bake file: recipe must be file, add more test cases

Author: d98762625

app.js

@@ -16,17 +16,17 @@ const app = express();
 app.disable("x-powered-by");
 
 
-if (process.env.NODE_ENV === "production" || process.env.TEST_LOGGING) {
+if (process.env.DEBUG) {
     app.use(pino({
-        level: "warn",
-        prettyPrint: true,
+        level: "debug",
+        prettyPrint: true
     }));
-    app.use(helmet());
 } else {
     app.use(pino({
-        level: "debug",
-        prettyPrint: true
+        level: "warn",
+        prettyPrint: true,
     }));
+    app.use(helmet());
 }
 
 app.use(express.json());

package.json

@@ -26,8 +26,8 @@
   "scripts": {
     "nodemon": "nodemon",
     "start": "DEBUG=cyberchef-server:server node -r esm ./bin/www",
-    "test": "TEST_LOGGING=true mocha -r esm",
-    "prod": "NODE_ENV=production node -r esm ./bin/www",
+    "test": "mocha -r esm",
+    "prod": "node -r esm ./bin/www",
     "lint": "./node_modules/.bin/eslint --fix .",
     "lint-test": "./node_modules/.bin/eslint ."
   },

routes/bake.js

@@ -1,7 +1,14 @@
+import fs from "fs";
+import { promisify } from "util";
+
 import { Router } from "express";
 import formidable from "formidable";
-const router = Router();
+
 import { bake, Dish } from "cyberchef/src/node/index.mjs";
+import { type } from "os";
+
+const router = Router();
+const readFile = promisify(fs.readFile);
 
 /**
  * bakePost
@@ -16,54 +23,65 @@ router.post("/", async function bakePost(req, res, next) {
 
 async function bakeMultipartForm(req, res, next) {
     const form = formidable();
+    form.parse(req, async (err, fields, files) => {
+        try {
 
-    try {
-
-        form.parse(req, async (err, fields, files) => {
-
-            // req.log.warn(`Recipe: ${fields.recipe}`);
-            // req.log.warn(`Input: ${files.input}`);
-            // req.log.warn(`Other input: ${fields.input}`);
             if (err) {
                 throw err;
             }
 
-            if (!('recipe' in fields)) {
-                throw new Error("Could not find required 'recipe' field in multipart form data");
+            if (!('recipe' in files)) {
+                throw new TypeError("Could not find required 'recipe' attachment in multipart form data");
+            }
+
+            let recipe;
+            try {
+                const fileContents = await readFile(files.recipe.path);
+                recipe = JSON.parse(fileContents);
+            } catch (e) {
+                throw new TypeError(`Could not parse recipe file: ${e}`);
             }
 
             let dish;
 
-            // Case: data is in files.input
             if('input' in files) {
-                // read the contents of the file and use it as an input
-                res.json({ fields, files });
-            } else if ('input' in fields) {
+                const input = await readFile(files.input.path)
+                dish = await bake(input, recipe);
 
-                dish = await bake(fields.input, fields.recipe);
+            } else if ('input' in fields) {
+                dish = await bake(fields.input, recipe);
 
             } else {
-                throw new Error("Could not find 'input' field in multipart form data.");
-            }
-
-            // Attempt to translate to another type. Any translation errors
-            // propagate through to the errorHandler.
-            if ('outputType' in fields) {
-                dish.get(req.body.outputType);
+                throw new TypeError("Could not find 'input' field in multipart form data.");
             }
 
             if (dish) {
+
+                if ('outputType' in fields) {
+                    // dish.get takes a typeEnum
+                    let typeEnum = parseInt(fields.outputType);
+                    if (isNaN(typeEnum)) {
+                        typeEnum = Dish.typeEnum(fields.outputType)
+                    }
+                    dish.get(typeEnum);
+
+                    // Browser should handle files as a download
+                    if (typeEnum === Dish.FILE) {
+                        res.set("Content-Disposition", "attachment");
+                    }
+                }
+
                 res.send({
                     value: dish.value,
                     type: Dish.enumLookup(dish.type),
                 });
             }
 
-        });
+        } catch (e) {
+            next(e);
+        }
 
-    } catch (e) {
-        next(e);
-    }
+    });
 }
 
 async function bakeBody(req, res, next) {

test/bake.js

@@ -1,6 +1,11 @@
+import assert from "assert";
+
 import request from "supertest";
+
 import app from "../app";
 
+let testDataPath = "test/test_data"
+
 
 describe("GET /bake", function() {
     it("doesnt exist", function(done) {
@@ -210,26 +215,64 @@ describe("POST /bake", function() {
 });
 
 describe("POST /bake files", function () {
-    it("should take input as a multipart file upload", (done) => {
+    it("should complain if you do not send a recipe with your input", (done) => {
         request(app)
             .post("/bake")
-            .field("recipe", "from hex")
-            .attach("input", "test/test-hex-input.txt")
-            .expect(200, done);
+            .attach("input", `${testDataPath}/hex_input.txt`)
+            .expect(400, done);
+    });
+
+    it("should complain if it cannot find input field in form", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_single_op.json`)
+            .expect(400, done);
+    });
+
+    it("should complain if it cannot find a matching operation - single op recipe - input field", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_single_op_invalid.json`)
+            .field("input", "testing - one, two, three")
+            .expect(400, done);
+    });
+
+    it("should complain if it cannot find a matching operation - multi-op recipe - input field", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_multi_op_invalid.json`)
+            .field("input", "testing - one, two, three")
+            .expect(400, done);
+    });
+
+    it("should complain if the recipe file is not valid JSON", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_invalid_json.json`)
+            .field("input", "testing - one, two, three")
+            .expect(400, done);
     });
 
     it("should take input as a multipart field", (done) => {
         request(app)
             .post("/bake")
-            .field("recipe", "to morse code")
+            .attach("recipe", `${testDataPath}/recipe_single_op.json`)
             .field("input", "The crowds stared around wildly")
             .expect(200, done);
     });
 
