fix: fix isAdminRoute helper

dziraf · dziraf · commit 561c2256b84a · 2022-02-21T11:53:00.000+01:00
diff --git a/src/authentication/protected-routes.handler.ts b/src/authentication/protected-routes.handler.ts
@@ -7,16 +7,16 @@ export const withProtectedRoutesHandler = (
   router: Router,
   admin: AdminJS
 ): void => {
-  const { rootPath } = admin.options;
+  const { rootPath, loginPath, logoutPath } = admin.options;
 
   router.use((req, res, next) => {
     if (isAdminAsset(req.originalUrl)) {
       next();
     } else if (
       req.session.adminUser ||
       // these routes doesn't need authentication
-      req.originalUrl.startsWith(admin.options.loginPath) ||
-      req.originalUrl.startsWith(admin.options.logoutPath)
+      req.originalUrl.startsWith(loginPath) ||
+      req.originalUrl.startsWith(logoutPath)
     ) {
       next();
     } else if (isAdminRoute(req.originalUrl, rootPath)) {
@@ -30,23 +30,32 @@ export const withProtectedRoutesHandler = (
         if (err) {
           next(err);
         }
-        res.redirect(admin.options.loginPath);
+        res.redirect(loginPath);
       });
     } else {
       next();
     }
   });
 };
 
-export const isAdminRoute = (url: string, adminRootUrl: string): boolean => {
+export const isAdminRoute = (url: string, adminRootPath: string): boolean => {
   const adminRoutes = AdminRouter.routes
     .map((route) => convertToExpressRoute(route.path))
     .filter((route) => route !== "");
-  const isAdminRootUrl = url === adminRootUrl;
+
+  let urlWithoutRootPath = url;
+  if (adminRootPath !== '/') {
+    urlWithoutRootPath = url.replace(adminRootPath, '');
+    if (!urlWithoutRootPath.startsWith('/')) {
+      urlWithoutRootPath = `/${urlWithoutRootPath}`
+    }
+  }
+
+  const isAdminRootUrl = url === adminRootPath || urlWithoutRootPath === '/';
 
   return (
     isAdminRootUrl ||
-    !!adminRoutes.find((route) => pathToRegexp(route).test(url))
+    !!adminRoutes.find((route) => pathToRegexp(route).test(urlWithoutRootPath))
   );
 };
 
diff --git a/test/protected-routes.test.ts b/test/protected-routes.test.ts
@@ -2,7 +2,7 @@ import { isAdminRoute } from "../src/authentication/protected-routes.handler";
 
 describe("Protected routes", () => {
   describe("#isAdminRoute", () => {
-    it("should detect admin routes", () => {
+    it("should detect admin routes when root path is /", () => {
       const adminRoutes = [
         "/",
         "/resources/someResource",
@@ -29,6 +29,33 @@ describe("Protected routes", () => {
       });
     });
 
+    it("should detect admin routes when root path is not /", () => {
+      const adminRoutes = [
+        "/admin",
+        "/admin/resources/someResource",
+        "/admin/api/resources/someResource/search/searchQuery",
+        "/admin/resources/someResource/actions/someAction",
+        "/admin/api/resources/someResource/actions/someAction",
+        "/admin/api/resources/someResource/actions/someAction/searchQuery",
+        "/admin/api/resources/someResource/actions/someAction",
+        "/admin/resources/someResource/records/someRecordId/someAction",
+        "/admin/api/resources/someResource/records/someRecordId/someAction",
+        "/admin/api/resources/someResource/records/someRecordId/someAction",
+        "/admin/resources/someResource/bulk/someAction",
+        "/admin/api/resources/someResource/bulk/someAction",
+        "/admin/api/resources/someResource/bulk/someAction",
+        "/admin/api/resources/someResource/search/",
+        "/admin/api/dashboard",
+        "/admin/pages/somePage",
+        "/admin/api/pages/somePage",
+        "/admin/api/pages/somePage",
+      ];
+
+      adminRoutes.forEach((route) => {
+        expect(isAdminRoute(route, "/admin")).toBeTruthy();
+      });
+    });
+
     it("should detect non-admin routes", () => {
       expect(isAdminRoute("/api/my-endpoint", "/")).toBeFalsy();
     });
