Skip to main content
Module

x/workers_middleware/test/cookies.test.ts

Placeholder for Worker-based middleware solution
worker-tools/middleware
Go to Latest
File
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
import 'https://gist.githubusercontent.com/qwtel/b14f0f81e3a96189f7771f83ee113f64/raw/TestRequest.ts'import {  assert,  assertExists,  assertEquals,  assertStrictEquals,  assertStringIncludes,  assertThrows,  assertRejects,} from 'https://deno.land/std@0.133.0/testing/asserts.ts'const { test } = Deno;
import { unsignedCookies, signedCookies } from '../cookies.ts';
import { executeEffects, withMiddleware } from '../context.ts'import { iterHeadersSetCookieFix } from '../utils/headers-set-cookie-fix.ts';import { MiddlewareCookieStore } from '../utils/middleware-cookie-store.ts';
import { SignedCookieStore } from 'https://ghuc.cc/worker-tools/signed-cookie-store/index.ts';import { ok } from 'https://ghuc.cc/worker-tools/response-creators/index.ts'
const request = new Request('/item/detail?id=3', {  method: 'POST',  headers: {    'Cookie': 'foo=bar; user=bert; no=mad',  },})
test('exist', () => {  assertExists(unsignedCookies())})
const handled = Promise.resolve(ok())const waitUntil = () => {}
test('basics', async () => {  const { cookies, cookieStore } = await unsignedCookies()({ request, effects: [], handled, waitUntil  })  assertExists(cookies)  assertExists(cookieStore)  assert(cookieStore instanceof MiddlewareCookieStore)})
test('parsed cookies', async () => {  const { cookies } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  assertEquals(cookies.foo, 'bar')  assertEquals(cookies.user, 'bert')  assertEquals(cookies.no, 'mad')})
test('effects', async () => {  const { effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  assertEquals(effects.length, 1);})
test('setting cookies', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  cookieStore.set('bee', 'hive')  const setCookie = (await executeEffects(effects, ok())).headers.get('set-cookie')  assertEquals(setCookie, 'bee=hive')})
test('deleting cookies', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  cookieStore.delete('foo')  const setCookie = (await executeEffects(effects, ok())).headers.get('set-cookie')!  assertStringIncludes(setCookie, 'foo=;')  assertStringIncludes(setCookie, 'Expires=Thu, 01 Jan 1970 00:00:00 GMT;')})
test('setting cookies 2', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  const now = Date.now()  cookieStore.set({    name: 'foo',    value: 'bar',    expires: new Date(now),    domain: 'example.com',    path: '/beehive',    sameSite: 'strict',    httpOnly: true  });  const response = await executeEffects(effects, ok())  const setCookie = response.headers.get('set-cookie')!  assertStringIncludes(setCookie, 'foo=bar');  assertStringIncludes(setCookie, `Expires=${new Date(now).toUTCString()}`);  assertStringIncludes(setCookie, 'Domain=example.com');  assertStringIncludes(setCookie, 'Path=/beehive');  assertStringIncludes(setCookie, 'SameSite=Strict');  assertStringIncludes(setCookie, 'HttpOnly');})
test('cookie value encoding', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  const randomUTF8 = '⟗⥍⛨ⅸ⼩⍍⫵␇⌯ⱎ⇗⪽‷⚷␢⒏⋁⺺↲‚✰⧒Ⳟ☵⦞⩗▥⸲Ⳃ⤚⼳⢍'  cookieStore.set('two, words', randomUTF8)  const response = await executeEffects(effects, ok())  assertStringIncludes(response.headers.get('set-cookie')!, `two%2C%20words=${encodeURIComponent(randomUTF8)}`)})
