Add /connector/request endpoint

2022-12-22 13:12:51 -05:00 · 2022-12-22 13:12:51 -05:00 · e46ffaf84b
commit e46ffaf84b
parent bad4597a86
2 changed files with 282 additions and 0 deletions
--- a/test/tests/server_connectorTest.js
+++ b/test/tests/server_connectorTest.js
@ -2647,4 +2647,186 @@ describe("Connector Server", function () {
 			assert.equal(item.libraryID, Zotero.Libraries.userLibraryID);
 		});
 	});
+	
+	describe('/connector/request', function () {
+		let endpoint;
+		
+		before(function () {
+			endpoint = connectorServerPath + '/connector/request';
+		});
+		
+		beforeEach(function () {
+			Zotero.Server.Connector.Request.enableValidation = true;
+		});
+
+		after(function () {
+			Zotero.Server.Connector.Request.enableValidation = true;
+		});
+		
+		it('should reject GET requests', async function () {
+			let req = await Zotero.HTTP.request(
+				'GET',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: 'https://www.example.com/'
+					}),
+					successCodes: false
+				}
+			);
+			assert.equal(req.status, 400);
+			assert.include(req.responseText, 'Endpoint does not support method');
+		});
+
+		it('should not make requests to arbitrary hosts', async function () {
+			let req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: `http://localhost:${Zotero.Prefs.get('httpServer.port')}/`
+					}),
+					successCodes: false
+				}
+			);
+			assert.equal(req.status, 400);
+			assert.include(req.responseText, 'Unsupported URL');
+
+			req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: `http://www.example.com/`
+					}),
+					successCodes: false
+				}
+			);
+			assert.equal(req.status, 400);
+			assert.include(req.responseText, 'Unsupported URL');
+		});
+
+		it('should reject requests with non-Mozilla/ user agents', async function () {
+			let req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: {
+						'content-type': 'application/json',
+						'user-agent': 'BadBrowser/1.0'
+					},
+					body: JSON.stringify({
+						method: 'GET',
+						url: `https://www.worldcat.org/api/nonexistent`
+					}),
+					successCodes: false
+				}
+			);
+			assert.equal(req.status, 400);
+			assert.include(req.responseText, 'Unsupported User-Agent');
+		});
+
+		it('should allow a request to an allowed host', async function () {
+			let stub = sinon.stub(Zotero.HTTP, 'request');
+			// First call: call original
+			stub.callThrough();
+			// Second call (call from within /connector/request handler): return the following
+			stub.onSecondCall().returns({
+				status: 200,
+				getAllResponseHeaders: () => '',
+				response: 'it went through'
+			});
+			
+			let req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: `https://www.worldcat.org/api/nonexistent`
+					})
+				}
+			);
+			assert.equal(req.status, 200);
+			assert.equal(JSON.parse(req.responseText).body, 'it went through');
+			
+			stub.restore();
+		});
+
+		it('should return response in translator request() format with lowercase headers', async function () {
+			let testEndpointPath = '/test/header';
+			
+			httpd.registerPathHandler(
+				testEndpointPath,
+				{
+					handle: function (request, response) {
+						response.setStatusLine(null, 200, 'OK');
+						response.setHeader('X-Some-Header', 'Header value');
+						response.write('body');
+					}
+				}
+			);
+			
+			Zotero.Server.Connector.Request.enableValidation = false;
+			let req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: testServerPath + testEndpointPath
+					}),
+					responseType: 'json'
+				}
+			);
+			
+			assert.equal(req.response.status, 200);
+			assert.equal(req.response.headers['x-some-header'], 'Header value');
+			assert.equal(req.response.body, 'body');
+		});
+
+		it('should set Referer', async function () {
+			let testEndpointPath = '/test/referer';
+			let referer = 'https://www.example.com/';
+
+			httpd.registerPathHandler(
+				testEndpointPath,
+				{
+					handle: function (request, response) {
+						assert.equal(request.getHeader('Referer'), referer);
+						response.setStatusLine(null, 200, 'OK');
+						response.write('');
+					}
+				}
+			);
+
+			Zotero.Server.Connector.Request.enableValidation = false;
+			let req = await Zotero.HTTP.request(
+				'POST',
+				endpoint,
+				{
+					headers: { 'content-type': 'application/json' },
+					body: JSON.stringify({
+						method: 'GET',
+						url: testServerPath + testEndpointPath,
+						options: {
+							headers: {
+								Referer: referer
+							}
+						}
+					})
+				}
+			);
+
+			assert.equal(JSON.parse(req.response).status, 200);
+		});
+	});
 });