From 4e4dc5e168074f150399dbceff7ea2c617800ca9 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Mon, 19 Jun 2017 15:51:48 -0700 Subject: [PATCH 1/3] added helmet middleware --- package.json | 1 + server/portal_server.js | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index c1bc9ff2..dca5aed4 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,7 @@ "express": "^4.15.3", "express-handlebars": "^3.0.0", "fs-extra": "^3.0.1", + "helmet": "^3.6.1", "jquery": "^3.2.1", "mozlog": "^2.1.1", "node-fetch": "^1.7.1", diff --git a/server/portal_server.js b/server/portal_server.js index 03996dc3..52883425 100644 --- a/server/portal_server.js +++ b/server/portal_server.js @@ -3,6 +3,7 @@ const exphbs = require('express-handlebars'); const busboy = require('connect-busboy'); const path = require('path'); const bodyParser = require('body-parser'); +const helmet = require('helmet'); const bytes = require('bytes'); const conf = require('./config.js'); const storage = require('./storage.js'); @@ -18,9 +19,9 @@ const app = express(); app.engine('handlebars', exphbs({ defaultLayout: 'main' })); app.set('view engine', 'handlebars'); +app.use(helmet()); app.use(busboy()); app.use(bodyParser.json()); - app.use(express.static(path.join(__dirname, '../public'))); app.get('/', (req, res) => { From f3fe56e3d5f6114f2e0a704a8f5d833dc6639660 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Mon, 19 Jun 2017 16:11:33 -0700 Subject: [PATCH 2/3] fixed delete bug --- server/portal_server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/portal_server.js b/server/portal_server.js index 52883425..c6f74c68 100644 --- a/server/portal_server.js +++ b/server/portal_server.js @@ -104,7 +104,7 @@ app.post('/delete/:id', (req, res) => { storage .delete(id, delete_token) - .then(() => { + .then((err) => { if (!err) { log.info('Deleted:', id); res.sendStatus(200); From e8280df647957ee8bdbe70ccc41879aa8faff7e1 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Tue, 20 Jun 2017 10:21:11 -0700 Subject: [PATCH 3/3] pr changes --- .eslintrc.yml | 1 + package.json | 8 +++---- server/storage.js | 7 ++++++- test/aws.storage.test.js | 45 +++++++++++++++++++++++++++++++--------- 4 files changed, 46 insertions(+), 15 deletions(-) diff --git a/.eslintrc.yml b/.eslintrc.yml index 16f7f635..2ba41056 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -2,6 +2,7 @@ env: browser: true es6: true jquery: true + mocha: true node: true extends: diff --git a/package.json b/package.json index dca5aed4..a1574893 100644 --- a/package.json +++ b/package.json @@ -18,9 +18,7 @@ "mozlog": "^2.1.1", "node-fetch": "^1.7.1", "path": "^0.12.7", - "proxyquire": "^1.8.0", - "redis": "^2.7.1", - "sinon": "^2.3.2" + "redis": "^2.7.1" }, "devDependencies": { "browserify": "^14.4.0", @@ -30,11 +28,13 @@ "eslint-plugin-node": "5.0.0", "eslint-plugin-security": "1.3.0", "htmllint-cli": "0.0.6", + "mocha": "^3.4.2", "npm-run-all": "4.0.2", "prettier": "1.4.4", + "proxyquire": "^1.8.0", + "sinon": "^2.3.5", "stylelint": "7.11.0", "stylelint-config-standard": "16.0.0", - "mocha": "^3.4.2", "watchify": "^3.9.0" }, "engines": { diff --git a/server/storage.js b/server/storage.js index e9388290..93d02791 100644 --- a/server/storage.js +++ b/server/storage.js @@ -143,7 +143,12 @@ function awsGet(id) { Key: id }; - return s3.getObject(params).createReadStream(); + try { + return s3.getObject(params).createReadStream(); + } catch(err) { + log.info('GetFailed', 'Get Object from s3 failed.'); + return null; + } } function awsSet(id, file, filename, url) { diff --git a/test/aws.storage.test.js b/test/aws.storage.test.js index 03ae8a6e..e8b7b102 100644 --- a/test/aws.storage.test.js +++ b/test/aws.storage.test.js @@ -1,6 +1,7 @@ const assert = require('assert'); const sinon = require('sinon'); const proxyquire = require('proxyquire'); +const crypto = require('crypto'); const conf = require('../server/config.js'); conf.notLocalHost = true; @@ -9,7 +10,7 @@ let redisStub = {}; let exists = sinon.stub(); let hget = sinon.stub(); let hmset = sinon.stub(); -let expire = sinon.stub(); +let expire = sinon.spy(); let del = sinon.stub(); redisStub.createClient = function() { @@ -56,7 +57,7 @@ describe('Testing Length using aws', function() { it('Filesize returns properly if id exists', function() { s3Stub.headObject.callsArgWith(1, null, {ContentLength: 1}); return storage.length('123') - .then(reply => assert(reply === 1)) + .then(reply => assert.equal(reply, 1)) .catch(err => assert.fail()) }) @@ -69,35 +70,59 @@ describe('Testing Length using aws', function() { }); describe('Testing Get using aws', function() { + it('Should not error out when the file exists', function() { + let spy = sinon.spy(); s3Stub.getObject.returns({ - createReadStream: function() { return 1; } + createReadStream: spy }); - assert(storage.get('123') === 1); + + storage.get('123'); + assert(spy.calledOnce); }) it('Should error when the file does not exist', function() { + let err = function() { throw new Error(); } + let spy = sinon.spy(err); s3Stub.getObject.returns({ - createReadStream: function() { return null; } + createReadStream: spy }); - assert(storage.get('123') === null); + + assert.equal(storage.get('123'), null); + assert(spy.threw()); }) }); describe('Testing Set using aws', function() { + beforeEach(function() { + expire.reset(); + }) + + after(function() { + crypto.randomBytes.restore(); + }) + it('Should pass when the file is successfully uploaded and no bitly key', function() { conf.bitly_key = null; + const buf = new Buffer(10); + sinon.stub(crypto, 'randomBytes').returns(buf); s3Stub.upload.callsArgWith(1, null, {}); return storage.set('123', {}, 'Filename.moz', 'url.com') - .then(reply => assert(reply.url === 'url.com' && reply.uuid !== null)) - .catch(err => assert.fail()); + .then(reply => { + assert.equal(reply.uuid, buf.toString('hex')); + assert.equal(reply.url, 'url.com'); + assert.notEqual(reply.uuid, null); + assert(expire.calledOnce); + assert(expire.calledWith('123', 86400000)); + }) + .catch(err => assert.fail()); }) it('Should fail if there was an error during uploading', function() { s3Stub.upload.callsArgWith(1, new Error(), null); return storage.set('123', {}, 'Filename.moz', 'url.com') - .then(reply => assert.fail()) - .catch(err => assert(1)); + .then(reply => assert.fail()) + .catch(err => assert(1)); }) });