mirror of
https://github.com/gethomepage/homepage.git
synced 2026-02-07 16:30:52 +08:00
92 lines
2.7 KiB
JavaScript
92 lines
2.7 KiB
JavaScript
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
|
|
const { NextResponse, getToken } = vi.hoisted(() => ({
|
|
NextResponse: {
|
|
next: vi.fn(() => ({ type: "next" })),
|
|
redirect: vi.fn((url) => ({ type: "redirect", url })),
|
|
},
|
|
getToken: vi.fn(),
|
|
}));
|
|
|
|
vi.mock("next/server", () => ({ NextResponse }));
|
|
vi.mock("next-auth/jwt", () => ({ getToken }));
|
|
|
|
async function loadMiddleware() {
|
|
vi.resetModules();
|
|
const mod = await import("./middleware");
|
|
return mod.middleware;
|
|
}
|
|
|
|
function createReq(url = "http://localhost:3000/") {
|
|
return {
|
|
url,
|
|
headers: {
|
|
get: () => null,
|
|
},
|
|
};
|
|
}
|
|
|
|
describe("middleware", () => {
|
|
const originalEnv = process.env;
|
|
const originalConsoleWarn = console.warn;
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
process.env = { ...originalEnv };
|
|
console.warn = originalConsoleWarn;
|
|
});
|
|
|
|
it("allows requests when auth is disabled", async () => {
|
|
const middleware = await loadMiddleware();
|
|
const res = await middleware(createReq());
|
|
|
|
expect(NextResponse.next).toHaveBeenCalled();
|
|
expect(res).toEqual({ type: "next" });
|
|
});
|
|
|
|
it("warns once when HOMEPAGE_ALLOWED_HOSTS is set, but does not block", async () => {
|
|
const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
|
|
process.env.HOMEPAGE_ALLOWED_HOSTS = "example.com";
|
|
|
|
const middleware = await loadMiddleware();
|
|
const res1 = await middleware(createReq());
|
|
const res2 = await middleware(createReq());
|
|
|
|
expect(warnSpy).toHaveBeenCalledTimes(1);
|
|
expect(NextResponse.next).toHaveBeenCalled();
|
|
expect(res1).toEqual({ type: "next" });
|
|
expect(res2).toEqual({ type: "next" });
|
|
});
|
|
|
|
it("redirects to signin when auth is enabled and no token is present", async () => {
|
|
process.env.HOMEPAGE_AUTH_ENABLED = "true";
|
|
process.env.HOMEPAGE_AUTH_SECRET = "secret";
|
|
|
|
getToken.mockResolvedValueOnce(null);
|
|
|
|
const middleware = await loadMiddleware();
|
|
const res = await middleware(createReq("http://localhost:3000/some"));
|
|
|
|
expect(getToken).toHaveBeenCalledWith({
|
|
req: expect.objectContaining({ url: "http://localhost:3000/some" }),
|
|
secret: "secret",
|
|
});
|
|
expect(NextResponse.redirect).toHaveBeenCalled();
|
|
expect(res.type).toBe("redirect");
|
|
expect(String(res.url)).toContain("/auth/signin");
|
|
});
|
|
|
|
it("allows requests when auth is enabled and a token is present", async () => {
|
|
process.env.HOMEPAGE_AUTH_ENABLED = "true";
|
|
process.env.HOMEPAGE_AUTH_SECRET = "secret";
|
|
|
|
getToken.mockResolvedValueOnce({ sub: "user" });
|
|
|
|
const middleware = await loadMiddleware();
|
|
const res = await middleware(createReq("http://localhost:3000/"));
|
|
|
|
expect(NextResponse.next).toHaveBeenCalled();
|
|
expect(res).toEqual({ type: "next" });
|
|
});
|
|
});
|