| app.js | ●●●●● patch | view | raw | blame | history | |
| lib/db.js | ●●●●● patch | view | raw | blame | history | |
| package.json | ●●●●● patch | view | raw | blame | history | |
| settings.default.json | ●●●●● patch | view | raw | blame | history | |
| test/testConnect.js | ●●●●● patch | view | raw | blame | history |
app.js
@@ -30,7 +30,7 @@ // console.log(req.url) const token = req.query.token if (token !== settings.authtoken && !req.url.startsWith("/ui/")) { if (token !== settings.authtoken && !req.url.startsWith("/ui/") && !req.url.startsWith("/api/version")) { log.error("# AUTH ERROR #", token) await promiseDelay(500) // delay response to avoid denial of service attacks res.code(403) @@ -40,11 +40,19 @@ } }) /////// VERSION //////////////////////////////////////////////////////////////// fastify.get("/api/version", async function (req, res) { const {version} = require("./package.json") return res.send({version}) }) /////// SEARCH //////////////////////////////////////////////////////////////// const searchLib = require("./lib/search") const {setStatus} = require("./lib/db") searchLib.doIndex().catch(console.error) fastify .get("/api/search/user", async function (req, res) { log.info(req.query) @@ -67,10 +75,10 @@ }) }) fastify /////// USER //////////////////////////////////////////////////////////////// fastify .get('/api/user', async function (req, res) { const {offset, limit, search} = req.query const users = await db.getUsers(offset, limit, search) lib/db.js
@@ -87,7 +87,7 @@ } async function getUsers(offset = 0, limit = 10, search = null) { log.info("++++++++++ get users", offset, limit, search) // log.info("++++++++++ get users", offset, limit, search) limit = Number(limit) || 10 offset = Number(offset) || 0 // TODO check args for SQL Injection package.json
@@ -10,7 +10,8 @@ "dev": "nodemon app.js", "dev-ui": "vite", "build": "vite build", "php": "bash copyPhp" "php": "bash copyPhp", "test-connect": "mocha test/testConnect.js" }, "dependencies": { "@fastify/compress": "^8.0.1", settings.default.json
@@ -1,6 +1,7 @@ { "authtoken": "jiuGfr432898D90290kjfsldkfn3hh8F", "port": 4101, "restUrl": "http://localhost:4101", "db": { "host": "localhost", "port": 33009, test/testConnect.js
@@ -12,6 +12,10 @@ describe("connection test", function () { const urlS = settings.ilias.url const urlD = new URL(urlS) const url = urlD.origin beforeEach(async function () { }) @@ -21,10 +25,6 @@ describe("the ILIAS URL", function () { it("should be accessible", async function () { const urlS = settings.ilias.url const urlD = new URL(urlS) const url = urlD.origin const res = await fetch(url) expect(res.status).to.equal(200) expect(res.statusText.toUpperCase()).to.equal("OK") @@ -33,8 +33,6 @@ expect(text).to.contain("ILIAS") }) it("should use https", async function () { const urlS = settings.ilias.url const urlD = new URL(urlS) expect(urlD.protocol).to.equal("https:") }) }) @@ -74,6 +72,45 @@ }) }) describe("the rest service", function () { it("should be accessible through GET /version", async function () { const urlR = `${settings.restUrl}/api/version` const res = await fetch(urlR) // console.log(res) const data = await res.json() // console.log(data) expect(data).to.be.a("object") expect(data).to.have.property("version") expect(data.version).to.be.a("string") }) it("should not be accessible without TOKEN", async function () { const urlR = `${settings.restUrl}/api/user?offset=0&limit=1` const res = await fetch(urlR) expect(res.status).to.equal(403) }) it("should be accessible with TOKEN", async function () { const urlR = `${settings.restUrl}/api/user?offset=0&limit=1&token=${settings.authtoken}` const res = await fetch(urlR) expect(res.status).to.equal(200) const data = await res.json() // console.log(data) expect(data).to.be.a("object") expect(data.total).to.be.a("number").above(0) expect(data.offset).to.equal(0) expect(data.limit).to.equal(1) const data2 = data.data expect(data2).to.be.a("array").and.to.be.lengthOf(1) const user = data2[0] expect(user.usr_id).to.be.a("number").above(0) expect(user).to.have.property("login") expect(user).to.have.property("firstname") expect(user).to.have.property("lastname") }) }) })
