frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Move to express 4.x

Browse Source
This commit is contained in:
Nick O'Leary 2015-07-15 22:43:24 +01:00
parent ca91a5dd95
commit d668d43a0a
18 changed files with 143 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nodes/core/core/20-inject.js
View File

@ -81,13 +81,13 @@ module.exports = function(RED) {
if (node != null) {
try {
node.receive();
res.send(200);
res.sendStatus(200);
} catch(err) {
res.send(500);
res.sendStatus(500);
node.error(RED._("inject.failed",{error:err.toString()}));
}
} else {
res.send(404);
res.sendStatus(404);
}
});
}

8
nodes/core/core/58-debug.js
View File

@ -142,15 +142,15 @@ module.exports = function(RED) {
if (node !== null && typeof node !== "undefined" ) {
if (state === "enable") {
node.active = true;
res.send(200);
res.sendStatus(200);
} else if (state === "disable") {
node.active = false;
res.send(201);
res.sendStatus(201);
} else {
res.send(404);
res.sendStatus(404);
}
} else {
res.send(404);
res.sendStatus(404);
}
});
};

36
nodes/core/io/21-httpin.js
View File

@ -19,13 +19,13 @@ module.exports = function(RED) {
var http = require("follow-redirects").http;
var https = require("follow-redirects").https;
var urllib = require("url");
var express = require("express");
var bodyParser = require("body-parser");
var getBody = require('raw-body');
var mustache = require("mustache");
var querystring = require("querystring");
var cors = require('cors');
var jsonParser = express.json();
var urlencParser = express.urlencoded();
var jsonParser = bodyParser.json();
var urlencParser = bodyParser.urlencoded({extended:true});
var onHeaders = require('on-headers');
function rawBodyParser(req, res, next) {
@ -43,6 +43,7 @@ module.exports = function(RED) {
});
}
var corsSetup = false;
function HTTPIn(n) {
RED.nodes.createNode(this,n);
@ -60,7 +61,7 @@ module.exports = function(RED) {
this.errorHandler = function(err,req,res,next) {
node.warn(err);
res.send(500);
res.sendStatus(500);
};
this.callback = function(req,res) {
@ -77,9 +78,10 @@ module.exports = function(RED) {
var corsHandler = function(req,res,next) { next(); }
if (RED.settings.httpNodeCors) {
if (RED.settings.httpNodeCors && !corsSetup) {
corsHandler = cors(RED.settings.httpNodeCors);
RED.httpNode.options(this.url,corsHandler);
RED.httpNode.options("*",corsHandler);
corsSetup = true;
}
var httpMiddleware = function(req,res,next) { next(); }
@ -121,24 +123,12 @@ module.exports = function(RED) {
}
this.on("close",function() {
var routes = RED.httpNode.routes[this.method];
for (var i = 0; i<routes.length; i++) {
if (routes[i].path == this.url) {
var node = this;
RED.httpNode._router.stack.forEach(function(route,i,routes) {
if (route.route && route.route.path === node.url && route.route.methods[node.method]) {
routes.splice(i,1);
//break;
}
}
if (RED.settings.httpNodeCors) {
var routes = RED.httpNode.routes['options'];
if (routes) {
for (var j = 0; j<routes.length; j++) {
if (routes[j].path == this.url) {
routes.splice(j,1);
//break;
}
}
}
}
});
});
} else {
this.warn(RED._("httpin.errors.not-created"));
@ -157,7 +147,7 @@ module.exports = function(RED) {
}
var statusCode = msg.statusCode || 200;
if (typeof msg.payload == "object" && !Buffer.isBuffer(msg.payload)) {
msg.res.jsonp(statusCode,msg.payload);
msg.res.status(statusCode).jsonp(msg.payload);
} else {
if (msg.res.get('content-length') == null) {
var len;

