krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-14 13:17:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

WIP(shops): safer debug mode

Browse Source
This commit is contained in:
Sabe Jones
2024-05-21 09:11:18 -05:00
parent 36b589e92d
commit c0d6338eba
16 changed files with 118 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.json.example
View File

@@ -88,5 +88,6 @@
"REDIS_PORT": "1234", "REDIS_PORT": "1234",
"REDIS_PASSWORD": "12345678", "REDIS_PASSWORD": "12345678",
"TRUSTED_DOMAINS": "localhost,https://habitica.com", "TRUSTED_DOMAINS": "localhost,https://habitica.com",
"ENABLE_TIME_TRAVEL": "false" "TIME_TRAVEL_ENABLED": "false",
"DEBUG_ENABLED": "false"
} }

50
test/api/unit/middlewares/ensureDevelopmentMode.js Normal file
View File

@@ -0,0 +1,50 @@
/* eslint-disable global-require */
import nconf from 'nconf';
import {
generateRes,
generateReq,
generateNext,
} from '../../../helpers/api-unit.helper';
import ensureDevelopmentMode from '../../../../website/server/middlewares/ensureDevelopmentMode';
import { NotFound } from '../../../../website/server/libs/errors';
describe('developmentMode middleware', () => {
let res; let req; let
next;
beforeEach(() => {
res = generateRes();
req = generateReq();
next = generateNext();
});
it('returns not found when on production URL', () => {
sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(true);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('https://habitica.com');
ensureDevelopmentMode(req, res, next);
const calledWith = next.getCall(0).args;
expect(calledWith[0] instanceof NotFound).to.equal(true);
});
it('returns not found when intentionally disabled', () => {
sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(false);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
ensureDevelopmentMode(req, res, next);
const calledWith = next.getCall(0).args;
expect(calledWith[0] instanceof NotFound).to.equal(true);
});
it('passes when enabled and on non-production URL', () => {
sandbox.stub(nconf, 'get').withArgs('DEBUG_ENABLED').returns(true);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
ensureDevelopmentMode(req, res, next);
expect(next).to.be.calledOnce;
expect(next.args[0]).to.be.empty;
});
});

38
test/api/unit/middlewares/ensureDevelpmentMode.js
View File

@@ -1,38 +0,0 @@
/* eslint-disable global-require */
import nconf from 'nconf';
import {
generateRes,
generateReq,
generateNext,
} from '../../../helpers/api-unit.helper';
import ensureDevelpmentMode from '../../../../website/server/middlewares/ensureDevelpmentMode';
import { NotFound } from '../../../../website/server/libs/errors';
describe('developmentMode middleware', () => {
let res; let req; let
next;
beforeEach(() => {
res = generateRes();
req = generateReq();
next = generateNext();
});
it('returns not found when in production mode', () => {
sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
ensureDevelpmentMode(req, res, next);
const calledWith = next.getCall(0).args;
expect(calledWith[0] instanceof NotFound).to.equal(true);
});
it('passes when not in production', () => {
sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
ensureDevelpmentMode(req, res, next);
expect(next).to.be.calledOnce;
expect(next.args[0]).to.be.empty;
});
});

16
test/api/unit/middlewares/ensureTimeTravelMode.js
View File

@@ -18,8 +18,19 @@ describe('timetravelMode middleware', () => {
next = generateNext(); next = generateNext();
}); });
it('returns not found when using production URL', () => {
sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(false);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('https://habitica.com');
ensureTimeTravelMode(req, res, next);
const calledWith = next.getCall(0).args;
expect(calledWith[0] instanceof NotFound).to.equal(true);
});
it('returns not found when not in time travel mode', () => { it('returns not found when not in time travel mode', () => {
sandbox.stub(nconf, 'get').withArgs('ENABLE_TIME_TRAVEL').returns(false); sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(false);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
ensureTimeTravelMode(req, res, next); ensureTimeTravelMode(req, res, next);
@@ -28,7 +39,8 @@ describe('timetravelMode middleware', () => {
}); });
it('passes when in time travel mode', () => { it('passes when in time travel mode', () => {
sandbox.stub(nconf, 'get').withArgs('ENABLE_TIME_TRAVEL').returns(true); sandbox.stub(nconf, 'get').withArgs('TIME_TRAVEL_ENABLED').returns(true);
sandbox.stub(nconf, 'get').withArgs('BASE_URL').returns('http://localhost:3000');
ensureTimeTravelMode(req, res, next); ensureTimeTravelMode(req, res, next);

