UNPKG

unleash-server

Version:

Unleash is an enterprise ready feature flag service. It provides different strategies for handling feature flags.

github.com/Unleash/unleash

Unleash/unleash

55 lines 2.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import getLogger from '../../../fixtures/no-logger.js'; import dbInit from '../../helpers/database-init.js'; import { setupAppWithAuth, } from '../../helpers/test-helper.js'; import { IAuthType } from '../../../../lib/types/index.js'; import { ApiTokenType } from '../../../../lib/types/model.js'; import { DEFAULT_ENV } from '../../../../lib/server-impl.js'; let app; let appWithBaseUrl; let stores; let db; beforeAll(async () => { db = await dbInit('multiple_leading_slashes_are_still_authed_serial', getLogger); stores = db.stores; app = await setupAppWithAuth(stores, { authentication: { enableApiToken: true, type: IAuthType.DEMO }, }, db.rawDatabase); appWithBaseUrl = await setupAppWithAuth(stores, { server: { unleashUrl: 'http://localhost:4242', basePathUri: '/demo', }, authentication: { enableApiToken: true, type: IAuthType.DEMO }, }, db.rawDatabase); }); afterAll(async () => { await app.destroy(); await db.destroy(); }); test('Access to //api/admin/tags are refused no matter how many leading slashes', async () => { await app.request.get('//api/admin/tags').expect(401); await app.request.get('////api/admin/tags').expect(401); }); test('Access to /api/client/features are refused no matter how many leading slashes', async () => { await app.request.get('/api/client/features').expect(401); await app.request.get('/////api/client/features').expect(401); await app.request.get('//api/client/features').expect(401); }); test('multiple slashes after base path is also rejected with 404', async () => { await appWithBaseUrl.request.get('/demo///api/client/features').expect(401); await appWithBaseUrl.request.get('/demo//api/client/features').expect(401); await appWithBaseUrl.request.get('/demo/api/client/features').expect(401); }); test('Access with API token is granted', async () => { const token = await app.services.apiTokenService.createApiTokenWithProjects({ environment: DEFAULT_ENV, projects: ['default'], tokenName: 'test', type: ApiTokenType.BACKEND, }); await app.request .get('/api/client/features') .set('Authorization', token.secret) .expect(200); }); //# sourceMappingURL=leading-slashes-are-stripped.e2e.test.js.map