1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
|
# -*- coding: utf-8 -*-
# frozen_string_literal: true
require 'sprockets_test'
require 'rack/builder'
require 'rack/test'
class TestServer < Sprockets::TestCase
include Rack::Test::Methods
def setup
@env = Sprockets::Environment.new
@env.append_path(fixture_path("server/app/javascripts"))
@env.append_path(fixture_path("server/app/images"))
@env.append_path(fixture_path("server/vendor/javascripts"))
@env.append_path(fixture_path("server/vendor/stylesheets"))
end
def default_app
env = @env
Rack::Builder.new do
map "/assets" do
run env
end
map "/cached/javascripts" do
run env.cached
end
end
end
def app
@app ||= Rack::Lint.new(default_app)
end
test "serve single source file" do
get "/assets/foo.js"
assert_equal 200, last_response.status
assert_equal "9", last_response.headers['content-length']
assert_equal "Accept-Encoding", last_response.headers['vary']
assert_equal "var foo;\n", last_response.body
end
test "serve single self file" do
get "/assets/foo.self.js"
assert_equal 200, last_response.status
assert_equal "9", last_response.headers['content-length']
assert_equal "var foo;\n", last_response.body
end
test "serve single source file from cached environment" do
get "/cached/javascripts/foo.js"
assert_equal "var foo;\n", last_response.body
end
test "serve source with dependencies" do
get "/assets/application.js"
assert_equal "var foo;\n\n(function() {\n application.boot();\n})();\n",
last_response.body
end
test "serve source file self that has dependencies" do
get "/assets/application.self.js"
assert_equal 200, last_response.status
assert_equal "\n(function() {\n application.boot();\n})();\n",
last_response.body
assert_equal "43", last_response.headers['content-length']
end
test "serve source with content type headers" do
get "/assets/application.js"
assert_equal "application/javascript", last_response.headers['content-type']
get "/assets/bootstrap.css"
assert_equal "text/css; charset=utf-8", last_response.headers['content-type']
end
test "serve source with etag headers" do
digest = @env['application.js'].etag
get "/assets/application.js"
assert_equal "\"#{digest}\"",
last_response.headers['etag']
end
test "not modified partial response when if-none-match etags match" do
get "/assets/application.js"
assert_equal 200, last_response.status
etag, cache_control, expires, vary = last_response.headers.values_at(
'etag', 'cache-control', 'expires', 'vary'
)
assert_nil expires
get "/assets/application.js", {},
'HTTP_IF_NONE_MATCH' => etag
assert_equal 304, last_response.status
# Allow 304 headers
assert_equal cache_control, last_response.headers['cache-control']
assert_equal etag, last_response.headers['etag']
assert_nil last_response.headers['Expires']
assert_equal vary, last_response.headers['vary']
# Disallowed 304 headers
refute last_response.headers['content-type']
refute last_response.headers['content-length']
refute last_response.headers['content-encoding']
end
test "response when if-none-match etags don't match" do
get "/assets/application.js", {},
'HTTP_IF_NONE_MATCH' => "nope"
assert_equal 200, last_response.status
assert_equal '"b452c9ae1d5c8d9246653e0d93bc83abce0ee09ef725c0f0a29a41269c217b83"', last_response.headers['etag']
assert_equal '52', last_response.headers['content-length']
end
test "not modified partial response with fingerprint and if-none-match etags match" do
get "/assets/application.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
digest = etag[/"(.+)"/, 1]
get "/assets/application-#{digest}.js", {},
'HTTP_IF_NONE_MATCH' => etag
assert_equal 304, last_response.status
end
test "200 response for prehashed asset with etag digest by sprockets" do
get "/assets/prehashed-988881adc9fc3655077dc2d4d757d480b5ea0e11.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
digest = etag[/"(.+)"/, 1]
assert_equal 'edabfd0f1ac5fcdae82cc7d92d1c52abb671797a3948fa9040aec1db8e61c327', digest
end
test "200 response for prehashed esbuild asset with etag digest by sprockets" do
get "/assets/esbuild-TQDC3LZV.digested.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
digest = etag[/"(.+)"/, 1]
assert_equal '3ebac3dc00b383de6cbdfa470d105f5a9f22708fb72c63db917ad37f288ac708', digest
end
test "ok response with fingerprint and if-nonematch etags don't match" do
get "/assets/application.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
digest = etag[/"(.+)"/, 1]
get "/assets/application-#{digest}.js", {},
'HTTP_IF_NONE_MATCH' => "nope"
assert_equal 200, last_response.status
end
test "not found with if-none-match" do
get "/assets/missing.js", {},
'HTTP_IF_NONE_MATCH' => '"000"'
assert_equal 404, last_response.status
end
test "not found fingerprint with if-none-match" do
get "/assets/missing-b452c9ae1d5c8d9246653e0d93bc83abce0ee09ef725c0f0a29a41269c217b83.js", {},
'HTTP_IF_NONE_MATCH' => '"b452c9ae1d5c8d9246653e0d93bc83abce0ee09ef725c0f0a29a41269c217b83"'
assert_equal 404, last_response.status
end
test "not found with response with incorrect fingerprint and matching if-none-match etags" do
get "/assets/application.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
get "/assets/application-0000000000000000000000000000000000000000.js", {},
'HTTP_IF_NONE_MATCH' => etag
assert_equal 404, last_response.status
end
test "ok partial response when if-match etags match" do
get "/assets/application.js"
assert_equal 200, last_response.status
etag = last_response.headers['etag']
