fix: remove subpath support for HD_BASE_URL

With this commit we drop the subpath support which results in the constraint that HedgeDoc must always run on the root of a domain. This makes a lot of things in testing, rendering and security much easier. Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2025-05-20 02:05:21 -04:00 · 2023-08-12 20:07:38 +02:00 · 2023-08-12 20:07:38 +02:00 · dccd58f0c1
commit dccd58f0c1
parent 7401791ec8
32 changed files with 111 additions and 116 deletions
--- a/frontend/src/api/common/api-request-builder/api-request-builder.ts
+++ b/frontend/src/api/common/api-request-builder/api-request-builder.ts
@ -27,7 +27,7 @@ export abstract class ApiRequestBuilder<ResponseType> {
   * @param baseUrl An optional base URL that is used for the endpoint
   */
  constructor(endpoint: string, baseUrl?: string) {
-    this.targetUrl = `${baseUrl ?? ''}api/private/${endpoint}`
+    this.targetUrl = `${baseUrl ?? '/'}api/private/${endpoint}`
  }

  protected async sendRequestAndVerifyResponse(httpMethod: RequestInit['method']): Promise<ApiResponse<ResponseType>> {
--- a/frontend/src/api/common/api-request-builder/delete-api-request-builder.spec.ts
+++ b/frontend/src/api/common/api-request-builder/delete-api-request-builder.spec.ts
@ -26,14 +26,14 @@ describe('DeleteApiRequestBuilder', () => {

  describe('sendRequest without body', () => {
    it('without headers', async () => {
-      expectFetch('api/private/test', 204, { method: 'DELETE' })
+      expectFetch('/api/private/test', 204, { method: 'DELETE' })
      await new DeleteApiRequestBuilder<string, undefined>('test').sendRequest()
    })

    it('with single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        headers: expectedHeaders
      })
@ -43,7 +43,7 @@ describe('DeleteApiRequestBuilder', () => {
    it('with overriding single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'false')
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        headers: expectedHeaders
      })
@ -57,7 +57,7 @@ describe('DeleteApiRequestBuilder', () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
      expectedHeaders.append('test2', 'false')
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        headers: expectedHeaders
      })
@ -72,7 +72,7 @@ describe('DeleteApiRequestBuilder', () => {
    const expectedHeaders = new Headers()
    expectedHeaders.append('Content-Type', 'application/json')

-    expectFetch('api/private/test', 204, {
+    expectFetch('/api/private/test', 204, {
      method: 'DELETE',
      headers: expectedHeaders,
      body: '{"test":true,"foo":"bar"}'
@ -86,7 +86,7 @@ describe('DeleteApiRequestBuilder', () => {
  })

  it('sendRequest with other body', async () => {
-    expectFetch('api/private/test', 204, {
+    expectFetch('/api/private/test', 204, {
      method: 'DELETE',
      body: 'HedgeDoc'
    })
@ -95,7 +95,7 @@ describe('DeleteApiRequestBuilder', () => {

  describe('sendRequest with custom options', () => {
    it('with one option', async () => {
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        cache: 'force-cache'
      })
@ -107,7 +107,7 @@ describe('DeleteApiRequestBuilder', () => {
    })

    it('overriding single option', async () => {
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        cache: 'no-store'
      })
@ -122,7 +122,7 @@ describe('DeleteApiRequestBuilder', () => {
    })

    it('with multiple options', async () => {
-      expectFetch('api/private/test', 204, {
+      expectFetch('/api/private/test', 204, {
        method: 'DELETE',
        cache: 'force-cache',
        integrity: 'test'
@ -138,13 +138,13 @@ describe('DeleteApiRequestBuilder', () => {

  describe('failing sendRequest', () => {
    it('without backend provided error name or error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'DELETE' })
+      expectFetch('/api/private/test', 400, { method: 'DELETE' })
      const request = new DeleteApiRequestBuilder<string>('test').sendRequest()
      await expect(request).rejects.toEqual(new ApiError(400, undefined, undefined))
    })

    it('with backend error name and error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'DELETE' }, {
+      expectFetch('/api/private/test', 400, { method: 'DELETE' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
@ -153,7 +153,7 @@ describe('DeleteApiRequestBuilder', () => {
    })

