2021-01-05 16:12:38 -05:00
|
|
|
/*
|
2024-04-12 05:49:05 -04:00
|
|
|
* SPDX-FileCopyrightText: 2024 The HedgeDoc developers (see AUTHORS file)
|
2021-01-05 16:12:38 -05:00
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
2021-08-29 12:45:46 -04:00
|
|
|
import { promises as fs } from 'fs';
|
|
|
|
import { join } from 'path';
|
2021-04-29 16:47:18 -04:00
|
|
|
import request from 'supertest';
|
2021-08-29 12:45:46 -04:00
|
|
|
|
2020-10-17 12:47:10 -04:00
|
|
|
import { NotInDBError } from '../../src/errors/errors';
|
2021-08-29 12:45:46 -04:00
|
|
|
import { NotePermissionsUpdateDto } from '../../src/notes/note-permissions.dto';
|
2022-01-06 15:41:36 -05:00
|
|
|
import { TestSetup, TestSetupBuilder } from '../test-setup';
|
2020-08-21 15:16:20 -04:00
|
|
|
|
|
|
|
describe('Notes', () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
let testSetup: TestSetup;
|
2021-10-14 15:45:13 -04:00
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
let content: string;
|
2021-02-20 16:24:17 -05:00
|
|
|
let forbiddenNoteId: string;
|
2021-03-24 06:18:26 -04:00
|
|
|
let uploadPath: string;
|
2021-03-31 19:23:12 -04:00
|
|
|
let testImage: Buffer;
|
2020-08-21 15:16:20 -04:00
|
|
|
|
|
|
|
beforeAll(async () => {
|
2024-04-12 05:49:05 -04:00
|
|
|
testSetup = await TestSetupBuilder.create().withUsers().withNotes().build();
|
2020-08-21 15:16:20 -04:00
|
|
|
|
2021-10-14 14:52:57 -04:00
|
|
|
forbiddenNoteId =
|
2022-01-30 09:48:59 -05:00
|
|
|
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
|
2021-10-14 14:52:57 -04:00
|
|
|
uploadPath =
|
|
|
|
testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath;
|
|
|
|
|
|
|
|
await testSetup.app.init();
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
content = 'This is a test note.';
|
2021-03-31 19:23:12 -04:00
|
|
|
testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2022-03-04 07:13:46 -05:00
|
|
|
afterAll(async () => {
|
|
|
|
await testSetup.app.close();
|
|
|
|
await testSetup.cleanup();
|
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
it('POST /notes', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/notes')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2020-09-22 12:30:22 -04:00
|
|
|
.set('Content-Type', 'text/markdown')
|
2021-02-17 07:20:54 -05:00
|
|
|
.send(content)
|
2020-08-21 15:16:20 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(201);
|
|
|
|
expect(response.body.metadata?.id).toBeDefined();
|
|
|
|
expect(
|
2021-10-14 14:52:57 -04:00
|
|
|
await testSetup.notesService.getNoteContent(
|
|
|
|
await testSetup.notesService.getNoteByIdOrAlias(
|
|
|
|
response.body.metadata.id,
|
|
|
|
),
|
2021-01-30 06:47:31 -05:00
|
|
|
),
|
2021-02-17 07:20:54 -05:00
|
|
|
).toEqual(content);
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('GET /notes/{note}', () => {
|
|
|
|
it('works with an existing note', async () => {
|
2023-03-25 07:04:06 -04:00
|
|
|
// check if we can successfully get a note that exists
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2022-09-11 12:59:50 -04:00
|
|
|
.get('/api/v2/notes/testAlias1')
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
2023-03-25 07:04:06 -04:00
|
|
|
expect(response.body.content).toEqual('Test Note 1');
|
2021-02-17 07:20:54 -05:00
|
|
|
});
|
|
|
|
it('fails with an non-existing note', async () => {
|
|
|
|
// check if a missing note correctly returns 404
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/i_dont_exist')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
2021-08-29 11:36:03 -04:00
|
|
|
it('fails with a forbidden note id', async () => {
|
|
|
|
// check if a forbidden note correctly returns 400
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/forbiddenNoteId')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-08-29 11:36:03 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(400);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('POST /notes/{note}', () => {
|
|
|
|
it('works with a non-existing alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/notes/test2')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(content)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(201);
|
|
|
|
expect(response.body.metadata?.id).toBeDefined();
|
|
|
|
return expect(
|
2021-10-14 14:52:57 -04:00
|
|
|
await testSetup.notesService.getNoteContent(
|
|
|
|
await testSetup.notesService.getNoteByIdOrAlias(
|
|
|
|
