"test/check-limits.spec.js"
const assert = require('assert');
const fs = require('fs');
const path = require('path');
const URL = require('url').URL;
const request = require('superagent');
const projdir = '..';
const CRLF = '\r\n';
let agent;
let authfile;
let serverURL;
before(() => {
const envvar = 'SERVER_URL';
if (!process.env[envvar]) {
throw new Error(`environment variable "${envvar}" must be set`);
}
serverURL = new URL(process.env[envvar]);
authfile = path.join(projdir, 'auth', serverURL.hostname + '.json');
if (!fs.existsSync(authfile)) {
throw new Error(`credentials file "${authfile}" does not exist`);
}
});
before(async () => {
console.log(`Running test using server URL: "${serverURL.href}"`);
agent = await request.agent(serverURL.href);
const credentials = require(authfile);
await agent
.post('/login')
// :TBD: Why using `.send` rather than `.auth`?
// .auth(credentials.username, credentials.password);
.send(credentials);
});
describe('Check limit', () => {
it('should respond with "Limit Exceeded" for more than 10 Products', async () => {
const products = [
'asdfasdfad',
'asdfasdf',
'asdf',
'asdf',
'asdf',
'asdf',
'asdf',
'asd',
'fas',
'df',
'asdf',
'asd',
'fasd',
'f',
'asdfasdf'
];
assert.ok(products.length > 10);
await agent
.get('/org')
.query({ products: encodeURIComponent(products.join(CRLF)) })
.accept('application/json')
.timeout(5000)
.ok(res => res.error)
.then(res => {
if (!res.text.includes('Limit exceeded')) {
throw new Error('Product limit failed');
}
});
});
});
Once.
$ cd /path/to/project
## Create authentication credentials directory
$ mkdir auth
$ chmod 700 auth
$ cat << EOF >> "auth/blahblah.com.json"
{
"username": "xxx",
"password": "yyy"
}
EOF
## Make sure credentials are **never** added to source control
$ echo "auth/" >> .gitignore
$ git add .gitignore
$ git commit -m "Prevent credentials directory from being committed"
Test.
$ SERVER_URL='https://blahblah.com' npm test
# -or-
$ SERVER_URL='https://blahblah.com' mocha
Based on VenPot's question here and here. The SO answers all suck to varying degrees, encouraging bad security habits...
Untested.