unleash-server 5.1.2 → 5.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/app.js.map +1 -1
- package/dist/lib/middleware/api-token-middleware.d.ts +1 -0
- package/dist/lib/middleware/api-token-middleware.js +16 -6
- package/dist/lib/middleware/api-token-middleware.js.map +1 -1
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.d.ts +1 -0
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js +52 -0
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js.map +1 -0
- package/package.json +1 -1
package/dist/lib/app.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,4EAAmD;AAEpC,KAAK,UAAU,MAAM,CAChC,MAAsB,EACtB,MAAsB,EACtB,QAA0B,EAC1B,cAA+B,EAC/B,EAAS;IAET,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;IACpD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,IAAA,mCAAgB,GAAE,CAAC;IAC/D,IAAI,SAAS,GAAG,MAAM,IAAA,+BAAa,EAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAE1D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC7B,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChD,GAAG,CAAC,GAAG,CACH,IAAA,2CAAmB,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,QAAQ,CAAC,oBAAoB,CAChC,CACJ,CAAC;KACL;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE;QACtC,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;KAC7C;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAY,GAAE,CAAC,CAAC;IAExB,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAClD,CAAC;IACF,GAAG,CAAC,GAAG,CACH,IAAA,0BAAM,EACF,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAClC,CACJ,CAAC;IACF,IAAI,cAAc,EAAE;QAChB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,iBAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAErE,IAAI,MAAM,CAAC,SAAS,EAAE;QAClB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,iBAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;KACjE;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,cAAc,EAAE;QAC7C,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KACxC;
|
|
1
|
+
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,4EAAmD;AAEpC,KAAK,UAAU,MAAM,CAChC,MAAsB,EACtB,MAAsB,EACtB,QAA0B,EAC1B,cAA+B,EAC/B,EAAS;IAET,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;IACpD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,IAAA,mCAAgB,GAAE,CAAC;IAC/D,IAAI,SAAS,GAAG,MAAM,IAAA,+BAAa,EAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAE1D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC7B,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChD,GAAG,CAAC,GAAG,CACH,IAAA,2CAAmB,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,QAAQ,CAAC,oBAAoB,CAChC,CACJ,CAAC;KACL;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE;QACtC,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;KAC7C;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAY,GAAE,CAAC,CAAC;IAExB,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAClD,CAAC;IACF,GAAG,CAAC,GAAG,CACH,IAAA,0BAAM,EACF,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAClC,CACJ,CAAC;IACF,IAAI,cAAc,EAAE;QAChB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,iBAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAErE,IAAI,MAAM,CAAC,SAAS,EAAE;QAClB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,iBAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;KACjE;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,cAAc,EAAE;QAC7C,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KACxC;IACD,8DAA8D;IAC9D,4DAA4D;IAC5D,2DAA2D;IAC3D,GAAG,CAAC,OAAO,CACP,GAAG,WAAW,gBAAgB,EAC9B,IAAA,8CAAqB,EACjB,GAAG,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,EACjD,IAAA,6CAAoB,EAAC,QAAQ,EAAE,MAAM,CAAC,CACzC,CACJ,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,wBAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEtD,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAChC,KAAK,kBAAS,CAAC,WAAW,CAAC,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,4BAAiB,EAAC,GAAG,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,UAAU,CAAC,CAAC;YACvB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,IAAA,2BAAgB,EAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACnC,MAAM;SACT;QACD,OAAO,CAAC,CAAC;YACL,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;KACJ;IAED,GAAG,CAAC,GAAG,CACH,WAAW,EACX,IAAA,yBAAc,EAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,CACzD,CAAC;IAEF,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,YAAY,EAC1B,IAAA,gCAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAC7D,CAAC;IAEF,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,UAAU,EAAE;QAC5C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;KAC3D;IAED,mBAAmB;IACnB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,EAAE,IAAI,gBAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAEzE,IAAI,QAAQ,CAAC,cAAc,EAAE;QACzB,QAAQ,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;QACvC,GAAG,CAAC,GAAG,CAAC,IAAA,sBAAY,GAAE,CAAC,CAAC;KAC3B;SAAM;QACH,GAAG,CAAC,GAAG,CAAC,IAAA,8CAAoB,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;KACnD;IAED,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,sBAAsB;IACtB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,wBAAa,CAC3B,kCAAkC,WAAW,OAAO,GAAG,CAAC,IAAI,qBAAqB,CACpF,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO;IACX,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACf,CAAC;AAvKD,yBAuKC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { IUnleashConfig } from '../types/option';
|
|
2
2
|
export declare const TOKEN_TYPE_ERROR_MESSAGE = "invalid token: expected a different token type for this endpoint";
|
|
3
|
+
export declare const NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = "This endpoint requires an API token. Please add an authorization header to your request with a valid token";
|
|
3
4
|
declare const apiAccessMiddleware: ({ getLogger, authentication, flagResolver, }: Pick<IUnleashConfig, 'getLogger' | 'authentication' | 'flagResolver'>, { apiTokenService }: any) => any;
|
|
4
5
|
export default apiAccessMiddleware;
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
3
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
4
4
|
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
5
5
|
const api_token_1 = require("../types/models/api-token");
|
|
6
6
|
const isClientApi = ({ path }) => {
|
|
7
|
-
return path && path.