3
package.json
View File

@ -25,7 +25,8 @@
"editor", "messaging", "iot", "m2m", "pi", "arduino", "beaglebone", "ibm", "flow"
],
"dependencies": {
"express": "3.20.3",
"express": "4.13.1",
"body-parser": "1.13.2",
"when": "3.7.3",
"bcryptjs": "2.2.0",
"nopt": "3.0.3",

4
red/api/auth/index.js
View File

@ -55,7 +55,7 @@ function needsPermission(permission) {
return next();
}
log.audit({event: "permission.fail"},req);
return res.send(401);
return res.status(401).end();
});
} else {
next();
@ -95,7 +95,7 @@ function revoke(req,res) {
// TODO: audit log
Tokens.revoke(token).then(function() {
log.audit({event: "auth.login.revoke"},req);
res.send(200);
res.status(200).end();
});
}

4
red/api/flows.js
View File

@ -29,11 +29,11 @@ module.exports = {
var deploymentType = req.get("Node-RED-Deployment-Type")||"full";
log.audit({event: "flows.set",type:deploymentType},req);
redNodes.setFlows(flows,deploymentType).then(function() {
res.send(204);
res.status(204).end();
}).otherwise(function(err) {
log.warn(log._("api.flows.error-save",{message:err.message}));
log.warn(err.stack);
res.json(500,{error:"unexpected_error", message:err.message});
res.status(500).json({error:"unexpected_error", message:err.message});
});
}
}

7
red/api/index.js
View File

@ -15,6 +15,7 @@
**/
var express = require("express");
var bodyParser = require("body-parser");
var util = require('util');
var path = require('path');
var passport = require('passport');
@ -34,7 +35,7 @@ var settings = require("../settings");
var errorHandler = function(err,req,res,next) {
console.log(err.stack);
res.json(400,{error:"unexpected_error", message:err.toString()});
res.status(400).json({error:"unexpected_error", message:err.toString()});
};
function init(adminApp,storage) {
@ -54,8 +55,8 @@ function init(adminApp,storage) {
adminApp.use(editorApp);
}
adminApp.use(express.json());
adminApp.use(express.urlencoded());
adminApp.use(bodyParser.json());
adminApp.use(bodyParser.urlencoded({extended:true}));
adminApp.get("/auth/login",auth.login);

28
red/api/library.js
View File

@ -29,7 +29,7 @@ function createLibrary(type) {
if (typeof result === "string") {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(result);
res.end();
res.end();
} else {
res.json(result);
}
@ -38,33 +38,33 @@ function createLibrary(type) {
log.warn(log._("api.library.error-load-entry",{path:path,message:err.toString()}));
if (err.code === 'forbidden') {
log.audit({event: "library.get",type:type,error:"forbidden"},req);
res.send(403);
res.status(403).end();
return;
}
}
log.audit({event: "library.get",type:type,error:"not_found"},req);
res.send(404);
res.status(404).end();
});
});
redApp.post(new RegExp("/library/"+type+"\/(.*)"),needsPermission("library.write"),function(req,res) {
var path = req.params[0];
var meta = req.body;
var text = meta.text;
delete meta.text;
storage.saveLibraryEntry(type,path,meta,text).then(function() {
log.audit({event: "library.set",type:type},req);
res.send(204);
res.status(204).end();
}).otherwise(function(err) {
log.warn(log._("api.library.error-save-entry",{path:path,message:err.toString()}));
if (err.code === 'forbidden') {
log.audit({event: "library.set",type:type,error:"forbidden"},req);
res.send(403);
res.status(403).end();
return;
}
log.audit({event: "library.set",type:type,error:"unexpected_error",message:err.toString()},req);
res.json(500,{error:"unexpected_error", message:err.toString()});
res.status(500).json({error:"unexpected_error", message:err.toString()});
});
});
}
@ -74,7 +74,7 @@ module.exports = {
redApp = app;
},
register: createLibrary,
getAll: function(req,res) {
storage.getAllFlows().then(function(flows) {
log.audit({event: "library.get.all",type:"flow"},req);
@ -92,28 +92,28 @@ module.exports = {
log.warn(log._("api.library.error-load-flow",{path:req.params[0],message:err.toString()}));
if (err.code === 'forbidden') {
log.audit({event: "library.get",type:"flow",path:req.params[0],error:"forbidden"},req);
res.send(403);
res.status(403).end();
return;
}
}
log.audit({event: "library.get",type:"flow",path:req.params[0],error:"not_found"},req);
res.send(404);
res.status(404).end();
});
},
post: function(req,res) {
var flow = JSON.stringify(req.body);
storage.saveFlow(req.params[0],flow).then(function() {
log.audit({event: "library.set",type:"flow",path:req.params[0]},req);
res.send(204);
res.status(204).end();
}).otherwise(function(err) {
log.warn(log._("api.library.error-save-flow",{path:req.params[0],message:err.toString()}));
if (err.code === 'forbidden') {
log.audit({event: "library.set",type:"flow",path:req.params[0],error:"forbidden"},req);
res.send(403);
res.status(403).end();
return;
}
log.audit({event: "library.set",type:"flow",path:req.params[0],error:"unexpected_error",message:err.toString()},req);
res.send(500,{error:"unexpected_error", message:err.toString()});
res.status(500).send({error:"unexpected_error", message:err.toString()});
});
}
}

