1
0
Fork 0
forked from svrjs/svrjs
This repository has been archived on 2024-11-10. You can view files and clone it, but cannot push or open issues or pull requests.
svrjs/tests/middleware/checkForbiddenPaths.test.js

68 lines
1.9 KiB
JavaScript
Raw Normal View History

const forbiddenPaths = require("../../src/utils/forbiddenPaths.js");
jest.mock("../../src/utils/forbiddenPaths.js", () => ({
getInitializePath: jest.fn(() => "/forbidden"),
isForbiddenPath: jest.fn((path) => path === "/forbidden"),
isIndexOfForbiddenPath: jest.fn((path) => path.includes("/forbidden")),
forbiddenPaths: {
config: "/forbidden",
certificates: [],
svrjs: "/forbidden",
serverSideScripts: ["/forbidden"],
serverSideScriptDirectories: ["/forbidden"],
temp: "/forbidden",
log: "/forbidden",
},
}));
process.serverConfig = {
secure: true,
sni: [],
};
process.dirname = "/usr/lib/mocksvrjs";
process.filename = "/usr/lib/mocksvrjs/svr.js";
const middleware = require("../../src/middleware/checkForbiddenPaths.js");
describe("Forbidden path checking middleware", () => {
let req, res, logFacilities, config, next;
beforeEach(() => {
req = {
parsedURL: { pathname: "/forbidden" },
isProxy: false,
};
res = {
error: jest.fn(),
};
logFacilities = {
errmessage: jest.fn(),
};
config = {
enableLogging: true,
enableRemoteLogBrowsing: false,
exposeServerVersion: false,
disableServerSideScriptExpose: true,
};
next = jest.fn();
});
test("should deny access to forbidden paths", () => {
middleware(req, res, logFacilities, config, next);
expect(res.error).toHaveBeenCalledWith(403);
expect(logFacilities.errmessage).toHaveBeenCalled();
expect(next).not.toHaveBeenCalled();
});
test("should allow access to non-forbidden paths", () => {
req.parsedURL.pathname = "/allowed";
forbiddenPaths.isForbiddenPath.mockReturnValue(false);
forbiddenPaths.isIndexOfForbiddenPath.mockReturnValue(false);
middleware(req, res, logFacilities, config, next);
expect(res.error).not.toHaveBeenCalled();
expect(logFacilities.errmessage).not.toHaveBeenCalled();
expect(next).toHaveBeenCalled();
});
});