frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update runtime apis to support multiple libraries

Browse Source
This commit is contained in:
Nick O'Leary
2019-04-25 11:32:09 +01:00
parent 5e43a02cd3
commit b581e33611
15 changed files with 553 additions and 713 deletions
Download Patch File Download Diff File Expand all files Collapse all files

392
test/unit/@node-red/runtime/lib/api/library_spec.js
View File

@@ -38,7 +38,7 @@ describe("runtime-api/library", function() {
library.init({
log: mockLog,
library: {
getEntry: function(type,path) {
getEntry: function(library, type,path) {
if (type === "known") {
return Promise.resolve("known");
} else if (type === "forbidden") {
@@ -67,13 +67,13 @@ describe("runtime-api/library", function() {
})
})
it("returns a known entry", function(done) {
library.getEntry({type: "known", path: "/abc"}).then(function(result) {
library.getEntry({library: "local",type: "known", path: "/abc"}).then(function(result) {
result.should.eql("known")
done();
}).catch(done)
})
it("rejects a forbidden entry", function(done) {
library.getEntry({type: "forbidden", path: "/abc"}).then(function(result) {
library.getEntry({library: "local",type: "forbidden", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","forbidden");
@@ -82,7 +82,7 @@ describe("runtime-api/library", function() {
}).catch(done)
})
it("rejects an unknown entry", function(done) {
library.getEntry({type: "not_found", path: "/abc"}).then(function(result) {
library.getEntry({library: "local",type: "not_found", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","not_found");
@@ -91,7 +91,7 @@ describe("runtime-api/library", function() {
}).catch(done)
})
it("rejects a blank (unknown) entry", function(done) {
library.getEntry({type: "blank", path: "/abc"}).then(function(result) {
library.getEntry({library: "local",type: "blank", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","not_found");
@@ -100,7 +100,7 @@ describe("runtime-api/library", function() {
}).catch(done)
})
it("rejects unexpected error", function(done) {
library.getEntry({type: "error", path: "/abc"}).then(function(result) {
library.getEntry({library: "local",type: "error", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("status",400);
@@ -114,7 +114,7 @@ describe("runtime-api/library", function() {
library.init({
log: mockLog,
library: {
saveEntry: function(type,path,meta,body) {
saveEntry: function(library,type,path,meta,body) {
opts = {type,path,meta,body};
if (type === "known") {
return Promise.resolve();
@@ -137,7 +137,7 @@ describe("runtime-api/library", function() {
})
it("saves an entry", function(done) {
library.saveEntry({type: "known", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
library.saveEntry({library: "local",type: "known", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
opts.should.have.property("type","known");
opts.should.have.property("path","/abc");
opts.should.have.property("meta",{a:1});
@@ -146,7 +146,7 @@ describe("runtime-api/library", function() {
}).catch(done)
})
it("rejects a forbidden entry", function(done) {
library.saveEntry({type: "forbidden", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
library.saveEntry({library: "local",type: "forbidden", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","forbidden");
@@ -155,7 +155,7 @@ describe("runtime-api/library", function() {
}).catch(done)
})
it("rejects an unknown entry", function(done) {
library.saveEntry({type: "not_found", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
library.saveEntry({library: "local",type: "not_found", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("status",400);
@@ -163,377 +163,5 @@ describe("runtime-api/library", function() {
}).catch(done)
})
})
describe("getEntries", function() {
var opts;
before(function() {
library.init({
log: mockLog,
storage: {
getAllFlows: function() {
return Promise.resolve({a:1});
}
},
nodes: {
getNodeExampleFlows: function() {
return {b:2};
}
}
});
});
it("returns all flows", function(done) {
library.getEntries({type:"flows"}).then(function(result) {
result.should.eql({a:1,d:{_examples_:{b:2}}});
done();
}).catch(done)
});
it("fails for non-flows (currently)", function(done) {
library.getEntries({type:"functions"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
done();
}).catch(done)
})
})
});
/*
var should = require("should");
var sinon = require("sinon");
var fs = require("fs");
var fspath = require('path');
var request = require('supertest');
var express = require('express');
var bodyParser = require('body-parser');
var when = require('when');
var app;
var library = require("../../../../red/api/editor/library");
var auth = require("../../../../red/api/auth");
describe("api/editor/library", function() {
function initLibrary(_flows,_libraryEntries,_examples,_exampleFlowPathFunction) {
var flows = _flows;
var libraryEntries = _libraryEntries;
library.init(app,{
log:{audit:function(){},_:function(){},warn:function(){}},
storage: {
init: function() {
return when.resolve();
},
getAllFlows: function() {
return when.resolve(flows);
},
getFlow: function(fn) {
if (flows[fn]) {
return when.resolve(flows[fn]);
} else if (fn.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
} else {
return when.reject();
}
},
saveFlow: function(fn,data) {
if (fn.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
flows[fn] = data;
return when.resolve();
},
getLibraryEntry: function(type,path) {
