mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-13 22:48:31 -05:00
558d78f32a
* feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test
223 lines
6 KiB
TypeScript
223 lines
6 KiB
TypeScript
import * as httpMocks from 'node-mocks-http';
|
|
|
|
import { HEADERS } from '@verdaccio/commons-api';
|
|
import { getPublicUrl } from '../src';
|
|
|
|
describe('host', () => {
|
|
// this scenario is usual when reverse proxy is setup
|
|
// without the host header
|
|
test('get empty string with missing host header', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
url: '/',
|
|
});
|
|
expect(getPublicUrl(undefined, req)).toEqual('/');
|
|
});
|
|
|
|
test('get a valid host', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
},
|
|
url: '/',
|
|
});
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some.com/');
|
|
});
|
|
|
|
test('check a valid host header injection', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: `some.com"><svg onload="alert(1)">`,
|
|
},
|
|
url: '/',
|
|
});
|
|
expect(function () {
|
|
// @ts-expect-error
|
|
getPublicUrl({}, req);
|
|
}).toThrow('invalid host');
|
|
});
|
|
|
|
test('get a valid host with prefix', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl('/prefix/', req)).toEqual('http://some.com/prefix/');
|
|
});
|
|
|
|
test('get a valid host with prefix no trailing', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl('/prefix-no-trailing', req)).toEqual('http://some.com/prefix-no-trailing/');
|
|
});
|
|
|
|
test('get a valid host with null prefix', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(null, req)).toEqual('http://some.com/');
|
|
});
|
|
});
|
|
|
|
describe('X-Forwarded-Proto', () => {
|
|
test('with a valid X-Forwarded-Proto https', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('https://some.com/');
|
|
});
|
|
|
|
test('with a invalid X-Forwarded-Proto https', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProto',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some.com/');
|
|
});
|
|
|
|
test('with a HAProxy X-Forwarded-Proto https', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'https,https',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('https://some.com/');
|
|
});
|
|
|
|
test('with a HAProxy X-Forwarded-Proto different protocol', () => {
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'http,https',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some.com/');
|
|
});
|
|
});
|
|
|
|
describe('env variable', () => {
|
|
test('with a valid X-Forwarded-Proto https and env variable', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('https://env.domain.com/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
|
|
test('with a valid X-Forwarded-Proto https and env variable with prefix', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com/urlPrefix/';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'https',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('https://env.domain.com/urlPrefix/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
|
|
test('with a invalid X-Forwarded-Proto https and env variable', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'https://env.domain.com/';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('https://env.domain.com/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
|
|
test('with a invalid X-Forwarded-Proto https and invalid url with env variable', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'ftp://env.domain.com';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some.com/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
|
|
test('with a invalid X-Forwarded-Proto https and host injection with host', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some.com',
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some.com/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
|
|
test('with a invalid X-Forwarded-Proto https and host injection with invalid host', () => {
|
|
process.env.VERDACCIO_PUBLIC_URL = 'http://injection.test.com"><svg onload="alert(1)">';
|
|
const req = httpMocks.createRequest({
|
|
method: 'GET',
|
|
headers: {
|
|
host: 'some',
|
|
[HEADERS.FORWARDED_PROTO]: 'invalidProtocol',
|
|
},
|
|
url: '/',
|
|
});
|
|
|
|
expect(getPublicUrl(undefined, req)).toEqual('http://some/');
|
|
delete process.env.VERDACCIO_PUBLIC_URL;
|
|
});
|
|
});
|