import supertest from 'supertest'; import { describe, expect, test } from 'vitest'; import { API_ERROR, HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core'; import { setup } from '@verdaccio/logger'; import { initializeServer } from './_helper'; setup({}); describe('server api', () => { test('should request any package', async () => { const app = await initializeServer('conf.yaml'); await supertest(app) .get('/jquery') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.NOT_FOUND); }); test('should able to catch non defined routes with 404', async () => { const app = await initializeServer('conf.yaml'); await supertest(app) .get('/-/this-does-not-exist-anywhere') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.NOT_FOUND); }); test('should return index page if web is enabled', async () => { const app = await initializeServer('conf.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HEADER_TYPE.CONTENT_ENCODING, HEADERS.GZIP) .expect(HTTP_STATUS.OK); expect(response.text).toMatch('verdaccio'); }); test('should define rate limit headers', async () => { const app = await initializeServer('conf.yaml'); await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect('x-ratelimit-limit', '10000') .expect('x-ratelimit-remaining', '9999') .expect(HTTP_STATUS.OK); }); test('should contains cors headers', async () => { const app = await initializeServer('conf.yaml'); await supertest(app).get('/').expect('access-control-allow-origin', '*').expect(HTTP_STATUS.OK); }); test('should contains etag', async () => { const app = await initializeServer('conf.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); const etag = response.get(HEADERS.ETAG); expect(typeof etag === 'string').toBeTruthy(); }); test('should be hidden by default', async () => { const app = await initializeServer('conf.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); const powered = response.get('x-powered-by'); expect(powered).toMatch('hidden'); }, 40000); test('should not contains powered header', async () => { const app = await initializeServer('powered-disabled.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); const powered = response.get('x-powered-by'); expect(powered).toEqual('hidden'); }); test('should contains custom powered header', async () => { const app = await initializeServer('powered-custom.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); const powered = response.get('x-powered-by'); expect(powered).toEqual('custom user agent'); }); test('should return 404 if web is disabled', async () => { const app = await initializeServer('web-disabled.yaml'); const response = await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.NOT_FOUND); expect(response.body.error).toEqual(API_ERROR.WEB_DISABLED); }); test('should not display debug hook disabled by default', async () => { const app = await initializeServer('no_debug.yaml'); await supertest(app) .get('/-/_debug') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.NOT_FOUND); }); test('should display debug hook if directly enabled', async () => { const app = await initializeServer('conf.yaml'); const res = await supertest(app) .get('/-/_debug') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.OK); expect(res.body.pid).toEqual(process.pid); expect(res.body.mem).toBeDefined(); }); });