mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2026-02-15 10:01:00 -05:00
chore(api): add test utilities (#50289)
This commit is contained in:
Oliver Eyton-Williams
committed by
GitHub
GitHub
parent
f5509d7ba4
commit
c2cb818f87
@@ -7,10 +7,68 @@ declare global {
|
||||
var fastifyTestInstance: Awaited<ReturnType<typeof build>> | undefined;
|
||||
}
|
||||
|
||||
export function superGet(endpoint: string): request.Test {
|
||||
return request(fastifyTestInstance?.server)
|
||||
.get(endpoint)
|
||||
.set('Origin', 'https://www.freecodecamp.org');
|
||||
type Options = {
|
||||
sendCSRFToken: boolean;
|
||||
};
|
||||
|
||||
// TODO: remove this function and use superRequest instead
|
||||
export function superPut(
|
||||
resource: string,
|
||||
setCookies: string[],
|
||||
opts?: Options
|
||||
): request.Test {
|
||||
return superRequest(
|
||||
resource,
|
||||
{
|
||||
method: 'PUT',
|
||||
setCookies
|
||||
},
|
||||
opts
|
||||
);
|
||||
}
|
||||
|
||||
/* eslint-disable @typescript-eslint/naming-convention */
|
||||
const requests = {
|
||||
GET: (resource: string) => request(fastifyTestInstance?.server).get(resource),
|
||||
POST: (resource: string) =>
|
||||
request(fastifyTestInstance?.server).post(resource),
|
||||
PUT: (resource: string) => request(fastifyTestInstance?.server).put(resource)
|
||||
};
|
||||
/* eslint-enable @typescript-eslint/naming-convention */
|
||||
|
||||
export const getCsrfToken = (setCookies: string[]): string | undefined => {
|
||||
const csrfSetCookie = setCookies.find(str => str.includes('csrf_token'));
|
||||
const [csrfCookie] = csrfSetCookie?.split(';') ?? [];
|
||||
const [_key, csrfToken] = csrfCookie?.split('=') ?? [];
|
||||
|
||||
return csrfToken;
|
||||
};
|
||||
|
||||
export function superRequest(
|
||||
resource: string,
|
||||
config: {
|
||||
method: 'GET' | 'POST' | 'PUT';
|
||||
setCookies?: string[];
|
||||
},
|
||||
options?: Options
|
||||
): request.Test {
|
||||
const { method, setCookies } = config;
|
||||
const { sendCSRFToken = true } = options ?? {};
|
||||
|
||||
const req = requests[method](resource).set(
|
||||
'Origin',
|
||||
'https://www.freecodecamp.org'
|
||||
);
|
||||
|
||||
if (setCookies) {
|
||||
void req.set('Cookie', setCookies);
|
||||
}
|
||||
|
||||
const csrfToken = (setCookies && getCsrfToken(setCookies)) ?? '';
|
||||
if (sendCSRFToken) {
|
||||
void req.set('CSRF-Token', csrfToken);
|
||||
}
|
||||
return req;
|
||||
}
|
||||
|
||||
export function setupServer(): void {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { setupServer, superGet } from '../jest.utils';
|
||||
import { setupServer, superRequest } from '../jest.utils';
|
||||
import { HOME_LOCATION } from './utils/env';
|
||||
|
||||
jest.mock('./utils/env', () => {
|
||||
@@ -14,17 +14,17 @@ describe('production', () => {
|
||||
setupServer();
|
||||
describe('GET /', () => {
|
||||
test('have a 200 response', async () => {
|
||||
const res = await superGet('/');
|
||||
const res = await superRequest('/', { method: 'GET' });
|
||||
expect(res.statusCode).toBe(200);
|
||||
});
|
||||
|
||||
test('return { "hello": "world"}', async () => {
|
||||
const res = await superGet('/');
|
||||
const res = await superRequest('/', { method: 'GET' });
|
||||
expect(res.body).toEqual({ hello: 'world' });
|
||||
});
|
||||
|
||||
test('should have OWASP recommended headers', async () => {
|
||||
const res = await superGet('/');
|
||||
const res = await superRequest('/', { method: 'GET' });
|
||||
expect(res.headers).toMatchObject({
|
||||
'cache-control': 'no-store',
|
||||
'content-security-policy': "frame-ancestors 'none'",
|
||||
@@ -45,7 +45,10 @@ describe('production', () => {
|
||||
])(
|
||||
'should have Access-Control-Allow-Origin header for %s',
|
||||
async origin => {
|
||||
const res = await superGet('/').set('origin', origin);
|
||||
const res = await superRequest('/', { method: 'GET' }).set(
|
||||
'origin',
|
||||
origin
|
||||
);
|
||||
expect(res.headers).toMatchObject({
|
||||
'access-control-allow-origin': origin
|
||||
});
|
||||
@@ -53,14 +56,17 @@ describe('production', () => {
|
||||
);
|
||||
|
||||
test('should have HOME_LOCATION Access-Control-Allow-Origin header for other origins', async () => {
|
||||
const res = await superGet('/').set('origin', 'https://www.google.com');
|
||||
const res = await superRequest('/', { method: 'GET' }).set(
|
||||
'origin',
|
||||
'https://www.google.com'
|
||||
);
|
||||
expect(res.headers).toMatchObject({
|
||||
'access-control-allow-origin': HOME_LOCATION
|
||||
});
|
||||
});
|
||||
|
||||
test('should have Access-Control-Allow-(Headers+Credentials) headers', async () => {
|
||||
const res = await superGet('/');
|
||||
const res = await superRequest('/', { method: 'GET' });
|
||||
expect(res.headers).toMatchObject({
|
||||
'access-control-allow-headers':
|
||||
'Origin, X-Requested-With, Content-Type, Accept',
|
||||
@@ -71,7 +77,9 @@ describe('production', () => {
|
||||
|
||||
describe('GET /documentation', () => {
|
||||
test('should have OWASP recommended headers, except content-type', async () => {
|
||||
const res = await superGet('/documentation/static/index.html');
|
||||
const res = await superRequest('/documentation/static/index.html', {
|
||||
method: 'GET'
|
||||
});
|
||||
expect(res.headers).toMatchObject({
|
||||
'cache-control': 'no-store',
|
||||
'content-security-policy': "frame-ancestors 'none'",
|
||||
|
||||
Reference in New Issue
Block a user