    it('with another status code than 400', async () => {
-      expectFetch('api/private/test', 401, { method: 'DELETE' }, {
+      expectFetch('/api/private/test', 401, { method: 'DELETE' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
--- a/frontend/src/api/common/api-request-builder/get-api-request-builder.spec.ts
+++ b/frontend/src/api/common/api-request-builder/get-api-request-builder.spec.ts
@ -26,14 +26,14 @@ describe('GetApiRequestBuilder', () => {

  describe('sendRequest', () => {
    it('without headers', async () => {
-      expectFetch('api/private/test', 200, { method: 'GET' })
+      expectFetch('/api/private/test', 200, { method: 'GET' })
      await new GetApiRequestBuilder<string>('test').sendRequest()
    })

    it('with single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        headers: expectedHeaders
      })
@ -43,7 +43,7 @@ describe('GetApiRequestBuilder', () => {
    it('with overriding single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'false')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        headers: expectedHeaders
      })
@ -57,7 +57,7 @@ describe('GetApiRequestBuilder', () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
      expectedHeaders.append('test2', 'false')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        headers: expectedHeaders
      })
@ -70,7 +70,7 @@ describe('GetApiRequestBuilder', () => {

  describe('sendRequest with custom options', () => {
    it('with one option', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        cache: 'force-cache'
      })
@ -82,7 +82,7 @@ describe('GetApiRequestBuilder', () => {
    })

    it('overriding single option', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        cache: 'no-store'
      })
@ -97,7 +97,7 @@ describe('GetApiRequestBuilder', () => {
    })

    it('with multiple options', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'GET',
        cache: 'force-cache',
        integrity: 'test'
@ -113,13 +113,13 @@ describe('GetApiRequestBuilder', () => {

  describe('failing sendRequest', () => {
    it('without backend provided error name or error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'GET' })
+      expectFetch('/api/private/test', 400, { method: 'GET' })
      const request = new GetApiRequestBuilder<string>('test').sendRequest()
      await expect(request).rejects.toEqual(new ApiError(400, undefined, undefined))
    })

    it('with backend error name and error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'GET' }, {
+      expectFetch('/api/private/test', 400, { method: 'GET' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
@ -128,7 +128,7 @@ describe('GetApiRequestBuilder', () => {
    })

    it('with another status code than 400', async () => {
-      expectFetch('api/private/test', 401, { method: 'GET' }, {
+      expectFetch('/api/private/test', 401, { method: 'GET' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
--- a/frontend/src/api/common/api-request-builder/post-api-request-builder.spec.ts
+++ b/frontend/src/api/common/api-request-builder/post-api-request-builder.spec.ts
@ -26,14 +26,14 @@ describe('PostApiRequestBuilder', () => {

  describe('sendRequest without body', () => {
    it('without headers', async () => {
-      expectFetch('api/private/test', 201, { method: 'POST' })
+      expectFetch('/api/private/test', 201, { method: 'POST' })
      await new PostApiRequestBuilder<string, undefined>('test').sendRequest()
    })

    it('with single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        headers: expectedHeaders
      })
@ -43,7 +43,7 @@ describe('PostApiRequestBuilder', () => {
    it('with overriding single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'false')
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        headers: expectedHeaders
      })
@ -57,7 +57,7 @@ describe('PostApiRequestBuilder', () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
      expectedHeaders.append('test2', 'false')
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        headers: expectedHeaders
      })
@ -72,7 +72,7 @@ describe('PostApiRequestBuilder', () => {
    const expectedHeaders = new Headers()
    expectedHeaders.append('Content-Type', 'application/json')

-    expectFetch('api/private/test', 201, {
+    expectFetch('/api/private/test', 201, {
      method: 'POST',
      headers: expectedHeaders,
      body: '{"test":true,"foo":"bar"}'
@ -86,7 +86,7 @@ describe('PostApiRequestBuilder', () => {
  })

  it('sendRequest with other body', async () => {
-    expectFetch('api/private/test', 201, {
+    expectFetch('/api/private/test', 201, {
      method: 'POST',
      body: 'HedgeDoc'
    })
@ -95,7 +95,7 @@ describe('PostApiRequestBuilder', () => {

  describe('sendRequest with custom options', () => {
    it('with one option', async () => {
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        cache: 'force-cache'
      })
@ -107,7 +107,7 @@ describe('PostApiRequestBuilder', () => {
    })

    it('overriding single option', async () => {
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        cache: 'no-store'
      })
@ -122,7 +122,7 @@ describe('PostApiRequestBuilder', () => {
    })

