unleash-server 5.0.7 → 5.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/app.js +3 -6
- package/dist/lib/app.js.map +1 -1
- package/dist/lib/middleware/api-token-middleware.d.ts +1 -0
- package/dist/lib/middleware/api-token-middleware.js +16 -6
- package/dist/lib/middleware/api-token-middleware.js.map +1 -1
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.d.ts +1 -0
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js +52 -0
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js.map +1 -0
- package/package.json +1 -1
package/dist/lib/app.js
CHANGED
|
@@ -27,7 +27,7 @@ const pat_middleware_1 = __importDefault(require("./middleware/pat-middleware"))
|
|
|
27
27
|
const maintenance_middleware_1 = __importDefault(require("./middleware/maintenance-middleware"));
|
|
28
28
|
const unless_middleware_1 = require("./middleware/unless-middleware");
|
|
29
29
|
const catch_all_error_handler_1 = require("./middleware/catch-all-error-handler");
|
|
30
|
-
const
|
|
30
|
+
const notfound_error_1 = __importDefault(require("./error/notfound-error"));
|
|
31
31
|
async function getApp(config, stores, services, unleashSession, db) {
|
|
32
32
|
const app = (0, express_1.default)();
|
|
33
33
|
const baseUriPath = config.server.baseUriPath || '';
|
|
@@ -124,11 +124,8 @@ async function getApp(config, stores, services, unleashSession, db) {
|
|
|
124
124
|
});
|
|
125
125
|
// handle all API 404s
|
|
126
126
|
app.use(`${baseUriPath}/api`, (req, res) => {
|
|
127
|
-
const error = new
|
|
128
|
-
|
|
129
|
-
message: `The path you were looking for (${baseUriPath}/api${req.path}) is not available.`,
|
|
130
|
-
});
|
|
131
|
-
res.status(error.statusCode).send(error);
|
|
127
|
+
const error = new notfound_error_1.default(`The path you were looking for (${baseUriPath}/api${req.path}) is not available.`);
|
|
128
|
+
res.status(404).send(error);
|
|
132
129
|
return;
|
|
133
130
|
});
|
|
134
131
|
app.get(`${baseUriPath}/*`, (req, res) => {
|
package/dist/lib/app.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,
|
|
1
|
+
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,4EAAmD;AAEpC,KAAK,UAAU,MAAM,CAChC,MAAsB,EACtB,MAAsB,EACtB,QAA0B,EAC1B,cAA+B,EAC/B,EAAS;IAET,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;IACpD,MAAM,YAAY,GAAG,IAAA,mCAAgB,GAAE,CAAC;IACxC,IAAI,SAAS,GAAG,MAAM,IAAA,+BAAa,EAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAE1D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC7B,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChD,GAAG,CAAC,GAAG,CACH,IAAA,2CAAmB,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,QAAQ,CAAC,oBAAoB,CAChC,CACJ,CAAC;KACL;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE;QACtC,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;KAC7C;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAY,GAAE,CAAC,CAAC;IAExB,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAClD,CAAC;IACF,GAAG,CAAC,GAAG,CACH,IAAA,0BAAM,EACF,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAClC,CACJ,CAAC;IACF,IAAI,cAAc,EAAE;QAChB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,iBAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAErE,IAAI,MAAM,CAAC,SAAS,EAAE;QAClB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,iBAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;KACjE;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,cAAc,EAAE;QAC7C,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KACxC;IACD,8DAA8D;IAC9D,4DAA4D;IAC5D,2DAA2D;IAC3D,GAAG,CAAC,OAAO,CACP,GAAG,WAAW,gBAAgB,EAC9B,IAAA,8CAAqB,EACjB,GAAG,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,EACjD,IAAA,6CAAoB,EAAC,QAAQ,EAAE,MAAM,CAAC,CACzC,CACJ,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,wBAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEtD,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAChC,KAAK,kBAAS,CAAC,WAAW,CAAC,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,4BAAiB,EAAC,GAAG,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,UAAU,CAAC,CAAC;YACvB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,IAAA,2BAAgB,EAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACnC,MAAM;SACT;QACD,OAAO,CAAC,CAAC;YACL,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;KACJ;IAED,GAAG,CAAC,GAAG,CACH,WAAW,EACX,IAAA,yBAAc,EAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,CACzD,CAAC;IAEF,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,YAAY,EAC1B,IAAA,gCAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAC7D,CAAC;IAEF,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,UAAU,EAAE;QAC5C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;KAC3D;IAED,mBAAmB;IACnB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,EAAE,IAAI,gBAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAEzE,IAAI,QAAQ,CAAC,cAAc,EAAE;QACzB,QAAQ,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;QACvC,GAAG,CAAC,GAAG,CAAC,IAAA,sBAAY,GAAE,CAAC,CAAC;KAC3B;SAAM;QACH,GAAG,CAAC,GAAG,CAAC,IAAA,8CAAoB,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;KACnD;IAED,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,sBAAsB;IACtB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,wBAAa,CAC3B,kCAAkC,WAAW,OAAO,GAAG,CAAC,IAAI,qBAAqB,CACpF,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO;IACX,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACf,CAAC;AAvKD,yBAuKC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { IUnleashConfig } from '../types/option';
|
|
2
2
|
export declare const TOKEN_TYPE_ERROR_MESSAGE = "invalid token: expected a different token type for this endpoint";
|
|
3
|
+
export declare const NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = "This endpoint requires an API token. Please add an authorization header to your request with a valid token";
|
|
3
4
|
declare const apiAccessMiddleware: ({ getLogger, authentication, flagResolver, }: Pick<IUnleashConfig, 'getLogger' | 'authentication' | 'flagResolver'>, { apiTokenService }: any) => any;
|
|
4
5
|
export default apiAccessMiddleware;
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
3
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
4
4
|
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
5
5
|
const api_token_1 = require("../types/models/api-token");
|
|
6
6
|
const isClientApi = ({ path }) => {
|
|
7
|
-
return path && path.
