test: user uploads.js tests

3 years ago · 8c2752bab1
parent 11275d6809
commit 8c2752bab1
2 changed files with 44 additions and 4 deletions
--- a/src/user/uploads.js
+++ b/src/user/uploads.js
@ -42,6 +42,8 @@ module.exports = function (User) {
 			throw new Error(`[[error:wrong-parameter-type, uploadNames, ${typeof uploadNames}, array]]`);
 		}

+		await _validatePath(uploadNames);
+
 		const [isUsersUpload, isAdminOrGlobalMod] = await Promise.all([
 			db.isSortedSetMembers(`uid:${callerUid}:uploads`, uploadNames),
 			User.isAdminOrGlobalMod(callerUid),
@ -50,8 +52,6 @@ module.exports = function (User) {
 			throw new Error('[[error:no-privileges]]');
 		}

-		await _validatePath(uploadNames);
-
 		await batch.processArray(uploadNames, async (uploadNames) => {
 			const fullPaths = uploadNames.map(path => _getFullPath(path));

@ -61,7 +61,10 @@ module.exports = function (User) {
 					file.delete(fullPath),
 					file.delete(file.appendToFileName(fullPath, '-resized')),
 				]);
-				await db.sortedSetRemove(`uid:${uid}:uploads`, uploadNames[idx]);
+				await Promise.all([
+					db.sortedSetRemove(`uid:${uid}:uploads`, uploadNames[idx]),
+					db.delete(`upload:${md5(uploadNames[idx])}`),
+				]);
 			}));
 		}, { batch: 50 });
 	};
--- a/test/user/uploads.js
+++ b/test/user/uploads.js
@ -9,6 +9,7 @@ const nconf = require('nconf');
 const db = require('../mocks/databasemock');

 const user = require('../../src/user');
+const file = require('../../src/file');
 const utils = require('../../public/src/utils');

 const md5 = filename => crypto.createHash('md5').update(filename).digest('hex');
@ -85,27 +86,63 @@ describe('uploads.js', () => {
 		});

 		it('should remove the upload from the user\'s uploads zset', async () => {
+			await user.deleteUpload(uid, uid, relativePath);

+			const uploads = await db.getSortedSetMembers(`uid:${uid}:uploads`);
+			assert.deepStrictEqual(uploads, []);
 		});

 		it('should delete the file from disk', async () => {
+			let exists = await file.exists(`${nconf.get('upload_path')}/${relativePath}`);
+			assert.strictEqual(exists, true);

+			await user.deleteUpload(uid, uid, relativePath);
+
+			exists = await file.exists(`${nconf.get('upload_path')}/${relativePath}`);
+			assert.strictEqual(exists, false);
 		});

 		it('should clean up references to it from the database', async () => {
+			const hash = md5(relativePath);
+			let exists = await db.exists(`upload:${hash}`);
+			assert.strictEqual(exists, true);

+			await user.deleteUpload(uid, uid, relativePath);
+			exists = await db.exists(`upload:${hash}`);
+			assert.strictEqual(exists, false);
 		});

 		it('should accept multiple paths', async () => {
+			const secondPath = `files/${utils.generateUUID()}`;
+			fs.closeSync(fs.openSync(path.join(nconf.get('upload_path'), secondPath), 'w'));
+			await user.associateUpload(uid, secondPath);
+
+			assert.strictEqual(await db.sortedSetCard(`uid:${uid}:uploads`), 2);

+			await user.deleteUpload(uid, uid, [relativePath, secondPath]);
+
+			assert.strictEqual(await db.sortedSetCard(`uid:${uid}:uploads`), 0);
+			assert.deepStrictEqual(await db.getSortedSetMembers(`uid:${uid}:uploads`), []);
 		});

 		it('should throw an error on a non-existant file', async () => {
-
+			try {
+				await user.deleteUpload(uid, uid, `${relativePath}asdbkas`);
+			} catch (e) {
+				assert(e);
+				assert.strictEqual(e.message, '[[error:invalid-path]]');
+			}
 		});

 		it('should guard against path traversal', async () => {
+			assert.strictEqual(await file.exists(path.resolve(nconf.get('upload_path'), '../../config.json')), true);

+			try {
+				await user.deleteUpload(uid, uid, `../../config.json`);
+			} catch (e) {
+				assert(e);
+				assert.strictEqual(e.message, '[[error:invalid-path]]');
+			}
 		});
 	});
 });