    it('with multiple options', async () => {
-      expectFetch('api/private/test', 201, {
+      expectFetch('/api/private/test', 201, {
        method: 'POST',
        cache: 'force-cache',
        integrity: 'test'
@ -138,13 +138,13 @@ describe('PostApiRequestBuilder', () => {

  describe('failing sendRequest', () => {
    it('without backend provided error name or error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'POST' })
+      expectFetch('/api/private/test', 400, { method: 'POST' })
      const request = new PostApiRequestBuilder<string, string>('test').sendRequest()
      await expect(request).rejects.toEqual(new ApiError(400, undefined, undefined))
    })

    it('with backend error name and error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'POST' }, {
+      expectFetch('/api/private/test', 400, { method: 'POST' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
@ -153,7 +153,7 @@ describe('PostApiRequestBuilder', () => {
    })

    it('with another status code than 400', async () => {
-      expectFetch('api/private/test', 401, { method: 'POST' }, {
+      expectFetch('/api/private/test', 401, { method: 'POST' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
--- a/frontend/src/api/common/api-request-builder/put-api-request-builder.spec.ts
+++ b/frontend/src/api/common/api-request-builder/put-api-request-builder.spec.ts
@ -26,14 +26,14 @@ describe('PutApiRequestBuilder', () => {

  describe('sendRequest without body', () => {
    it('without headers', async () => {
-      expectFetch('api/private/test', 200, { method: 'PUT' })
+      expectFetch('/api/private/test', 200, { method: 'PUT' })
      await new PutApiRequestBuilder<string, undefined>('test').sendRequest()
    })

    it('with single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        headers: expectedHeaders
      })
@ -43,7 +43,7 @@ describe('PutApiRequestBuilder', () => {
    it('with overriding single header', async () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'false')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        headers: expectedHeaders
      })
@ -57,7 +57,7 @@ describe('PutApiRequestBuilder', () => {
      const expectedHeaders = new Headers()
      expectedHeaders.append('test', 'true')
      expectedHeaders.append('test2', 'false')
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        headers: expectedHeaders
      })
@ -72,7 +72,7 @@ describe('PutApiRequestBuilder', () => {
    const expectedHeaders = new Headers()
    expectedHeaders.append('Content-Type', 'application/json')

-    expectFetch('api/private/test', 200, {
+    expectFetch('/api/private/test', 200, {
      method: 'PUT',
      headers: expectedHeaders,
      body: '{"test":true,"foo":"bar"}'
@ -86,7 +86,7 @@ describe('PutApiRequestBuilder', () => {
  })

  it('sendRequest with other body', async () => {
-    expectFetch('api/private/test', 200, {
+    expectFetch('/api/private/test', 200, {
      method: 'PUT',
      body: 'HedgeDoc'
    })
@ -95,7 +95,7 @@ describe('PutApiRequestBuilder', () => {

  describe('sendRequest with custom options', () => {
    it('with one option', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        cache: 'force-cache'
      })
@ -107,7 +107,7 @@ describe('PutApiRequestBuilder', () => {
    })

    it('overriding single option', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        cache: 'no-store'
      })
@ -122,7 +122,7 @@ describe('PutApiRequestBuilder', () => {
    })

    it('with multiple options', async () => {
-      expectFetch('api/private/test', 200, {
+      expectFetch('/api/private/test', 200, {
        method: 'PUT',
        cache: 'force-cache',
        integrity: 'test'
@ -138,13 +138,13 @@ describe('PutApiRequestBuilder', () => {

  describe('failing sendRequest', () => {
    it('without backend provided error name or error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'PUT' })
+      expectFetch('/api/private/test', 400, { method: 'PUT' })
      const request = new PutApiRequestBuilder<string, undefined>('test').sendRequest()
      await expect(request).rejects.toEqual(new ApiError(400, undefined, undefined))
    })

    it('with backend error name and error message', async () => {
-      expectFetch('api/private/test', 400, { method: 'PUT' }, {
+      expectFetch('/api/private/test', 400, { method: 'PUT' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)
@ -153,7 +153,7 @@ describe('PutApiRequestBuilder', () => {
    })

    it('with another status code than 400', async () => {
-      expectFetch('api/private/test', 401, { method: 'PUT' }, {
+      expectFetch('/api/private/test', 401, { method: 'PUT' }, {
        message: 'The API has exploded!',
        name: 'testExplosion'
      } as ApiErrorResponse)