|
|
7
|
+
return path && path.indexOf('/api/client') > -1;
|
|
8
8
|
};
|
|
9
9
|
const isProxyApi = ({ path }) => {
|
|
10
10
|
if (!path) {
|
|
@@ -12,12 +12,13 @@ const isProxyApi = ({ path }) => {
|
|
|
12
12
|
}
|
|
13
13
|
// Handle all our current proxy paths which will redirect to the new
|
|
14
14
|
// embedded proxy endpoint
|
|
15
|
-
return (path.
|
|
16
|
-
path.
|
|
17
|
-
path.
|
|
18
|
-
path.
|
|
15
|
+
return (path.indexOf('/api/proxy') > -1 ||
|
|
16
|
+
path.indexOf('/api/development/proxy') > -1 ||
|
|
17
|
+
path.indexOf('/api/production/proxy') > -1 ||
|
|
18
|
+
path.indexOf('/api/frontend') > -1);
|
|
19
19
|
};
|
|
20
20
|
exports.TOKEN_TYPE_ERROR_MESSAGE = 'invalid token: expected a different token type for this endpoint';
|
|
21
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = 'This endpoint requires an API token. Please add an authorization header to your request with a valid token';
|
|
21
22
|
const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { apiTokenService }) => {
|
|
22
23
|
const logger = getLogger('/middleware/api-token.ts');
|
|
23
24
|
logger.debug('Enabling api-token middleware');
|
|
@@ -45,6 +46,15 @@ const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { api
|
|
|
45
46
|
}
|
|
46
47
|
req.user = apiUser;
|
|
47
48
|
}
|
|
49
|
+
else if (isClientApi(req) || isProxyApi(req)) {
|
|
50
|
+
// If we're here, we know that api token middleware was enabled, otherwise we'd returned a no-op middleware
|
|
51
|
+
// We explicitly only protect client and proxy apis, since admin apis are protected by our permission checker
|
|
52
|
+
// Reject with 401
|
|
53
|
+
res.status(401).send({
|
|
54
|
+
message: exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
|
|
55
|
+
});
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
48
58
|
}
|
|
49
59
|
}
|
|
50
60
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC5B,IAAI,CAAC,IAAI,EAAE;QACP,OAAO;KACV;IAED,oEAAoE;IACpE,0BAA0B;IAC1B,OAAO,CACH,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CACrC,CAAC;AACN,CAAC,CAAC;AAEW,QAAA,wBAAwB,GACjC,kEAAkE,CAAC;AAE1D,QAAA,iCAAiC,GAC1C,4GAA4G,CAAC;AACjH,MAAM,mBAAmB,GAAG,CACxB,EACI,SAAS,EACT,cAAc,EACd,YAAY,GACwD,EACxE,EAAE,eAAe,EAAO,EACrB,EAAE;IACL,MAAM,MAAM,GAAG,SAAS,CAAC,0BAA0B,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE9C,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE;QAChC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;KACrC;IAED,OAAO,CAAC,GAAiB,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,IAAI,EAAE;YACV,OAAO,IAAI,EAAE,CAAC;SACjB;QAED,IAAI;YACA,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE;gBAChC,MAAM,OAAO,GAAG,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,wBAAY,CAAC;gBAE1C,IAAI,OAAO,EAAE;oBACT,IACI,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;wBAC9C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBAC/C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;4BACtB,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAC5C;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACjB,OAAO,EAAE,gCAAwB;yBACpC,CAAC,CAAC;wBACH,OAAO;qBACV;oBACD,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;iBACtB;qBAAM,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE;oBAC5C,2GAA2G;oBAC3G,6GAA6G;oBAC7G,kBAAkB;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACjB,OAAO,EAAE,yCAAiC;qBAC7C,CAAC,CAAC;oBACH,OAAO;iBACV;aACJ;SACJ;QAAC,OAAO,KAAK,EAAE;YACZ,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;SACvB;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC;AACN,CAAC,CAAC;AAEF,kBAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const no_logger_1 = __importDefault(require("../../../fixtures/no-logger"));
|
|
7
|
+
const database_init_1 = __importDefault(require("../../helpers/database-init"));