8
test/api/v3/integration/debug/GET-debug-timeTravelTime.test.js
View File

@@ -10,25 +10,25 @@ describe('GET /debug/time-travel-time', () => {
}); });
after(() => { after(() => {
nconf.set('ENABLE_TIME_TRAVEL', false); nconf.set('TIME_TRAVEL_ENABLED', false);
}); });
it('returns the shifted time', async () => { it('returns the shifted time', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const result = await user.get('/debug/time-travel-time'); const result = await user.get('/debug/time-travel-time');
expect(result.time).to.exist; expect(result.time).to.exist;
await user.post('/debug/jump-time', { disable: true }); await user.post('/debug/jump-time', { disable: true });
}); });
it('returns shifted when the user is not an admin', async () => { it('returns shifted when the user is not an admin', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const regularUser = await generateUser(); const regularUser = await generateUser();
const result = await regularUser.get('/debug/time-travel-time'); const result = await regularUser.get('/debug/time-travel-time');
expect(result.time).to.exist; expect(result.time).to.exist;
}); });
it('returns error when not in time travel mode', async () => { it('returns error when not in time travel mode', async () => {
nconf.set('ENABLE_TIME_TRAVEL', false); nconf.set('TIME_TRAVEL_ENABLED', false);
await expect(user.get('/debug/time-travel-time')) await expect(user.get('/debug/time-travel-time'))
.eventually.be.rejected.and.to.deep.equal({ .eventually.be.rejected.and.to.deep.equal({

14
test/api/v3/integration/debug/POST-debug_jumpTime.test.js
View File

@@ -12,13 +12,13 @@ describe('POST /debug/jump-time', () => {
}); });
after(async () => { after(async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
await user.post('/debug/jump-time', { disable: true }); await user.post('/debug/jump-time', { disable: true });
nconf.set('ENABLE_TIME_TRAVEL', false); nconf.set('TIME_TRAVEL_ENABLED', false);
}); });
it('Jumps forward', async () => { it('Jumps forward', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time); const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
expect(resultDate.getDate()).to.eql(today.getDate()); expect(resultDate.getDate()).to.eql(today.getDate());
expect(resultDate.getMonth()).to.eql(today.getMonth()); expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -30,7 +30,7 @@ describe('POST /debug/jump-time', () => {
}); });
it('jumps back', async () => { it('jumps back', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time); const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
expect(resultDate.getDate()).to.eql(today.getDate()); expect(resultDate.getDate()).to.eql(today.getDate());
expect(resultDate.getMonth()).to.eql(today.getMonth()); expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -42,7 +42,7 @@ describe('POST /debug/jump-time', () => {
}); });
it('can jump a lot', async () => { it('can jump a lot', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time); const resultDate = new Date((await user.post('/debug/jump-time', { reset: true })).time);
expect(resultDate.getDate()).to.eql(today.getDate()); expect(resultDate.getDate()).to.eql(today.getDate());
expect(resultDate.getMonth()).to.eql(today.getMonth()); expect(resultDate.getMonth()).to.eql(today.getMonth());
@@ -52,7 +52,7 @@ describe('POST /debug/jump-time', () => {
}); });
it('returns error when the user is not an admin', async () => { it('returns error when the user is not an admin', async () => {
nconf.set('ENABLE_TIME_TRAVEL', true); nconf.set('TIME_TRAVEL_ENABLED', true);
const regularUser = await generateUser(); const regularUser = await generateUser();
await expect(regularUser.post('/debug/jump-time', { offsetDays: 1 })) await expect(regularUser.post('/debug/jump-time', { offsetDays: 1 }))
.eventually.be.rejected.and.to.deep.equal({ .eventually.be.rejected.and.to.deep.equal({
@@ -63,7 +63,7 @@ describe('POST /debug/jump-time', () => {
}); });
it('returns error when not in time travel mode', async () => { it('returns error when not in time travel mode', async () => {
nconf.set('ENABLE_TIME_TRAVEL', false); nconf.set('TIME_TRAVEL_ENABLED', false);
await expect(user.post('/debug/jump-time', { offsetDays: 1 })) await expect(user.post('/debug/jump-time', { offsetDays: 1 }))
.eventually.be.rejected.and.to.deep.equal({ .eventually.be.rejected.and.to.deep.equal({