response.body.metadata?.id,
|
|
|
|
),
|
2021-02-17 07:20:54 -05:00
|
|
|
),
|
|
|
|
).toEqual(content);
|
|
|
|
});
|
2021-02-20 10:10:30 -05:00
|
|
|
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post(`/api/v2/notes/${forbiddenNoteId}`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(content)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(400);
|
|
|
|
});
|
|
|
|
|
2021-02-20 10:10:30 -05:00
|
|
|
it('fails with a existing alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/notes/test2')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 10:10:30 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(content)
|
|
|
|
.expect('Content-Type', /json/)
|
2022-01-23 16:23:00 -05:00
|
|
|
.expect(409);
|
2021-02-20 10:10:30 -05:00
|
|
|
});
|
2022-10-02 17:48:06 -04:00
|
|
|
|
|
|
|
it('fails with a content, that is too long', async () => {
|
|
|
|
const content = 'x'.repeat(
|
|
|
|
(testSetup.configService.get('noteConfig')
|
|
|
|
.maxDocumentLength as number) + 1,
|
|
|
|
);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
2024-04-12 05:49:05 -04:00
|
|
|
.post('/api/v2/notes/test3')
|
2023-02-12 13:37:20 -05:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2022-10-02 17:48:06 -04:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(content)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(413);
|
|
|
|
});
|
2024-04-12 05:49:05 -04:00
|
|
|
|
|
|
|
it('cannot create an alias equal to a note publicId', async () => {
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
.post(`/api/v2/notes/${testSetup.anonymousNotes[0].publicId}`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(content)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(409);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('DELETE /notes/{note}', () => {
|
2021-03-31 19:23:12 -04:00
|
|
|
describe('works', () => {
|
|
|
|
it('with an existing alias and keepMedia false', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
const noteId = 'deleteTest1';
|
2021-10-14 14:52:57 -04:00
|
|
|
const note = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
noteId,
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.mediaService.saveFile(
|
|
|
|
testImage,
|
|
|
|
testSetup.users[0],
|
|
|
|
note,
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.delete(`/api/v2/notes/${noteId}`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-31 19:23:12 -04:00
|
|
|
.set('Content-Type', 'application/json')
|
|
|
|
.send({
|
|
|
|
keepMedia: false,
|
|
|
|
})
|
|
|
|
.expect(204);
|
2021-10-14 14:52:57 -04:00
|
|
|
await expect(
|
|
|
|
testSetup.notesService.getNoteByIdOrAlias(noteId),
|
|
|
|
).rejects.toEqual(
|
2021-03-31 19:23:12 -04:00
|
|
|
new NotInDBError(`Note with id/alias '${noteId}' not found.`),
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
expect(
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.mediaService.listUploadsByUser(testSetup.users[0]),
|
2021-10-14 14:52:57 -04:00
|
|
|
).toHaveLength(0);
|
2021-03-31 19:23:12 -04:00
|
|
|
});
|
|
|
|
it('with an existing alias and keepMedia true', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
const noteId = 'deleteTest2';
|
2021-10-14 14:52:57 -04:00
|
|
|
const note = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
noteId,
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2022-01-29 12:57:44 -05:00
|
|
|
const upload = await testSetup.mediaService.saveFile(
|
2021-10-14 14:52:57 -04:00
|
|
|
testImage,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-10-14 14:52:57 -04:00
|
|
|
note,
|
|
|
|
);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.delete(`/api/v2/notes/${noteId}`)
|
2021-03-31 19:23:12 -04:00
|
|
|
.set('Content-Type', 'application/json')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-31 19:23:12 -04:00
|
|
|
.send({
|
|
|
|
keepMedia: true,
|
|
|
|
})
|
|
|
|
.expect(204);
|
2021-10-14 14:52:57 -04:00
|
|
|
await expect(
|
|
|
|
testSetup.notesService.getNoteByIdOrAlias(noteId),
|
|
|
|
).rejects.toEqual(
|
2021-03-31 19:23:12 -04:00
|
|
|
new NotInDBError(`Note with id/alias '${noteId}' not found.`),
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
expect(
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.mediaService.listUploadsByUser(testSetup.users[0]),
|
2021-10-14 14:52:57 -04:00
|
|
|
).toHaveLength(1);
|
2021-03-31 19:23:12 -04:00
|
|
|
// Remove /upload/ from path as we just need the filename.
|
2022-01-29 12:57:44 -05:00
|
|
|
const fileName = upload.fileUrl.replace('/uploads/', '');
|
2021-03-31 19:23:12 -04:00
|
|
|
// delete the file afterwards
|
|
|
|
await fs.unlink(join(uploadPath, fileName));
|
|
|
|
});
|
2021-02-17 07:20:54 -05:00
|
|
|
});
|
2021-03-17 05:30:37 -04:00
|
|
|
it('works with an existing alias with permissions', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
const note = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
|
|
|
'deleteTest3',
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2021-03-17 05:30:37 -04:00
|
|
|
const updateNotePermission = new NotePermissionsUpdateDto();
|
|
|
|
updateNotePermission.sharedToUsers = [
|
|
|
|
{
|
2022-09-11 12:59:50 -04:00
|
|
|
username: testSetup.users[0].username,
|
2021-03-17 05:30:37 -04:00
|
|
|
canEdit: true,
|
|
|
|
},
|
|
|
|
];
|
|
|
|
updateNotePermission.sharedToGroups = [];
|
2022-02-06 17:20:56 -05:00
|
|
|
await testSetup.permissionsService.updateNotePermissions(
|
2021-10-14 14:52:57 -04:00
|
|
|
note,
|
|
|
|
updateNotePermission,
|
|
|
|
);
|
|
|
|
const updatedNote = await testSetup.notesService.getNoteByIdOrAlias(
|
2021-11-30 10:46:07 -05:00
|
|
|
(await note.aliases).filter((alias) => alias.primary)[0].name,
|
2021-05-16 16:46:02 -04:00
|
|
|
);
|
2021-11-30 10:46:07 -05:00
|
|
|
expect(await updatedNote.userPermissions).toHaveLength(1);
|
|
|
|
expect((await updatedNote.userPermissions)[0].canEdit).toEqual(
|
2021-03-17 05:30:37 -04:00
|
|
|
updateNotePermission.sharedToUsers[0].canEdit,
|
|
|
|
);
|
2022-09-18 12:24:27 -04:00
|
|
|
expect(
|
|
|
|
(await (await updatedNote.userPermissions)[0].user).username,
|
2022-09-11 12:59:50 -04:00
|
|
|
).toEqual(testSetup.users[0].username);
|
2021-11-30 10:46:07 -05:00
|
|
|
expect(await updatedNote.groupPermissions).toHaveLength(0);
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2022-09-11 12:59:50 -04:00
|
|
|
.delete('/api/v2/notes/deleteTest3')
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2022-03-04 07:13:46 -05:00
|
|
|
.send({ keepMedia: false })
|
2021-10-14 14:52:57 -04:00
|
|
|
.expect(204);
|
|
|
|
await expect(
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.notesService.getNoteByIdOrAlias('deleteTest3'),
|
2021-10-14 14:52:57 -04:00
|
|
|
).rejects.toEqual(
|
2022-09-11 12:59:50 -04:00
|
|
|
new NotInDBError("Note with id/alias 'deleteTest3' not found."),
|
2021-03-17 05:30:37 -04:00
|
|
|
);
|
|
|
|
});
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.delete(`/api/v2/notes/${forbiddenNoteId}`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.expect(400);
|
|
|
|
});
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with a non-existing alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.delete('/api/v2/notes/i_dont_exist')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect(404);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('PUT /notes/{note}', () => {
|
|
|
|
const changedContent = 'New note text';
|
|
|
|
it('works with existing alias', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.notesService.createNote(
|
|
|
|
content,
|
|
|
|
testSetup.users[0],
|
|
|
|
'test4',
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.put('/api/v2/notes/test4')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(changedContent)
|
|
|
|
.expect(200);
|
2021-02-24 15:14:16 -05:00
|
|
|
expect(
|
2021-10-14 14:52:57 -04:00
|
|
|
await testSetup.notesService.getNoteContent(
|
|
|
|
await testSetup.notesService.getNoteByIdOrAlias('test4'),
|
2021-02-17 07:20:54 -05:00
|
|
|
),
|
|
|
|
).toEqual(changedContent);
|
|
|
|
expect(response.body.content).toEqual(changedContent);
|
|
|
|
});
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.put(`/api/v2/notes/${forbiddenNoteId}`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.send(changedContent)
|
|
|
|
.expect(400);
|
|
|
|
});
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with a non-existing alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.put('/api/v2/notes/i_dont_exist')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.set('Content-Type', 'text/markdown')
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-01-10 14:12:21 -05:00
|
|
|
describe('GET /notes/{note}/metadata', () => {
|
2021-02-17 07:20:54 -05:00
|
|
|
it('returns complete metadata object', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.notesService.createNote(
|
|
|
|
content,
|
|
|
|
testSetup.users[0],
|
|
|
|
'test5',
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/test5/metadata')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-01-10 14:12:21 -05:00
|
|
|
.expect(200);
|
|
|
|
expect(typeof metadata.body.id).toEqual('string');
|
2022-02-14 09:26:29 -05:00
|
|
|
expect(metadata.body.aliases[0].name).toEqual('test5');
|
|
|
|
expect(metadata.body.primaryAddress).toEqual('test5');
|
2021-04-24 15:33:47 -04:00
|
|
|
expect(metadata.body.title).toEqual('');
|
|
|
|
expect(metadata.body.description).toEqual('');
|
2022-01-16 15:59:54 -05:00
|
|
|
expect(typeof metadata.body.createdAt).toEqual('string');
|
2021-01-10 14:12:21 -05:00
|
|
|
expect(metadata.body.editedBy).toEqual([]);
|
2022-09-11 12:59:50 -04:00
|
|
|
expect(metadata.body.permissions.owner).toEqual('testuser1');
|
2021-01-10 14:12:21 -05:00
|
|
|
expect(metadata.body.permissions.sharedToUsers).toEqual([]);
|
|
|
|
expect(metadata.body.permissions.sharedToUsers).toEqual([]);
|
|
|
|
expect(metadata.body.tags).toEqual([]);
|
2022-01-16 15:59:54 -05:00
|
|
|
expect(typeof metadata.body.updatedAt).toEqual('string');
|
2022-01-16 16:54:53 -05:00
|
|
|
expect(typeof metadata.body.updateUsername).toEqual('string');
|
2021-01-10 14:12:21 -05:00
|
|
|
expect(typeof metadata.body.viewCount).toEqual('number');
|
|
|
|
expect(metadata.body.editedBy).toEqual([]);
|
2021-02-17 07:20:54 -05:00
|
|
|
});
|
2021-01-10 14:12:21 -05:00
|
|
|
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${forbiddenNoteId}/metadata`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.expect(400);
|
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with non-existing alias', async () => {
|
2021-01-10 14:12:21 -05:00
|
|
|
// check if a missing note correctly returns 404
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/i_dont_exist/metadata')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-01-10 14:12:21 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('has the correct update/create dates', async () => {
|
|
|
|
// create a note
|
2021-10-14 14:52:57 -04:00
|
|
|
const note = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
'test5a',
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2021-01-10 14:12:21 -05:00
|
|
|
// save the creation time
|
2022-02-14 10:59:36 -05:00
|
|
|
const createDate = note.createdAt;
|
2022-08-21 14:07:22 -04:00
|
|
|
const revisions = await note.revisions;
|
|
|
|
const updatedDate = revisions[revisions.length - 1].createdAt;
|
2021-01-10 14:12:21 -05:00
|
|
|
// wait one second
|
|
|
|
await new Promise((r) => setTimeout(r, 1000));
|
|
|
|
// update the note
|
2021-10-14 14:52:57 -04:00
|
|
|
await testSetup.notesService.updateNote(note, 'More test content');
|
|
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/test5a/metadata')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-01-10 14:12:21 -05:00
|
|
|
.expect(200);
|
2022-01-16 15:59:54 -05:00
|
|
|
expect(metadata.body.createdAt).toEqual(createDate.toISOString());
|
2022-08-21 14:07:22 -04:00
|
|
|
expect(metadata.body.updatedAt).not.toEqual(updatedDate.toISOString());
|
2021-01-10 14:12:21 -05:00
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('GET /notes/{note}/revisions', () => {
|
|
|
|
it('works with existing alias', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.notesService.createNote(
|
|
|
|
content,
|
|
|
|
testSetup.users[0],
|
|
|
|
'test6',
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/test6/revisions')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
|
|
|
expect(response.body).toHaveLength(1);
|
|
|
|
});
|
2021-01-09 16:38:10 -05:00
|
|
|
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${forbiddenNoteId}/revisions`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.expect(400);
|
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with non-existing alias', async () => {
|
|
|
|
// check if a missing note correctly returns 404
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/i_dont_exist/revisions')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('GET /notes/{note}/revisions/{revision-id}', () => {
|
|
|
|
it('works with an existing alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
const note = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
'test7',
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2022-06-21 10:05:21 -04:00
|
|
|
const revision = await testSetup.revisionsService.getLatestRevision(note);
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/test7/revisions/${revision.id}`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
|
|
|
expect(response.body.content).toEqual(content);
|
|
|
|
});
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${forbiddenNoteId}/revisions/1`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.expect(400);
|
|
|
|
});
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with non-existing alias', async () => {
|
|
|
|
// check if a missing note correctly returns 404
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/i_dont_exist/revisions/1')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-02-17 07:20:54 -05:00
|
|
|
describe('GET /notes/{note}/content', () => {
|
|
|
|
it('works with an existing alias', async () => {
|
2022-09-11 12:59:50 -04:00
|
|
|
await testSetup.notesService.createNote(
|
|
|
|
content,
|
|
|
|
testSetup.users[0],
|
|
|
|
'test8',
|
|
|
|
);
|
2021-10-14 14:52:57 -04:00
|
|
|
const response = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/test8/content')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect(200);
|
|
|
|
expect(response.text).toEqual(content);
|
|
|
|
});
|
2021-02-20 16:24:17 -05:00
|
|
|
it('fails with a forbidden alias', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${forbiddenNoteId}/content`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-20 16:24:17 -05:00
|
|
|
.expect(400);
|
|
|
|
});
|
2021-02-17 07:20:54 -05:00
|
|
|
it('fails with non-existing alias', async () => {
|
|
|
|
// check if a missing note correctly returns 404
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get('/api/v2/notes/i_dont_exist/content')
