diff --git a/cspell.config.json b/cspell.config.json index 1fa1ba6873..69c2c43ca8 100644 --- a/cspell.config.json +++ b/cspell.config.json @@ -13,9 +13,12 @@ "armv", "ashishtank", "autoplay", + "avghumidity", + "avgtemp", "Autorestart", "beada", "Behaviour", + "Beschreibung", "Binney", "bluemanos", "bnitkin", @@ -111,6 +114,7 @@ "flopp", "fontawesome", "fontface", + "forecastday", "forecastweather", "fortawesome", "frameguard", @@ -186,14 +190,18 @@ "luxon", "lxsession", "magicmirror", + "mapbox", "martingron", "marvai", "mastermerge", "matchtype", "maxentries", + "maxtemp", + "maxwind", "Meteo", "michaelteeuw", "michmich", + "mintemp", "Midori", "mirontoli", "MISSINGLANG", @@ -212,7 +220,9 @@ "NEWSFEED", "newsfeedfetcher", "newsfetcher", + "newyear", "newsitems", + "nextdaysrelative", "nfogal", "njwilliams", "nonrepeating", @@ -239,8 +249,10 @@ "pmin", "Português", "PRECIP", + "precips", "Problema", "psieg", + "ptype", "pubdate", "radokristof", "rajniszp", @@ -255,12 +267,14 @@ "Rosso", "Rothfusz", "rrule", + "sameorigin", "savvadam", "sdetweil", "searchstr", "sendheaders", "serveronly", "sexualized", + "showend", "Sitecode", "skpanagiotis", "SMHI", @@ -295,8 +309,11 @@ "timeformat", "titlereplacestr", "titlesearchstr", + "TOCTOU", "todaytemp", "tomzt", + "totalprecip", + "totalsnow", "trunc", "ttlms", "ukmetoffice", @@ -317,6 +334,7 @@ "Vorberechnung", "vppencilsharpener", "Wallys", + "weatherapi", "Weatherbit", "weathercode", "WEATHERDATA", @@ -336,6 +354,7 @@ "Woolridge", "worktree", "Wsymb", + "xhvw", "xlarge", "xmark", "xrandr", diff --git a/js/server_functions.js b/js/server_functions.js index 9650257c27..bdc759c64e 100644 --- a/js/server_functions.js +++ b/js/server_functions.js @@ -22,9 +22,14 @@ function getStartup (req, res) { * @returns {string} the input with real variable content */ function replaceSecretPlaceholder (input) { - return input.replaceAll(/\*\*(SECRET_[^*]+)\*\*/g, (match, group) => { - return process.env[group]; - }); + if (global.config.cors === "allowWhitelist") { + return input.replaceAll(/\*\*(SECRET_[^*]+)\*\*/g, (match, group) => { + return process.env[group]; + }); + } else { + Log.error("Replacing secrets works only with CORS and `allowWhitelist`, you need to set this in `config.js`, set `cors: allowWhitelist`"); + return input; + } } /** diff --git a/tests/unit/functions/server_functions_spec.js b/tests/unit/functions/server_functions_spec.js index 779daaf08e..8c38cf9f0a 100644 --- a/tests/unit/functions/server_functions_spec.js +++ b/tests/unit/functions/server_functions_spec.js @@ -8,7 +8,11 @@ const undici = require("undici"); const { cors, getUserAgent, replaceSecretPlaceholder } = require("#server_functions"); describe("server_functions tests", () => { - describe("The replaceSecretPlaceholder method", () => { + describe("The replaceSecretPlaceholder method with cors=allowWhitelist", () => { + beforeEach(() => { + global.config = { cors: "allowWhitelist" }; + }); + it("Calls string without secret placeholder", () => { const teststring = "test string without secret placeholder"; const result = replaceSecretPlaceholder(teststring); @@ -25,6 +29,24 @@ describe("server_functions tests", () => { }); }); + describe("The replaceSecretPlaceholder method with cors=allowAll", () => { + beforeEach(() => { + global.config = { cors: "allowAll" }; + }); + + it("Calls string without secret placeholder", () => { + const teststring = "test string without secret placeholder"; + const result = replaceSecretPlaceholder(teststring); + expect(result).toBe(teststring); + }); + + it("Calls string with 2 secret placeholders", () => { + const teststring = "test string with secret1=**SECRET_ONE** and secret2=**SECRET_TWO**"; + const result = replaceSecretPlaceholder(teststring); + expect(result).toBe(teststring); + }); + }); + describe("The cors method", () => { let fetchSpy; let fetchResponseHeadersGet;