Separate generic forbidden requests from those intentionally blocked

wKovacs64 · Jan 20, 2019 · cd74e40 · cd74e40
1 parent 15e02f9
commit cd74e40
Show file tree

Hide file tree

Showing 12 changed files with 47 additions and 5 deletions.
diff --git a/src/breach.test.ts b/src/breach.test.ts
@@ -14,6 +14,7 @@ describe('breach', () => {
 
     beforeAll(() => {
       mockAxios.get.mockResolvedValue({
+        headers: {},
         status: OK.status,
         data,
       });

diff --git a/src/breachedAccount.test.ts b/src/breachedAccount.test.ts
@@ -11,6 +11,7 @@ describe('breachedAccount', () => {
 
     beforeAll(() => {
       mockAxios.get.mockResolvedValue({
+        headers: {},
         status: OK.status,
         data,
       });

diff --git a/src/breaches.test.ts b/src/breaches.test.ts
@@ -9,6 +9,7 @@ describe('breaches', () => {
 
   beforeAll(() => {
     mockAxios.get.mockResolvedValue({
+      headers: {},
       status: OK.status,
       data,
     });

diff --git a/src/dataClasses.test.ts b/src/dataClasses.test.ts
@@ -9,6 +9,7 @@ describe('dataClasses', () => {
 
   beforeAll(() => {
     mockAxios.get.mockResolvedValue({
+      headers: {},
       status: OK.status,
       data,
     });

diff --git a/src/internal/haveibeenpwned/__snapshots__/fetchFromApi.test.ts.snap b/src/internal/haveibeenpwned/__snapshots__/fetchFromApi.test.ts.snap
@@ -1,6 +1,8 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`internal (haveibeenpwned): fetchFromApi blocked request throws a "Forbidden" error 1`] = `[Error: Forbidden - access denied.]`;
+exports[`internal (haveibeenpwned): fetchFromApi forbidden request throws a "Blocked Request" error if a cf-ray header is present 1`] = `[Error: Request blocked, contact haveibeenpwned.com if this continues (Ray ID: someRayId)]`;
+
+exports[`internal (haveibeenpwned): fetchFromApi forbidden request throws a "Forbidden" error if no cf-ray header is present 1`] = `[Error: Forbidden - access denied.]`;
 
 exports[`internal (haveibeenpwned): fetchFromApi invalid account format throws a "Bad Request" error 1`] = `[Error: Bad request — the account does not comply with an acceptable format.]`;
 

diff --git a/src/internal/haveibeenpwned/fetchFromApi.test.ts b/src/internal/haveibeenpwned/fetchFromApi.test.ts
@@ -1,7 +1,12 @@
 import AxiosError from 'AxiosError';
 import breachedAccount from 'breachedAccount';
 import dataClasses from 'dataClasses';
-import { BAD_REQUEST, FORBIDDEN, TOO_MANY_REQUESTS } from './responses';
+import {
+  BAD_REQUEST,
+  FORBIDDEN,
+  BLOCKED,
+  TOO_MANY_REQUESTS,
+} from './responses';
 import axios from './axiosInstance';
 
 const mockAxios = axios as jest.Mocked<typeof axios>;
@@ -22,11 +27,16 @@ describe('internal (haveibeenpwned): fetchFromApi', () => {
     });
   });
 
-  describe('blocked request', () => {
-    it('throws a "Forbidden" error', () => {
+  describe('forbidden request', () => {
+    it('throws a "Forbidden" error if no cf-ray header is present', () => {
       mockAxios.get.mockRejectedValueOnce(new AxiosError(FORBIDDEN));
       expect(breachedAccount('forbidden')).rejects.toMatchSnapshot();
     });
+
+    it('throws a "Blocked Request" error if a cf-ray header is present', () => {
+      mockAxios.get.mockRejectedValueOnce(new AxiosError(BLOCKED));
+      expect(breachedAccount('blocked')).rejects.toMatchSnapshot();
+    });
   });
 
   describe('rate limited', () => {

diff --git a/src/internal/haveibeenpwned/fetchFromApi.ts b/src/internal/haveibeenpwned/fetchFromApi.ts
@@ -14,6 +14,9 @@ export type ApiData =
   | string[] // dataclasses
   | null; // most endpoints can return an empty response
 