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-02-17 07:20:54 -05:00
|
|
|
.expect(404);
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|
|
|
|
|
2021-03-19 11:54:24 -04:00
|
|
|
describe('GET /notes/{note}/media', () => {
|
|
|
|
it('works', async () => {
|
2021-05-16 16:46:02 -04:00
|
|
|
const alias = 'test9';
|
|
|
|
const extraAlias = 'test10';
|
2021-10-14 14:52:57 -04:00
|
|
|
const note1 = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
alias,
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
|
|
|
const note2 = await testSetup.notesService.createNote(
|
|
|
|
content,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-11-14 15:44:59 -05:00
|
|
|
extraAlias,
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
|
|
|
const httpServer = testSetup.app.getHttpServer();
|
2021-03-19 11:54:24 -04:00
|
|
|
const response = await request(httpServer)
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${alias}/media/`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-19 11:54:24 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
|
|
|
expect(response.body).toHaveLength(0);
|
|
|
|
|
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
2022-01-29 12:57:44 -05:00
|
|
|
const upload0 = await testSetup.mediaService.saveFile(
|
2021-10-14 14:52:57 -04:00
|
|
|
testImage,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-10-14 14:52:57 -04:00
|
|
|
note1,
|
|
|
|
);
|
2022-01-29 12:57:44 -05:00
|
|
|
const upload1 = await testSetup.mediaService.saveFile(
|
2021-10-14 14:52:57 -04:00
|
|
|
testImage,
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[0],
|
2021-10-14 14:52:57 -04:00
|
|
|
note2,
|
|
|
|
);
|
2021-03-19 11:54:24 -04:00
|
|
|
|
|
|
|
const responseAfter = await request(httpServer)
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${alias}/media/`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-19 11:54:24 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
|
|
|
expect(responseAfter.body).toHaveLength(1);
|
2024-03-23 20:02:26 -04:00
|
|
|
expect(responseAfter.body[0].id).toEqual(upload0.id);
|
|
|
|
expect(responseAfter.body[0].id).not.toEqual(upload1.id);
|
2022-01-29 12:57:44 -05:00
|
|
|
for (const upload of [upload0, upload1]) {
|
2021-03-24 06:18:26 -04:00
|
|
|
// delete the file afterwards
|
2024-03-23 20:02:26 -04:00
|
|
|
await fs.unlink(join(uploadPath, upload.id));
|
2021-03-24 06:18:26 -04:00
|
|
|
}
|
2022-01-30 16:00:17 -05:00
|
|
|
await fs.rm(uploadPath, { recursive: true });
|
2021-03-19 11:54:24 -04:00
|
|
|
});
|
|
|
|
it('fails, when note does not exist', async () => {
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/i_dont_exist/media/`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-19 11:54:24 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(404);
|
|
|
|
});
|
|
|
|
it("fails, when user can't read note", async () => {
|
2021-05-16 16:46:02 -04:00
|
|
|
const alias = 'test11';
|
2021-10-14 14:52:57 -04:00
|
|
|
await testSetup.notesService.createNote(
|
|
|
|
'This is a test note.',
|
2022-09-11 12:59:50 -04:00
|
|
|
testSetup.users[1],
|
2021-11-14 15:44:59 -05:00
|
|
|
alias,
|
2021-10-14 14:52:57 -04:00
|
|
|
);
|
2022-08-23 12:01:45 -04:00
|
|
|
// Redact default read permissions
|
|
|
|
const note = await testSetup.notesService.getNoteByIdOrAlias(alias);
|
|
|
|
const everyone = await testSetup.groupService.getEveryoneGroup();
|
|
|
|
const loggedin = await testSetup.groupService.getLoggedInGroup();