2
red/api/locales.js
View File

@ -19,7 +19,7 @@ module.exports = {
get: function(req,res) {
var namespace = req.params[0];
namespace = namespace.replace(/\.json$/,"");
var lang = i18n.determineLangFromHeaders(req.acceptedLanguages || []);
var lang = i18n.determineLangFromHeaders(req.acceptsLanguages() || []);
var prevLang = i18n.i.lng();
i18n.i.setLng(lang, function(){
var catalog = i18n.catalog(namespace,lang);

52
red/api/nodes.js
View File

@ -29,7 +29,7 @@ module.exports = {
log.audit({event: "nodes.list.get"},req);
res.json(redNodes.getNodeList());
} else {
var lang = i18n.determineLangFromHeaders(req.acceptedLanguages);
var lang = i18n.determineLangFromHeaders(req.acceptsLanguages());
log.audit({event: "nodes.configs.get"},req);
res.send(redNodes.getNodeConfigs(lang));
}
@ -38,7 +38,7 @@ module.exports = {
post: function(req,res) {
if (!settings.available()) {
log.audit({event: "nodes.install",error:"settings_unavailable"},req);
res.json(400,{error:"settings_unavailable", message:"Settings unavailable"});
res.status(400).json({error:"settings_unavailable", message:"Settings unavailable"});
return;
}
var node = req.body;
@ -47,7 +47,7 @@ module.exports = {
var module = redNodes.getModuleInfo(node.module);
if (module) {
log.audit({event: "nodes.install",module:node.module,error:"module_already_loaded"},req);
res.json(400,{error:"module_already_loaded", message:"Module already loaded"});
res.status(400).json({error:"module_already_loaded", message:"Module already loaded"});
return;
}
promise = server.installModule(node.module);
@ -55,7 +55,7 @@ module.exports = {
promise = server.installNode(node.file);
} else {
log.audit({event: "nodes.install",module:node.module,error:"invalid_request"},req);
res.json(400,{error:"invalid_request", message:"Invalid request"});
res.status(400).json({error:"invalid_request", message:"Invalid request"});
return;
}
promise.then(function(info) {
@ -69,13 +69,13 @@ module.exports = {
}).otherwise(function(err) {
if (err.code === 404) {
log.audit({event: "nodes.install",module:node.module,file:node.file,error:"not_found"},req);
res.send(404);
res.status(404).end();
} else if (err.code) {
log.audit({event: "nodes.install",module:node.module,error:err.code},req);
res.json(400,{error:err.code, message:err.message});
} else {
res.status(400).json({error:err.code, message:err.message});
} else {
log.audit({event: "nodes.install",module:node.module,file:node.file,error:err.code||"unexpected_error",message:err.toString()},req);
res.json(400,{error:err.code||"unexpected_error", message:err.toString()});
res.status(400).json({error:err.code||"unexpected_error", message:err.toString()});
}
});
},
@ -83,7 +83,7 @@ module.exports = {
delete: function(req,res) {
if (!settings.available()) {
log.audit({event: "nodes.remove",error:"settings_unavailable"},req);
res.json(400,{error:"settings_unavailable", message:"Settings unavailable"});
res.status(400).json({error:"settings_unavailable", message:"Settings unavailable"});
return;
}
var mod = req.params.mod;
@ -92,7 +92,7 @@ module.exports = {
var module = redNodes.getModuleInfo(mod);
if (!module) {
log.audit({event: "nodes.remove",module:mod,error:"not_found"},req);
res.send(404);
res.status(404).end();
return;
} else {
promise = server.uninstallModule(mod);
@ -100,14 +100,14 @@ module.exports = {
promise.then(function() {
log.audit({event: "nodes.remove",module:mod},req);
res.send(204);
res.status(204).end();
}).otherwise(function(err) {
log.audit({event: "nodes.remove",module:mod,error:err.code||"unexpected_error",message:err.toString()},req);
res.json(400,{error:err.code||"unexpected_error", message:err.toString()});
res.status(400).json({error:err.code||"unexpected_error", message:err.toString()});