+const blockedWithRayId = (rayId: string): string =>
+  `Request blocked, contact haveibeenpwned.com if this continues (Ray ID: ${rayId})`;
+
 /**
  * Fetches data from the supplied API endpoint.
  *
@@ -38,8 +41,14 @@ export default (endpoint: string): Promise<ApiData> =>
         switch (err.response.status) {
           case BAD_REQUEST.status:
             throw new Error(BAD_REQUEST.statusText);
-          case FORBIDDEN.status:
+          case FORBIDDEN.status: {
+            const rayId =
+              err.response.headers && err.response.headers['cf-ray'];
+            if (rayId) {
+              throw new Error(blockedWithRayId(rayId));
+            }
             throw new Error(FORBIDDEN.statusText);
+          }
           case NOT_FOUND.status:
             return null;
           case TOO_MANY_REQUESTS.status:

diff --git a/src/internal/haveibeenpwned/responses.ts b/src/internal/haveibeenpwned/responses.ts
@@ -11,6 +11,7 @@
  */
 
 export interface HaveIBeenPwnedApiResponse {
+  headers: { 'cf-ray'?: string };
   // eslint-disable-next-line no-restricted-globals
   status: number;
   statusText?: string;
@@ -19,24 +20,34 @@ export interface HaveIBeenPwnedApiResponse {
 
 /** @internal */
 export const OK: HaveIBeenPwnedApiResponse = {
+  headers: {},
   status: 200,
 };
 
 /** @internal */
 export const BAD_REQUEST: HaveIBeenPwnedApiResponse = {
+  headers: {},
   status: 400,
   statusText:
     'Bad request — the account does not comply with an acceptable format.',
 };
 
 /** @internal */
 export const FORBIDDEN: HaveIBeenPwnedApiResponse = {
+  headers: {},
   status: 403,
   statusText: 'Forbidden - access denied.',
 };
 
+/** @internal */
+export const BLOCKED: HaveIBeenPwnedApiResponse = {
+  headers: { 'cf-ray': 'someRayId' },
+  status: 403,
+};
+
 /** @internal */
 export const NOT_FOUND: HaveIBeenPwnedApiResponse = {
+  headers: {},
   status: 404,
 };
 
@@ -48,6 +59,7 @@ export const NOT_FOUND: HaveIBeenPwnedApiResponse = {
  * @internal
  */
 export const TOO_MANY_REQUESTS: HaveIBeenPwnedApiResponse = {
+  headers: {},
   status: 429,
   data:
     'Rate limit exceeded, refer to acceptable use of the API: ' +

diff --git a/src/pasteAccount.test.ts b/src/pasteAccount.test.ts
@@ -11,6 +11,7 @@ describe('pasteAccount', () => {
 
     beforeAll(() => {
       mockAxios.get.mockResolvedValue({
+        headers: {},
         status: OK.status,
         data,
       });

diff --git a/src/pwnedPassword.test.ts b/src/pwnedPassword.test.ts
@@ -9,6 +9,7 @@ const mockAxios = axios as jest.Mocked<typeof axios>;
 describe('pwnedPassword', () => {
   describe('pwned', () => {
     mockAxios.get.mockResolvedValue({
+      headers: {},
       status: OK.status,
       data: stripIndents`
         003D68EB55068C33ACE09247EE4C639306B:3

diff --git a/src/pwnedPasswordRange.test.ts b/src/pwnedPasswordRange.test.ts
@@ -15,6 +15,7 @@ describe('pwnedPasswordRange', () => {
     `;
 
     mockAxios.get.mockResolvedValue({
+      headers: {},
       status: OK.status,
       data,
     });

diff --git a/src/search.test.ts b/src/search.test.ts
@@ -10,6 +10,7 @@ describe('search', () => {
     const pastes = null;
 
     mockAxios.get.mockResolvedValue({
+      headers: {},
       status: OK.status,
       data: breaches,
     });
@@ -26,6 +27,7 @@ describe('search', () => {
 
     mockAxios.get.mockImplementation(endpoint =>
       Promise.resolve({
+        headers: {},
         status: OK.status,
         data: /breachedaccount/.test(endpoint) ? breaches : pastes,
       }),