2021-03-06 12:56:45 -05:00
|
|
|
import * as httpMocks from 'node-mocks-http';
|
|
|
|
|
|
2021-09-25 17:08:00 -05:00
|
|
|
import { HEADERS } from '@verdaccio/core';
|
2021-10-29 10:33:05 -05:00
|
|
|
|
2021-03-06 12:56:45 -05:00
|
|
|
import { getPublicUrl } from '../src';
|
|
|
|
|
|
|
|
|
|
describe('host', () => {
|
|
|
|
|
// this scenario is usual when reverse proxy is setup
|
|
|
|
|
// without the host header
|
|
|
|
|
test('get empty string with missing host header', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('get a valid host', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('check a valid host header injection', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: `some.com"><svg onload="alert(1)">`,
|
|
|
|
|
},
|
2021-10-29 02:00:02 -05:00
|
|
|
hostname: `some.com"><svg onload="alert(1)">`,
|
2021-03-06 12:56:45 -05:00
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
expect(function () {
|
2021-10-29 02:00:02 -05:00
|
|
|
getPublicUrl('', {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
});
|
2021-03-06 12:56:45 -05:00
|
|
|
}).toThrow('invalid host');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('get a valid host with prefix', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl('/prefix/', {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/prefix/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('get a valid host with prefix no trailing', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl('/prefix-no-trailing', {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/prefix-no-trailing/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('get a valid host with null prefix', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(null, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('X-Forwarded-Proto', () => {
|
|
|
|
|
test('with a valid X-Forwarded-Proto https', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('https://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a invalid X-Forwarded-Proto https', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProto',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a HAProxy X-Forwarded-Proto https', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'https,https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('https://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a HAProxy X-Forwarded-Proto different protocol', () => {
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'http,https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('env variable', () => {
|
|
|
|
|
test('with a valid X-Forwarded-Proto https and env variable', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('https://env.domain.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a valid X-Forwarded-Proto https and env variable with prefix', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com/urlPrefix/';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('https://env.domain.com/urlPrefix/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a invalid X-Forwarded-Proto https and env variable', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com/';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('https://env.domain.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a invalid X-Forwarded-Proto https and invalid url with env variable', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'ftp://env.domain.com';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('with a invalid X-Forwarded-Proto https and host injection with host', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
|
2022-10-28 16:38:22 -05:00
|
|
|
test('with the VERDACCIO_FORWARDED_PROTO undefined', () => {
|
|
|
|
|
process.env.VERDACCIO_FORWARDED_PROTO = undefined;
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some.com',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(
|
|
|
|
|
getPublicUrl('/test/', {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some.com/test/');
|
|
|
|
|
delete process.env.VERDACCIO_FORWARDED_PROTO;
|
|
|
|
|
});
|
|
|
|
|
|
2021-03-06 12:56:45 -05:00
|
|
|
test('with a invalid X-Forwarded-Proto https and host injection with invalid host', () => {
|
|
|
|
|
process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
|
|
|
|
|
const req = httpMocks.createRequest({
|
|
|
|
|
method: 'GET',
|
|
|
|
|
headers: {
|
|
|
|
|
host: 'some',
|
|
|
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
|
|
|
},
|
|
|
|
|
url: '/',
|
|
|
|
|
});
|
|
|
|
|
|
2021-10-29 02:00:02 -05:00
|
|
|
expect(
|
|
|
|
|
getPublicUrl(undefined, {
|
|
|
|
|
host: req.hostname,
|
|
|
|
|
headers: req.headers as any,
|
|
|
|
|
protocol: req.protocol,
|
|
|
|
|
})
|
|
|
|
|
).toEqual('http://some/');
|
2021-03-06 12:56:45 -05:00
|
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
|
|
|
});
|
|
|
|
|
});
|