});
} catch(err) {
log.audit({event: "nodes.remove",module:mod,error:err.code||"unexpected_error",message:err.toString()},req);
res.json(400,{error:err.code||"unexpected_error", message:err.toString()});
res.status(400).json({error:err.code||"unexpected_error", message:err.toString()});
}
},
@ -122,17 +122,17 @@ module.exports = {
res.send(result);
} else {
log.audit({event: "nodes.info.get",id:id,error:"not_found"},req);
res.send(404);
res.status(404).end();
}
} else {
var lang = i18n.determineLangFromHeaders(req.acceptedLanguages);
var lang = i18n.determineLangFromHeaders(req.acceptsLanguages());
result = redNodes.getNodeConfig(id,lang);
if (result) {
log.audit({event: "nodes.config.get",id:id},req);
res.send(result);
} else {
log.audit({event: "nodes.config.get",id:id,error:"not_found"},req);
res.send(404);
res.status(404).end();
}
}
},
@ -145,20 +145,20 @@ module.exports = {
res.json(result);
} else {
log.audit({event: "nodes.module.get",module:module,error:"not_found"},req);
res.send(404);
res.status(404).end();
}
},
putSet: function(req,res) {
if (!settings.available()) {
log.audit({event: "nodes.info.set",error:"settings_unavailable"},req);
res.json(400,{error:"settings_unavailable", message:"Settings unavailable"});
res.status(400).json({error:"settings_unavailable", message:"Settings unavailable"});
return;
}
var body = req.body;
if (!body.hasOwnProperty("enabled")) {
log.audit({event: "nodes.info.set",error:"invalid_request"},req);
res.json(400,{error:"invalid_request", message:"Invalid request"});
res.status(400).json({error:"invalid_request", message:"Invalid request"});
return;
}
try {
@ -167,7 +167,7 @@ module.exports = {
var info;
if (!node) {
log.audit({event: "nodes.info.set",id:id,error:"not_found"},req);
res.send(404);
res.status(404).end();
} else {
delete node.loaded;
putNode(node, body.enabled).then(function(result) {
@ -177,20 +177,20 @@ module.exports = {
}
} catch(err) {
log.audit({event: "nodes.info.set",id:id,enabled:body.enabled,error:err.code||"unexpected_error",message:err.toString()},req);
res.json(400,{error:err.code||"unexpected_error", message:err.toString()});
res.status(400).json({error:err.code||"unexpected_error", message:err.toString()});
}
},
putModule: function(req,res) {
if (!settings.available()) {
log.audit({event: "nodes.module.set",error:"settings_unavailable"},req);
res.json(400,{error:"settings_unavailable", message:"Settings unavailable"});
res.status(400).json({error:"settings_unavailable", message:"Settings unavailable"});
return;
}
var body = req.body;
if (!body.hasOwnProperty("enabled")) {
log.audit({event: "nodes.module.set",error:"invalid_request"},req);
res.json(400,{error:"invalid_request", message:"Invalid request"});
res.status(400).json({error:"invalid_request", message:"Invalid request"});
return;
}
try {
@ -198,7 +198,7 @@ module.exports = {
var module = redNodes.getModuleInfo(mod);
if (!module) {
log.audit({event: "nodes.module.set",module:mod,error:"not_found"},req);
return res.send(404);
return res.status(404).end();
}
var nodes = module.nodes;
@ -211,7 +211,7 @@ module.exports = {
});
} catch(err) {
log.audit({event: "nodes.module.set",module:mod,enabled:body.enabled,error:err.code||"unexpected_error",message:err.toString()},req);
res.json(400,{error:err.code||"unexpected_error", message:err.toString()});
res.status(400).json({error:err.code||"unexpected_error", message:err.toString()});
}
}
};
@ -227,7 +227,7 @@ function putNode(node, enabled) {
} else {
promise = redNodes.disableNode(node.id);
}
return promise.then(function(info) {
if (info.enabled === enabled && !info.err) {
comms.publish("node/"+(enabled?"enabled":"disabled"),info,false);