if (path.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
if (libraryEntries[type] && libraryEntries[type][path]) {
return when.resolve(libraryEntries[type][path]);
} else {
return when.reject();
}
},
saveLibraryEntry: function(type,path,meta,body) {
if (path.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
libraryEntries[type][path] = body;
return when.resolve();
}
},
events: {
on: function(){},
removeListener: function(){}
},
nodes: {
getNodeExampleFlows: function() {
return _examples;
},
getNodeExampleFlowPath: _exampleFlowPathFunction
}
});
}
describe("flows", function() {
before(function() {
app = express();
app.use(bodyParser.json());
app.get("/library/flows",library.getAll);
app.post(new RegExp("/library/flows\/(.*)"),library.post);
app.get(new RegExp("/library/flows\/(.*)"),library.get);
app.response.sendFile = function (path) {
app.response.json.call(this, {sendFile: path});
};
sinon.stub(fs,"statSync",function() { return true; });
});
after(function() {
fs.statSync.restore();
});
it('returns empty result', function(done) {
initLibrary({},{flows:{}});
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.not.have.property('f');
res.body.should.not.have.property('d');
done();
});
});
it('returns 404 for non-existent entry', function(done) {
initLibrary({},{flows:{}});
request(app)
.get('/library/flows/foo')
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initLibrary({},{flows:{}});
var flow = '[]';
request(app)
.post('/library/flows/foo')
.set('Content-Type', 'application/json')
.send(flow)
.expect(204).end(function (err, res) {
if (err) {
throw err;
}
request(app)
.get('/library/flows/foo')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.text.should.equal(flow);
done();
});
});
});
it('lists a stored item', function(done) {
initLibrary({f:["bar"]});
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('f');
should.deepEqual(res.body.f,['bar']);
done();
});
});
it('returns 403 for malicious get attempt', function(done) {
initLibrary({});
// without the userDir override the malicious url would be
// http://127.0.0.1:1880/library/flows/../../package to
// obtain package.json from the node-red root.
request(app)
.get('/library/flows/../../../../../package')
.expect(403)
.end(done);
});
it('returns 403 for malicious post attempt', function(done) {
initLibrary({});
// without the userDir override the malicious url would be
// http://127.0.0.1:1880/library/flows/../../package to
// obtain package.json from the node-red root.
request(app)
.post('/library/flows/../../../../../package')
.expect(403)
.end(done);
});
it('includes examples flows if set', function(done) {
var examples = {"d":{"node-module":{"f":["example-one"]}}};
initLibrary({},{},examples);
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('d');
res.body.d.should.have.property('_examples_');
should.deepEqual(res.body.d._examples_,examples);
done();
});
});
it('can retrieve an example flow', function(done) {
var examples = {"d":{"node-module":{"f":["example-one"]}}};
initLibrary({},{},examples,function(module,path) {
return module + ':' + path
});
request(app)
.get('/library/flows/_examples_/node-module/example-one')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('sendFile',
fspath.resolve('node-module') + ':example-one');
done();
});
});
it('can retrieve an example flow in an org scoped package', function(done) {
var examples = {"d":{"@org_scope/node_package":{"f":["example-one"]}}};
initLibrary({},{},examples,function(module,path) {
return module + ':' + path
});
request(app)
.get('/library/flows/_examples_/@org_scope/node_package/example-one')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('sendFile',
fspath.resolve('@org_scope/node_package') +
':example-one');
done();
});
});
});
describe("type", function() {
before(function() {
app = express();
app.use(bodyParser.json());
initLibrary({},{});
auth.init({settings:{}});
library.register("test");
});
it('returns empty result', function(done) {
initLibrary({},{'test':{"":[]}});
request(app)
.get('/library/test')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.not.have.property('f');
done();
});
});
it('returns 404 for non-existent entry', function(done) {
initLibrary({},{});
request(app)
.get('/library/test/foo')
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initLibrary({},{'test':{}});
var flow = {text:"test content"};
request(app)
.post('/library/test/foo')
.set('Content-Type', 'application/json')
.send(flow)
.expect(204).end(function (err, res) {
if (err) {
throw err;
}
request(app)
.get('/library/test/foo')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.text.should.equal(flow.text);
done();
});
});
});
it('lists a stored item', function(done) {
initLibrary({},{'test':{'a':['abc','def']}});
request(app)
.get('/library/test/a')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
// This response isn't strictly accurate - but it
// verifies the api returns what storage gave it
should.deepEqual(res.body,['abc','def']);
done();
});
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/../../../../../../../../../../etc/passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\etc\\passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.post('/library/test/../../../../../../../../../../etc/passwd')
.set('Content-Type', 'text/plain')
.send('root:x:0:0:root:/root:/usr/bin/tclsh')
.expect(403)
.end(done);
});
});
});
*/