|
|
|
|
await testSetup.permissionsService.removeGroupPermission(note, everyone);
|
|
|
|
await testSetup.permissionsService.removeGroupPermission(note, loggedin);
|
2021-10-14 14:52:57 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.get(`/api/v2/notes/${alias}/media/`)
|
2022-09-11 12:59:50 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-19 11:54:24 -04:00
|
|
|
.expect('Content-Type', /json/)
|
2021-11-21 12:03:29 -05:00
|
|
|
.expect(403);
|
2021-03-19 11:54:24 -04:00
|
|
|
});
|
|
|
|
});
|
2022-09-18 12:30:00 -04:00
|
|
|
|
|
|
|
describe('permissions', () => {
|
|
|
|
it('can be fetched', async function () {
|
|
|
|
const permissions = await request(testSetup.app.getHttpServer())
|
|
|
|
.get(`/api/v2/notes/testAlias1/metadata/permissions`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200);
|
|
|
|
expect(permissions.body.owner).toBe('testuser1');
|
2023-02-12 15:20:59 -05:00
|
|
|
expect(new Set(permissions.body.sharedToUsers)).toEqual(new Set([]));
|
|
|
|
expect(new Set(permissions.body.sharedToGroups)).toEqual(
|
|
|
|
new Set([
|
|
|
|
{
|
|
|
|
groupName: '_EVERYONE',
|
|
|
|
canEdit: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
canEdit: true,
|
|
|
|
groupName: '_LOGGED_IN',
|
|
|
|
},
|
|
|
|
]),
|
|
|
|
);
|
2022-09-18 12:30:00 -04:00
|
|
|
});
|
|
|
|
it('can be updated', async function () {
|
|
|
|
// add permission for testuser2
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
.put(`/api/v2/notes/testAlias1/metadata/permissions/users/testuser2`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.send({
|
|
|
|
canEdit: true,
|
|
|
|
})
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
// check permissions
|
|
|
|
let permissions = await request(testSetup.app.getHttpServer())
|
|
|
|
.get(`/api/v2/notes/testAlias1/metadata/permissions`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.expect(200);
|
|
|
|
expect(permissions.body.owner).toBe('testuser1');
|
2023-02-12 15:20:59 -05:00
|
|
|
expect(new Set(permissions.body.sharedToUsers)).toEqual(
|
|
|
|
new Set([{ username: 'testuser2', canEdit: true }]),
|
|
|
|
);
|
|
|
|
expect(new Set(permissions.body.sharedToGroups)).toEqual(
|
|
|
|
new Set([
|
|
|
|
{
|
|
|
|
groupName: '_EVERYONE',
|
|
|
|
canEdit: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
canEdit: true,
|
|
|
|
groupName: '_LOGGED_IN',
|
|
|
|
},
|
|
|
|
]),
|
|
|
|
);
|
2022-09-18 12:30:00 -04:00
|
|
|
|
|
|
|
// add permission for everyone
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
.put(`/api/v2/notes/testAlias1/metadata/permissions/groups/_EVERYONE`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.send({
|
|
|
|
canEdit: true,
|
|
|
|
})
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
// check permissions
|
|
|
|
permissions = await request(testSetup.app.getHttpServer())
|
|
|
|
.get(`/api/v2/notes/testAlias1/metadata/permissions`)
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
.expect(200);
|
|
|
|
expect(permissions.body.owner).toBe('testuser1');
|
|
|
|
expect(permissions.body.sharedToUsers).toEqual([
|
|
|
|
{ username: 'testuser2', canEdit: true },
|
|
|
|
]);
|
2023-02-12 15:20:59 -05:00
|
|
|
expect(new Set(permissions.body.sharedToGroups)).toEqual(
|
|
|
|
new Set([
|
|
|
|
{ groupName: '_EVERYONE', canEdit: true },
|
|
|
|
{
|
|
|
|
canEdit: true,
|
|
|
|
groupName: '_LOGGED_IN',
|
|
|
|
},
|
|
|
|
]),
|
|
|
|
);
|
2022-09-18 12:30:00 -04:00
|
|
|
});
|
|
|
|
});
|
2020-08-21 15:16:20 -04:00
|
|
|
});
|