mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-01 07:16:52 +03:00
9d114c7fa6
closes #942 - insert custom middleware to check for blacklisted files - redirect to express.static if file accepted - if not valid return next() to do nothing - currently black listing .hbs, .txt, .md and .json - debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting a theme serve unknown types
89 lines
2.7 KiB
JavaScript
89 lines
2.7 KiB
JavaScript
/*globals describe, beforeEach, it*/
|
|
var assert = require('assert'),
|
|
should = require('should'),
|
|
sinon = require('sinon'),
|
|
when = require('when'),
|
|
express = require('express'),
|
|
middleware = require('../../server/middleware');
|
|
|
|
describe('Middleware', function () {
|
|
describe('staticTheme', function () {
|
|
var realExpressStatic = express.static;
|
|
|
|
beforeEach(function () {
|
|
sinon.stub(middleware, 'forwardToExpressStatic').yields();
|
|
});
|
|
|
|
afterEach(function () {
|
|
middleware.forwardToExpressStatic.restore();
|
|
});
|
|
|
|
it('should call next if hbs file type', function (done) {
|
|
var req = {
|
|
url: 'mytemplate.hbs'
|
|
};
|
|
|
|
middleware.staticTheme(null)(req, null, function (a) {
|
|
should.not.exist(a);
|
|
middleware.forwardToExpressStatic.calledOnce.should.be.false;
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('should call next if md file type', function (done) {
|
|
var req = {
|
|
url: 'README.md'
|
|
};
|
|
|
|
middleware.staticTheme(null)(req, null, function (a) {
|
|
should.not.exist(a);
|
|
middleware.forwardToExpressStatic.calledOnce.should.be.false;
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('should call next if txt file type', function (done) {
|
|
var req = {
|
|
url: 'LICENSE.txt'
|
|
};
|
|
|
|
middleware.staticTheme(null)(req, null, function (a) {
|
|
should.not.exist(a);
|
|
middleware.forwardToExpressStatic.calledOnce.should.be.false;
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('should call next if json file type', function (done) {
|
|
var req = {
|
|
url: 'sample.json'
|
|
}
|
|
|
|
middleware.staticTheme(null)(req, null, function (a) {
|
|
should.not.exist(a);
|
|
middleware.forwardToExpressStatic.calledOnce.should.be.false;
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('should call express.static if valid file type', function (done) {
|
|
var ghostStub = {
|
|
paths: function() {
|
|
return {activeTheme: 'ACTIVETHEME'};
|
|
}
|
|
};
|
|
|
|
var req = {
|
|
url: 'myvalidfile.css'
|
|
};
|
|
|
|
middleware.staticTheme(ghostStub)(req, null, function (req, res, next) {
|
|
middleware.forwardToExpressStatic.calledOnce.should.be.true;
|
|
assert.deepEqual(middleware.forwardToExpressStatic.args[0][0], ghostStub);
|
|
return done();
|
|
});
|
|
});
|
|
});
|
|
});
|
|
|