Merge pull request #452 from AikidoSec/ghost-bugfix

Preserve original handler name for Ghost

Author: hansott

library/sources/Express.test.ts

@@ -105,12 +105,18 @@ function getApp(userMiddleware = true) {
     });
   }
 
-  // A middleware that is used as a route
-  app.use("/api/*path", (req, res, next) => {
+  function apiMiddleware(
+    req: express.Request,
+    res: express.Response,
+    next: express.NextFunction
+  ) {
     const context = getContext();
 
     res.send(context);
-  });
+  }
+
+  // A middleware that is used as a route
+  app.use("/api/*path", apiMiddleware);
 
   app.get("/", (req, res) => {
     const context = getContext();
@@ -523,3 +529,32 @@ t.test("it allows white-listed IP address", async () => {
     t.same(res.statusCode, 200);
   }
 });
+
+t.test("it preserves original function name in Layer object", async () => {
+  const app = getApp();
+
+  /**
+   * Ghost uses the name of the original function to look up the site router (a middleware)
+   * Before the fix, the name of the middleware was changed to `<anonymous>` by Zen
+   *
+   * _getSiteRouter(req) {
+   *     let siteRouter = null;
+   *
+   *     req.app._router.stack.every((router) => {
+   *         if (router.name === 'SiteRouter') {
+   *             siteRouter = router;
+   *             return false;
+   *         }
+   *
+   *         return true;
+   *     });
+   *
+   *     return siteRouter;
+   * }
+   */
+  t.same(
+    // @ts-expect-error stack is private
+    app.router.stack.filter((stack) => stack.name === "apiMiddleware").length,
+    1
+  );
+});

library/sources/express/wrapRequestHandler.ts

@@ -9,7 +9,7 @@ export function wrapRequestHandler(
   handler: RequestHandler,
   agent: Agent
 ): RequestHandler {
-  return (req, res, next) => {
+  const fn: RequestHandler = (req, res, next) => {
     const context = contextFromRequest(req);
 
     return runWithContext(context, () => {
@@ -40,4 +40,36 @@ export function wrapRequestHandler(
       return handler(req, res, next);
     });
   };
+
+  if (handler.name) {
+    preserveFunctionName(fn, handler.name);
+  }
+
+  return fn;
+}
+
+/**
+ * Preserve the original function name
+ * e.g. Ghost looks up a middleware function by name in the router stack
+ *
+ * Object.getOwnPropertyDescriptor(function myFunction() {}, "name")
+ *
+ * {
+ *   value: 'myFunction',
+ *   writable: false,
+ *   enumerable: false,
+ *   configurable: true
+ * }
+ */
+function preserveFunctionName(wrappedFunction: Function, originalName: string) {
+  try {
+    Object.defineProperty(wrappedFunction, "name", {
+      value: originalName,
+      writable: false,
+      enumerable: false,
+      configurable: true,
+    });
+  } catch (e) {
+    // Ignore
+  }
 }