WIP(shops): safer debug mode

2025-12-17 22:57:21 +01:00 · 2024-05-21 09:11:18 -05:00
parent 36b589e92d
commit c0d6338eba
16 changed files with 118 additions and 90 deletions
--- a/test/api/unit/middlewares/ensureDevelopmentMode.js
+++ b/test/api/unit/middlewares/ensureDevelopmentMode.js
@@ -0,0 +1,50 @@
+/* eslint-disable global-require */
+import nconf from 'nconf';
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import ensureDevelopmentMode from '../../../../website/server/middlewares/ensureDevelopmentMode';
+import { NotFound } from '../../../../website/server/libs/errors';
+
+describe('developmentMode middleware', () => {
+  let res; let req; let
+    next;
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  it('returns not found when on production URL', () => {
+    sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(true);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('https://habitica.com');
+
+    ensureDevelopmentMode(req, res, next);
+
+    const calledWith = next.getCall(0).args;
+    expect(calledWith[0] instanceof NotFound).to.equal(true);
+  });
+
+  it('returns not found when intentionally disabled', () => {
+    sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(false);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
+
+    ensureDevelopmentMode(req, res, next);
+
+    const calledWith = next.getCall(0).args;
+    expect(calledWith[0] instanceof NotFound).to.equal(true);
+  });
+
+  it('passes when enabled and on non-production URL', () => {
+    sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(true);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
+
+    ensureDevelopmentMode(req, res, next);
+
+    expect(next).to.be.calledOnce;
+    expect(next.args[0]).to.be.empty;
+  });
+});
--- a/test/api/unit/middlewares/ensureDevelpmentMode.js
+++ b/test/api/unit/middlewares/ensureDevelpmentMode.js
@@ -1,38 +0,0 @@
-/* eslint-disable global-require */
-import nconf from 'nconf';
-import {
-  generateRes,
-  generateReq,
-  generateNext,
-} from '../../../helpers/api-unit.helper';
-import ensureDevelpmentMode from '../../../../website/server/middlewares/ensureDevelpmentMode';
-import { NotFound } from '../../../../website/server/libs/errors';
-
-describe('developmentMode middleware', () => {
-  let res; let req; let
-    next;
-
-  beforeEach(() => {
-    res = generateRes();
-    req = generateReq();
-    next = generateNext();
-  });
-
-  it('returns not found when in production mode', () => {
-    sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
-
-    ensureDevelpmentMode(req, res, next);
-
-    const calledWith = next.getCall(0).args;
-    expect(calledWith[0] instanceof NotFound).to.equal(true);
-  });
-
-  it('passes when not in production', () => {
-    sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
-
-    ensureDevelpmentMode(req, res, next);
-
-    expect(next).to.be.calledOnce;
-    expect(next.args[0]).to.be.empty;
-  });
-});
--- a/test/api/unit/middlewares/ensureTimeTravelMode.js
+++ b/test/api/unit/middlewares/ensureTimeTravelMode.js
@@ -18,8 +18,19 @@ describe('timetravelMode middleware', () => {
    next = generateNext();
  });

+  it('returns not found when using production URL', () => {
+    sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(false);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('https://habitica.com');
+
+    ensureTimeTravelMode(req, res, next);
+
+    const calledWith = next.getCall(0).args;
+    expect(calledWith[0] instanceof NotFound).to.equal(true);
+  });
+
  it('returns not found when not in time travel mode', () => {
-    sandbox.stub(nconf, 'get').withArgs('ENABLE_TIME_TRAVEL').returns(false);
+    sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(false);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');

    ensureTimeTravelMode(req, res, next);

@@ -28,7 +39,8 @@ describe('timetravelMode middleware', () => {
  });

  it('passes when in time travel mode', () => {
-    sandbox.stub(nconf, 'get').withArgs('ENABLE_TIME_TRAVEL').returns(true);
+    sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(true);
+    sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');

    ensureTimeTravelMode(req, res, next);

--- a/test/api/v3/integration/debug/GET-debug-timeTravelTime.test.js
+++ b/test/api/v3/integration/debug/GET-debug-timeTravelTime.test.js
@@ -10,25 +10,25 @@ describe('GET /debug/time-travel-time', () => {
  });

  after(() => {
-    nconf.set('ENABLE_TIME_TRAVEL', false);
+    nconf.set('TIME_TRAVEL_ENABLED', false);
  });

  it('returns the shifted time', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const result = await user.get('/debug/time-travel-time');
    expect(result.time).to.exist;
    await user.post('/debug/jump-time', { disable: true });
  });

  it('returns shifted when the user is not an admin', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const regularUser = await generateUser();
    const result = await regularUser.get('/debug/time-travel-time');
    expect(result.time).to.exist;
  });

  it('returns error when not in time travel mode', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', false);
+    nconf.set('TIME_TRAVEL_ENABLED', false);

    await expect(user.get('/debug/time-travel-time'))
      .eventually.be.rejected.and.to.deep.equal({
--- a/test/api/v3/integration/debug/POST-debug_jumpTime.test.js
+++ b/test/api/v3/integration/debug/POST-debug_jumpTime.test.js
@@ -12,13 +12,13 @@ describe('POST /debug/jump-time', () => {
  });

  after(async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    await user.post('/debug/jump-time', { disable: true });
-    nconf.set('ENABLE_TIME_TRAVEL', false);
+    nconf.set('TIME_TRAVEL_ENABLED', false);
  });

  it('Jumps forward', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
    expect(resultDate.getDate()).to.eql(today.getDate());
    expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -30,7 +30,7 @@ describe('POST /debug/jump-time', () => {
  });

  it('jumps back', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
    expect(resultDate.getDate()).to.eql(today.getDate());
    expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -42,7 +42,7 @@ describe('POST /debug/jump-time', () => {
  });

  it('can jump a lot', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
    expect(resultDate.getDate()).to.eql(today.getDate());
    expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -52,7 +52,7 @@ describe('POST /debug/jump-time', () => {
  });

  it('returns error when the user is not an admin', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', true);
+    nconf.set('TIME_TRAVEL_ENABLED', true);
    const regularUser = await generateUser();
    await expect(regularUser.post('/debug/jump-time', { offsetDays: 1 }))
      .eventually.be.rejected.and.to.deep.equal({
@@ -63,7 +63,7 @@ describe('POST /debug/jump-time', () => {
  });

  it('returns error when not in time travel mode', async () => {
-    nconf.set('ENABLE_TIME_TRAVEL', false);
+    nconf.set('TIME_TRAVEL_ENABLED', false);

    await expect(user.post('/debug/jump-time', { offsetDays: 1 }))
      .eventually.be.rejected.and.to.deep.equal({