Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-07 02:16:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

messaging/middleware

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2023-12-17 12:42:07 -05:00
parent 918008fffd
commit e51c8de9cb
2 changed files with 113 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
test/messaging.js
View File

@@ -1,7 +1,7 @@
'use strict';
const assert = require('assert');
const request = require('request-promise-native');
const nconf = require('nconf');
const util = require('util');
@@ -14,7 +14,7 @@ const Groups = require('../src/groups');
const Messaging = require('../src/messaging');
const api = require('../src/api');
const helpers = require('./helpers');
const socketModules = require('../src/socket.io/modules');
const request = require('../src/request');
const utils = require('../src/utils');
const translator = require('../src/translator');
@@ -33,12 +33,9 @@ describe('Messaging Library', () => {
const callv3API = async (method, path, body, user) => {
const options = {
method,
body,
json: true,
data: body,
jar: mocks.users[user].jar,
resolveWithFullResponse: true,
simple: false,
validateStatus: null,
};
if (method !== 'get') {
@@ -47,7 +44,7 @@ describe('Messaging Library', () => {
};
}
return request(`${nconf.get('url')}/api/v3${path}`, options);
return request[method](`${nconf.get('url')}/api/v3${path}`, options);
};
before(async () => {
@@ -162,11 +159,11 @@ describe('Messaging Library', () => {
uids: [mocks.users.baz.uid],
}, 'foo');
const { statusCode, body } = await callv3API('post', `/chats`, {
const { response, body } = await callv3API('post', `/chats`, {
uids: [mocks.users.baz.uid],
}, 'foo');
assert.equal(statusCode, 400);
assert.equal(response.statusCode, 400);
assert.equal(body.status.code, 'bad-request');
assert.equal(body.status.message, await translator.translate('[[error:too-many-messages]]'));
meta.config.chatMessageDelay = oldValue;
@@ -190,20 +187,20 @@ describe('Messaging Library', () => {
assert.strictEqual(messages[0].system, 1);
assert.strictEqual(messages[0].content, 'user-join');
const { statusCode, body: body2 } = await callv3API('put', `/chats/${roomId}/messages/${messages[0].messageId}`, {
const { response, body: body2 } = await callv3API('put', `/chats/${roomId}/messages/${messages[0].messageId}`, {
message: 'test',
}, 'foo');
assert.strictEqual(statusCode, 400);
assert.strictEqual(response.statusCode, 400);
assert.equal(body2.status.message, await translator.translate('[[error:cant-edit-chat-message]]'));
});
it('should fail to add user to room with invalid data', async () => {
let { statusCode, body } = await callv3API('post', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(statusCode, 400);
let { response, body } = await callv3API('post', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:required-parameters-missing, uids]]'));
({ statusCode, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [null] }, 'foo'));
assert.strictEqual(statusCode, 400);
({ response, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [null] }, 'foo'));
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:no-user]]'));
});
@@ -220,38 +217,38 @@ describe('Messaging Library', () => {
});
it('should throw error if user is not in room', async () => {
const { statusCode, body } = await callv3API('get', `/chats/${roomId}/users`, {}, 'bar');
assert.strictEqual(statusCode, 403);
const { response, body } = await callv3API('get', `/chats/${roomId}/users`, {}, 'bar');
assert.strictEqual(response.statusCode, 403);
assert.equal(body.status.message, await translator.translate('[[error:no-privileges]]'));
});
it('should fail to add users to room if max is reached', async () => {
meta.config.maximumUsersInChatRoom = 2;
const { statusCode, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [mocks.users.bar.uid] }, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [mocks.users.bar.uid] }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.equal(body.status.message, await translator.translate('[[error:cant-add-more-users-to-chat-room]]'));
meta.config.maximumUsersInChatRoom = 0;
});
it('should fail to add users to room if user does not exist', async () => {
const { statusCode, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [98237498234] }, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [98237498234] }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:no-user]]'));
});
it('should fail to add self to room', async () => {
const { statusCode, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [mocks.users.foo.uid] }, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('post', `/chats/${roomId}/users`, { uids: [mocks.users.foo.uid] }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:cant-chat-with-yourself]]'));
});
it('should fail to leave room with invalid data', async () => {
let { statusCode, body } = await callv3API('delete', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(statusCode, 400);
