fix: /client/features should accept client tokens configured (#141)

Unleash · Jun 10, 2023 · a1f9ad8 · a1f9ad8
1 parent c8bd759
commit a1f9ad8
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 2 deletions.
diff --git a/src/test/client.mock.ts b/src/test/client.mock.ts
@@ -19,7 +19,16 @@ class MockClient extends EventEmitter implements IClient {
     }
 
     getFeatureToggleDefinitions(): FeatureInterface[] {
-        throw new Error('Method not implemented.');
+        return this.toggles.map((t) => ({
+            name: t.name,
+            strategies: [{ name: 'default', parameters: {}, constraints: [] }],
+            enabled: t.enabled,
+            project: 'default',
+            stale: false,
+            type: 'release',
+            variants: [],
+            impressionData: false,
+        }));
     }
 
     isReady(): boolean {

diff --git a/src/test/unleash-proxy.test.ts b/src/test/unleash-proxy.test.ts
@@ -623,6 +623,62 @@ test('Should return all feature toggles', () => {
         });
 });
 
+test('/client/features should return toggle definitions', () => {
+    const client = new MockClient([
+        { name: 'a', enabled: true, impressionData: false },
+        { name: 'b', enabled: false, impressionData: false },
+        { name: 'c', enabled: true, impressionData: true },
+    ]);
+
+    const proxySecrets = ['sdf'];
+    const app = createApp(
+        {
+            unleashUrl,
+            unleashApiToken,
+            proxySecrets,
+            enableAllEndpoint: true,
+            expServerSideSdkConfig: { tokens: ['server-side'] },
+        },
+        client,
+    );
+    client.emit('ready');
+
+    return request(app)
+        .get('/proxy/client/features')
+        .set('Authorization', 'server-side')
+        .expect(200)
+        .expect((res) => {
+            expect(res.body.features.length).toBe(3);
+            expect(res.body.features[0].strategies.length).toBe(1);
+        });
+});
+
+test('/client/features should not accept proxy secret', () => {
+    const client = new MockClient([
+        { name: 'a', enabled: true, impressionData: false },
+        { name: 'b', enabled: false, impressionData: false },
+        { name: 'c', enabled: true, impressionData: true },
+    ]);
+
+    const proxySecrets = ['sdf'];
+    const app = createApp(
+        {
+            unleashUrl,
+            unleashApiToken,
+            proxySecrets,
+            enableAllEndpoint: true,
+            expServerSideSdkConfig: { tokens: ['server-side'] },
+        },
+        client,
+    );
+    client.emit('ready');
+
+    return request(app)
+        .get('/proxy/client/features')
+        .set('Authorization', 'sdf')
+        .expect(401);
+});
+
 test('Should return all feature toggles via POST', () => {
     const client = new MockClient([
         { name: 'a', enabled: true, impressionData: false },

diff --git a/src/unleash-proxy.ts b/src/unleash-proxy.ts
@@ -206,7 +206,7 @@ If you don't provide the \`toggles\` property, then this operation functions exa
                 tags: ['Server-side client'],
             }),
             this.readyMiddleware.bind(this),
-            this.clientTokenMiddleware.bind(this),
+            this.expServerSideTokenMiddleware.bind(this),
             this.unleashApi.bind(this),
         );
 
@@ -308,6 +308,19 @@ If you don't provide the \`toggles\` property, then this operation functions exa
         }
     }
 
+    private expServerSideTokenMiddleware(
+        req: Request,
+        res: Response,
+        next: NextFunction,
+    ) {
+        const apiToken = req.header(this.clientKeysHeaderName);
+        if (!apiToken || !this.serverSideTokens.includes(apiToken)) {
+            res.sendStatus(401);
+        } else {
+            next();
+        }
+    }
+
     async getAllToggles(
         req: Request,
         res: Response<FeaturesSchema | string>,