mirror of
https://github.com/immich-app/immich.git
synced 2026-07-03 11:25:24 -07:00
875dd2dead
* fix: check origins with URL constructor * fix: fallback * chore: tests
86 lines
2.8 KiB
TypeScript
86 lines
2.8 KiB
TypeScript
import { OpenQueryParam } from '$lib/constants';
|
|
import { Route } from '$lib/route';
|
|
|
|
describe('Route', () => {
|
|
describe(Route.login.name, () => {
|
|
it('should encode continue', () => {
|
|
expect(Route.login({ continue: '/some/path?with=query', autoLaunch: 1 })).toBe(
|
|
'/auth/login?continue=%2Fsome%2Fpath%3Fwith%3Dquery&autoLaunch=1',
|
|
);
|
|
});
|
|
});
|
|
|
|
describe(Route.search.name, () => {
|
|
it('should work', () => {
|
|
expect(Route.search({})).toBe('/search');
|
|
});
|
|
|
|
it('should work', () => {
|
|
expect(Route.search({ make: undefined, model: 'Immich' })).toBe('/search?query=%7B%22model%22%3A%22Immich%22%7D');
|
|
});
|
|
|
|
it('should support query parameters', () => {
|
|
expect(Route.systemSettings({ isOpen: OpenQueryParam.OAUTH })).toBe('/admin/system-settings?isOpen=oauth');
|
|
});
|
|
});
|
|
|
|
describe(Route.tags.name, () => {
|
|
it('should work', () => {
|
|
expect(Route.tags()).toBe('/tags');
|
|
});
|
|
|
|
it('should support query parameters', () => {
|
|
expect(Route.tags({ path: '/some/path' })).toBe('/tags?path=%2Fsome%2Fpath');
|
|
});
|
|
|
|
it('should ignore an empty path', () => {
|
|
expect(Route.tags({ path: '' })).toBe('/tags');
|
|
});
|
|
});
|
|
|
|
describe(Route.systemSettings.name, () => {
|
|
it('should work', () => {
|
|
expect(Route.systemSettings()).toBe('/admin/system-settings');
|
|
});
|
|
|
|
it('should support query parameters', () => {
|
|
expect(Route.systemSettings({ isOpen: OpenQueryParam.OAUTH })).toBe('/admin/system-settings?isOpen=oauth');
|
|
});
|
|
});
|
|
|
|
describe(Route.continue.name, () => {
|
|
beforeEach(() => {
|
|
// @ts-expect-error - override location for testing
|
|
globalThis.location = new URL('https://my.immich.server');
|
|
vi.spyOn(document, 'baseURI', 'get').mockReturnValue('https://my.immich.server/');
|
|
});
|
|
|
|
it('should resolve relative URLs', () => {
|
|
expect(Route.continue('/some/path', '/fallback')).property('href', 'https://my.immich.server/some/path');
|
|
});
|
|
|
|
it('should resolve absolute URLs on the same origin', () => {
|
|
expect(Route.continue('https://my.immich.server/some/path', '/fallback')).property(
|
|
'href',
|
|
'https://my.immich.server/some/path',
|
|
);
|
|
});
|
|
|
|
it('should return fallback for absolute URLs on a different origin', () => {
|
|
expect(Route.continue('https://malicious.site/evil', '/fallback')).toBe('/fallback');
|
|
});
|
|
|
|
it('should return fallback for null URLs', () => {
|
|
expect(Route.continue(null, '/fallback')).property('href', 'https://my.immich.server/fallback');
|
|
});
|
|
|
|
it('should block javascript: URLs', () => {
|
|
expect(Route.continue('javascript:alert(1)', '/fallback')).toBe('/fallback');
|
|
});
|
|
|
|
it(String.raw`should block \/ URLs`, () => {
|
|
expect(Route.continue(String.raw`\/malicious.com`, '/fallback')).toBe('/fallback');
|
|
});
|
|
});
|
|
});
|