opensource/RSSHub
1
0
Fork 0
mirror of https://github.com/DIYgod/RSSHub.git synced 2025-12-08 05:59:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: use simple access keys for access control (#4643)

Browse Source
This commit is contained in:
Henry Wang
2020-05-06 13:14:28 +01:00
committed by GitHub
parent 581a469f9c
commit 4a46db99f9
7 changed files with 175 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
test/middleware/access-control.js
View File

@@ -1,4 +1,5 @@
const supertest = require('supertest');
const md5 = require('md5');
let server;
jest.mock('request-promise-native');
@@ -8,6 +9,7 @@ async function checkBlock(response) {
}
afterEach(() => {
delete process.env.ACCESS_KEY;
delete process.env.BLACKLIST;
delete process.env.WHITELIST;
jest.resetModules();
@@ -16,7 +18,10 @@ afterEach(() => {
describe('access-control', () => {
it(`blacklist`, async () => {
const key = '1L0veRSSHub';
const code = md5('/test/2' + key);
process.env.BLACKLIST = '/test/1,233.233.233.233';
process.env.ACCESS_KEY = key;
server = require('../../lib/index');
const request = supertest(server);
@@ -31,10 +36,34 @@ describe('access-control', () => {
const response22 = await request.get('/test/2').set('X-Forwarded-For', '233.233.233.233');
checkBlock(response22);
// wrong key/code, not on blacklist
const response311 = await request.get(`/test/2?key=wrong+${key}`);
expect(response311.status).toBe(200);
const response312 = await request.get(`/test/2?code=wrong+${code}`);
expect(response312.status).toBe(200);
// wrong key/code, on blacklist
const response321 = await request.get(`/test/2?key=wrong+${key}`).set('X-Forwarded-For', '233.233.233.233');
checkBlock(response321);
const response322 = await request.get(`/test/2?code=wrong+${code}`).set('X-Forwarded-For', '233.233.233.233');
checkBlock(response322);
// right key/code, on blacklist
const response331 = await request.get(`/test/2?key=${key}`).set('X-Forwarded-For', '233.233.233.233');
expect(response331.status).toBe(200);
const response332 = await request.get(`/test/2?code=${code}`).set('X-Forwarded-For', '233.233.233.233');
expect(response332.status).toBe(200);
});
it(`whitelist`, async () => {
const key = '1L0veRSSHub';
const code = md5('/test/2' + key);
process.env.WHITELIST = '/test/1,233.233.233.233';
process.env.ACCESS_KEY = key;
server = require('../../lib/index');
const request = supertest(server);
@@ -49,5 +78,26 @@ describe('access-control', () => {
const response22 = await request.get('/test/2').set('X-Forwarded-For', '233.233.233.233');
expect(response22.status).toBe(200);
// wrong key/code, not on whitelist
const response311 = await request.get(`/test/2?code=wrong+${code}`);
checkBlock(response311);
const response312 = await request.get(`/test/2?key=wrong+${key}`);
checkBlock(response312);
// wrong key/code, on whitelist
const response321 = await request.get(`/test/2?code=wrong+${code}`).set('X-Forwarded-For', '233.233.233.233');
expect(response321.status).toBe(200);
const response322 = await request.get(`/test/2?key=wrong+${key}`).set('X-Forwarded-For', '233.233.233.233');
expect(response322.status).toBe(200);
// right key/code
const response331 = await request.get(`/test/2?code=${code}`);
expect(response331.status).toBe(200);
const response332 = await request.get(`/test/2?key=${key}`);
expect(response332.status).toBe(200);
});
});