@cloudron/tegel 1.2.0 → 1.3.0

package/index.js

@@ -6,8 +6,12 @@ import FileStoreFactory from 'session-file-store';
 import { lastMile, HttpError } from '@cloudron/connect-lastmile';
 import * as oidc from './src/oidc.js';
 
-export async function createExpressApp({ oidcConfig, jsonBodySizeLimit = '25mb', skipLastMile = false }) {
-  await oidc.initOIDC(oidcConfig);
+let _testMode = null;
+
+export async function createExpressApp({ oidcConfig, testMode, jsonBodySizeLimit = '25mb', skipLastMile = false }) {
+  _testMode = testMode || null;
+
+  if (!_testMode && oidcConfig) await oidc.initOIDC(oidcConfig);
 
   const app = express();
 
@@ -17,32 +21,41 @@ export async function createExpressApp({ oidcConfig, jsonBodySizeLimit = '25mb',
 
   app.use(express.json({ limit: jsonBodySizeLimit }));
 
-  const FileStore = FileStoreFactory(session);
-  const sessionStorePath = process.env.CLOUDRON ? '/app/data/.session.store' : '/tmp/session.store';
-  const sessionSecretFile = process.env.CLOUDRON ? '/app/data/.session.secret' : '/tmp/.session.secret';
-
-  let sessionSecret;
-  if (!fs.existsSync(sessionSecretFile)) {
-    sessionSecret = crypto.randomBytes(64).toString('hex');
-    fs.writeFileSync(sessionSecretFile, sessionSecret, { mode: 0o600 });
+  if (_testMode) {
+    app.use(session({
+      secret: 'test-secret',
+      resave: false,
+      saveUninitialized: false,
+      cookie: { secure: false }
+    }));
   } else {
-    sessionSecret = fs.readFileSync(sessionSecretFile, 'utf8').trim();
-  }
-
-  fs.mkdirSync(sessionStorePath, { recursive: true });
-
-  app.use(session({
-    secret: sessionSecret,
-    store: new FileStore({ path: sessionStorePath }),
-    resave: false,
-    saveUninitialized: false,
-    cookie: {
-      secure: process.env.NODE_ENV === 'production',
-      httpOnly: true,
-      sameSite: 'lax',
-      maxAge: 24 * 60 * 60 * 1000 // 24 hours
+    const FileStore = FileStoreFactory(session);
+    const sessionStorePath = process.env.CLOUDRON ? '/app/data/.session.store' : '/tmp/session.store';
+    const sessionSecretFile = process.env.CLOUDRON ? '/app/data/.session.secret' : '/tmp/.session.secret';
+
+    let sessionSecret;
+    if (!fs.existsSync(sessionSecretFile)) {
+      sessionSecret = crypto.randomBytes(64).toString('hex');
+      fs.writeFileSync(sessionSecretFile, sessionSecret, { mode: 0o600 });
+    } else {
+      sessionSecret = fs.readFileSync(sessionSecretFile, 'utf8').trim();
     }
-  }));
+
+    fs.mkdirSync(sessionStorePath, { recursive: true });
+
+    app.use(session({
+      secret: sessionSecret,
+      store: new FileStore({ path: sessionStorePath }),
+      resave: false,
+      saveUninitialized: false,
+      cookie: {
+        secure: process.env.NODE_ENV === 'production',
+        httpOnly: true,
+        sameSite: 'lax',
+        maxAge: 24 * 60 * 60 * 1000 // 24 hours
+      }
+    }));
+  }
 
   const router = new express.Router();
   router.del = router.delete; // amend router.del for readability further on
@@ -58,6 +71,8 @@ export async function createExpressApp({ oidcConfig, jsonBodySizeLimit = '25mb',
 export const servePath = express.static;
 
 export async function oidcRedirectToLoginProvider(req, res, next) {
+  if (_testMode) return res.redirect('/');
+
   try {
     // Store the frontend origin for redirecting after login
     // This allows Vite dev server (port 5173) to work with OIDC callback (port 3000)
@@ -78,7 +93,7 @@ export async function oidcRedirectToLoginProvider(req, res, next) {
   } catch (error) {
     console.error('Login error:', error);
 
-    next(new HttpError(500, 'Failed to initiate oidc flow.'))
+    next(new HttpError(500, 'Failed to initiate oidc flow.'));
   }
 }
 
@@ -88,6 +103,8 @@ export function oidcCallback(successRedirectTo, errorRedirectTo, successHook = a
   if (!successHook || typeof successHook !== 'function') throw new Error('oidcCallback needs a successHook path as a function');
 
   return async (req, res) => {
+    if (_testMode) return res.redirect(successRedirectTo);
+
     // Redirect to the frontend origin that initiated the login (supports Vite dev server)
     const frontendOrigin = req.session.frontendOrigin;
     delete req.session.frontendOrigin; // Clean up
@@ -113,6 +130,8 @@ export function logout(redirectTo) {
   if (!redirectTo || typeof redirectTo !== 'string') throw new Error('logout needs a redirectTo path as non-empty string');
 
   return (req, res) => {
+    if (_testMode) return res.redirect(redirectTo);
+
     let redirectUri = '';
 
     // Get the referer to redirect back to the same origin (supports Vite dev server)
@@ -130,6 +149,12 @@ export function logout(redirectTo) {
 
     req.session.destroy((error) => {
       if (error) console.error('Logout error:', error);
+      res.clearCookie('connect.sid', {
+        path: '/',
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'lax'
+      });
       res.redirect(redirectUri + redirectTo);
     });
   };
@@ -139,6 +164,11 @@ export function requireAuth(redirectTo = '', { requiredScopes = [] } = {}) {
   if (typeof redirectTo !== 'string') throw new Error('requireAuth needs a redirectTo path as non-empty string');
 
   return async (req, res, next) => {
+    if (_testMode) {
+      req.user = { ..._testMode };
+      return next();
+    }
+
     const accessToken = extractAccessToken(req);
 
     if (accessToken) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudron/tegel",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "",
   "license": "GPL-2.0",
   "author": "Cloudron Developers",
@@ -20,7 +20,7 @@
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",
-    "eslint": "^10.0.2",
+    "eslint": "^10.0.3",
     "globals": "^17.4.0"
   }
 }