|
|
7
|
+
return path && path.indexOf('/api/client') > -1;
|
|
8
8
|
};
|
|
9
9
|
const isProxyApi = ({ path }) => {
|
|
10
10
|
if (!path) {
|
|
@@ -12,12 +12,13 @@ const isProxyApi = ({ path }) => {
|
|
|
12
12
|
}
|
|
13
13
|
// Handle all our current proxy paths which will redirect to the new
|
|
14
14
|
// embedded proxy endpoint
|
|
15
|
-
return (path.
|
|
16
|
-
path.
|
|
17
|
-
path.
|
|
18
|
-
path.
|
|
15
|
+
return (path.indexOf('/api/proxy') > -1 ||
|
|
16
|
+
path.indexOf('/api/development/proxy') > -1 ||
|
|
17
|
+
path.indexOf('/api/production/proxy') > -1 ||
|
|
18
|
+
path.indexOf('/api/frontend') > -1);
|
|
19
19
|
};
|
|
20
20
|
exports.TOKEN_TYPE_ERROR_MESSAGE = 'invalid token: expected a different token type for this endpoint';
|
|
21
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = 'This endpoint requires an API token. Please add an authorization header to your request with a valid token';
|
|
21
22
|
const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { apiTokenService }) => {
|
|
22
23
|
const logger = getLogger('/middleware/api-token.ts');
|
|
23
24
|
logger.debug('Enabling api-token middleware');
|
|
@@ -45,6 +46,15 @@ const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { api
|
|
|
45
46
|
}
|
|
46
47
|
req.user = apiUser;
|
|
47
48
|
}
|
|
49
|
+
else if (isClientApi(req) || isProxyApi(req)) {
|
|
50
|
+
// If we're here, we know that api token middleware was enabled, otherwise we'd returned a no-op middleware
|
|
51
|
+
// We explicitly only protect client and proxy apis, since admin apis are protected by our permission checker
|
|
52
|
+
// Reject with 401
|
|
53
|
+
res.status(401).send({
|
|
54
|
+
message: exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
|
|
55
|
+
});
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
48
58
|
}
|
|
49
59
|
}
|
|
50
60
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC5B,IAAI,CAAC,IAAI,EAAE;QACP,OAAO;KACV;IAED,oEAAoE;IACpE,0BAA0B;IAC1B,OAAO,CACH,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CACrC,CAAC;AACN,CAAC,CAAC;AAEW,QAAA,wBAAwB,GACjC,kEAAkE,CAAC;AAE1D,QAAA,iCAAiC,GAC1C,4GAA4G,CAAC;AACjH,MAAM,mBAAmB,GAAG,CACxB,EACI,SAAS,EACT,cAAc,EACd,YAAY,GACwD,EACxE,EAAE,eAAe,EAAO,EACrB,EAAE;IACL,MAAM,MAAM,GAAG,SAAS,CAAC,0BAA0B,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE9C,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE;QAChC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;KACrC;IAED,OAAO,CAAC,GAAiB,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,IAAI,EAAE;YACV,OAAO,IAAI,EAAE,CAAC;SACjB;QAED,IAAI;YACA,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE;gBAChC,MAAM,OAAO,GAAG,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,wBAAY,CAAC;gBAE1C,IAAI,OAAO,EAAE;oBACT,IACI,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;wBAC9C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBAC/C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;4BACtB,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAC5C;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACjB,OAAO,EAAE,gCAAwB;yBACpC,CAAC,CAAC;wBACH,OAAO;qBACV;oBACD,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;iBACtB;qBAAM,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE;oBAC5C,2GAA2G;oBAC3G,6GAA6G;oBAC7G,kBAAkB;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACjB,OAAO,EAAE,yCAAiC;qBAC7C,CAAC,CAAC;oBACH,OAAO;iBACV;aACJ;SACJ;QAAC,OAAO,KAAK,EAAE;YACZ,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;SACvB;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC;AACN,CAAC,CAAC;AAEF,kBAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const no_logger_1 = __importDefault(require("../../../fixtures/no-logger"));
|
|
7
|
+
const database_init_1 = __importDefault(require("../../helpers/database-init"));