-    it("should perform a simple recipe with input as a form field", (done) => {
+    it("should take input as a multipart file upload", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_single_op.json`)
+            .attach("input", `${testDataPath}/hex_input.txt`)
+            .expect(200, done);
+    });
+
+    it("should perform a simple recipe with input as a field", (done) => {
         request(app)
             .post("/bake")
-            .field("recipe", "to morse code")
+            .attach("recipe", `${testDataPath}/recipe_to_morse.json`)
             .field("input", "The crowds stared around wildly")
             .expect(200)
             .expect({
@@ -240,5 +283,112 @@ describe("POST /bake files", function () {
 .-- .. .-.. -.. .-.. -.--`,
                 type: "string",
             }, done);
-    })
+    });
+
+    it("should perform a simple recipe with input as a file", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_to_morse.json`)
+            .attach("input", `${testDataPath}/text_input.txt`)
+            .expect(200)
+            .expect({
+                value: `- .... .
+-.-. .-. --- .-- -.. ...
+... - .- .-. . -..
+.- .-. --- ..- -. -..
+.-- .. .-.. -.. .-.. -.--`,
+                type: "string",
+            }, done);
+    });
+
+    it("should bake a multi-op recipe with arguments", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_multi_op_with_args.json`)
+            .field("input", "some input")
+            .expect(200)
+            .expect({
+                value: "begin_something_anananaaaaak_da_aaak_da_aaaaananaaaaaaan_da_aaaaaaanan_da_aaak_end_something",
+                type: "string",
+            }, done);
+    });
+
+    it("should handle image files as input", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_detect_file_type.json`)
+            .attach("input", `${testDataPath}/chef.png`)
+            .expect(200)
+            .expect({
+                type: "string",
+                value: `File type:   Portable Network Graphics image
+Extension:   png
+MIME type:   image/png
+`
+            }, done);
+    });
+
+    it("should optionally transform the output to outputType", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_take_bytes.json`)
+            .attach("input", `${testDataPath}/text_input.txt`)
+            .field("outputType", "string")
+            .expect(200)
+            .expect({
+                type: "string",
+                value: "The c"
+            }, done);
+    });
+
+    it("should optionally transform the output to outputType, when outputType is an enum", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_take_bytes.json`)
+            .attach("input", `${testDataPath}/text_input.txt`)
+            .field("outputType", 1)
+            .expect(200)
+            .expect({
+                type: "string",
+                value: "The c"
+            }, done);
+    });
+
+    it("should set content-disposition header if File outputType is requested", (done) => {
+        request(app)
+            .post("/bake")
+            .attach("recipe", `${testDataPath}/recipe_take_bytes.json`)
+            .attach("input", `${testDataPath}/text_input.txt`)
+            .field("outputType", "file")
+            .expect(200)
+            .expect("Content-Disposition", "attachment")
+            .end((err, res) => {
+                if (err) return done(err);
+                assert.deepEqual(res.body.type, "File");
+                assert.deepEqual(res.body.value.name, "unknown");
+                assert.deepEqual(res.body.value.data.data, [84, 104, 101, 32, 99]);
+                return done();
+            });
+        //     /**
+        //      * Not sure this is how we want to present this. Need to validate with
+        //      * web page response.
+        //      */
+        //     type: "File",
+        //     value: {
+        //             data: {
+        //               data: [
+        //                 84,
+        //                 104,
+        //                 101,
+        //                 32,
+        //                 99,
+        //               ],
+        //               type: "Buffer"
+        //             },
+        //             lastModified: 1593784118511,
+        //             name: "unknown",
+        //             type: "application/unknown",
+        //           }
+    });
+
 });

test/test_data/chef.png

@@ -0,0 +1,3 @@
+[
+  "detect file type"
+]

test/test-hex-input.txt renamed to test/test_data/hex_input.txt

@@ -0,0 +1 @@
+{ 1234567

test/test_data/recipe_detect_file_type.json

@@ -0,0 +1,4 @@
+[
+  "to hex",
+  "not a valid operation"
+]

test/test_data/recipe_invalid_json.json

@@ -0,0 +1,22 @@
+[
+  {
+    "op": "To Morse Code",
+    "args": [
+      "Dash/Dot",
+      "Backslash",
+      "Comma"
+    ]
+  },
+  {
+    "op": "Hex to PEM",
+    "args": [
+      "SOMETHING"
+    ]
+  },
+  {
+    "op": "To Snake case",
+    "args": [
+      false
+    ]
+  }
+]