Skip to content

Commit

Permalink
refactor: clean up variable names and jsdoc comments
Browse files Browse the repository at this point in the history
  • Loading branch information
Reinaldy Rafli committed Jun 25, 2021
1 parent fdd9f25 commit bdec301
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 55 deletions.
2 changes: 1 addition & 1 deletion src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ const defaultOptions: CSRFOptions = {
* @returns {RouterHandler} CSRF Protection Middleware
* @example
* const csrfProtection = csrf()
* app.use(cookieParser())
* app.use(cookieParser()) // or a session middleware, if you prefer
*
* app.get("/", csrfProtection, (req, res) => {
* res.status(200).json({ token: req.csrfToken() });
Expand Down
47 changes: 23 additions & 24 deletions test/cookie.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@ import * as assert from 'uvu/assert'
import type { CSRFOptions } from '../src/index'
import { initApp } from './helper'

const unsignedOutput = suite('unsigned cookie - output')
const output = suite('unsigned cookie - output')

unsignedOutput('should output a csrf token', async () => {
output('should output a csrf token', async () => {
const { fetch } = initApp({ middleware: 'cookie' })

const response = await fetch('/')
const body = await response.json()

Expand All @@ -16,12 +17,13 @@ unsignedOutput('should output a csrf token', async () => {
assert.type(body.token, 'string')
})

unsignedOutput('should output a csrf token with given options (different salt & secret length)', async () => {
output('should output a csrf token with given options (different salt & secret length)', async () => {
const options: CSRFOptions = {
saltLength: 10,
secretLength: 30
}
const { fetch } = initApp({ middleware: 'cookie', options })

const response = await fetch('/')
const body = await response.json()

Expand All @@ -30,14 +32,15 @@ unsignedOutput('should output a csrf token with given options (different salt &
assert.is(salt.length, 10)
})

unsignedOutput('should output a csrf token with given options (different cookie path)', async () => {
output('should output a csrf token with given options (different cookie path)', async () => {
const options: CSRFOptions = {
cookie: {
path: '/admin',
key: 'virus'
}
}
const { fetch } = initApp({ middleware: 'cookie', options })

const response = await fetch('/')
const body = await response.json()

Expand All @@ -50,14 +53,15 @@ unsignedOutput('should output a csrf token with given options (different cookie
assert.type(body.token, 'string')
})

unsignedOutput.run()
output.run()

const unsignedBody = suite('unsigned cookie - req.body')
const body = suite('unsigned cookie - req.body')

unsignedBody('should be able to pass through req.body', async () => {
body('should be able to pass through req.body', async () => {
const { fetch } = initApp({ middleware: 'cookie', parser: 'json' })
const request = await fetch('/')
const requestBody = await request.json()

const response = await fetch('/', {
method: 'post',
body: JSON.stringify({ _csrf: requestBody.token, hello: 'there' }),
Expand All @@ -72,7 +76,7 @@ unsignedBody('should be able to pass through req.body', async () => {
assert.is(body.message, 'hello')
})

unsignedBody('should not be able to pass through req.body', async () => {
body('should not be able to pass through req.body', async () => {
const { fetch } = initApp({ middleware: 'cookie', parser: 'json' })
const request = await fetch('/')

Expand All @@ -91,10 +95,11 @@ unsignedBody('should not be able to pass through req.body', async () => {
assert.is(body, 'invalid csrf token')
})

unsignedBody.run()
body.run()

const query = suite('unsigned cookie - req.query')

const unsignedQuery = suite('unsigned cookie - req.query')
unsignedQuery('should be able to pass through query', async () => {
query('should be able to pass through query', async () => {
const { fetch } = initApp({ middleware: 'cookie' })
const request = await fetch('/')
const requestBody = await request.json()
Expand All @@ -112,11 +117,11 @@ unsignedQuery('should be able to pass through query', async () => {
assert.is(body.message, 'hello')
})

unsignedQuery.run()
query.run()

const unsignedHeader = suite('unsigned cookie - req.headers')
const header = suite('unsigned cookie - req.headers')

unsignedHeader('should be able to pass through headers csrf-token', async () => {
header('should be able to pass through headers csrf-token', async () => {
const { fetch } = initApp({ middleware: 'cookie' })
const request = await fetch('/')
const requestBody = await request.json()
Expand All @@ -128,14 +133,13 @@ unsignedHeader('should be able to pass through headers csrf-token', async () =>
'csrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
assert.is(body.message, 'hello')
})