|
|
8
|
+
const test_helper_1 = require("../../helpers/test-helper");
|
|
9
|
+
const types_1 = require("../../../../lib/types");
|
|
10
|
+
const api_token_1 = require("../../../../lib/types/models/api-token");
|
|
11
|
+
let app;
|
|
12
|
+
let appWithBaseUrl;
|
|
13
|
+
let stores;
|
|
14
|
+
let db;
|
|
15
|
+
beforeAll(async () => {
|
|
16
|
+
db = await (0, database_init_1.default)('multiple_leading_slashes_are_still_authed_serial', no_logger_1.default);
|
|
17
|
+
stores = db.stores;
|
|
18
|
+
app = await (0, test_helper_1.setupAppWithAuth)(stores, {
|
|
19
|
+
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
20
|
+
});
|
|
21
|
+
appWithBaseUrl = await (0, test_helper_1.setupAppWithAuth)(stores, {
|
|
22
|
+
server: { unleashUrl: 'http://localhost:4242', basePathUri: '/demo' },
|
|
23
|
+
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
24
|
+
});
|
|
25
|
+
});
|
|
26
|
+
afterAll(async () => {
|
|
27
|
+
await app.destroy();
|
|
28
|
+
await db.destroy();
|
|
29
|
+
});
|
|
30
|
+
test('Access to /api/client/features are refused no matter how many leading slashes', async () => {
|
|
31
|
+
await app.request.get('/api/client/features').expect(401);
|
|
32
|
+
await app.request.get('/////api/client/features').expect(401);
|
|
33
|
+
await app.request.get('//api/client/features').expect(401);
|
|
34
|
+
});
|
|
35
|
+
test('multiple slashes after base path is also rejected with 404', async () => {
|
|
36
|
+
await appWithBaseUrl.request.get('/demo///api/client/features').expect(401);
|
|
37
|
+
await appWithBaseUrl.request.get('/demo//api/client/features').expect(401);
|
|
38
|
+
await appWithBaseUrl.request.get('/demo/api/client/features').expect(401);
|
|
39
|
+
});
|
|
40
|
+
test(`Access with API token is granted`, async () => {
|
|
41
|
+
let token = await app.services.apiTokenService.createApiTokenWithProjects({
|
|
42
|
+
environment: 'default',
|
|
43
|
+
projects: ['default'],
|
|
44
|
+
tokenName: 'test',
|
|
45
|
+
type: api_token_1.ApiTokenType.CLIENT,
|
|
46
|
+
});
|
|
47
|
+
await app.request
|
|
48
|
+
.get('/api/client/features')
|
|
49
|
+
.set('Authorization', token.secret)
|
|
50
|
+
.expect(200);
|
|
51
|
+
});
|
|
52
|
+
//# sourceMappingURL=leading-slashes-are-stripped.e2e.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"leading-slashes-are-stripped.e2e.test.js","sourceRoot":"","sources":["../../../../../src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts"],"names":[],"mappings":";;;;;AAAA,4EAAoD;AACpD,gFAA8D;AAC9D,2DAA2E;AAC3E,iDAAkE;AAClE,sEAAsE;AAEtE,IAAI,GAAiB,CAAC;AACtB,IAAI,cAA4B,CAAC;AACjC,IAAI,MAAsB,CAAC;AAC3B,IAAI,EAAW,CAAC;AAEhB,SAAS,CAAC,KAAK,IAAI,EAAE;IACjB,EAAE,GAAG,MAAM,IAAA,uBAAM,EACb,kDAAkD,EAClD,mBAAS,CACZ,CAAC;IACF,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC;IACnB,GAAG,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QACjC,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,cAAc,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QAC5C,MAAM,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,WAAW,EAAE,OAAO,EAAE;QACrE,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;IAChB,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;IACpB,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;IAC7F,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;IAC1E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;IAChD,IAAI,KAAK,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,0BAA0B,CAAC;QACtE,WAAW,EAAE,SAAS;QACtB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,wBAAY,CAAC,MAAM;KAC5B,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO;SACZ,GAAG,CAAC,sBAAsB,CAAC;SAC3B,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC;SAClC,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED