refactor: simplify mocking & adjust tests for API changes

Author: Lordfirespeed

tests/doublecsrf.test.ts

@@ -3,7 +3,7 @@ import type { DoubleCsrfConfig } from "@/types"
 /* eslint-disable @typescript-eslint/ban-ts-comment */
 import { assert, describe, it } from "vitest"
 import { createTestSuite } from "./testsuite"
-import { HEADER_KEY } from "./utils/constants"
+import { COOKIE_SECRET, HEADER_KEY } from "./utils/constants";
 import {
   attachResponseValuesToRequest,
   getMultipleSecrets,
@@ -17,7 +17,7 @@ createTestSuite("csrf-csrf unsigned, single secret", {
   getSessionIdentifier: legacySessionIdentifier,
 })
 createTestSuite("csrf-csrf signed, single secret", {
-  cookieOptions: { signed: true },
+  cookieOptions: { signed: true, getSigningSecret: () => COOKIE_SECRET },
   getSecret: getSingleSecret,
   getSessionIdentifier: legacySessionIdentifier,
   errorConfig: {
@@ -29,7 +29,7 @@ createTestSuite("csrf-csrf signed, single secret", {
 createTestSuite("csrf-csrf signed with custom options, single secret", {
   getSecret: getSingleSecret,
   getSessionIdentifier: legacySessionIdentifier,
-  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, sameSite: "strict" },
+  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, getSigningSecret: () => COOKIE_SECRET, sameSite: "strict" },
   size: 128,
   delimiter: "~",
   hmacAlgorithm: "sha512",
@@ -40,7 +40,7 @@ createTestSuite("csrf-csrf unsigned, multiple secrets", {
   getSessionIdentifier: legacySessionIdentifier,
 })
 createTestSuite("csrf-csrf signed, multiple secrets", {
-  cookieOptions: { signed: true },
+  cookieOptions: { signed: true, getSigningSecret: () => COOKIE_SECRET },
   getSecret: getMultipleSecrets,
   getSessionIdentifier: legacySessionIdentifier,
   delimiter: "~",
@@ -49,7 +49,7 @@ createTestSuite("csrf-csrf signed, multiple secrets", {
 createTestSuite("csrf-csrf signed with custom options, multiple secrets", {
   getSecret: getMultipleSecrets,
   getSessionIdentifier: legacySessionIdentifier,
-  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, sameSite: "strict" },
+  cookieOptions: { name: "__Host.test-the-thing.token", signed: true, getSigningSecret: () => COOKIE_SECRET, sameSite: "strict" },
   size: 128,
   errorConfig: {
     statusCode: 401,

tests/testsuite.ts

@@ -1,14 +1,15 @@
-import { doubleCsrf } from "@/index"
-import type { DoubleCsrfConfig } from "@/types"
-import type { Request, Response } from "@tinyhttp/app"
-import { serialize as serializeCookie } from "@tinyhttp/cookie"
-import { sign } from "@tinyhttp/cookie-signature"
+import { serialize as serializeCookie } from "@otterhttp/cookie"
+import { sign } from "@otterhttp/cookie-signature"
 /* eslint-disable @typescript-eslint/no-unsafe-member-access */
 import { assert, describe, expect, it } from "vitest"
 
-import { HEADER_KEY, TEST_TOKEN } from "./utils/constants"
+import { COOKIE_SECRET, HEADER_KEY, TEST_TOKEN } from "./utils/constants";
 import { getCookieFromRequest, getCookieFromResponse, switchSecret } from "./utils/helpers"
 import { generateMocks, generateMocksWithToken, next } from "./utils/mock"
+import type { Request, Response } from "./utils/mock-types"
+
+import { doubleCsrf } from "@/index"
+import type { DoubleCsrfConfig } from "@/types"
 
 type CreateTestSuite = (
   name: string,
@@ -63,7 +64,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
       it("should attach both a token and its hash to the response and return a token", () => {
         const { mockRequest, decodedCookieValue, setCookie } = generateMocksWithTokenInternal()
         const cookieValue = signed
-          ? `s:${sign(decodedCookieValue as string, mockRequest.secret as string)}`
+          ? `s:${sign(decodedCookieValue as string, COOKIE_SECRET)}`
           : decodedCookieValue
 
         const expectedSetCookieValue = serializeCookie(cookieName, cookieValue as string, {
@@ -109,7 +110,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
         // modify the cookie to make the token/hash pair invalid
         const cookieJar = signed ? mockRequest.signedCookies : mockRequest.cookies
         cookieJar[cookieName] = signed
-          ? `s:${sign(`${(decodedCookieValue as string).split("|")[0]}|invalid-hash`, mockRequest.secret as string)}`
+          ? `s:${sign(`${(decodedCookieValue as string).split("|")[0]}|invalid-hash`, COOKIE_SECRET)}`
           : `${(decodedCookieValue as string).split("|")[0]}|invalid-hash`
 
         expect(() =>
@@ -120,7 +121,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
         ).to.throw(invalidCsrfTokenError.message)
 
