const forbiddenPaths = require("../../src/utils/forbiddenPaths.js"); jest.mock("../../src/utils/forbiddenPaths.js", () => ({ getInitializePath: jest.fn(() => "/forbidden"), isForbiddenPath: jest.fn((path) => path === "/forbidden"), isIndexOfForbiddenPath: jest.fn((path) => path.includes("/forbidden")), forbiddenPaths: { config: "/forbidden", certificates: [], svrjs: "/forbidden", serverSideScripts: ["/forbidden"], serverSideScriptDirectories: ["/forbidden"], temp: "/forbidden", log: "/forbidden", }, })); process.serverConfig = { secure: true, sni: [], }; process.dirname = "/usr/lib/mocksvrjs"; process.filename = "/usr/lib/mocksvrjs/svr.js"; const middleware = require("../../src/middleware/checkForbiddenPaths.js"); describe("Forbidden path checking middleware", () => { let req, res, logFacilities, config, next; beforeEach(() => { req = { parsedURL: { pathname: "/forbidden" }, isProxy: false, }; res = { error: jest.fn(), }; logFacilities = { errmessage: jest.fn(), }; config = { enableLogging: true, enableRemoteLogBrowsing: false, exposeServerVersion: false, disableServerSideScriptExpose: true, }; next = jest.fn(); }); test("should deny access to forbidden paths", () => { middleware(req, res, logFacilities, config, next); expect(res.error).toHaveBeenCalledWith(403); expect(logFacilities.errmessage).toHaveBeenCalled(); expect(next).not.toHaveBeenCalled(); }); test("should allow access to non-forbidden paths", () => { req.parsedURL.pathname = "/allowed"; forbiddenPaths.isForbiddenPath.mockReturnValue(false); forbiddenPaths.isIndexOfForbiddenPath.mockReturnValue(false); middleware(req, res, logFacilities, config, next); expect(res.error).not.toHaveBeenCalled(); expect(logFacilities.errmessage).not.toHaveBeenCalled(); expect(next).toHaveBeenCalled(); }); });