Skip to content

Commit

Permalink
Merge pull request #1135 from greaterweb/fix/issue-1134
Browse files Browse the repository at this point in the history 
ability to disalbe /models /routes routes
  • Loading branch information
@bajtos
bajtos committed Mar 3, 2015
2 parents baf372b + 1818a8f commit 774c709
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 4 deletions.
16 changes: 12 additions & 4 deletions server/middleware/rest.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

var loopback = require('../../lib/loopback');
var async = require('async');
var deprecate = require('depd')('loopback');

/*!
* Export the middleware.
Expand All @@ -28,10 +29,17 @@ function rest() {
return function restApiHandler(req, res, next) {
var app = req.app;

if (req.url === '/routes') {
return res.send(app.handler('rest').adapter.allRoutes());
} else if (req.url === '/models') {
return res.send(app.remotes().toJSON());
// added for https://github.com/strongloop/loopback/issues/1134
if (app.get('legacyExplorer') !== false) {
deprecate(
'Routes "/methods" and "/models" are considered dangerous and should not be used.\n' +
'Disable them by setting "legacyExplorer=false" in "server/config.json" or via "app.set()".'
);
if (req.url === '/routes') {
return res.send(app.handler('rest').adapter.allRoutes());
} else if (req.url === '/models') {
return res.send(app.remotes().toJSON());
}
}

if (!handlers) {
Expand Down
38 changes: 38 additions & 0 deletions test/rest.middleware.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,44 @@ describe('loopback.rest', function() {
}, done);
});

it('should report 200 for legacy explorer route /routes', function(done) {
app.use(loopback.rest());
request(app).get('/routes')
.expect(200)
.end(function(err, res) {
if (err) return done(err);
expect(res.body).to.eql([]);
done();
});
});

it('should report 200 for legacy explorer route /models', function(done) {
app.use(loopback.rest());
request(app).get('/models')
.expect(200)
.end(function(err, res) {
if (err) return done(err);
expect(res.body).to.eql({});
done();
});
});

it('should report 404 for disabled legacy explorer route /routes', function(done) {
app.set('legacyExplorer', false);
app.use(loopback.rest());
request(app).get('/routes')
.expect(404)
.end(done);
});

it('should report 404 for disabled legacy explorer route /models', function(done) {
app.set('legacyExplorer', false);
app.use(loopback.rest());
request(app).get('/models')
.expect(404)
.end(done);
});

describe('context propagation', function() {
var User;

Expand Down

0 comments on commit 774c709

Please sign in to comment.