let { response, body } = await callv3API('delete', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:required-parameters-missing, uids]]'));
({ statusCode, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [98237423] }, 'foo'));
assert.strictEqual(statusCode, 400);
({ response, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [98237423] }, 'foo'));
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:no-user]]'));
});
@@ -303,11 +300,9 @@ describe('Messaging Library', () => {
const { jar: senderJar, csrf_token: senderCsrf } = await helpers.loginUser('deleted_chat_user', 'barbar');
const receiver = await User.create({ username: 'receiver' });
const { response } = await request(`${nconf.get('url')}/api/v3/chats`, {
method: 'post',
json: true,
const { body } = await request.post(`${nconf.get('url')}/api/v3/chats`, {
jar: senderJar,
body: {
data: {
uids: [receiver],
},
headers: {
@@ -315,31 +310,31 @@ describe('Messaging Library', () => {
},
});
await User.deleteAccount(sender);
assert(await Messaging.isRoomOwner(receiver, response.roomId));
assert(await Messaging.isRoomOwner(receiver, body.response.roomId));
});
it('should fail to remove user from room', async () => {
let { statusCode, body } = await callv3API('delete', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(statusCode, 400);
let { response, body } = await callv3API('delete', `/chats/${roomId}/users`, {}, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:required-parameters-missing, uids]]'));
({ statusCode, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [null] }, 'foo'));
assert.strictEqual(statusCode, 400);
({ response, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [null] }, 'foo'));
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:no-user]]'));
});
it('should fail to remove user from room if user does not exist', async () => {
const { statusCode, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [99] }, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('delete', `/chats/${roomId}/users`, { uids: [99] }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:no-user]]'));
});
it('should remove user from room', async () => {
const { statusCode, body } = await callv3API('post', `/chats`, {
const { response, body } = await callv3API('post', `/chats`, {
uids: [mocks.users.herp.uid],
}, 'foo');
const { roomId } = body.response;
assert.strictEqual(statusCode, 200);
assert.strictEqual(response.statusCode, 200);
let isInRoom = await Messaging.isUserInRoom(mocks.users.herp.uid, roomId);
assert(isInRoom);
@@ -488,8 +483,8 @@ describe('Messaging Library', () => {
});
it('should rename room', async () => {
const { statusCode } = await callv3API('put', `/chats/${roomId}`, { name: 'new room name' }, 'foo');
assert.strictEqual(statusCode, 200);
const { response } = await callv3API('put', `/chats/${roomId}`, { name: 'new room name' }, 'foo');
assert.strictEqual(response.statusCode, 200);
});
it('should send a room-rename system message when a room is renamed', async () => {
@@ -638,46 +633,46 @@ describe('Messaging Library', () => {
});
it('should fail to edit message with invalid data', async () => {
let { statusCode, body } = await callv3API('put', `/chats/1/messages/10000`, { message: 'foo' }, 'foo');
assert.strictEqual(statusCode, 400);
let { response, body } = await callv3API('put', `/chats/1/messages/10000`, { message: 'foo' }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:invalid-mid]]'));
({ statusCode, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, {}, 'foo'));
assert.strictEqual(statusCode, 400);
({ response, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, {}, 'foo'));
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:invalid-chat-message]]'));
});
it('should fail to edit message if new content is empty string', async () => {
const { statusCode, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: ' ' }, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: ' ' }, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:invalid-chat-message]]'));
});
it('should fail to edit message if not own message', async () => {
const { statusCode, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: 'message edited' }, 'herp');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: 'message edited' }, 'herp');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:cant-edit-chat-message]]'));
});
it('should fail to edit message if message not in room', async () => {
const { statusCode, body } = await callv3API('put', `/chats/${roomId}/messages/1014`, { message: 'message edited' }, 'herp');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('put', `/chats/${roomId}/messages/1014`, { message: 'message edited' }, 'herp');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, await translator.translate('[[error:invalid-mid]]'));
});
it('should edit message', async () => {
