add basic test, disable etag on post routes as well, paypal ipn: prevent set headers after response error

2025-10-26 10:42:52 +01:00 · 2020-04-17 14:50:09 +02:00
parent f757e645b7
commit 24e1bfdfba
4 changed files with 38 additions and 4 deletions
--- a/test/api/unit/middlewares/cache.test.js
+++ b/test/api/unit/middlewares/cache.test.js
@@ -0,0 +1,31 @@
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import {
+  disableCache,
+} from '../../../../website/server/middlewares/cache';
+
+describe('cache middlewares', () => {
+  let res; let req; let
+    next;
+
+  beforeEach(() => {
+    req = generateReq();
+    res = generateRes();
+    next = generateNext();
+  });
+
+  describe('disableCache', () => {
+    it('sets the correct headers', () => {
+      disableCache(req, res, next);
+      expect(res.set).to.have.been.calledWith('Cache-Control', 'no-store');
+      expect(next).to.have.been.calledOnce;
+    });
+
+    xit('removes the etag header', () => {
+      // @TODO how to stub onHeaders
+    });
+  });
+});
--- a/website/server/controllers/top-level/payments/paypal.js
+++ b/website/server/controllers/top-level/payments/paypal.js
@@ -1,5 +1,6 @@
 /* eslint-disable camelcase */
 import paypalPayments from '../../../libs/payments/paypal';
+import logger from '../../../libs/logger';
 import shared from '../../../../common';
 import {
  authWithSession,
@@ -171,7 +172,9 @@ api.ipn = {
  async handler (req, res) {
    res.sendStatus(200);

-    await paypalPayments.ipn(req.body);
+    paypalPayments
+      .ipn(req.body)
+      .catch(err => logger.error(err));
  },
 };

--- a/website/server/libs/routes.js
+++ b/website/server/libs/routes.js
@@ -33,8 +33,8 @@ export function readController (router, controller, overrides = []) {

    method = method.toLowerCase();

-    // all get routes with mandatory or optional authentication
-    if (method === 'get' && authMiddlewareIndex !== -1) {
+    // disable caching for all routes with mandatory or optional authentication
+    if (authMiddlewareIndex !== -1) {
      middlewares.unshift(disableCache);
    }

--- a/website/server/middlewares/cache.js
+++ b/website/server/middlewares/cache.js
@@ -4,7 +4,7 @@ export function disableCache (req, res, next) {
  res.header('Cache-Control', 'no-store');

  // Remove the etag header when caching is disabled
-  // Unfortunately it's not possible to prevent the creation right now
+  // @TODO Unfortunately it's not possible to prevent the creation right now
  // See this issue https://github.com/expressjs/express/issues/2472
  onHeaders(res, function removeEtag () {
    this.removeHeader('ETag');