Merge branch 'master' into addMetadataToShare-#1679

2025-12-24 18:32:41 +00:00 · 2023-04-11 08:06:28 +12:00
parent 4ddee3c2f1 ba72f1ab22
commit 8febaee2a9
6 changed files with 77 additions and 11 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -82,6 +82,13 @@ For a full record of development, visit our [Github Page](https://github.com/nat

 ### XXXXday DD/MM/2023 - v3.8.0
 {{taskList
+
+##### Jeddai
+
+* [X] Add content negotiation to exclude image requests from our API calls
+
+Fixes issue [#2595](https://github.com/naturalcrit/homebrewery/issues/2595)
+
 ##### G-Ambatte

 * [x] Update server build scripts to fix Admin page
--- a/package-lock.json
+++ b/package-lock.json
@@ -46,9 +46,10 @@
        "vitreum": "git+https://git@github.com/calculuschild/vitreum.git"
      },
      "devDependencies": {
-        "eslint": "^8.37.0",
+        "eslint": "^8.38.0",
        "eslint-plugin-react": "^7.32.2",
        "jest": "^29.5.0",
+        "jest-expect-message": "^1.1.3",
        "supertest": "^6.3.3"
      },
      "engines": {
@@ -1791,9 +1792,9 @@
      }
    },
    "node_modules/@eslint/js": {
-      "version": "8.37.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.37.0.tgz",
-      "integrity": "sha512-x5vzdtOOGgFVDCUs81QRB2+liax8rFg3+7hqM+QhBG0/G3F1ZsoYl97UrqgHgQ9KKT7G6c4V+aTUCgu/n22v1A==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz",
+      "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==",
      "dev": true,
      "engines": {
        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4852,15 +4853,15 @@
      }
    },
    "node_modules/eslint": {
-      "version": "8.37.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.37.0.tgz",
-      "integrity": "sha512-NU3Ps9nI05GUoVMxcZx1J8CNR6xOvUT4jAUMH5+z8lpp3aEdPVCImKw6PWG4PY+Vfkpr+jvMpxs/qoE7wq0sPw==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz",
+      "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==",
      "dev": true,
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.2.0",
        "@eslint-community/regexpp": "^4.4.0",
        "@eslint/eslintrc": "^2.0.2",
-        "@eslint/js": "8.37.0",
+        "@eslint/js": "8.38.0",
        "@humanwhocodes/config-array": "^0.11.8",
        "@humanwhocodes/module-importer": "^1.0.1",
        "@nodelib/fs.walk": "^1.2.8",
@@ -7489,6 +7490,12 @@
        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
      }
    },
+    "node_modules/jest-expect-message": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/jest-expect-message/-/jest-expect-message-1.1.3.tgz",
+      "integrity": "sha512-bTK77T4P+zto+XepAX3low8XVQxDgaEqh3jSTQOG8qvPpD69LsIdyJTa+RmnJh3HNSzJng62/44RPPc7OIlFxg==",
+      "dev": true
+    },
    "node_modules/jest-get-type": {
      "version": "29.4.3",
      "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.4.3.tgz",
--- a/package.json
+++ b/package.json
@@ -110,7 +110,7 @@
    "vitreum": "git+https://git@github.com/calculuschild/vitreum.git"
  },
  "devDependencies": {
-    "eslint": "^8.37.0",
+    "eslint": "^8.38.0",
    "eslint-plugin-react": "^7.32.2",
    "jest": "^29.5.0",
    "jest-expect-message": "^1.1.3",
--- a/server/app.js
+++ b/server/app.js
@@ -43,8 +43,7 @@ const sanitizeBrew = (brew, accessType)=>{
 };

 app.use('/', serveCompressedStaticAssets(`build`));
-
-//app.use(express.static(`${__dirname}/build`));
+app.use(require('./middleware/content-negotiation.js'));
 app.use(require('body-parser').json({ limit: '25mb' }));
 app.use(require('cookie-parser')());
 app.use(require('./forcessl.mw.js'));
--- a/server/middleware/content-negotiation.js
+++ b/server/middleware/content-negotiation.js
@@ -0,0 +1,12 @@
+module.exports = (req, res, next)=>{
+	const isImageRequest = req.get('Accept')?.split(',')
+        ?.filter((h)=>!h.includes('q='))
+        ?.every((h)=>/image\/.*/.test(h));
+	if(isImageRequest) {
+		return res.status(406).send({
+			message : 'Request for image at this URL is not supported'
+		});
+	}
+
+	next();
+};
--- a/server/middleware/content-negotiation.spec.js
+++ b/server/middleware/content-negotiation.spec.js
@@ -0,0 +1,41 @@
+const contentNegotiationMiddleware = require('./content-negotiation.js');
+
+describe('content-negotiation-middleware', ()=>{
+	let request;
+	let response;
+	let next;
+
+	beforeEach(()=>{
+		request = {
+			get : function(key) {
+				return this[key];
+			}
+		};
+		response = {
+			status : jest.fn(()=>response),
+			send   : jest.fn(()=>{})
+		};
+		next = jest.fn();
+	});
+
+	it('should return 406 on image request', ()=>{
+		contentNegotiationMiddleware({
+			Accept : 'image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8',
+			...request
+		}, response);
+
+		expect(response.status).toHaveBeenLastCalledWith(406);
+		expect(response.send).toHaveBeenCalledWith({
+			message : 'Request for image at this URL is not supported'
+		});
+	});
+
+	it('should call next on non-image request', ()=>{
+		contentNegotiationMiddleware({
+			Accept : 'text,image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8',
+			...request
+		}, response, next);
+
+		expect(next).toHaveBeenCalled();
+	});
+});