refactor: simplify mocking & adjust tests for API changes

Author: Lordfirespeed

src/index.ts

@@ -56,14 +56,17 @@ export function doubleCsrf({
   errorConfig: { statusCode = 403, message = "invalid csrf token", code = "ERR_BAD_CSRF_TOKEN" } = {},
 }: DoubleCsrfConfig): DoubleCsrfUtilities {
   const ignoredMethodsSet = new Set(ignoredMethods)
-  const defaultCookieOptions: ResolvedCSRFCookieOptions = Object.assign({
-    name: "__Host-otter.x-csrf-token",
-    sameSite: "lax",
-    path: "/",
-    secure: true,
-    httpOnly: true,
-    signed: false,
-  }, cookieOptions)
+  const defaultCookieOptions: ResolvedCSRFCookieOptions = Object.assign(
+    {
+      name: "__Host-otter.x-csrf-token",
+      sameSite: "lax",
+      path: "/",
+      secure: true,
+      httpOnly: true,
+      signed: false,
+    },
+    cookieOptions,
+  )
 
   const invalidCsrfTokenError = new ClientError(message, {
     statusCode: statusCode,
@@ -128,7 +131,7 @@ export function doubleCsrf({
     })
     const cookieContent = `${csrfToken}${delimiter}${csrfTokenHash}`
 
-    setSecretCookie(req, res, cookieContent,  Object.assign({}, defaultCookieOptions, cookieOptions))
+    setSecretCookie(req, res, cookieContent, Object.assign({}, defaultCookieOptions, cookieOptions))
 
     return csrfToken
   }

src/types.ts

@@ -11,41 +11,45 @@ export type CSRFRequest = IncomingMessage & {
 
 export type Response = ServerResponse
 
-type CookieSigningOptions = ({
-  /**
-   * Whether to sign the anti-CSRF cookie.
-   * @default false
-   */
-  signed: true
-
-  /**
-   * A function that returns a cookie-signing secret or an array of secrets.
-   * The first secret should be the newest/preferred secret.
-   * You do not need to use the request object, but it is available if you need it.
-   */
-  getSigningSecret: CsrfSecretRetriever
-} | {
-  /**
-   * Whether to sign the anti-CSRF cookie.
-   * @default false
-   */
-  signed?: false | undefined
-
-  /**
-   * A function that returns a cookie-signing secret or an array of secrets.
-   * The first secret should be the newest/preferred secret.
-   * You do not need to use the request object, but it is available if you need it.
-   */
-  getSigningSecret?: undefined
-})
-
-type ResolvedCookieSigningOptions = ({
-  signed: true
-  getSigningSecret: CsrfSecretRetriever
-} | {
-  signed: false,
-  getSigningSecret: undefined
-})
+type CookieSigningOptions =
+  | {
+      /**
+       * Whether to sign the anti-CSRF cookie.
+       * @default false
+       */
+      signed: true
+
+      /**
+       * A function that returns a cookie-signing secret or an array of secrets.
+       * The first secret should be the newest/preferred secret.
+       * You do not need to use the request object, but it is available if you need it.
+       */
+      getSigningSecret: CsrfSecretRetriever
+    }
+  | {
+      /**
+       * Whether to sign the anti-CSRF cookie.
+       * @default false
+       */
+      signed?: false | undefined
+
+      /**
+       * A function that returns a cookie-signing secret or an array of secrets.
+       * The first secret should be the newest/preferred secret.
+       * You do not need to use the request object, but it is available if you need it.
+       */
+      getSigningSecret?: undefined
+    }
+
+type ResolvedCookieSigningOptions =
+  | {
+      signed: true
+      getSigningSecret: CsrfSecretRetriever
+    }
+  | {
+      signed: false
+      getSigningSecret: undefined
+    }
 
 type ExtraCookieOptions = {
   /**

tests/doublecsrf.test.ts

@@ -3,7 +3,7 @@ import type { DoubleCsrfConfig } from "@/types"
 /* eslint-disable @typescript-eslint/ban-ts-comment */
 import { assert, describe, it } from "vitest"
 import { createTestSuite } from "./testsuite"
-import { COOKIE_SECRET, HEADER_KEY } from "./utils/constants";
+import { COOKIE_SECRET, HEADER_KEY } from "./utils/constants"
 import {
   attachResponseValuesToRequest,
   getMultipleSecrets,
@@ -29,7 +29,12 @@ createTestSuite("csrf-csrf signed, single secret", {
 createTestSuite("csrf-csrf signed with custom options, single secret", {
   getSecret: getSingleSecret,
   getSessionIdentifier: legacySessionIdentifier,
-  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, getSigningSecret: () => COOKIE_SECRET, sameSite: "strict" },
+  cookieOptions: {
+    name: "__Host.test-the-thing.token",
+    signed: true,
+    getSigningSecret: () => COOKIE_SECRET,
+    sameSite: "strict",
+  },
   size: 128,
   delimiter: "~",
   hmacAlgorithm: "sha512",
@@ -49,7 +54,12 @@ createTestSuite("csrf-csrf signed, multiple secrets", {
 createTestSuite("csrf-csrf signed with custom options, multiple secrets", {
   getSecret: getMultipleSecrets,
   getSessionIdentifier: legacySessionIdentifier,
-  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, getSigningSecret: () => COOKIE_SECRET, sameSite: "strict" },
+  cookieOptions: {
+    name: "__Host.test-the-thing.token",
+    signed: true,
+    getSigningSecret: () => COOKIE_SECRET,
+    sameSite: "strict",
+  },
   size: 128,
   errorConfig: {
     statusCode: 401,

tests/testsuite.ts

@@ -3,7 +3,7 @@ import { sign } from "@otterhttp/cookie-signature"
 /* eslint-disable @typescript-eslint/no-unsafe-member-access */
 import { assert, describe, expect, it } from "vitest"
 
-import { COOKIE_SECRET, HEADER_KEY, TEST_TOKEN } from "./utils/constants";
+import { COOKIE_SECRET, HEADER_KEY, TEST_TOKEN } from "./utils/constants"
 import { getCookieFromRequest, getCookieFromResponse, switchSecret } from "./utils/helpers"
 import { generateMocks, generateMocksWithToken, next } from "./utils/mock"
 import type { Request, Response } from "./utils/mock-types"
@@ -63,9 +63,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
     describe("generateToken", () => {
       it("should attach both a token and its hash to the response and return a token", () => {
         const { mockRequest, decodedCookieValue, setCookie } = generateMocksWithTokenInternal()
-        const cookieValue = signed
-          ? `s:${sign(decodedCookieValue as string, COOKIE_SECRET)}`
-          : decodedCookieValue
+        const cookieValue = signed ? `s:${sign(decodedCookieValue as string, COOKIE_SECRET)}` : decodedCookieValue
 
         const expectedSetCookieValue = serializeCookie(cookieName, cookieValue as string, {
           path,

tests/utils/mock.ts

@@ -1,4 +1,5 @@
 import { IncomingMessage, ServerResponse } from "node:http"
+import type { Socket } from "node:net"
 import { parse } from "@otterhttp/cookie"
 import { cookieParser, signedCookie } from "@tinyhttp/cookie-parser"
 import { assert } from "vitest"
@@ -11,7 +12,7 @@ import type { CsrfRequestValidator, CsrfTokenCreator } from "@/types.js"
 
 // Create some request and response mocks
 export const generateMocks = () => {
-  const mockRequest: Request = Object.assign(new IncomingMessage(undefined as any), {
+  const mockRequest: Request = Object.assign(new IncomingMessage(undefined as unknown as Socket), {
     cookies: {},
     signedCookies: {},
   })