[BREAK] Remove patch info from endpoint /api/info for non-logged in users (#16050)

Co-authored-by: Diego Sampaio <chinello@gmail.com>
5 years ago · 6a6313aa51
parent 713f801358
commit 6a6313aa51
3 changed files with 51 additions and 19 deletions
--- a/app/api/server/default/info.js
+++ b/app/api/server/default/info.js
@ -1,20 +1,11 @@
-import { hasRole } from '../../../authorization';
-import { Info } from '../../../utils';
 import { API } from '../api';
+import { getServerInfo } from '../lib/getServerInfo';

 API.default.addRoute('info', { authRequired: false }, {
 	get() {
 		const user = this.getLoggedInUser();

-		if (user && hasRole(user._id, 'admin')) {
-			return API.v1.success({
-				info: Info,
-			});
-		}
-
-		return API.v1.success({
-			version: Info.version,
-		});
+		return API.v1.success(Promise.await(getServerInfo(user?._id)));
 	},
 });

--- a/app/api/server/lib/getServerInfo.ts
+++ b/app/api/server/lib/getServerInfo.ts
@ -0,0 +1,22 @@
+
+import { Info } from '../../../utils/server';
+import { hasRoleAsync } from '../../../authorization/server/functions/hasRole';
+
+type ServerInfo = {
+	info: Info;
+} | {
+	version: string | undefined;
+};
+
+const removePatchInfo = (version: string): string => version.replace(/(\d+\.\d+).*/, '$1');
+
+export async function getServerInfo(userId?: string): Promise<ServerInfo> {
+	if (await hasRoleAsync(userId, 'admin')) {
+		return {
+			info: Info,
+		};
+	}
+	return {
+		version: removePatchInfo(Info.version),
+	};
+}
--- a/tests/end-to-end/api/00-miscellaneous.js
+++ b/tests/end-to-end/api/00-miscellaneous.js
@ -12,14 +12,33 @@ describe('miscellaneous', function() {

 	describe('API default', () => {
 		// Required by mobile apps
-		it('/info', (done) => {
-			request.get('/api/info')
-				.expect('Content-Type', 'application/json')
-				.expect(200)
-				.expect((res) => {
-					expect(res.body).to.have.property('version');
-				})
-				.end(done);
+		describe('/info', () => {
+			let version;
+			it('should return "version", "build", "commit" and "marketplaceApiVersion" when the user is logged in', (done) => {
+				request.get('/api/info')
+					.set(credentials)
+					.expect('Content-Type', 'application/json')
+					.expect(200)
+					.expect((res) => {
+						expect(res.body.info).to.have.property('version').and.to.be.a('string');
+						expect(res.body.info).to.have.property('build').and.to.be.an('object');
+						expect(res.body.info).to.have.property('commit').and.to.be.an('object');
+						expect(res.body.info).to.have.property('marketplaceApiVersion').and.to.be.a('string');
+						version = res.body.info.version;
+					})
+					.end(done);
+			});
+			it('should return only "version" and the version should not have patch info when the user is not logged in', (done) => {
+				request.get('/api/info')
+					.expect('Content-Type', 'application/json')
+					.expect(200)
+					.expect((res) => {
+						expect(res.body).to.have.property('version');
+						expect(res.body).to.not.have.property('info');
+						expect(res.body.version).to.be.equal(version.replace(/(\d+\.\d+).*/, '$1'));
+					})
+					.end(done);
+			});
 		});
 	});