nteract.io/proxy.test.ts at main · nteract/nteract.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import { NextRequest } from "next/server";
import { describe, expect, it } from "vitest";

import { proxy } from "@/proxy";

function request(
  path: string,
  init: { method?: string; accept?: string } = {},
): NextRequest {
  const headers = new Headers();
  if (init.accept) headers.set("accept", init.accept);
  return new NextRequest(new URL(`http://localhost:3000${path}`), {
    method: init.method ?? "GET",
    headers,
  });
}

describe("proxy scanner short-circuit", () => {
  const scannerPaths = [
    "/impressum",
    "/Impressum",
    "/IMPRESSUM",
    "/Impressum.html",
    "/impressum.htm",
    "/impressum-datenschutz",
    "/impressum-und-datenschutz",
    "/imprint",
    "/Imprint",
    "/wp-admin",
    "/wp-login.php",
    "/wp-content/plugins/foo",
    "/wordpress",
    "/phpmyadmin",
    "/PhpMyAdmin/",
    "/pma/login.php",
    "/xmlrpc.php",
    "/cgi-bin/test",
    "/.env",
    "/.env.production",
    "/.git/config",
  ];

  for (const path of scannerPaths) {
    it(`returns a bare 404 with X-Robots-Tag: noindex for ${path}`, () => {
      const response = proxy(request(path));
      expect(response.status).toBe(404);
      expect(response.headers.get("x-robots-tag")).toBe("noindex");
    });
  }
});

describe("proxy passthrough for real routes", () => {
  const realPaths = ["/", "/blog", "/blog/nteract-2.0", "/telemetry", "/nightly"];

  for (const path of realPaths) {
    it(`does not return a synthetic 404 for ${path}`, () => {
      const response = proxy(request(path));
      expect(response.headers.get("x-robots-tag")).toBeNull();
    });
  }

  it("does not short-circuit a typo path (lets Next.js render the 404 page)", () => {
    const response = proxy(request("/typo-page"));
    expect(response.headers.get("x-robots-tag")).toBeNull();
  });
});

describe("proxy llms.txt rewrite (preserved)", () => {
  it("rewrites / to /llms.txt when markdown is preferred", () => {
    const response = proxy(
      request("/", { accept: "text/markdown, text/html, */*" }),
    );
    const rewrite = response.headers.get("x-middleware-rewrite");
    expect(rewrite).toContain("/llms.txt");
  });

  it("rewrites /blog/foo to /blog/foo/llms.txt when markdown is preferred", () => {
    const response = proxy(
      request("/blog/nteract-2.0", { accept: "text/markdown" }),
    );
    const rewrite = response.headers.get("x-middleware-rewrite");
    expect(rewrite).toContain("/blog/nteract-2.0/llms.txt");
  });

  it("rewrites /telemetry to /telemetry/llms.txt when markdown is preferred", () => {
    const response = proxy(
      request("/telemetry", { accept: "text/markdown" }),
    );
    const rewrite = response.headers.get("x-middleware-rewrite");
    expect(rewrite).toContain("/telemetry/llms.txt");
  });

  it("sets Vary: Accept on llms.txt-eligible routes", () => {
    const response = proxy(request("/blog"));
    expect(response.headers.get("vary")).toBe("Accept");
  });

  it("does not rewrite when the client prefers html", () => {
    const response = proxy(
      request("/blog", { accept: "text/html,application/xhtml+xml,*/*;q=0.9" }),
    );
    expect(response.headers.get("x-middleware-rewrite")).toBeNull();
  });

  it("does not rewrite on a HEAD request", () => {
    const response = proxy(
      request("/blog", { method: "HEAD", accept: "text/markdown" }),
    );
    expect(response.headers.get("x-middleware-rewrite")).toBeNull();
  });
});