let { statusCode, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: 'message edited' }, 'foo');
assert.strictEqual(statusCode, 200);
let { response, body } = await callv3API('put', `/chats/${roomId}/messages/${mid}`, { message: 'message edited' }, 'foo');
assert.strictEqual(response.statusCode, 200);
assert.strictEqual(body.response.content, 'message edited');
({ statusCode, body } = await callv3API('get', `/chats/${roomId}/messages/${mid}`, {}, 'foo'));
assert.strictEqual(statusCode, 200);
({ response, body } = await callv3API('get', `/chats/${roomId}/messages/${mid}`, {}, 'foo'));
assert.strictEqual(response.statusCode, 200);
assert.strictEqual(body.response.content, 'message edited');
});
it('should fail to delete message if not owner', async () => {
const { statusCode, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid}`, {}, 'herp');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid}`, {}, 'herp');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, 'You are not allowed to delete this message');
});
@@ -716,8 +711,8 @@ describe('Messaging Library', () => {
});
it('should error out if a message is deleted again', async () => {
const { statusCode, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid}`, {}, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid}`, {}, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, 'This chat message has already been deleted.');
});
@@ -728,8 +723,8 @@ describe('Messaging Library', () => {
});
it('should error out if a message is restored again', async () => {
const { statusCode, body } = await callv3API('post', `/chats/${roomId}/messages/${mid}`, {}, 'foo');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('post', `/chats/${roomId}/messages/${mid}`, {}, 'foo');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, 'This chat message has already been restored.');
});
@@ -743,8 +738,8 @@ describe('Messaging Library', () => {
});
it('should error out for regular users', async () => {
const { statusCode, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid2}`, {}, 'baz');
assert.strictEqual(statusCode, 400);
const { response, body } = await callv3API('delete', `/chats/${roomId}/messages/${mid2}`, {}, 'baz');
assert.strictEqual(response.statusCode, 400);
assert.strictEqual(body.status.message, 'chat-message-editing-disabled');
});
@@ -767,9 +762,8 @@ describe('Messaging Library', () => {
describe('controller', () => {
it('should 404 if chat is disabled', async () => {
meta.config.disableChat = 1;
const response = await request(`${nconf.get('url')}/user/baz/chats`, {
resolveWithFullResponse: true,
simple: false,
const { response } = await request.get(`${nconf.get('url')}/user/baz/chats`, {
validateStatus: null,
});
assert.equal(response.statusCode, 404);
@@ -777,21 +771,18 @@ describe('Messaging Library', () => {
it('should 401 for guest with not-authorised status code', async () => {
meta.config.disableChat = 0;
const response = await request(`${nconf.get('url')}/api/user/baz/chats`, {
const { response, body } = await request.get(`${nconf.get('url')}/api/user/baz/chats`, {
resolveWithFullResponse: true,
simple: false,
json: true,
validateStatus: null,
});
const { body } = response;
assert.equal(response.statusCode, 401);
assert.equal(body.status.code, 'not-authorised');
});
it('should 404 for non-existent user', async () => {
const response = await request(`${nconf.get('url')}/user/doesntexist/chats`, {
resolveWithFullResponse: true,
simple: false,
const { response } = await request.get(`${nconf.get('url')}/user/doesntexist/chats`, {
validateStatus: null,
});
assert.equal(response.statusCode, 404);
@@ -805,13 +796,10 @@ describe('Messaging Library', () => {
});
it('should return chats page data', async () => {
const response = await request(`${nconf.get('url')}/api/user/herp/chats`, {
resolveWithFullResponse: true,
simple: false,
json: true,
const { response, body } = await request.get(`${nconf.get('url')}/api/user/herp/chats`, {
validateStatus: null,
jar,
});
const { body } = response;
assert.equal(response.statusCode, 200);
assert(Array.isArray(body.rooms));
@@ -820,13 +808,10 @@ describe('Messaging Library', () => {
});
it('should return room data', async () => {
const response = await request(`${nconf.get('url')}/api/user/herp/chats/${roomId}`, {
resolveWithFullResponse: true,
simple: false,
json: true,
const { response, body } = await request.get(`${nconf.get('url')}/api/user/herp/chats/${roomId}`, {
validateStatus: null,
jar,
});
const { body } = response;
assert.equal(response.statusCode, 200);
assert.equal(body.roomId, roomId);
@@ -834,25 +819,20 @@ describe('Messaging Library', () => {
});
it('should redirect to chats page', async () => {
const res = await request(`${nconf.get('url')}/api/chats`, {
resolveWithFullResponse: true,
simple: false,
const { response, body } = await request.get(`${nconf.get('url')}/api/chats`, {
validateStatus: null,
jar,
json: true,
});
const { body } = res;
