mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-14 16:44:07 -08:00
99a9ea497a
node-850 https://community.n8n.io/t/add-ability-to-set-cors-allow-list-in-n8n-webhooks/7610 https://community.n8n.io/t/configure-cors-pre-flight-request-option-method-in-the-roadmap/32189 --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
141 lines
4.2 KiB
TypeScript
141 lines
4.2 KiB
TypeScript
import { type Response } from 'express';
|
|
import { mock } from 'jest-mock-extended';
|
|
import type { IHttpRequestMethods } from 'n8n-workflow';
|
|
import type { IWebhookManager, WebhookCORSRequest, WebhookRequest } from '@/Interfaces';
|
|
import { webhookRequestHandler } from '@/WebhookHelpers';
|
|
|
|
describe('WebhookHelpers', () => {
|
|
describe('webhookRequestHandler', () => {
|
|
const webhookManager = mock<Required<IWebhookManager>>();
|
|
const handler = webhookRequestHandler(webhookManager);
|
|
|
|
beforeEach(() => {
|
|
jest.resetAllMocks();
|
|
});
|
|
|
|
it('should throw for unsupported methods', async () => {
|
|
const req = mock<WebhookRequest | WebhookCORSRequest>({
|
|
method: 'CONNECT' as IHttpRequestMethods,
|
|
});
|
|
const res = mock<Response>();
|
|
res.status.mockReturnValue(res);
|
|
|
|
await handler(req, res);
|
|
|
|
expect(res.status).toHaveBeenCalledWith(500);
|
|
expect(res.json).toHaveBeenCalledWith({
|
|
code: 0,
|
|
message: 'The method CONNECT is not supported.',
|
|
});
|
|
});
|
|
|
|
describe('preflight requests', () => {
|
|
it('should handle missing header for requested method', async () => {
|
|
const req = mock<WebhookRequest | WebhookCORSRequest>({
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
origin: 'https://example.com',
|
|
'access-control-request-method': undefined,
|
|
},
|
|
params: { path: 'test' },
|
|
});
|
|
const res = mock<Response>();
|
|
res.status.mockReturnValue(res);
|
|
|
|
webhookManager.getWebhookMethods.mockResolvedValue(['GET', 'PATCH']);
|
|
|
|
await handler(req, res);
|
|
|
|
expect(res.status).toHaveBeenCalledWith(204);
|
|
expect(res.header).toHaveBeenCalledWith(
|
|
'Access-Control-Allow-Methods',
|
|
'OPTIONS, GET, PATCH',
|
|
);
|
|
});
|
|
|
|
it('should handle default origin and max-age', async () => {
|
|
const req = mock<WebhookRequest | WebhookCORSRequest>({
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
origin: 'https://example.com',
|
|
'access-control-request-method': 'GET',
|
|
},
|
|
params: { path: 'test' },
|
|
});
|
|
const res = mock<Response>();
|
|
res.status.mockReturnValue(res);
|
|
|
|
webhookManager.getWebhookMethods.mockResolvedValue(['GET', 'PATCH']);
|
|
|
|
await handler(req, res);
|
|
|
|
expect(res.status).toHaveBeenCalledWith(204);
|
|
expect(res.header).toHaveBeenCalledWith(
|
|
'Access-Control-Allow-Methods',
|
|
'OPTIONS, GET, PATCH',
|
|
);
|
|
expect(res.header).toHaveBeenCalledWith(
|
|
'Access-Control-Allow-Origin',
|
|
'https://example.com',
|
|
);
|
|
expect(res.header).toHaveBeenCalledWith('Access-Control-Max-Age', '300');
|
|
});
|
|
|
|
it('should handle wildcard origin', async () => {
|
|
const randomOrigin = (Math.random() * 10e6).toString(16);
|
|
const req = mock<WebhookRequest | WebhookCORSRequest>({
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
origin: randomOrigin,
|
|
'access-control-request-method': 'GET',
|
|
},
|
|
params: { path: 'test' },
|
|
});
|
|
const res = mock<Response>();
|
|
res.status.mockReturnValue(res);
|
|
|
|
webhookManager.getWebhookMethods.mockResolvedValue(['GET', 'PATCH']);
|
|
webhookManager.findAccessControlOptions.mockResolvedValue({
|
|
allowedOrigins: '*',
|
|
});
|
|
|
|
await handler(req, res);
|
|
|
|
expect(res.status).toHaveBeenCalledWith(204);
|
|
expect(res.header).toHaveBeenCalledWith(
|
|
'Access-Control-Allow-Methods',
|
|
'OPTIONS, GET, PATCH',
|
|
);
|
|
expect(res.header).toHaveBeenCalledWith('Access-Control-Allow-Origin', randomOrigin);
|
|
});
|
|
|
|
it('should handle custom origin', async () => {
|
|
const req = mock<WebhookRequest | WebhookCORSRequest>({
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
origin: 'https://example.com',
|
|
'access-control-request-method': 'GET',
|
|
},
|
|
params: { path: 'test' },
|
|
});
|
|
const res = mock<Response>();
|
|
res.status.mockReturnValue(res);
|
|
|
|
webhookManager.getWebhookMethods.mockResolvedValue(['GET', 'PATCH']);
|
|
webhookManager.findAccessControlOptions.mockResolvedValue({
|
|
allowedOrigins: 'https://test.com',
|
|
});
|
|
|
|
await handler(req, res);
|
|
|
|
expect(res.status).toHaveBeenCalledWith(204);
|
|
expect(res.header).toHaveBeenCalledWith(
|
|
'Access-Control-Allow-Methods',
|
|
'OPTIONS, GET, PATCH',
|
|
);
|
|
expect(res.header).toHaveBeenCalledWith('Access-Control-Allow-Origin', 'https://test.com');
|
|
});
|
|
});
|
|
});
|
|
});
|