From 31d8cdb97572639e9abde0e8f31c9ef36f2a316d Mon Sep 17 00:00:00 2001 From: Joel Denning Date: Mon, 14 Oct 2024 20:40:28 -0600 Subject: [PATCH 1/3] Delete old integrity urls in PATCH and DELETE endpoints --- src/modify.js | 9 ++++ test/integrity.test.js | 116 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 test/integrity.test.js diff --git a/src/modify.js b/src/modify.js index 2d8ee9d..36f857e 100644 --- a/src/modify.js +++ b/src/modify.js @@ -137,9 +137,15 @@ exports.modifyService = function ( ) { return modifyLock(env, (json) => { const map = getMapFromManifest(json); + const oldUrl = map[serviceName]; + const oldIntegrity = json.integrity ? json.integrity[oldUrl] : null; + if (remove) { delete map[serviceName]; delete map[serviceName + "/"]; + if (json.integrity) { + delete json.integrity[oldUrl]; + } } else { map[serviceName] = url; @@ -164,6 +170,9 @@ exports.modifyService = function ( json.integrity = json.integrity ?? {}; json.integrity[url] = integrity; } + if (oldIntegrity && json.integrity) { + delete json.integrity[oldUrl]; + } } const alphabetical = !!getConfig().alphabetical; if (alphabetical) { diff --git a/test/integrity.test.js b/test/integrity.test.js new file mode 100644 index 0000000..60d1fa0 --- /dev/null +++ b/test/integrity.test.js @@ -0,0 +1,116 @@ +const request = require("supertest"); +const { app, setConfig } = require("../src/web-server"); +const { + resetManifest: resetMemoryManifest, +} = require("../src/io-methods/memory"); + +describe(`integrity`, () => { + beforeAll(() => { + setConfig({ + manifestFormat: "importmap", + packagesViaTrailingSlashes: true, + locations: { + prod: "memory://prod", + }, + }); + }); + + beforeEach(() => { + resetMemoryManifest(); + }); + + it(`sets integrity field in import map`, async () => { + const url = "/a.js"; + const integrity = "sha256-example"; + + const response = await request(app) + .patch("/services") + .query({ + skip_url_check: true, + }) + .set("accept", "json") + .send({ + service: "a", + url, + integrity, + }) + .expect(200) + .expect("Content-Type", /json/); + + expect(response.body.integrity).toMatchObject({ + [url]: integrity, + }); + }); + + it(`removes old integrity when patching a service`, async () => { + const url = "/a.js"; + const integrity = "sha256-a"; + + const response = await request(app) + .patch("/services") + .query({ + skip_url_check: true, + }) + .set("accept", "json") + .send({ + service: "a", + url, + integrity, + }) + .expect(200) + .expect("Content-Type", /json/); + + expect(response.body.integrity[url]).not.toBeUndefined(); + + const url2 = "/a2.js"; + const integrity2 = "sha256-a2"; + + const response2 = await request(app) + .patch("/services") + .query({ + skip_url_check: true, + }) + .set("accept", "json") + .send({ + service: "a", + url: url2, + integrity: integrity2, + }) + .expect(200) + .expect("Content-Type", /json/); + + expect(response2.body.integrity[url]).toBeUndefined(); + expect(response2.body.integrity[url2]).not.toBeUndefined(); + }); + + it(`deletes old integrity when deleting a service`, async () => { + const url = "/a.js"; + const integrity = "sha256-example"; + + const response = await request(app) + .patch("/services") + .query({ + skip_url_check: true, + }) + .set("accept", "json") + .send({ + service: "a", + url, + integrity, + }) + .expect(200) + .expect("Content-Type", /json/); + + expect(response.body.integrity).toMatchObject({ + [url]: integrity, + }); + + const response2 = await request(app) + .delete("/services/a") + .set("accept", "json") + .send() + .expect(200) + .expect("Content-Type", /json/); + expect(response2.body.integrity[url]).toBeUndefined(); + }); +}); From d118983ab77c9b4d1c2850641d1304a3c6fb9579 Mon Sep 17 00:00:00 2001 From: Joel Denning Date: Mon, 14 Oct 2024 20:42:54 -0600 Subject: [PATCH 2/3] Self review --- src/modify.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modify.js b/src/modify.js index 36f857e..4e98ad0 100644 --- a/src/modify.js +++ b/src/modify.js @@ -143,7 +143,7 @@ exports.modifyService = function ( if (remove) { delete map[serviceName]; delete map[serviceName + "/"]; - if (json.integrity) { + if (oldUrl && json.integrity) { delete json.integrity[oldUrl]; } } else { @@ -170,7 +170,7 @@ exports.modifyService = function ( json.integrity = json.integrity ?? {}; json.integrity[url] = integrity; } - if (oldIntegrity && json.integrity) { + if (oldUrl && json.integrity) { delete json.integrity[oldUrl]; } } From 644fb754b1fa8077bbb58ae91477c937fdc37707 Mon Sep 17 00:00:00 2001 From: Joel Denning Date: Mon, 14 Oct 2024 20:44:22 -0600 Subject: [PATCH 3/3] Self review --- src/modify.js | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/modify.js b/src/modify.js index 4e98ad0..8d80df4 100644 --- a/src/modify.js +++ b/src/modify.js @@ -138,14 +138,13 @@ exports.modifyService = function ( return modifyLock(env, (json) => { const map = getMapFromManifest(json); const oldUrl = map[serviceName]; - const oldIntegrity = json.integrity ? json.integrity[oldUrl] : null; + if (oldUrl && json.integrity) { + delete json.integrity[oldUrl]; + } if (remove) { delete map[serviceName]; delete map[serviceName + "/"]; - if (oldUrl && json.integrity) { - delete json.integrity[oldUrl]; - } } else { map[serviceName] = url; @@ -170,9 +169,6 @@ exports.modifyService = function ( json.integrity = json.integrity ?? {}; json.integrity[url] = integrity; } - if (oldUrl && json.integrity) { - delete json.integrity[oldUrl]; - } } const alphabetical = !!getConfig().alphabetical; if (alphabetical) {