tests/middleware/urlSanitizer.test.js

   1 const middleware = require("../../src/middleware/urlSanitizer.js");
   2 const sanitizeURL = require("../../src/utils/urlSanitizer.js");
   3 const parseURL = require("../../src/utils/urlParser.js");
   4
   5 jest.mock("../../src/utils/urlSanitizer.js");
   6 jest.mock("../../src/utils/urlParser.js");
   7
   8 describe("Path sanitizer middleware", () => {
   9   let req, res, logFacilities, config, next;
  10
  11   beforeEach(() => {
  12     req = {
  13       parsedURL: {
  14         pathname: "/test",
  15         search: "?query=test",
  16         hash: "#hash"
  17       },
  18       url: "/test?query=test#hash",
  19       isProxy: false,
  20       headers: {
  21         host: "test.com"
  22       },
  23       socket: {
  24         encrypted: false
  25       }
  26     };
  27     res = {
  28       redirect: jest.fn(),
  29       error: jest.fn()
  30     };
  31     logFacilities = {
  32       resmessage: jest.fn()
  33     };
  34     config = {
  35       allowDoubleSlashes: false,
  36       rewriteDirtyURLs: false,
  37       domain: "test.com"
  38     };
  39     next = jest.fn();
  40
  41     sanitizeURL.mockImplementation((url) => url);
  42     parseURL.mockImplementation((url) => ({ pathname: url }));
  43   });
  44
  45   test("should call next if URL is not dirty", () => {
  46     middleware(req, res, logFacilities, config, next);
  47     expect(next).toHaveBeenCalled();
  48   });
  49
  50   test("should redirect if URL is dirty and rewriteDirtyURLs is false", () => {
  51     req.parsedURL.pathname = "/dirty%20url";
  52     middleware(req, res, logFacilities, config, next);
  53     expect(res.redirect).toHaveBeenCalledWith(
  54       "/dirty%20url?query=test#hash",
  55       false
  56     );
  57     expect(next).not.toHaveBeenCalled();
  58   });
  59
  60   test("should rewrite URL if URL is dirty and rewriteDirtyURLs is true", () => {
  61     req.parsedURL.pathname = "/dirty%20url";
  62     config.rewriteDirtyURLs = true;
  63     middleware(req, res, logFacilities, config, next);
  64     expect(req.url).toBe("/dirty%20url?query=test#hash");
  65     expect(next).toHaveBeenCalled();
  66   });
  67
  68   test("should redirect if URL is dirty (sanitized via sanitizeURL) and rewriteDirtyURLs is false", () => {
  69     req.parsedURL.pathname = "/dirty%20url";
  70     sanitizeURL.mockImplementation((url) => url.replace(/dirty/g, "clean"));
  71     middleware(req, res, logFacilities, config, next);
  72     expect(res.redirect).toHaveBeenCalledWith(
  73       "/clean%20url?query=test#hash",
  74       false
  75     );
  76     expect(next).not.toHaveBeenCalled();
  77   });
  78
  79   test("should rewrite URL if URL is dirty (sanitized via sanitizeURL) and rewriteDirtyURLs is true", () => {
  80     req.parsedURL.pathname = "/dirty%20url";
  81     config.rewriteDirtyURLs = true;
  82     sanitizeURL.mockImplementation((url) => url.replace(/dirty/g, "clean"));
  83     middleware(req, res, logFacilities, config, next);
  84     expect(req.url).toBe("/clean%20url?query=test#hash");
  85     expect(next).toHaveBeenCalled();
  86   });
  87
  88   test("should handle parseURL errors", () => {
  89     req.parsedURL.pathname = "/dirty%20url";
  90     config.rewriteDirtyURLs = true;
  91     sanitizeURL.mockImplementation((url) => url.replace(/dirty/g, "clean"));
  92     parseURL.mockImplementation(() => {
  93       throw new Error("Parse error");
  94     });
  95     middleware(req, res, logFacilities, config, next);
  96     expect(res.error).toHaveBeenCalledWith(400, new Error("Parse error"));
  97     expect(next).not.toHaveBeenCalled();
  98   });
  99 });