         // just an invalid value in the cookie
-        cookieJar[cookieName] = signed ? `s:${sign("invalid-value", mockRequest.secret as string)}` : "invalid-value"
+        cookieJar[cookieName] = signed ? `s:${sign("invalid-value", COOKIE_SECRET)}` : "invalid-value"
 
         expect(() =>
           generateToken(mockRequest, mockResponse, {
@@ -146,7 +147,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
         // modify the cookie to make the token/hash pair invalid
         const cookieJar = signed ? mockRequest.signedCookies : mockRequest.cookies
         cookieJar[cookieName] = signed
-          ? `s:${sign(`${(decodedCookieValue as string).split("|")[0]}|invalid-hash`, mockRequest.secret as string)}`
+          ? `s:${sign(`${(decodedCookieValue as string).split("|")[0]}|invalid-hash`, COOKIE_SECRET)}`
           : `${(decodedCookieValue as string).split("|")[0]}|invalid-hash`
 
         assert.doesNotThrow(() => {
@@ -160,7 +161,7 @@ export const createTestSuite: CreateTestSuite = (name, doubleCsrfOptions) => {
         assert.notEqual(generatedToken, csrfToken)
 
         // just an invalid value in the cookie
-        cookieJar[cookieName] = signed ? `s:${sign("invalid-value", mockRequest.secret as string)}` : "invalid-value"
+        cookieJar[cookieName] = signed ? `s:${sign("invalid-value", COOKIE_SECRET)}` : "invalid-value"
 
         assert.doesNotThrow(() => {
           generatedToken = generateToken(mockRequest, mockResponse, {

tests/utils/helpers.ts

@@ -1,4 +1,4 @@
-import type { Request, Response } from "@tinyhttp/app"
+import type { Request, Response } from "./mock-types.js"
 
 const SECRET_1 = "secrets must be unique and must not"
 const SECRET_2 = "be used elsewhere, nor be sentences"

tests/utils/mock-types.ts

@@ -0,0 +1,8 @@
+import type { IncomingMessage, ServerResponse } from "node:http"
+
+export type Request = IncomingMessage & {
+  cookies: Record<string, unknown>
+  signedCookies: Record<string, unknown>
+}
+
+export type Response = ServerResponse

tests/utils/mock.ts

@@ -1,40 +1,26 @@
-import type { CsrfRequestValidator, CsrfTokenCreator } from "@/types.js"
-import type { Request, Response } from "@tinyhttp/app"
-import { parse } from "@tinyhttp/cookie"
+import { IncomingMessage, ServerResponse } from "node:http"
+import { parse } from "@otterhttp/cookie"
 import { cookieParser, signedCookie } from "@tinyhttp/cookie-parser"
-/* eslint-disable @typescript-eslint/no-unsafe-assignment */
 import { assert } from "vitest"
+
 import { COOKIE_SECRET, HEADER_KEY } from "./constants.js"
 import { getCookieFromRequest, getCookieValueFromResponse } from "./helpers.js"
+import type { Request, Response } from "./mock-types"
+
+import type { CsrfRequestValidator, CsrfTokenCreator } from "@/types.js"
 
 // Create some request and response mocks
 export const generateMocks = () => {
-  const mockRequest = {
-    headers: {
-      cookie: "",
-    },
+  const mockRequest: Request = Object.assign(new IncomingMessage(undefined as any), {
     cookies: {},
     signedCookies: {},
-    secret: COOKIE_SECRET,
-  } satisfies Partial<Request> as Request
-
-  // Internally mock the headers as a map.
-  const mockResponseHeaders = new Map<string, string | string[]>()
-  mockResponseHeaders.set("set-cookie", [] as string[])
+  })
 
-  // Mock bare minimum properties for testing.
-  const mockResponse = {
-    getHeader: (name: string) => mockResponseHeaders.get(name),
-    setHeader: (name: string, value: string) => {
-      mockResponseHeaders.set(name, value)
-      return mockResponse
-    },
-  } satisfies Partial<Response> as Response
+  const mockResponse: Response = new ServerResponse(mockRequest)
 
   return {
     mockRequest,
     mockResponse,
-    mockResponseHeaders,
   }
 }
 
@@ -57,16 +43,17 @@ export const generateMocksWithToken = ({
   generateToken,
   validateRequest,
 }: GenerateMocksWithTokenOptions) => {
-  const { mockRequest, mockResponse, mockResponseHeaders } = generateMocks()
+  const { mockRequest, mockResponse } = generateMocks()
 
   const csrfToken = generateToken(mockRequest, mockResponse)
   const { setCookie, cookieValue } = getCookieValueFromResponse(mockResponse)
   mockRequest.headers.cookie = `${cookieName}=${cookieValue};`
   const decodedCookieValue = signed
-    ? signedCookie(parse(mockRequest.headers.cookie)[cookieName], mockRequest.secret as string)
+    ? signedCookie(parse(mockRequest.headers.cookie)[cookieName], COOKIE_SECRET)
     : // signedCookie already decodes the value, but we need it if it's not signed.
       decodeURIComponent(cookieValue)
-  // Have to delete the cookies object otherwise cookieParser will skip it's parsing.
+  // Have to delete the cookies object otherwise cookieParser will skip its parsing.
+  // @ts-expect-error
   mockRequest.cookies = undefined
   cookieParserMiddleware(mockRequest, mockResponse, next)
   assert.equal(getCookieFromRequest(cookieName, signed, mockRequest), decodedCookieValue)
@@ -81,7 +68,6 @@ export const generateMocksWithToken = ({
     decodedCookieValue,
     mockRequest,
     mockResponse,
-    mockResponseHeaders,
     setCookie,
   }
 }