browse Source
This commit is contained in:
shamoon
2026-02-04 21:01:13 -08:00
parent ab869f042a
commit 6b6457cb5d
2 changed files with 51 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/middleware.js
View File

@@ -8,7 +8,6 @@ let warnedAllowedHosts = false;
export async function middleware(req) { export async function middleware(req) {
if (!warnedAllowedHosts && process.env.HOMEPAGE_ALLOWED_HOSTS) { if (!warnedAllowedHosts && process.env.HOMEPAGE_ALLOWED_HOSTS) {
warnedAllowedHosts = true; warnedAllowedHosts = true;
// eslint-disable-next-line no-console
console.warn( console.warn(
"HOMEPAGE_ALLOWED_HOSTS is deprecated. To secure a publicly accessible homepage, configure authentication instead.", "HOMEPAGE_ALLOWED_HOSTS is deprecated. To secure a publicly accessible homepage, configure authentication instead.",
); );

83
src/middleware.test.js
View File

@@ -1,70 +1,89 @@
import { beforeEach, describe, expect, it, vi } from "vitest"; import { beforeEach, describe, expect, it, vi } from "vitest";
const { NextResponse } = vi.hoisted(() => ({ const { NextResponse, getToken } = vi.hoisted(() => ({
NextResponse: { NextResponse: {
json: vi.fn((body, init) => ({ type: "json", body, init })),
next: vi.fn(() => ({ type: "next" })), next: vi.fn(() => ({ type: "next" })),
redirect: vi.fn((url) => ({ type: "redirect", url })),
}, },
getToken: vi.fn(),
})); }));
vi.mock("next/server", () => ({ NextResponse })); vi.mock("next/server", () => ({ NextResponse }));
vi.mock("next-auth/jwt", () => ({ getToken }));
import { middleware } from "./middleware"; async function loadMiddleware() {
vi.resetModules();
const mod = await import("./middleware");
return mod.middleware;
}
function createReq(host) { function createReq(url = "http://localhost:3000/") {
return { return {
url,
headers: { headers: {
get: (key) => (key === "host" ? host : null), get: () => null,
}, },
}; };
} }
describe("middleware", () => { describe("middleware", () => {
const originalEnv = process.env; const originalEnv = process.env;
const originalConsoleError = console.error; const originalConsoleWarn = console.warn;
beforeEach(() => { beforeEach(() => {
vi.clearAllMocks(); vi.clearAllMocks();
process.env = { ...originalEnv }; process.env = { ...originalEnv };
console.error = originalConsoleError; console.warn = originalConsoleWarn;
}); });
it("allows requests for default localhost hosts", () => { it("allows requests when auth is disabled", async () => {
process.env.PORT = "3000"; const middleware = await loadMiddleware();
const res = middleware(createReq("localhost:3000")); const res = await middleware(createReq());
expect(NextResponse.next).toHaveBeenCalled(); expect(NextResponse.next).toHaveBeenCalled();
expect(res).toEqual({ type: "next" }); expect(res).toEqual({ type: "next" });
}); });
it("blocks requests when host is not allowed", () => { it("warns once when HOMEPAGE_ALLOWED_HOSTS is set, but does not block", async () => {
process.env.PORT = "3000"; const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
const errSpy = vi.spyOn(console, "error").mockImplementation(() => {}); process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com";
const res = middleware(createReq("evil.com")); const middleware = await loadMiddleware();
const res1 = await middleware(createReq());
expect(errSpy).toHaveBeenCalled(); const res2 = await middleware(createReq());
expect(NextResponse.json).toHaveBeenCalledWith(
{ error: "Host validation failed. See logs for more details." },
{ status: 400 },
);
expect(res.type).toBe("json");
expect(res.init.status).toBe(400);
});
it("allows requests when HOMEPAGE_ALLOWED_HOSTS is '*'", () => {
process.env.HOMEPAGE_ALLOWED_HOSTS = "*";
const res = middleware(createReq("anything.example"));
expect(warnSpy).toHaveBeenCalledTimes(1);
expect(NextResponse.next).toHaveBeenCalled(); expect(NextResponse.next).toHaveBeenCalled();
expect(res).toEqual({ type: "next" }); expect(res1).toEqual({ type: "next" });
expect(res2).toEqual({ type: "next" });
}); });
it("allows requests when host is included in HOMEPAGE_ALLOWED_HOSTS", () => { it("redirects to signin when auth is enabled and no token is present", async () => {
process.env.PORT = "3000"; process.env.HOMEPAGE_AUTH_ENABLED = "true";
process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com:3000,other:3000"; process.env.HOMEPAGE_AUTH_SECRET = "secret";
const res = middleware(createReq("example.com:3000")); getToken.mockResolvedValueOnce(null);
const middleware = await loadMiddleware();
const res = await middleware(createReq("http://localhost:3000/some"));
expect(getToken).toHaveBeenCalledWith({
req: expect.objectContaining({ url: "http://localhost:3000/some" }),
secret: "secret",
});
expect(NextResponse.redirect).toHaveBeenCalled();
expect(res.type).toBe("redirect");
expect(String(res.url)).toContain("/auth/signin");
});
it("allows requests when auth is enabled and a token is present", async () => {
process.env.HOMEPAGE_AUTH_ENABLED = "true";
process.env.HOMEPAGE_AUTH_SECRET = "secret";
getToken.mockResolvedValueOnce({ sub: "user" });
const middleware = await loadMiddleware();
const res = await middleware(createReq("http://localhost:3000/"));
expect(NextResponse.next).toHaveBeenCalled(); expect(NextResponse.next).toHaveBeenCalled();
expect(res).toEqual({ type: "next" }); expect(res).toEqual({ type: "next" });