32
red/api/theme.js
View File

@ -43,7 +43,7 @@ function serveFile(app,baseUrl,file) {
var url = baseUrl+path.basename(file);
//console.log(url,"->",file);
app.get(url,function(req, res) {
res.sendfile(file);
res.sendFile(file);
});
return "theme"+url;
} catch(err) {
@ -58,13 +58,13 @@ module.exports = {
var url;
themeContext = clone(defaultContext);
themeSettings = null;
if (settings.editorTheme) {
var theme = settings.editorTheme;
themeSettings = {};
var themeApp = express();
if (theme.page) {
if (theme.page.css) {
var styles = theme.page.css;
@ -72,7 +72,7 @@ module.exports = {
styles = [styles];
}
themeContext.page.css = [];
for (i=0;i<styles.length;i++) {
url = serveFile(themeApp,"/css/",styles[i]);
if (url) {
@ -80,25 +80,25 @@ module.exports = {
}
}
}
if (theme.page.favicon) {
url = serveFile(themeApp,"/favicon/",theme.page.favicon)
if (url) {
themeContext.page.favicon = url;
}
}
themeContext.page.title = theme.page.title || themeContext.page.title;
}
if (theme.header) {
themeContext.header.title = theme.header.title || themeContext.header.title;
if (theme.header.hasOwnProperty("url")) {
themeContext.header.url = theme.header.url;
}
if (theme.header.hasOwnProperty("image")) {
if (theme.header.image) {
url = serveFile(themeApp,"/header/",theme.header.image);
@ -110,7 +110,7 @@ module.exports = {
}
}
}
if (theme.deployButton) {
if (theme.deployButton.type == "simple") {
themeSettings.deployButton = {
@ -127,11 +127,11 @@ module.exports = {
}
}
}
if (theme.hasOwnProperty("userMenu")) {
themeSettings.userMenu = theme.userMenu;
}
if (theme.login) {
if (theme.login.image) {
url = serveFile(themeApp,"/login/",theme.login.image);
@ -142,11 +142,11 @@ module.exports = {
}
}
}
if (theme.hasOwnProperty("menu")) {
themeSettings.menu = theme.menu;
}
return themeApp;
}
},