unsignedHeader('should be able to pass through headers xsrf-token', async () => {
header('should be able to pass through headers xsrf-token', async () => {
const { fetch } = initApp({ middleware: 'cookie' })
const request = await fetch('/')
const requestBody = await request.json()
Expand All @@ -147,14 +151,13 @@ unsignedHeader('should be able to pass through headers xsrf-token', async () =>
'xsrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
assert.is(body.message, 'hello')
})

unsignedHeader('should be able to pass through headers x-csrf-token', async () => {
header('should be able to pass through headers x-csrf-token', async () => {
const { fetch } = initApp({ middleware: 'cookie' })
const request = await fetch('/')
const requestBody = await request.json()
Expand All @@ -166,14 +169,13 @@ unsignedHeader('should be able to pass through headers x-csrf-token', async () =
'x-csrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
assert.is(body.message, 'hello')
})

unsignedHeader('should be able to pass through headers x-xsrf-token', async () => {
header('should be able to pass through headers x-xsrf-token', async () => {
const { fetch } = initApp({ middleware: 'cookie' })
const request = await fetch('/')
const requestBody = await request.json()
Expand All @@ -185,14 +187,13 @@ unsignedHeader('should be able to pass through headers x-xsrf-token', async () =
'x-xsrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
assert.is(body.message, 'hello')
})

unsignedHeader.run()
header.run()

const reusable = suite('reusable token')

Expand All @@ -209,7 +210,6 @@ reusable('a', async () => {
'x-xsrf-token': requestBody.token
}
})

const body1 = await response1.json()

// response #2
Expand All @@ -220,7 +220,6 @@ reusable('a', async () => {
'x-xsrf-token': requestBody.token
}
})

const body2 = await response2.json()

assert.is(response1.status, 200)
Expand Down
2 changes: 2 additions & 0 deletions test/failing.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@ failing('without a cookie parser', async () => {
const server = app.listen()

const fetch = makeFetch(server)

const response = await fetch('/')
const body = await response.text()

assert.is(response.status, 500)
assert.is(body, 'misconfigured csrf')
})
Expand Down
16 changes: 10 additions & 6 deletions test/session.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ const output = suite('session - output')

output('should output a csrf token', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const response = await fetch('/')
const body = await response.json()

Expand All @@ -25,6 +26,7 @@ output('should output a csrf token with given options (different salt & secret l
secretLength: 30
}
const { fetch } = initApp({ middleware: 'session', options: { ...options, ...saltySecret } })

const response = await fetch('/')
const body = await response.json()

Expand All @@ -39,6 +41,7 @@ const body = suite('session - req.body')

body('should be able to pass through req.body', async () => {
const { fetch } = initApp({ middleware: 'session', parser: 'json', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -58,6 +61,7 @@ body('should be able to pass through req.body', async () => {

body('should not be able to pass through req.body', async () => {
const { fetch } = initApp({ middleware: 'session', parser: 'json', options })

const request = await fetch('/')

const response = await fetch('/', {
Expand All @@ -81,6 +85,7 @@ const query = suite('session - req.query')

query('should be able to pass through query', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -103,6 +108,7 @@ const header = suite('session - req.headers')

header('should be able to pass through headers csrf-token', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -113,7 +119,6 @@ header('should be able to pass through headers csrf-token', async () => {
'csrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
Expand All @@ -122,6 +127,7 @@ header('should be able to pass through headers csrf-token', async () => {

header('should be able to pass through headers xsrf-token', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -132,7 +138,6 @@ header('should be able to pass through headers xsrf-token', async () => {
'xsrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
Expand All @@ -141,6 +146,7 @@ header('should be able to pass through headers xsrf-token', async () => {

header('should be able to pass through headers x-csrf-token', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -151,7 +157,6 @@ header('should be able to pass through headers x-csrf-token', async () => {
'x-csrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
Expand All @@ -160,6 +165,7 @@ header('should be able to pass through headers x-csrf-token', async () => {

header('should be able to pass through headers x-xsrf-token', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -170,7 +176,6 @@ header('should be able to pass through headers x-xsrf-token', async () => {
'x-xsrf-token': requestBody.token
}
})

const body = await response.json()

assert.is(response.status, 200)
Expand All @@ -183,6 +188,7 @@ const reusable = suite('reusable token')

reusable('a', async () => {
const { fetch } = initApp({ middleware: 'session', options })

const request = await fetch('/')
const requestBody = await request.json()

Expand All @@ -194,7 +200,6 @@ reusable('a', async () => {
'x-xsrf-token': requestBody.token
}
})

const body1 = await response1.json()

// response #2
Expand All @@ -205,7 +210,6 @@ reusable('a', async () => {
'x-xsrf-token': requestBody.token
}
})

const body2 = await response2.json()

assert.is(response1.status, 200)
Expand Down
Loading

0 comments on commit bdec301

Please sign in to comment.