assert.equal(res.statusCode, 200);
assert.equal(res.headers['x-redirect'], '/user/herp/chats');
assert.equal(response.statusCode, 200);
assert.equal(response.headers['x-redirect'], '/user/herp/chats');
assert.equal(body, '/user/herp/chats');
});
it('should return 404 if user is not in room', async () => {
const data = await helpers.loginUser('baz', 'quuxquux');
const response = await request(`${nconf.get('url')}/api/user/baz/chats/${roomId}`, {
resolveWithFullResponse: true,
simple: false,
json: true,
const { response } = await request.get(`${nconf.get('url')}/api/user/baz/chats/${roomId}`, {
validateStatus: null,
jar: data.jar,
});

78
test/middleware.js
View File

@@ -2,13 +2,13 @@
const assert = require('assert');
const nconf = require('nconf');
const request = require('request-promise-native');
const db = require('./mocks/databasemock');
const user = require('../src/user');
const groups = require('../src/groups');
const utils = require('../src/utils');
const request = require('../src/request');
const helpers = require('./helpers');
describe('Middlewares', () => {
@@ -116,81 +116,77 @@ describe('Middlewares', () => {
});
it('should be absent on non-existent routes, for guests', async () => {
const res = await request(`${nconf.get('url')}/${utils.generateUUID()}`, {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(`${nconf.get('url')}/${utils.generateUUID()}`, {
validateStatus: null,
});
assert.strictEqual(res.statusCode, 404);
assert(!Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(response.statusCode, 404);
assert(!Object.keys(response.headers).includes('cache-control'));
});
it('should be set to "private" on non-existent routes, for logged in users', async () => {
const res = await request(`${nconf.get('url')}/${utils.generateUUID()}`, {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(`${nconf.get('url')}/${utils.generateUUID()}`, {
validateStatus: null,
jar,
headers: {
accept: 'text/html',
},
});
assert.strictEqual(res.statusCode, 404);
assert(Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(res.headers['cache-control'], 'private');
assert.strictEqual(response.statusCode, 404);
assert(Object.keys(response.headers).includes('cache-control'));
assert.strictEqual(response.headers['cache-control'], 'private');
});
it('should be absent on regular routes, for guests', async () => {
const res = await request(nconf.get('url'), {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(nconf.get('url'), {
validateStatus: null,
});
assert.strictEqual(res.statusCode, 200);
assert(!Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(response.statusCode, 200);
assert(!Object.keys(response.headers).includes('cache-control'));
});
it('should be absent on api routes, for guests', async () => {
const res = await request(`${nconf.get('url')}/api`, {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(`${nconf.get('url')}/api`, {
validateStatus: null,
});
assert.strictEqual(res.statusCode, 200);
assert(!Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(response.statusCode, 200);
assert(!Object.keys(response.headers).includes('cache-control'));
});
it('should be set to "private" on regular routes, for logged-in users', async () => {
const res = await request(nconf.get('url'), {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(nconf.get('url'), {
validateStatus: null,
jar,
});
assert.strictEqual(res.statusCode, 200);
assert(Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(res.headers['cache-control'], 'private');
assert.strictEqual(response.statusCode, 200);
assert(Object.keys(response.headers).includes('cache-control'));
assert.strictEqual(response.headers['cache-control'], 'private');
});
it('should be set to "private" on api routes, for logged-in users', async () => {
const res = await request(`${nconf.get('url')}/api`, {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(`${nconf.get('url')}/api`, {
validateStatus: null,
jar,
});
assert.strictEqual(res.statusCode, 200);
assert(Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(res.headers['cache-control'], 'private');
assert.strictEqual(response.statusCode, 200);
assert(Object.keys(response.headers).includes('cache-control'));
assert.strictEqual(response.headers['cache-control'], 'private');
});
it('should be set to "private" on apiv3 routes, for logged-in users', async () => {
const res = await request(`${nconf.get('url')}/api/v3/users/${uid}`, {
simple: false,
resolveWithFullResponse: true,
const { response } = await request.get(`${nconf.get('url')}/api/v3/users/${uid}`, {
validateStatus: null,
jar,
});
assert.strictEqual(res.statusCode, 200);
assert(Object.keys(res.headers).includes('cache-control'));
assert.strictEqual(res.headers['cache-control'], 'private');
assert.strictEqual(response.statusCode, 200);
assert(Object.keys(response.headers).includes('cache-control'));
assert.strictEqual(response.headers['cache-control'], 'private');
});
});
});