From 8b0203dd7c50567dd77de07f6bb27d12ae0b6dd9 Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Sat, 21 Jan 2023 00:48:41 -0600 Subject: [PATCH 1/4] add content negotiation middleware and tests --- server/app.js | 3 +- server/middleware/content-negotiation.js | 12 ++++++ server/middleware/content-negotiation.spec.js | 41 +++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 server/middleware/content-negotiation.js create mode 100644 server/middleware/content-negotiation.spec.js diff --git a/server/app.js b/server/app.js index de7586209..b852160ca 100644 --- a/server/app.js +++ b/server/app.js @@ -43,8 +43,7 @@ const sanitizeBrew = (brew, accessType)=>{ }; app.use('/', serveCompressedStaticAssets(`build`)); - -//app.use(express.static(`${__dirname}/build`)); +app.use(require('./middleware/content-negotiation.js')); app.use(require('body-parser').json({ limit: '25mb' })); app.use(require('cookie-parser')()); app.use(require('./forcessl.mw.js')); diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js new file mode 100644 index 000000000..81f7b842d --- /dev/null +++ b/server/middleware/content-negotiation.js @@ -0,0 +1,12 @@ +module.exports = (req, res, next)=>{ + const isImageRequest = req.get('Accept').split(',') + .filter((h)=>!h.includes('q=')) + .every((h)=>/image\/.*/.test(h)); + if(isImageRequest) { + return res.status(406).send({ + message : 'Request for image at this URL is not supported' + }); + } + + next(); +}; \ No newline at end of file diff --git a/server/middleware/content-negotiation.spec.js b/server/middleware/content-negotiation.spec.js new file mode 100644 index 000000000..68f22eb1c --- /dev/null +++ b/server/middleware/content-negotiation.spec.js @@ -0,0 +1,41 @@ +const contentNegotiationMiddleware = require('./content-negotiation.js'); + +describe('content-negotiation-middleware', ()=>{ + let request; + let response; + let next; + + beforeEach(()=>{ + request = { + get : function(key) { + return this[key]; + } + }; + response = { + status : jest.fn(()=>response), + send : jest.fn(()=>{}) + }; + next = jest.fn(); + }); + + it('should return 406 on image request', ()=>{ + contentNegotiationMiddleware({ + Accept : 'image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8', + ...request + }, response); + + expect(response.status).toHaveBeenLastCalledWith(406); + expect(response.send).toHaveBeenCalledWith({ + message : 'Request for image at this URL is not supported' + }); + }); + + it('should call next on non-image request', ()=>{ + contentNegotiationMiddleware({ + Accept : 'text,image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8', + ...request + }, response, next); + + expect(next).toHaveBeenCalled(); + }); +}); \ No newline at end of file From b77c70054a4bfad09514d2dd8988689c4b156f72 Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Wed, 25 Jan 2023 23:00:05 -0600 Subject: [PATCH 2/4] adjust content-negotiation middleware to elvis on the accept header --- server/middleware/content-negotiation.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 81f7b842d..201e64a25 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -1,7 +1,7 @@ module.exports = (req, res, next)=>{ - const isImageRequest = req.get('Accept').split(',') - .filter((h)=>!h.includes('q=')) - .every((h)=>/image\/.*/.test(h)); + const isImageRequest = req.get('Accept')?.split(',') + ?.filter((h)=>!h.includes('q=')) + ?.every((h)=>/image\/.*/.test(h)); if(isImageRequest) { return res.status(406).send({ message : 'Request for image at this URL is not supported' From 4c42a9e2fc93987204431314966ce464939be74e Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Wed, 25 Jan 2023 23:27:01 -0600 Subject: [PATCH 3/4] add changelog --- changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/changelog.md b/changelog.md index 3e6216607..757ab53ac 100644 --- a/changelog.md +++ b/changelog.md @@ -61,6 +61,15 @@ pre { ## changelog For a full record of development, visit our [Github Page](https://github.com/naturalcrit/homebrewery). +### V3.6.1 +{{taskList +##### Jeddai + +* [X] Add content negotiation to exclude image requests from our API calls + +Fixes issue [#2595](https://github.com/naturalcrit/homebrewery/issues/2595) +}} + ### Friday 23/01/2023 - v3.6.0 {{taskList ##### calculuschild From 5cf6c9b8bdef668e067360e168a434de6d6c5ed7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 03:14:34 +0000 Subject: [PATCH 4/4] Bump eslint from 8.37.0 to 8.38.0 Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.38.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v8.37.0...v8.38.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 23 +++++++++++++++-------- package.json | 2 +- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 729396d79..de26f09b8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -46,9 +46,10 @@ "vitreum": "git+https://git@github.com/calculuschild/vitreum.git" }, "devDependencies": { - "eslint": "^8.37.0", + "eslint": "^8.38.0", "eslint-plugin-react": "^7.32.2", "jest": "^29.5.0", + "jest-expect-message": "^1.1.3", "supertest": "^6.3.3" }, "engines": { @@ -1791,9 +1792,9 @@ } }, "node_modules/@eslint/js": { - "version": "8.37.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.37.0.tgz", - "integrity": "sha512-x5vzdtOOGgFVDCUs81QRB2+liax8rFg3+7hqM+QhBG0/G3F1ZsoYl97UrqgHgQ9KKT7G6c4V+aTUCgu/n22v1A==", + "version": "8.38.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz", + "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==", "dev": true, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -4852,15 +4853,15 @@ } }, "node_modules/eslint": { - "version": "8.37.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.37.0.tgz", - "integrity": "sha512-NU3Ps9nI05GUoVMxcZx1J8CNR6xOvUT4jAUMH5+z8lpp3aEdPVCImKw6PWG4PY+Vfkpr+jvMpxs/qoE7wq0sPw==", + "version": "8.38.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz", + "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.4.0", "@eslint/eslintrc": "^2.0.2", - "@eslint/js": "8.37.0", + "@eslint/js": "8.38.0", "@humanwhocodes/config-array": "^0.11.8", "@humanwhocodes/module-importer": "^1.0.1", "@nodelib/fs.walk": "^1.2.8", @@ -7489,6 +7490,12 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, + "node_modules/jest-expect-message": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/jest-expect-message/-/jest-expect-message-1.1.3.tgz", + "integrity": "sha512-bTK77T4P+zto+XepAX3low8XVQxDgaEqh3jSTQOG8qvPpD69LsIdyJTa+RmnJh3HNSzJng62/44RPPc7OIlFxg==", + "dev": true + }, "node_modules/jest-get-type": { "version": "29.4.3", "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.4.3.tgz", diff --git a/package.json b/package.json index 2ac8c1681..65c7411f5 100644 --- a/package.json +++ b/package.json @@ -110,7 +110,7 @@ "vitreum": "git+https://git@github.com/calculuschild/vitreum.git" }, "devDependencies": { - "eslint": "^8.37.0", + "eslint": "^8.38.0", "eslint-plugin-react": "^7.32.2", "jest": "^29.5.0", "jest-expect-message": "^1.1.3",