versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
server/api/api/v1/accounts/update_credentials/index.test.ts
Jesse Wierzbinski 84b9fc3719
refactor(api): ♻️ Refactor test code to use new client
2025-03-22 04:04:06 +01:00

48 lines
1.8 KiB
TypeScript
Raw Blame History

import { afterAll, describe, expect, test } from "bun:test";
import { config } from "~/config.ts";
import { generateClient, getTestUsers } from "~/tests/utils";
const { users, deleteUsers } = await getTestUsers(1);
afterAll(async () => {
await deleteUsers();
});
// /api/v1/accounts/update_credentials
describe("/api/v1/accounts/update_credentials", () => {
describe("HTML injection testing", () => {
test("should not allow HTML injection", async () => {
await using client = await generateClient(users[0]);
const { ok, data } = await client.updateCredentials({
note: "Hi! <script>alert('Hello, world!');</script>",
});
expect(ok).toBe(true);
expect(data.note).toBe(
"<p>Hi! &lt;script&gt;alert('Hello, world!');&lt;/script&gt;</p>\n",
);
});
test("should rewrite all image and video src to go through proxy", async () => {
await using client = await generateClient(users[0]);
const { ok, data } = await client.updateCredentials({
note: "<img src='https://example.com/image.jpg'> <video src='https://example.com/video.mp4'> Test!",
});
expect(ok).toBe(true);
expect(data.note).toBe(
// Proxy url is base_url/media/proxy/<base64url encoded url>
`<p><img src="${config.http.base_url}media/proxy/${Buffer.from(
"https://example.com/image.jpg",
).toString("base64url")}"> <video src="${
config.http.base_url
}media/proxy/${Buffer.from(
"https://example.com/video.mp4",
).toString("base64url")}"> Test!</p>\n`,
);
});
});
});
Reference in a new issue View git blame Copy permalink