Skip to content

Commit

Permalink
test: Add tests for CORS policy (jamhall#63)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kherock
kherock committed Jan 25, 2018
1 parent 8ab9da4 commit 13867ae
Show file tree
Hide file tree
Showing 4 changed files with 173 additions and 5 deletions.
4 changes: 2 additions & 2 deletions lib/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ module.exports = function (options) {
res.header('Access-Control-Allow-Headers', req.headers['access-control-request-headers']);
if (req.headers['access-control-request-method'])
res.header('Access-Control-Allow-Methods', req.headers['access-control-request-method']);
} else {
} else if (CORSConfiguration && CORSConfiguration.CORSRule) {
CORSConfiguration.CORSRule.some((rule) => {
// The Express CORS middleware is sync, so this finishes before next() is called
cors({
origin: rule.AllowedOrigin,
origin: rule.AllowedOrigin[0] === '*' ? '*' : rule.AllowedOrigin,
methods: rule.AllowedMethod,
allowedHeaders: rule.AllowedHeader,
exposedHeaders: rule.ExposeHeader,
Expand Down
10 changes: 10 additions & 0 deletions test/resources/cors1.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<!-- Sample policy -->
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>

16 changes: 16 additions & 0 deletions test/resources/cors2.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://a-test.example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>Accept-Ranges</ExposeHeader>
<ExposeHeader>Content-Range</ExposeHeader>
<ExposeHeader>Content-Encoding</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<AllowedHeader>Range</AllowedHeader>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>

148 changes: 145 additions & 3 deletions test/test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -591,17 +591,17 @@ describe('S3rver Tests', function () {
});

it('should get partial image from a bucket with a range request', function (done) {
var file = path.join(__dirname, 'resources/image.jpg');
const file = path.join(__dirname, 'resources/image.jpg');
fs.readFile(file, function (err, data) {
var params = {
const params = {
Bucket: buckets[0],
Key: 'image',
Body: data,
ContentType: 'image/jpeg',
ContentLength: data.length,
};
s3Client.putObject(params, function (err) {
var url = s3Client.getSignedUrl('getObject', { Bucket: buckets[0], Key: 'image' });
const url = s3Client.getSignedUrl('getObject', { Bucket: buckets[0], Key: 'image' });
request({ url, headers: { range: 'bytes=0-100' } }, function (err, response, body) {
if (err) return done(err);

Expand Down Expand Up @@ -1069,6 +1069,148 @@ describe('S3rver Tests', function () {
});
});

describe('S3rver CORS Policy Tests', function () {
const bucket = 'foobars';
let s3Client;

before('Initialize bucket', function (done) {
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true
}).run((err, hostname, port, directory) => {
if (err) return done(err);

s3Client = new AWS.S3({
accessKeyId: '123',
secretAccessKey: 'abc',
endpoint: util.format('http://%s:%d', 'localhost', 4569),
sslEnabled: false,
s3ForcePathStyle: true
});
const file = fs.readFileSync(path.join(__dirname, 'resources/image.jpg'));
const params = {
Bucket: bucket,
Key: 'image',
Body: new Buffer(file),
ContentType: 'image/jpeg',
ContentLength: file.length
};
s3Client.createBucket({ Bucket: bucket }).promise()
.then(() => s3Client.putObject(params).promise())
.then(() => s3rver.close(done))
.catch((err) => s3rver.close(() => done(err)));
});
});

it('should load a CORS configuration file', function (done) {
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true,
cors: path.join(__dirname, 'resources/cors1.xml')
}).run((err) => {
if (err) return done(err);
s3rver.close(done);
});
});

it('should add the Access-Control-Allow-Origin header for default (wildcard) configurations', function (done) {
const origin = 'http://a-test.example.com';
const params = { Bucket: bucket, Key: 'image' };
const url = s3Client.getSignedUrl('getObject', params);
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true
}).run((err) => {
if (err) return done(err);

request({ url, headers: { origin } }, function (err, response, body) {
s3rver.close(() => {
if (err) return done(err);

response.statusCode.should.equal(200);
response.headers.should.have.property('access-control-allow-origin', '*');
done();
});
});
});
});

it('should add the Access-Control-Allow-Origin header for a matching origin', function (done) {
const origin = 'http://a-test.example.com';
const params = { Bucket: bucket, Key: 'image' };
const url = s3Client.getSignedUrl('getObject', params);
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true,
cors: path.join(__dirname, 'resources/cors2.xml')
}).run((err) => {
if (err) return done(err);

request({ url, headers: { origin } }, function (err, response, body) {
s3rver.close(() => {
if (err) return done(err);

response.statusCode.should.equal(200);
response.headers.should.have.property('access-control-allow-origin', origin);
done();
});
});
});
});

it('should not add the Access-Control-Allow-Origin header for a non-matching origin', function (done) {
const origin = 'http://b-test.example.com';
const params = { Bucket: bucket, Key: 'image' };
const url = s3Client.getSignedUrl('getObject', params);
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true,
cors: path.join(__dirname, 'resources/cors2.xml')
}).run((err) => {
if (err) return done(err);

request({ url, headers: { origin } }, function (err, response, body) {
s3rver.close(() => {
if (err) return done(err);

response.statusCode.should.equal(200);
response.headers.should.not.have.property('access-control-allow-origin');
done();
});
});
});
});

it('should expose appropriate headers for a range request', function (done) {
const origin = 'http://a-test.example.com';
const params = { Bucket: bucket, Key: 'image' };
const url = s3Client.getSignedUrl('getObject', params);
const s3rver = new S3rver({
port: 4569,
hostname: 'localhost',
silent: true,
cors: path.join(__dirname, 'resources/cors2.xml')
}).run((err) => {
if (err) return done(err);

request({ url, headers: { origin, range: 'bytes=0-100' } }, function (err, response, body) {
s3rver.close(() => {
if (err) return done(err);

response.statusCode.should.equal(206);
response.headers.should.have.property('access-control-expose-headers', 'Accept-Ranges,Content-Range,Content-Encoding,Content-Length');
done();
});
});
});
});
});

describe('S3rver Tests with Static Web Hosting', function () {
const bucket = 'site';
let s3rver, s3Client;
Expand Down

0 comments on commit 13867ae

Please sign in to comment.