From 8b0203dd7c50567dd77de07f6bb27d12ae0b6dd9 Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Sat, 21 Jan 2023 00:48:41 -0600 Subject: [PATCH 1/3] add content negotiation middleware and tests --- server/app.js | 3 +- server/middleware/content-negotiation.js | 12 ++++++ server/middleware/content-negotiation.spec.js | 41 +++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 server/middleware/content-negotiation.js create mode 100644 server/middleware/content-negotiation.spec.js diff --git a/server/app.js b/server/app.js index de7586209..b852160ca 100644 --- a/server/app.js +++ b/server/app.js @@ -43,8 +43,7 @@ const sanitizeBrew = (brew, accessType)=>{ }; app.use('/', serveCompressedStaticAssets(`build`)); - -//app.use(express.static(`${__dirname}/build`)); +app.use(require('./middleware/content-negotiation.js')); app.use(require('body-parser').json({ limit: '25mb' })); app.use(require('cookie-parser')()); app.use(require('./forcessl.mw.js')); diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js new file mode 100644 index 000000000..81f7b842d --- /dev/null +++ b/server/middleware/content-negotiation.js @@ -0,0 +1,12 @@ +module.exports = (req, res, next)=>{ + const isImageRequest = req.get('Accept').split(',') + .filter((h)=>!h.includes('q=')) + .every((h)=>/image\/.*/.test(h)); + if(isImageRequest) { + return res.status(406).send({ + message : 'Request for image at this URL is not supported' + }); + } + + next(); +}; \ No newline at end of file diff --git a/server/middleware/content-negotiation.spec.js b/server/middleware/content-negotiation.spec.js new file mode 100644 index 000000000..68f22eb1c --- /dev/null +++ b/server/middleware/content-negotiation.spec.js @@ -0,0 +1,41 @@ +const contentNegotiationMiddleware = require('./content-negotiation.js'); + +describe('content-negotiation-middleware', ()=>{ + let request; + let response; + let next; + + beforeEach(()=>{ + request = { + get : function(key) { + return this[key]; + } + }; + response = { + status : jest.fn(()=>response), + send : jest.fn(()=>{}) + }; + next = jest.fn(); + }); + + it('should return 406 on image request', ()=>{ + contentNegotiationMiddleware({ + Accept : 'image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8', + ...request + }, response); + + expect(response.status).toHaveBeenLastCalledWith(406); + expect(response.send).toHaveBeenCalledWith({ + message : 'Request for image at this URL is not supported' + }); + }); + + it('should call next on non-image request', ()=>{ + contentNegotiationMiddleware({ + Accept : 'text,image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8', + ...request + }, response, next); + + expect(next).toHaveBeenCalled(); + }); +}); \ No newline at end of file From b77c70054a4bfad09514d2dd8988689c4b156f72 Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Wed, 25 Jan 2023 23:00:05 -0600 Subject: [PATCH 2/3] adjust content-negotiation middleware to elvis on the accept header --- server/middleware/content-negotiation.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/middleware/content-negotiation.js b/server/middleware/content-negotiation.js index 81f7b842d..201e64a25 100644 --- a/server/middleware/content-negotiation.js +++ b/server/middleware/content-negotiation.js @@ -1,7 +1,7 @@ module.exports = (req, res, next)=>{ - const isImageRequest = req.get('Accept').split(',') - .filter((h)=>!h.includes('q=')) - .every((h)=>/image\/.*/.test(h)); + const isImageRequest = req.get('Accept')?.split(',') + ?.filter((h)=>!h.includes('q=')) + ?.every((h)=>/image\/.*/.test(h)); if(isImageRequest) { return res.status(406).send({ message : 'Request for image at this URL is not supported' From 4c42a9e2fc93987204431314966ce464939be74e Mon Sep 17 00:00:00 2001 From: Charlie Humphreys Date: Wed, 25 Jan 2023 23:27:01 -0600 Subject: [PATCH 3/3] add changelog --- changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/changelog.md b/changelog.md index 3e6216607..757ab53ac 100644 --- a/changelog.md +++ b/changelog.md @@ -61,6 +61,15 @@ pre { ## changelog For a full record of development, visit our [Github Page](https://github.com/naturalcrit/homebrewery). +### V3.6.1 +{{taskList +##### Jeddai + +* [X] Add content negotiation to exclude image requests from our API calls + +Fixes issue [#2595](https://github.com/naturalcrit/homebrewery/issues/2595) +}} + ### Friday 23/01/2023 - v3.6.0 {{taskList ##### calculuschild