10
red/api/ui.js
View File

@ -42,7 +42,7 @@ module.exports = {
editorTemplate = fs.readFileSync(path.join(templateDir,"index.mst"),"utf8");
Mustache.parse(editorTemplate);
},
ensureSlash: function(req,res,next) {
var parts = req.originalUrl.split("?");
if (parts[0].slice(-1) != "/") {
@ -55,17 +55,17 @@ module.exports = {
},
icon: function(req,res) {
if (iconCache[req.params.icon]) {
res.sendfile(iconCache[req.params.icon]); // if not found, express prints this to the console and serves 404
} else {
res.sendFile(iconCache[req.params.icon]); // if not found, express prints this to the console and serves 404
} else {
for (var p=0;p<icon_paths.length;p++) {
var iconPath = path.join(icon_paths[p],req.params.icon);
if (fs.existsSync(iconPath)) {
res.sendfile(iconPath);
res.sendFile(iconPath);
iconCache[req.params.icon] = iconPath;
return;
}
}
res.sendfile(defaultIcon);
res.sendFile(defaultIcon);
}
},
editor: function(req,res) {

2
red/i18n.js
View File

@ -20,7 +20,7 @@ var path = require("path");
var fs = require("fs");
var defaultLang = "en-US";
var supportedLangs = null;
var supportedLangs = [];
var resourceMap = {
"runtime": {

20
test/red/api/auth/index_spec.js
View File

@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
**/
var should = require("should");
var when = require("when");
var sinon = require("sinon");
@ -28,7 +28,7 @@ var settings = require("../../../../red/settings");
describe("api auth middleware",function() {
describe("ensureClientSecret", function() {
it("leaves client_secret alone if not present",function(done) {
var req = {
@ -51,26 +51,26 @@ describe("api auth middleware",function() {
})
});
});
describe("revoke", function() {
it("revokes a token", function(done) {
var revokeToken = sinon.stub(Tokens,"revoke",function() {
return when.resolve();
});
var req = { body: { token: "abcdef" } };
var res = { send: function(resp) {
var res = { status: function(resp) {
revokeToken.restore();
resp.should.equal(200);
done();
}};
auth.revoke(req,res);
});
});
describe("login", function() {
beforeEach(function() {
sinon.stub(Tokens,"init",function(){});
@ -96,7 +96,7 @@ describe("api auth middleware",function() {
done();
}});
});
});
});

11
test/red/api/flows_spec.js
View File

@ -17,6 +17,7 @@
var should = require("should");
var request = require('supertest');
var express = require('express');
var bodyParser = require('body-parser');
var sinon = require('sinon');
var when = require('when');
@ -25,16 +26,16 @@ var redNodes = require("../../../red/nodes");
var flows = require("../../../red/api/flows");
describe("flows api", function() {
var app;
before(function() {
app = express();
app.use(express.json());
app.use(bodyParser.json());
app.get("/flows",flows.get);
app.post("/flows",flows.post);
});
it('returns flow', function(done) {
var getFlows = sinon.stub(redNodes,'getFlows', function() {
return [1,2,3];
@ -52,7 +53,7 @@ describe("flows api", function() {
done();
});
});
it('sets flows', function(done) {
var setFlows = sinon.stub(redNodes,'setFlows', function() {
return when.resolve();
@ -86,5 +87,5 @@ describe("flows api", function() {
done();
});
});
});