|
|
8
|
+
const test_helper_1 = require("../../helpers/test-helper");
|
|
9
|
+
const types_1 = require("../../../../lib/types");
|
|
10
|
+
const api_token_1 = require("../../../../lib/types/models/api-token");
|
|
11
|
+
let app;
|
|
12
|
+
let appWithBaseUrl;
|
|
13
|
+
let stores;
|
|
14
|
+
let db;
|
|
15
|
+
beforeAll(async () => {
|
|
16
|
+
db = await (0, database_init_1.default)('multiple_leading_slashes_are_still_authed_serial', no_logger_1.default);
|
|
17
|
+
stores = db.stores;
|
|
18
|
+
app = await (0, test_helper_1.setupAppWithAuth)(stores, {
|
|
19
|
+
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
20
|
+
});
|
|
21
|
+
appWithBaseUrl = await (0, test_helper_1.setupAppWithAuth)(stores, {
|
|
22
|
+
server: { unleashUrl: 'http://localhost:4242', basePathUri: '/demo' },
|
|
23
|
+
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
24
|
+
});
|
|
25
|
+
});
|
|
26
|
+
afterAll(async () => {
|
|
27
|
+
await app.destroy();
|
|
28
|
+
await db.destroy();
|
|
29
|
+
});
|
|
30
|
+
test('Access to /api/client/features are refused no matter how many leading slashes', async () => {
|
|
31
|
+
await app.request.get('/api/client/features').expect(401);
|
|
32
|
+
await app.request.get('/////api/client/features').expect(401);
|
|
33
|
+
await app.request.get('//api/client/features').expect(401);
|
|
34
|
+
});
|
|
35
|
+
test('multiple slashes after base path is also rejected with 404', async () => {
|
|
36
|
+
await appWithBaseUrl.request.get('/demo///api/client/features').expect(401);
|
|
37
|
+
await appWithBaseUrl.request.get('/demo//api/client/features').expect(401);
|
|
38
|
+
await appWithBaseUrl.request.get('/demo/api/client/features').expect(401);
|
|
39
|
+
});
|
|
40
|
+
test(`Access with API token is granted`, async () => {
|
|
41
|
+
let token = await app.services.apiTokenService.createApiTokenWithProjects({
|
|
42
|
+
environment: 'default',
|
|
43
|
+
projects: ['default'],
|
|
44
|
+
username: 'test',
|
|
45
|
+
type: api_token_1.ApiTokenType.CLIENT,
|
|
46
|
+
});
|
|
47
|
+
await app.request
|
|
48
|
+
.get('/api/client/features')
|
|
49
|
+
.set('Authorization', token.secret)
|
|
50
|
+
.expect(200);
|
|
51
|
+
});
|
|
52
|
+
//# sourceMappingURL=leading-slashes-are-stripped.e2e.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"leading-slashes-are-stripped.e2e.test.js","sourceRoot":"","sources":["../../../../../src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts"],"names":[],"mappings":";;;;;AAAA,4EAAoD;AACpD,gFAA8D;AAC9D,2DAA2E;AAC3E,iDAAkE;AAClE,sEAAsE;AAEtE,IAAI,GAAiB,CAAC;AACtB,IAAI,cAA4B,CAAC;AACjC,IAAI,MAAsB,CAAC;AAC3B,IAAI,EAAW,CAAC;AAEhB,SAAS,CAAC,KAAK,IAAI,EAAE;IACjB,EAAE,GAAG,MAAM,IAAA,uBAAM,EACb,kDAAkD,EAClD,mBAAS,CACZ,CAAC;IACF,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC;IACnB,GAAG,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QACjC,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,cAAc,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QAC5C,MAAM,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,WAAW,EAAE,OAAO,EAAE;QACrE,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;IAChB,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;IACpB,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;IAC7F,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;IAC1E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;IAChD,IAAI,KAAK,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,0BAA0B,CAAC;QACtE,WAAW,EAAE,SAAS;QACtB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAY,CAAC,MAAM;KAC5B,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO;SACZ,GAAG,CAAC,sBAAsB,CAAC;SAC3B,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC;SAClC,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED