unleash-server 5.1.3 → 5.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/app.js +4 -2
- package/dist/lib/app.js.map +1 -1
- package/dist/lib/middleware/api-token-middleware.d.ts +1 -0
- package/dist/lib/middleware/api-token-middleware.js +16 -6
- package/dist/lib/middleware/api-token-middleware.js.map +1 -1
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js +9 -8
- package/dist/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.js.map +1 -1
- package/package.json +1 -1
- package/dist/lib/middleware/reject-double-slashes-in-path.d.ts +0 -2
- package/dist/lib/middleware/reject-double-slashes-in-path.js +0 -14
- package/dist/lib/middleware/reject-double-slashes-in-path.js.map +0 -1
package/dist/lib/app.js
CHANGED
|
@@ -28,7 +28,6 @@ const maintenance_middleware_1 = __importDefault(require("./middleware/maintenan
|
|
|
28
28
|
const unless_middleware_1 = require("./middleware/unless-middleware");
|
|
29
29
|
const catch_all_error_handler_1 = require("./middleware/catch-all-error-handler");
|
|
30
30
|
const notfound_error_1 = __importDefault(require("./error/notfound-error"));
|
|
31
|
-
const reject_double_slashes_in_path_1 = require("./middleware/reject-double-slashes-in-path");
|
|
32
31
|
async function getApp(config, stores, services, unleashSession, db) {
|
|
33
32
|
const app = (0, express_1.default)();
|
|
34
33
|
const baseUriPath = config.server.baseUriPath || '';
|
|
@@ -47,6 +46,10 @@ async function getApp(config, stores, services, unleashSession, db) {
|
|
|
47
46
|
}
|
|
48
47
|
app.use((0, compression_1.default)());
|
|
49
48
|
app.use((0, cookie_parser_1.default)());
|
|
49
|
+
app.use((req, res, next) => {
|
|
50
|
+
req.url = req.url.replace(/\/+/g, '/');
|
|
51
|
+
next();
|
|
52
|
+
});
|
|
50
53
|
app.use(`${baseUriPath}/api/admin/features-batch`, express_1.default.json({ strict: false, limit: '500kB' }));
|
|
51
54
|
app.use((0, unless_middleware_1.unless)(`${baseUriPath}/api/admin/features-batch`, express_1.default.json({ strict: false })));
|
|
52
55
|
if (unleashSession) {
|
|
@@ -63,7 +66,6 @@ async function getApp(config, stores, services, unleashSession, db) {
|
|
|
63
66
|
if (config.enableOAS && services.openApiService) {
|
|
64
67
|
services.openApiService.useDocs(app);
|
|
65
68
|
}
|
|
66
|
-
app.use(`${baseUriPath}/`, reject_double_slashes_in_path_1.rejectDoubleSlashesInPath);
|
|
67
69
|
// Support CORS preflight requests for the frontend endpoints.
|
|
68
70
|
// Preflight requests should not have Authorization headers,
|
|
69
71
|
// so this must be handled before the API token middleware.
|
package/dist/lib/app.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,4EAAmD;
|
|
1
|
+
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/lib/app.ts"],"names":[],"mappings":";;;;;AAAA,sDAA+D;AAC/D,8DAAsC;AACtC,kEAAoC;AACpC,kEAAyC;AACzC,gDAAwB;AACxB,gEAAwC;AACxC,8EAAyE;AACzE,gFAA2E;AAC3E,mFAA0D;AAC1D,6FAAmE;AAEnE,2CAA2D;AAG3D,sDAAmC;AAEnC,iFAAwD;AACxD,2FAAkE;AAClE,yFAAgE;AAChE,uFAA8D;AAC9D,iFAAwD;AAExD,4DAAuD;AACvD,8DAA2D;AAC3D,gFAA4E;AAC5E,iFAAwD;AAExD,iGAAwE;AACxE,sEAAwD;AACxD,kFAA4E;AAC5E,4EAAmD;AAEpC,KAAK,UAAU,MAAM,CAChC,MAAsB,EACtB,MAAsB,EACtB,QAA0B,EAC1B,cAA+B,EAC/B,EAAS;IAET,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;IACpD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,IAAA,mCAAgB,GAAE,CAAC;IAC/D,IAAI,SAAS,GAAG,MAAM,IAAA,+BAAa,EAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAE1D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC7B,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChD,GAAG,CAAC,GAAG,CACH,IAAA,2CAAmB,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,QAAQ,CAAC,oBAAoB,CAChC,CACJ,CAAC;KACL;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE;QACtC,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;KAC7C;IAED,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAY,GAAE,CAAC,CAAC;IAExB,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACvB,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAClD,CAAC;IACF,GAAG,CAAC,GAAG,CACH,IAAA,0BAAM,EACF,GAAG,WAAW,2BAA2B,EACzC,iBAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAClC,CACJ,CAAC;IACF,IAAI,cAAc,EAAE;QAChB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,GAAG,CAAC,GAAG,CAAC,IAAA,wBAAa,EAAC,MAAM,CAAC,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,uBAAO,EAAC,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,iBAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAErE,IAAI,MAAM,CAAC,SAAS,EAAE;QAClB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,iBAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;KACjE;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,cAAc,EAAE;QAC7C,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KACxC;IACD,8DAA8D;IAC9D,4DAA4D;IAC5D,2DAA2D;IAC3D,GAAG,CAAC,OAAO,CACP,GAAG,WAAW,gBAAgB,EAC9B,IAAA,8CAAqB,EACjB,GAAG,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,EACjD,IAAA,6CAAoB,EAAC,QAAQ,EAAE,MAAM,CAAC,CACzC,CACJ,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,wBAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEtD,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAChC,KAAK,kBAAS,CAAC,WAAW,CAAC,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,4BAAiB,EAAC,GAAG,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,UAAU,CAAC,CAAC;YACvB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,MAAM,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,MAAM;SACT;QACD,KAAK,kBAAS,CAAC,IAAI,CAAC,CAAC;YACjB,IAAA,2BAAgB,EAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACnC,MAAM;SACT;QACD,OAAO,CAAC,CAAC;YACL,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,8BAAkB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAA,6BAAkB,EACd,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,EACzB,QAAQ,EACR,MAAM,CACT,CAAC;YACF,MAAM;SACT;KACJ;IAED,GAAG,CAAC,GAAG,CACH,WAAW,EACX,IAAA,yBAAc,EAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,CACzD,CAAC;IAEF,GAAG,CAAC,GAAG,CACH,GAAG,WAAW,YAAY,EAC1B,IAAA,gCAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAC7D,CAAC;IAEF,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,UAAU,EAAE;QAC5C,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;KAC3D;IAED,mBAAmB;IACnB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,GAAG,EAAE,IAAI,gBAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAEzE,IAAI,QAAQ,CAAC,cAAc,EAAE;QACzB,QAAQ,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;QACvC,GAAG,CAAC,GAAG,CAAC,IAAA,sBAAY,GAAE,CAAC,CAAC;KAC3B;SAAM;QACH,GAAG,CAAC,GAAG,CAAC,IAAA,8CAAoB,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;KACnD;IAED,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,sBAAsB;IACtB,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,wBAAa,CAC3B,kCAAkC,WAAW,OAAO,GAAG,CAAC,IAAI,qBAAqB,CACpF,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO;IACX,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACf,CAAC;AA5KD,yBA4KC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { IUnleashConfig } from '../types/option';
|
|
2
2
|
export declare const TOKEN_TYPE_ERROR_MESSAGE = "invalid token: expected a different token type for this endpoint";
|
|
3
|
+
export declare const NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = "This endpoint requires an API token. Please add an authorization header to your request with a valid token";
|
|
3
4
|
declare const apiAccessMiddleware: ({ getLogger, authentication, flagResolver, }: Pick<IUnleashConfig, 'getLogger' | 'authentication' | 'flagResolver'>, { apiTokenService }: any) => any;
|
|
4
5
|
export default apiAccessMiddleware;
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
3
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = exports.TOKEN_TYPE_ERROR_MESSAGE = void 0;
|
|
4
4
|
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
5
5
|
const api_token_1 = require("../types/models/api-token");
|
|
6
6
|
const isClientApi = ({ path }) => {
|
|
7
|
-
return path && path.
|
|
7
|
+
return path && path.indexOf('/api/client') > -1;
|
|
8
8
|
};
|
|
9
9
|
const isProxyApi = ({ path }) => {
|
|
10
10
|
if (!path) {
|
|
@@ -12,12 +12,13 @@ const isProxyApi = ({ path }) => {
|
|
|
12
12
|
}
|
|
13
13
|
// Handle all our current proxy paths which will redirect to the new
|
|
14
14
|
// embedded proxy endpoint
|
|
15
|
-
return (path.
|
|
16
|
-
path.
|
|
17
|
-
path.
|
|
18
|
-
path.
|
|
15
|
+
return (path.indexOf('/api/proxy') > -1 ||
|
|
16
|
+
path.indexOf('/api/development/proxy') > -1 ||
|
|
17
|
+
path.indexOf('/api/production/proxy') > -1 ||
|
|
18
|
+
path.indexOf('/api/frontend') > -1);
|
|
19
19
|
};
|
|
20
20
|
exports.TOKEN_TYPE_ERROR_MESSAGE = 'invalid token: expected a different token type for this endpoint';
|
|
21
|
+
exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED = 'This endpoint requires an API token. Please add an authorization header to your request with a valid token';
|
|
21
22
|
const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { apiTokenService }) => {
|
|
22
23
|
const logger = getLogger('/middleware/api-token.ts');
|
|
23
24
|
logger.debug('Enabling api-token middleware');
|
|
@@ -45,6 +46,15 @@ const apiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { api
|
|
|
45
46
|
}
|
|
46
47
|
req.user = apiUser;
|
|
47
48
|
}
|
|
49
|
+
else if (isClientApi(req) || isProxyApi(req)) {
|
|
50
|
+
// If we're here, we know that api token middleware was enabled, otherwise we'd returned a no-op middleware
|
|
51
|
+
// We explicitly only protect client and proxy apis, since admin apis are protected by our permission checker
|
|
52
|
+
// Reject with 401
|
|
53
|
+
res.status(401).send({
|
|
54
|
+
message: exports.NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
|
|
55
|
+
});
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
48
58
|
}
|
|
49
59
|
}
|
|
50
60
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"api-token-middleware.js","sourceRoot":"","sources":["../../../src/lib/middleware/api-token-middleware.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAyD;AAIzD,MAAM,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC7B,OAAO,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;IAC5B,IAAI,CAAC,IAAI,EAAE;QACP,OAAO;KACV;IAED,oEAAoE;IACpE,0BAA0B;IAC1B,OAAO,CACH,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CACrC,CAAC;AACN,CAAC,CAAC;AAEW,QAAA,wBAAwB,GACjC,kEAAkE,CAAC;AAE1D,QAAA,iCAAiC,GAC1C,4GAA4G,CAAC;AACjH,MAAM,mBAAmB,GAAG,CACxB,EACI,SAAS,EACT,cAAc,EACd,YAAY,GACwD,EACxE,EAAE,eAAe,EAAO,EACrB,EAAE;IACL,MAAM,MAAM,GAAG,SAAS,CAAC,0BAA0B,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAE9C,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE;QAChC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;KACrC;IAED,OAAO,CAAC,GAAiB,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,IAAI,EAAE;YACV,OAAO,IAAI,EAAE,CAAC;SACjB;QAED,IAAI;YACA,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE;gBAChC,MAAM,OAAO,GAAG,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,wBAAY,CAAC;gBAE1C,IAAI,OAAO,EAAE;oBACT,IACI,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;wBAC9C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBAC/C,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;4BACtB,CAAC,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAC5C;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACjB,OAAO,EAAE,gCAAwB;yBACpC,CAAC,CAAC;wBACH,OAAO;qBACV;oBACD,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;iBACtB;qBAAM,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE;oBAC5C,2GAA2G;oBAC3G,6GAA6G;oBAC7G,kBAAkB;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACjB,OAAO,EAAE,yCAAiC;qBAC7C,CAAC,CAAC;oBACH,OAAO;iBACV;aACJ;SACJ;QAAC,OAAO,KAAK,EAAE;YACZ,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;SACvB;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC;AACN,CAAC,CAAC;AAEF,kBAAe,mBAAmB,CAAC"}
|
|
@@ -19,7 +19,7 @@ beforeAll(async () => {
|
|
|
19
19
|
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
20
20
|
});
|
|
21
21
|
appWithBaseUrl = await (0, test_helper_1.setupAppWithAuth)(stores, {
|
|
22
|
-
server: {
|
|
22
|
+
server: { unleashUrl: 'http://localhost:4242', basePathUri: '/demo' },
|
|
23
23
|
authentication: { enableApiToken: true, type: types_1.IAuthType.DEMO },
|
|
24
24
|
});
|
|
25
25
|
});
|
|
@@ -27,17 +27,18 @@ afterAll(async () => {
|
|
|
27
27
|
await app.destroy();
|
|
28
28
|
await db.destroy();
|
|
29
29
|
});
|
|
30
|
+
test('Access to//api/admin/tags are refused no matter how many leading slashes', async () => {
|
|
31
|
+
await app.request.get('//api/admin/tags').expect(401);
|
|
32
|
+
await app.request.get('////api/admin/tags').expect(401);
|
|
33
|
+
});
|
|
30
34
|
test('Access to /api/client/features are refused no matter how many leading slashes', async () => {
|
|
31
35
|
await app.request.get('/api/client/features').expect(401);
|
|
32
|
-
await app.request.get('/////api/client/features').expect(
|
|
33
|
-
await app.request.get('//api/client/features').expect(
|
|
34
|
-
});
|
|
35
|
-
test('Multiple slashes anywhere in the path is not a URL that exists', async () => {
|
|
36
|
-
await app.request.get('/api/admin///projects/default/features').expect(404);
|
|
37
|
-
await app.request.get('/api/client///features').expect(404);
|
|
36
|
+
await app.request.get('/////api/client/features').expect(401);
|
|
37
|
+
await app.request.get('//api/client/features').expect(401);
|
|
38
38
|
});
|
|
39
39
|
test('multiple slashes after base path is also rejected with 404', async () => {
|
|
40
|
-
await appWithBaseUrl.request.get('/demo///api/client/features').expect(
|
|
40
|
+
await appWithBaseUrl.request.get('/demo///api/client/features').expect(401);
|
|
41
|
+
await appWithBaseUrl.request.get('/demo//api/client/features').expect(401);
|
|
41
42
|
await appWithBaseUrl.request.get('/demo/api/client/features').expect(401);
|
|
42
43
|
});
|
|
43
44
|
test(`Access with API token is granted`, async () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"leading-slashes-are-stripped.e2e.test.js","sourceRoot":"","sources":["../../../../../src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts"],"names":[],"mappings":";;;;;AAAA,4EAAoD;AACpD,gFAA8D;AAC9D,2DAA2E;AAC3E,iDAAkE;AAClE,sEAAsE;AAEtE,IAAI,GAAiB,CAAC;AACtB,IAAI,cAA4B,CAAC;AACjC,IAAI,MAAsB,CAAC;AAC3B,IAAI,EAAW,CAAC;AAEhB,SAAS,CAAC,KAAK,IAAI,EAAE;IACjB,EAAE,GAAG,MAAM,IAAA,uBAAM,EACb,kDAAkD,EAClD,mBAAS,CACZ,CAAC;IACF,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC;IACnB,GAAG,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QACjC,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,cAAc,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QAC5C,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE;
|
|
1
|
+
{"version":3,"file":"leading-slashes-are-stripped.e2e.test.js","sourceRoot":"","sources":["../../../../../src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts"],"names":[],"mappings":";;;;;AAAA,4EAAoD;AACpD,gFAA8D;AAC9D,2DAA2E;AAC3E,iDAAkE;AAClE,sEAAsE;AAEtE,IAAI,GAAiB,CAAC;AACtB,IAAI,cAA4B,CAAC;AACjC,IAAI,MAAsB,CAAC;AAC3B,IAAI,EAAW,CAAC;AAEhB,SAAS,CAAC,KAAK,IAAI,EAAE;IACjB,EAAE,GAAG,MAAM,IAAA,uBAAM,EACb,kDAAkD,EAClD,mBAAS,CACZ,CAAC;IACF,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC;IACnB,GAAG,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QACjC,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,cAAc,GAAG,MAAM,IAAA,8BAAgB,EAAC,MAAM,EAAE;QAC5C,MAAM,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,WAAW,EAAE,OAAO,EAAE;QACrE,cAAc,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAS,CAAC,IAAI,EAAE;KACjE,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;IAChB,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;IACpB,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;IACxF,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;IAC7F,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;IAC1E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;IAChD,IAAI,KAAK,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,0BAA0B,CAAC;QACtE,WAAW,EAAE,SAAS;QACtB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,wBAAY,CAAC,MAAM;KAC5B,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO;SACZ,GAAG,CAAC,sBAAsB,CAAC;SAC3B,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC;SAClC,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.rejectDoubleSlashesInPath = void 0;
|
|
4
|
-
const MULTIPLE_SLASHES = /\/\/+/;
|
|
5
|
-
const rejectDoubleSlashesInPath = (req, res, next) => {
|
|
6
|
-
if (req.path.match(MULTIPLE_SLASHES)) {
|
|
7
|
-
res.status(404).send();
|
|
8
|
-
}
|
|
9
|
-
else {
|
|
10
|
-
next();
|
|
11
|
-
}
|
|
12
|
-
};
|
|
13
|
-
exports.rejectDoubleSlashesInPath = rejectDoubleSlashesInPath;
|
|
14
|
-
//# sourceMappingURL=reject-double-slashes-in-path.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"reject-double-slashes-in-path.js","sourceRoot":"","sources":["../../../src/lib/middleware/reject-double-slashes-in-path.ts"],"names":[],"mappings":";;;AAEA,MAAM,gBAAgB,GAAG,OAAO,CAAC;AAE1B,MAAM,yBAAyB,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IACxE,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE;QAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;KAC1B;SAAM;QACH,IAAI,EAAE,CAAC;KACV;AACL,CAAC,CAAC;AANW,QAAA,yBAAyB,6BAMpC"}
|