12
website/client/src/components/appFooter.vue
View File

@@ -291,7 +291,7 @@
</div> </div>
<div <div
v-if="ENABLE_TIME_TRAVEL && user.permissions && user.permissions.fullAccess" v-if="TIME_TRAVEL_ENABLED && user.permissions && user.permissions.fullAccess"
:key="lastTimeJump" :key="lastTimeJump"
> >
<a <a
@@ -328,7 +328,7 @@
</div> </div>
<div <div
v-if="ENABLE_TIME_TRAVEL && isUserLoaded" v-if="DEBUG_ENABLED && isUserLoaded"
class="debug-toggle" class="debug-toggle"
> >
<button <button
@@ -826,8 +826,8 @@ import buyGemsModal from './payments/buyGemsModal.vue';
import reportBug from '@/mixins/reportBug.js'; import reportBug from '@/mixins/reportBug.js';
import { worldStateMixin } from '@/mixins/worldState'; import { worldStateMixin } from '@/mixins/worldState';
const IS_PRODUCTION = process.env.NODE_ENV === 'production'; // eslint-disable-line no-process-env const DEBUG_ENABLED = process.env.DEBUG_ENABLED; // eslint-disable-line no-process-env
const ENABLE_TIME_TRAVEL = process.env.ENABLE_TIME_TRAVEL === 'true'; // eslint-disable-line no-process-env const TIME_TRAVEL_ENABLED = process.env.TIME_TRAVEL_ENABLED; // eslint-disable-line no-process-env
export default { export default {
components: { components: {
buyGemsModal, buyGemsModal,
@@ -847,8 +847,8 @@ export default {
heart, heart,
}), }),
debugMenuShown: false, debugMenuShown: false,
IS_PRODUCTION, DEBUG_ENABLED,
ENABLE_TIME_TRAVEL, TIME_TRAVEL_ENABLED,
lastTimeJump: null, lastTimeJump: null,
}; };
}, },

1
website/client/src/components/shops/buyModal.vue
View File

@@ -825,6 +825,7 @@ export default {
const buySuccess = await this.unlock(this.item.path); const buySuccess = await this.unlock(this.item.path);
if (!buySuccess) return; if (!buySuccess) return;
this.sync(); this.sync();
this.$root.$emit('playSound', 'Reward');
this.purchased(this.item.text); this.purchased(this.item.text);
} else { } else {
const shouldConfirmPurchase = this.item.currency === 'gems' || this.item.currency === 'hourglasses'; const shouldConfirmPurchase = this.item.currency === 'gems' || this.item.currency === 'hourglasses';

10
website/client/src/components/shops/shopItem.vue
View File

@@ -165,11 +165,12 @@
} }
.price { .price {
height: 1.75rem; border-radius: 0px 0px 4px 4px;
width: 94px; font-size: 0.75rem;
line-height: 1;
margin-left: -1px; margin-left: -1px;
margin-right: -1px; margin-right: -1px;
border-radius: 0px 0px 4px 4px; padding: 0.375rem 0;
&.gems { &.gems {
background-color: rgba($green-100, 0.15); background-color: rgba($green-100, 0.15);
@@ -190,10 +191,7 @@
.price-label { .price-label {
font-family: Roboto; font-family: Roboto;
font-size: 12px;
font-weight: bold; font-weight: bold;
line-height: 1.33;
margin-bottom: 1px;
&.gems { &.gems {
color: $green-1; color: $green-1;

2
website/client/src/main.js
View File

@@ -36,7 +36,7 @@ setUpLogging();
setupAnalytics(); // just create queues for analytics, no scripts loaded at this time setupAnalytics(); // just create queues for analytics, no scripts loaded at this time
const store = getStore(); const store = getStore();
if (process.env.ENABLE_TIME_TRAVEL) { if (process.env.TIME_TRAVEL_ENABLED) {
(async () => { (async () => {
const sinon = await import('sinon'); const sinon = await import('sinon');
if (axios.defaults.headers.common['x-api-user']) { if (axios.defaults.headers.common['x-api-user']) {

3
website/client/vue.config.js
View File

@@ -28,7 +28,8 @@ const envVars = [
'AMPLITUDE_KEY', 'AMPLITUDE_KEY',
'LOGGLY_CLIENT_TOKEN', 'LOGGLY_CLIENT_TOKEN',
'TRUSTED_DOMAINS', 'TRUSTED_DOMAINS',
'ENABLE_TIME_TRAVEL', 'TIME_TRAVEL_ENABLED',
'DEBUG_ENABLED'
// TODO necessary? if yes how not to mess up with vue cli? 'NODE_ENV' // TODO necessary? if yes how not to mess up with vue cli? 'NODE_ENV'
]; ];

