Whitelist front end pages that can be viewed

fixes #322
This commit is contained in:
Shane Tomlinson 2014-02-18 07:24:23 +00:00
Родитель 2d99046e05
Коммит d584e09fb8
3 изменённых файлов: 85 добавлений и 6 удалений

Просмотреть файл

@ -51,10 +51,32 @@ module.exports = function (app) {
});
});
app.get(/\/[^.]*$/, function (req, res, next) {
// setting the url to / will use the correct index.html for either dev or
// prod mode.
req.url = '/';
next();
// an array is used instead of a regexp simply because the regexp
// became too long. One route is created for each item.
var FRONTEND_ROUTES = [
'/',
'/signin',
'/signup',
'/confirm',
'/settings',
'/change_password',
'/legal/terms',
'/legal/privacy',
'/cannot_create_account',
'/verify_email',
'/reset_password',
'/confirm_reset_password',
'/complete_reset_password',
'/reset_password_complete',
'/force_auth'
];
FRONTEND_ROUTES.forEach(function (route) {
app.get(route, function (req, res, next) {
// setting the url to / will use the correct index.html for either dev or
// prod mode.
req.url = '/';
next();
});
});
};

Просмотреть файл

@ -11,7 +11,7 @@ define([
intern.webdriver = {};
intern.environments = [];
intern.functionalSuites = [];
intern.suites = [ 'tests/server/templates' ];
intern.suites = [ 'tests/server/templates', 'tests/server/routes' ];
return intern;
});

57
tests/server/routes.js Normal file
Просмотреть файл

@ -0,0 +1,57 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
define([
'intern!object',
'intern/chai!assert',
'intern/dojo/node!../../server/lib/configuration',
'intern/dojo/node!request'
], function (registerSuite, assert, config, request) {
'use strict';
var serverUrl = config.get('public_url');
var suite = {
name: 'front end routes'
};
var routes = {
'/v1/complete_reset_password': 200,
'/v1/verify_email': 200,
'/config': 200,
'/': 200,
'/signin': 200,
'/signup': 200,
'/confirm': 200,
'/settings': 200,
'/change_password': 200,
'/legal/terms': 200,
'/legal/privacy': 200,
'/cannot_create_account': 200,
'/verify_email': 200,
'/reset_password': 200,
'/confirm_reset_password': 200,
'/complete_reset_password': 200,
'/reset_password_complete': 200,
'/force_auth': 200,
'/non_existent': 404
};
function routeTest(route, expectedStatusCode) {
suite['#get ' + route] = function () {
var dfd = this.async(1000);
request(serverUrl + route, dfd.callback(function (err, res) {
assert.equal(res.statusCode, expectedStatusCode);
}, dfd.reject.bind(dfd)));
};
}
Object.keys(routes).forEach(function (key) {
routeTest(key, routes[key]);
});
registerSuite(suite);
});