37
test/red/api/library_spec.js
View File

@ -17,6 +17,7 @@
var should = require("should");
var request = require('supertest');
var express = require('express');
var bodyParser = require('body-parser');
var when = require('when');
@ -27,7 +28,7 @@ var library = require("../../../red/api/library");
var auth = require("../../../red/api/auth");
describe("library api", function() {
function initStorage(_flows,_libraryEntries) {
var flows = _flows;
var libraryEntries = _libraryEntries;
@ -67,13 +68,13 @@ describe("library api", function() {
describe("flows", function() {
var app;
before(function() {
app = express();
app.use(express.json());
app.use(bodyParser.json());
app.get("/library/flows",library.getAll);
app.post(new RegExp("/library/flows\/(.*)"),library.post);
app.get(new RegExp("/library/flows\/(.*)"),library.get);
app.get(new RegExp("/library/flows\/(.*)"),library.get);
});
it('returns empty result', function(done) {
initStorage({},{flows:{}});
@ -97,8 +98,8 @@ describe("library api", function() {
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initStorage({},{flows:{}});
var flow = '[]';
@ -122,7 +123,7 @@ describe("library api", function() {
});
});
});
it('lists a stored item', function(done) {
initStorage({f:["bar"]});
request(app)
@ -137,7 +138,7 @@ describe("library api", function() {
done();
});
});
it('returns 403 for malicious get attempt', function(done) {
initStorage({});
// without the userDir override the malicious url would be
@ -162,10 +163,10 @@ describe("library api", function() {
describe("type", function() {
var app;
before(function() {
app = express();
app.use(express.json());
app.use(bodyParser.json());
library.init(app);
auth.init({});
RED.library.register("test");
@ -184,7 +185,7 @@ describe("library api", function() {
done();
});
});
it('returns 404 for non-existent entry', function(done) {
initStorage({},{});
request(app)
@ -192,7 +193,7 @@ describe("library api", function() {
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initStorage({},{'test':{}});
var flow = {text:"test content"};
@ -216,7 +217,7 @@ describe("library api", function() {
});
});
});
it('lists a stored item', function(done) {
initStorage({},{'test':{'a':['abc','def']}});
request(app)
@ -232,22 +233,22 @@ describe("library api", function() {
done();
});
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/../../../../../../../../../../etc/passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\etc\\passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.post('/library/test/../../../../../../../../../../etc/passwd')
@ -256,6 +257,6 @@ describe("library api", function() {
.expect(403)
.end(done);
});
});
});

3
test/red/api/nodes_spec.js
View File

@ -17,6 +17,7 @@
var should = require("should");
var request = require('supertest');
var express = require('express');
var bodyParser = require('body-parser');
var sinon = require('sinon');
var when = require('when');
@ -32,7 +33,7 @@ describe("nodes api", function() {
before(function() {
app = express();
app.use(express.json());
app.use(bodyParser.json());
app.get("/nodes",nodes.getAll);
app.post("/nodes",nodes.post);
app.get("/nodes/:mod",nodes.getModule);

26
test/red/api/ui_spec.js
View File

@ -26,12 +26,12 @@ var ui = require("../../../red/api/ui");
describe("ui api", function() {
var app;
describe("slash handler", function() {
before(function() {
app = express();
app.get("/foo",ui.ensureSlash,function(req,res) { res.send(200);});
app.get("/foo",ui.ensureSlash,function(req,res) { res.sendStatus(200);});
});
it('redirects if the path does not end in a slash',function(done) {
request(app)
@ -57,13 +57,13 @@ describe("ui api", function() {
.expect(200,done);
});
});
describe("icon handler", function() {
before(function() {
app = express();
app.get("/icons/:icon",ui.icon);
});
function binaryParser(res, callback) {
res.setEncoding('binary');
res.data = '';
@ -80,7 +80,7 @@ describe("ui api", function() {
b1[i].should.equal(b2[i]);
}
}
it('returns the default icon when getting an unknown icon', function(done) {
var defaultIcon = fs.readFileSync(path.resolve(__dirname+'/../../../public/icons/arrow-in.png'));
request(app)
@ -96,7 +96,7 @@ describe("ui api", function() {
compareBuffers(res.body,defaultIcon);
done();
});
});
it('returns a known icon', function(done) {
var injectIcon = fs.readFileSync(path.resolve(__dirname+'/../../../public/icons/inject.png'));
@ -114,7 +114,7 @@ describe("ui api", function() {
done();
});
});
it('returns a registered icon' , function(done) {
var testIcon = fs.readFileSync(path.resolve(__dirname+'/../../resources/icons/test_icon.png'));
events.emit("node-icon-dir", path.resolve(__dirname+'/../../resources/icons'));
@ -133,7 +133,7 @@ describe("ui api", function() {
});
});
});
describe("editor ui handler", function() {
before(function() {
app = express();
@ -153,7 +153,7 @@ describe("ui api", function() {
});
});
});
describe("editor ui resource handler", function() {
before(function() {
app = express();
@ -172,7 +172,7 @@ describe("ui api", function() {
});
});
});