14
website/server/controllers/api-v3/debug.js
View File

@@ -2,7 +2,7 @@ import _ from 'lodash';
import sinon from 'sinon'; import sinon from 'sinon';
import moment from 'moment'; import moment from 'moment';
import { authWithHeaders } from '../../middlewares/auth'; import { authWithHeaders } from '../../middlewares/auth';
import ensureDevelpmentMode from '../../middlewares/ensureDevelpmentMode'; import ensureDevelopmentMode from '../../middlewares/ensureDevelopmentMode';
import ensureTimeTravelMode from '../../middlewares/ensureTimeTravelMode'; import ensureTimeTravelMode from '../../middlewares/ensureTimeTravelMode';
import { BadRequest } from '../../libs/errors'; import { BadRequest } from '../../libs/errors';
import common from '../../../common'; import common from '../../../common';
@@ -33,7 +33,7 @@ const api = {};
api.addTenGems = { api.addTenGems = {
method: 'POST', method: 'POST',
url: '/debug/add-ten-gems', url: '/debug/add-ten-gems',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
@@ -56,7 +56,7 @@ api.addTenGems = {
api.addHourglass = { api.addHourglass = {
method: 'POST', method: 'POST',
url: '/debug/add-hourglass', url: '/debug/add-hourglass',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
@@ -79,7 +79,7 @@ api.addHourglass = {
api.setCron = { api.setCron = {
method: 'POST', method: 'POST',
url: '/debug/set-cron', url: '/debug/set-cron',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
const cron = req.body.lastCron; const cron = req.body.lastCron;
@@ -103,7 +103,7 @@ api.setCron = {
api.makeAdmin = { api.makeAdmin = {
method: 'POST', method: 'POST',
url: '/debug/make-admin', url: '/debug/make-admin',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
@@ -134,7 +134,7 @@ api.makeAdmin = {
api.modifyInventory = { api.modifyInventory = {
method: 'POST', method: 'POST',
url: '/debug/modify-inventory', url: '/debug/modify-inventory',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
const { gear } = req.body; const { gear } = req.body;
@@ -176,7 +176,7 @@ api.modifyInventory = {
api.questProgress = { api.questProgress = {
method: 'POST', method: 'POST',
url: '/debug/quest-progress', url: '/debug/quest-progress',
middlewares: [ensureDevelpmentMode, authWithHeaders()], middlewares: [ensureDevelopmentMode, authWithHeaders()],
async handler (req, res) { async handler (req, res) {
const { user } = res.locals; const { user } = res.locals;
const key = _.get(user, 'party.quest.key'); const key = _.get(user, 'party.quest.key');

3
website/server/libs/analyticsService.js
View File

@@ -353,10 +353,13 @@ const mockAnalyticsService = {
// Return the production or mock service based on the current environment // Return the production or mock service based on the current environment
function getServiceByEnvironment () { function getServiceByEnvironment () {
if (nconf.get('IS_PROD') || (nconf.get('DEBUG_ENABLED') && !nconf.get('BASE_URL').includes('localhost'))) {
return { return {
track, track,
trackPurchase, trackPurchase,
}; };
}
return mockAnalyticsService;
} }
export { export {

12
website/server/middlewares/ensureDevelopmentMode.js Normal file
View File

@@ -0,0 +1,12 @@
import nconf from 'nconf';
import {
NotFound,
} from '../libs/errors';
export default function ensureDevelopmentMode (req, res, next) {
if (nconf.get('DEBUG_ENABLED') && nconf.get('BASE_URL') !== 'https://habitica.com') {
next();
} else {
next(new NotFound());
}
}

12
website/server/middlewares/ensureDevelpmentMode.js
View File

@@ -1,12 +0,0 @@
import nconf from 'nconf';
import {
NotFound,
} from '../libs/errors';
export default function ensureDevelpmentMode (req, res, next) {
if (!nconf.get('ENABLE_TIME_TRAVEL')) {
next(new NotFound());
} else {
next();
}
}

2
website/server/middlewares/ensureTimeTravelMode.js
View File

@@ -4,7 +4,7 @@ import {
} from '../libs/errors'; } from '../libs/errors';
export default function ensureTimeTravelMode (req, res, next) { export default function ensureTimeTravelMode (req, res, next) {
if (nconf.get('ENABLE_TIME_TRAVEL')) { if (nconf.get('TIME_TRAVEL_ENABLED') && nconf.get('BASE_URL') !== 'https://habitica.com') {
next(); next();
} else { } else {
next(new NotFound()); next(new NotFound());