get "/assets/application.js", {},
'HTTP_IF_MATCH' => etag
assert_equal 200, last_response.status
assert_equal '"b452c9ae1d5c8d9246653e0d93bc83abce0ee09ef725c0f0a29a41269c217b83"', last_response.headers['etag']
assert_equal '52', last_response.headers['content-length']
end
test "precondition failed with if-match is a mismatch" do
get "/assets/application.js", {},
'HTTP_IF_MATCH' => '"000"'
assert_equal 412, last_response.status
refute last_response.headers['etag']
end
test "not found with if-match" do
get "/assets/missing.js", {},
'HTTP_IF_MATCH' => '"000"'
assert_equal 404, last_response.status
end
test "if sources didnt change the server shouldnt rebundle" do
get "/assets/application.js"
asset_before = @env["application.js"]
assert asset_before
get "/assets/application.js"
asset_after = @env["application.js"]
assert asset_after
assert asset_before.eql?(asset_after)
end
test "fingerprint digest sets expiration to the future" do
get "/assets/application.js"
digest = last_response.headers['etag'][/"(.+)"/, 1]
get "/assets/application-#{digest}.js"
assert_equal 200, last_response.status
assert_match %r{max-age}, last_response.headers['cache-control']
assert_match %r{immutable}, last_response.headers['cache-control']
end
test "fingerprint digest of file self" do
get "/assets/application.self.js"
digest = last_response.headers['etag'][/"(.+)"/, 1]
get "/assets/application.self-#{digest}.js"
assert_equal 200, last_response.status
assert_equal "\n(function() {\n application.boot();\n})();\n", last_response.body
assert_equal "43", last_response.headers['content-length']
assert_match %r{max-age}, last_response.headers['cache-control']
end
test "bad fingerprint digest returns a 404" do
get "/assets/application-0000000000000000000000000000000000000000.js"
assert_equal 404, last_response.status
head "/assets/application-0000000000000000000000000000000000000000.js"
assert_equal 404, last_response.status
assert_equal "0", last_response.headers['content-length']
assert_equal "", last_response.body
end
test "missing source" do
get "/assets/none.js"
assert_equal 404, last_response.status
assert_equal "pass", last_response.headers['x-cascade']
end
test "re-throw JS exceptions in the browser" do
get "/assets/missing_require.js"
assert_equal 200, last_response.status
assert_match(/Sprockets::FileNotFound: couldn't find file 'notfound' with type 'application\/javascript'/, last_response.body)
assert_match(/(in #{fixture_path("server/vendor/javascripts/missing_require.js")}:1)/, last_response.body)
end
test "display CSS exceptions in the browser" do
get "/assets/missing_require.css"
assert_equal 200, last_response.status
assert_match %r{content: ".*?Sprockets::FileNotFound}, last_response.body
end
test "serve encoded utf-8 filename" do
get "/assets/%E6%97%A5%E6%9C%AC%E8%AA%9E.js"
assert_equal "var japanese = \"日本語\";\n", last_response.body
end
test "illegal require outside load path" do
get "/assets//etc/passwd"
assert_equal 403, last_response.status
get "/assets/%2fetc/passwd"
assert_equal 403, last_response.status
get "/assets//%2fetc/passwd"
assert_equal 403, last_response.status
get "/assets/%2f/etc/passwd"
assert_equal 403, last_response.status
get "/assets/../etc/passwd"
assert_equal 403, last_response.status
get "/assets/%2e%2e/etc/passwd"
assert_equal 403, last_response.status
get "/assets/.-0000000./etc/passwd"
assert_equal 403, last_response.status
head "/assets/.-0000000./etc/passwd"
assert_equal 403, last_response.status
assert_equal "0", last_response.headers['content-length']
assert_equal "", last_response.body
end
test "illegal access of a file asset" do
absolute_path = fixture_path("server/app/javascripts")
get "assets/file:%2f%2f//#{absolute_path}/foo.js"
assert_equal 403, last_response.status
end
test "add new source to tree" do
filename = fixture_path("server/app/javascripts/baz.js")
sandbox filename do
get "/assets/tree.js"
assert_equal %[var foo;\n\n(function() {\n application.boot();\n})();\nvar bar;\nconsole.log(\"I was hashed by esbuild!\");\nconsole.log("I was already hashed!");\nvar japanese = \"日本語\";\n], last_response.body
File.open(filename, "w") do |f|
f.write "var baz;\n"
end
path = fixture_path "server/app/javascripts"
mtime = Time.now + 60
File.utime(mtime, mtime, path)
get "/assets/tree.js"
assert_equal %[var foo;\n\n(function() {\n application.boot();\n})();\nvar bar;\nvar baz;\nconsole.log(\"I was hashed by esbuild!\");\nconsole.log("I was already hashed!");\nvar japanese = \"日本語\";\n], last_response.body
end
end
test "serving static assets" do
get "/assets/logo.png"
assert_equal 200, last_response.status
assert_equal "image/png", last_response.headers['content-type']
refute last_response.headers['content-encoding']
assert_equal File.binread(fixture_path("server/app/images/logo.png")), last_response.body
end
test "disallow non-get methods" do
get "/assets/foo.js"
assert_equal 200, last_response.status
head "/assets/foo.js"
assert_equal 200, last_response.status
assert_equal "application/javascript", last_response.headers['content-type']
assert_equal "0", last_response.headers['content-length']
assert_equal "", last_response.body
post "/assets/foo.js"
assert_equal 405, last_response.status
put "/assets/foo.js"
assert_equal 405, last_response.status
delete "/assets/foo.js"
assert_equal 405, last_response.status
end
test "invalid URLs" do
get "/assets/%E2%EF%BF%BD%A6.js"
assert_equal 400, last_response.status
end
end
|
