task: apply middleware to api/admin

Unleash · Apr 18, 2024 · 62ec318 · 62ec318
1 parent 3c39175
commit 62ec318
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/src/lib/app.ts b/src/lib/app.ts
@@ -29,6 +29,7 @@ import { unless } from './middleware/unless-middleware';
 import { catchAllErrorHandler } from './middleware/catch-all-error-handler';
 import NotFoundError from './error/notfound-error';
 import { bearerTokenMiddleware } from './middleware/bearer-token-middleware';
+import { auditAccessMiddleware } from './middleware';
 
 export default async function getApp(
     config: IUnleashConfig,
@@ -176,6 +177,7 @@ export default async function getApp(
         rbacMiddleware(config, stores, services.accessService),
     );
 
+    app.use(`${baseUriPath}/api/admin`, auditAccessMiddleware(config));
     app.use(
         `${baseUriPath}/api/admin`,
         maintenanceMiddleware(config, services.maintenanceService),

diff --git a/src/lib/middleware/audit-middleware.test.ts b/src/lib/middleware/audit-middleware.test.ts
@@ -26,4 +26,17 @@ describe('auditMiddleware testing', () => {
         expect(audit!.username).toBe('unknown');
         expect(audit!.ip).toBe('::ffff:127.0.0.1');
     });
+    test('If no auth in place, does not add the audit object', async () => {
+        const middleware = auditAccessMiddleware(config);
+        const app = express();
+        app.use('', middleware);
+        let audit: IAuditUser | undefined;
+        app.get('/api/admin/test', (req: IAuthRequest, res) => {
+            audit = req.audit;
+            res.status(200).end();
+        });
+        const request = supertest(app);
+        await request.get('/api/admin/test').expect(200);
+        expect(audit).toBeUndefined();
+    });
 });