Added Regex for defined routes

797a151e · Sigmund, Dominik · Sigmund, Dominik · 7f92ce41 · 797a151e · 797a151e
Commit 797a151e authored 3 years ago by Sigmund, Dominik Committed by Sigmund, Dominik 1 year ago
--- a/docs/test-report.html
+++ b/docs/test-report.html
--- a/examples/default/index.js
+++ b/examples/default/index.js
@@ -10,13 +10,17 @@ const app = express()

 app.use(security({
  onlyDefinedRoutes: true,
-  definedRoutes: ['/']
+  definedRoutes: ['/', 'REGEX:\\/id\\/\\d{1,}']
 }))

 app.get('/', function (req, res) {
  res.send('Hello World!')
 })

+app.get('/id/:id', function (req, res) {
+  res.send('Hello numerical id: ' + req.params.id)
+})
+
 try {
  fs.accessSync(__dirname + '/private.key')
  var privateKey  = fs.readFileSync(__dirname + '/private.key', 'utf8')

--- a/index.js
+++ b/index.js
@@ -116,8 +116,21 @@ module.exports = function(options) {
      if (!options.definedRoutes) {
        options.definedRoutes = []
      }
-
-      if (!options.definedRoutes.includes(req.originalUrl)) {
+      let isAllowed = false;
+      for (const allowedRoute of options.definedRoutes) {
+        if (allowedRoute.startsWith('REGEX:')) {
+          let regexString = allowedRoute.split('REGEX:')[1];
+          let regexp = new RegExp(regexString);
+          if (regexp.test(req.originalUrl)) {
+            isAllowed= true;
+          }
+        } else {
+          if (req.originalUrl === allowedRoute) {
+            isAllowed = true;
+          }
+        }
+      }
+      if (!isAllowed) { 
        res.status(405).end()
      }
    }

--- a/index.test.js
+++ b/index.test.js
@@ -266,6 +266,29 @@ describe('Integration Tests', () => {
          done()
        })
    })
+    it('should allow regex route if set', (done) => {
+      startUpServer({
+        onlyDefinedRoutes: true,
+        definedRoutes: ['/', 'REGEX:\\/test\\/\\d{1,}']
+      })
+      superagent
+        .get('http://127.0.0.1:7777')
+        .then(res => {
+          expect(res.status).toBe(200)
+          superagent
+          .get('http://127.0.0.1:7777/test')
+            .then(res2 => {})
+            .catch((error) => {
+              expect(error.status).toBe(405)
+              superagent
+                .get('http://127.0.0.1:7777/test/123')
+                  .then(res3 => {
+                    expect(res3.status).toBe(200)
+                    done()
+                  })
+            })
+      })
+    })
  })
 })

@@ -345,5 +368,8 @@ function startUpServer(options) {
  app.get('/test', function (req, res) {
    res.send('Hello Test!')
  })
+  app.get('/test/123', function (req, res) {
+    res.send('Hello 123!')
+  })
  server = app.listen(7777)
 }
\ No newline at end of file