test('cookie value encoding 2', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  const randomUTF8 = '⟗⥍⛨ⅸ⼩⍍⫵␇⌯ⱎ⇗⪽‷⚷␢⒏⋁⺺↲‚✰⧒Ⳟ☵⦞⩗▥⸲Ⳃ⤚⼳⢍'  cookieStore.set({ name: 'two, words', value: randomUTF8 })  const response = await executeEffects(effects, ok())  assertStringIncludes(response.headers.get('set-cookie')!, `two%2C%20words=${encodeURIComponent(randomUTF8)}`)})
test('setting multiple cookies', async () => {  const { cookieStore, effects } = await unsignedCookies()({ request, effects: [], handled, waitUntil })  cookieStore.set('one', '1')  cookieStore.set('two', '2')  const response = await executeEffects(effects, ok())  assertEquals([...iterHeadersSetCookieFix(response.headers)].filter(([k]) => k === 'set-cookie').length, 2)})
const secret = 'password123'
test('exists', () => {  assertExists(signedCookies({ secret }))})
test('throws on missing secret', () => {  // @ts-expect-error: for testing only  assertThrows(() => signedCookies({}), Error)})
const signedCookiesFn = signedCookies({ secret })
test('use with other cookie middleware', async () => {  const { cookies, signedCookies, unsignedCookies: usc } = await signedCookiesFn(unsignedCookies()({ request, effects: [], handled, waitUntil }))  assertExists(usc)  assertExists(signedCookies)  assertEquals(cookies, signedCookies) // last one "wins"})
test('unsigned cookies to be ignored', async () => {  const { cookies, cookieStore, effects } = await signedCookiesFn({ request, effects: [], handled, waitUntil })  assertEquals(Object.keys(cookies).length, 0)  assertEquals(await cookieStore.get('foo'), null);  assertEquals(await cookieStore.getAll(), [])})
const signedRequest = new Request('/', {  headers: {    'Cookie': 'foo=bar; foo.sig=Sd_7Nz01uxBspv_y6Lqs8gLXXYEe8iFEN8fNouVNLzI; bar=ignored',  },})
test('get signed cookie', async () => {  const { cookies, cookieStore, effects } = await signedCookiesFn({ request: signedRequest, effects: [], handled, waitUntil })  assertEquals(cookies, { foo: 'bar' })  assertEquals(await cookieStore.get('bar'), null)})
test('throws on forged signature', async () => {  const forgedRequest = new Request('/', {    headers: {      'Cookie': 'foo=bar; foo.sig=Sd_7Nz01uxBspv_y6Lqs8gLXXYEe8iFEN8fAAAAAAAA',    },  })  const res = await signedCookiesFn({ request: forgedRequest, effects: [], handled, waitUntil })    .catch(x => x instanceof Response ? x : Promise.reject(x))  assert(res instanceof Response)  assertEquals(res.status, 403)})
test('verifying signatures form previous keys', async () => {  const { cookies, cookieStore, effects } = await signedCookies({    secret: 'new-key',    keyring: [await SignedCookieStore.deriveCryptoKey({ secret })]  })({ request: signedRequest, effects: [], handled, waitUntil })  assertEquals(cookies, { foo: 'bar' })})
test('signing signatures with new key', async () => {  const { cookies, cookieStore, effects } = await signedCookies({    secret: 'new-key',    keyring: [await SignedCookieStore.deriveCryptoKey({ secret })]  })({ request: signedRequest, effects: [], handled, waitUntil })  cookieStore.set('foo', 'bar') // no await  const setCookie = (await executeEffects(effects, ok())).headers.get('set-cookie')!  assert(!setCookie.includes('foo.sig=Sd_7Nz01uxBspv_y6Lqs8gLXXYEe8iFEN8fNouVNLzI'))  assertStringIncludes(setCookie, 'foo.sig=-VaHv2_MfLKX42ys3uhI9fa9XhpMVmi5l7PdPAGGA9c')})
test('with middleware', async () => {  const handler = withMiddleware(unsignedCookies(), (req, { cookieStore }) => {    cookieStore.set('bee', 'hive')    return ok();  });  const setCookie = (await handler(request)).headers.get('set-cookie')  assertEquals(setCookie, 'bee=hive')})