@hazeljs/core 0.2.0-beta.1

package/dist/__tests__/logger.test.js

@@ -0,0 +1,141 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = __importDefault(require("../logger"));
+describe('Logger', () => {
+    beforeEach(() => {
+        // Suppress console output during tests
+        jest.spyOn(console, 'log').mockImplementation();
+        jest.spyOn(console, 'error').mockImplementation();
+        jest.spyOn(console, 'warn').mockImplementation();
+    });
+    afterEach(() => {
+        jest.restoreAllMocks();
+    });
+    describe('basic logging', () => {
+        it('should log info messages', () => {
+            logger_1.default.info('Test info message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log error messages', () => {
+            logger_1.default.error('Test error message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log warn messages', () => {
+            logger_1.default.warn('Test warn message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log debug messages', () => {
+            logger_1.default.debug('Test debug message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log http messages', () => {
+            logger_1.default.http('Test http message');
+            expect(logger_1.default).toBeDefined();
+        });
+    });
+    describe('structured logging', () => {
+        it('should log with metadata object', () => {
+            logger_1.default.info('Test message', { userId: 123, action: 'login' });
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log errors with stack traces', () => {
+            const error = new Error('Test error');
+            logger_1.default.error('Error occurred', { error: error.message, stack: error.stack });
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log with multiple metadata fields', () => {
+            logger_1.default.info('Request received', {
+                method: 'GET',
+                url: '/api/users',
+                statusCode: 200,
+                duration: 45,
+            });
+            expect(logger_1.default).toBeDefined();
+        });
+    });
+    describe('log levels', () => {
+        it('should support error level', () => {
+            logger_1.default.error('Critical error');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should support warn level', () => {
+            logger_1.default.warn('Warning message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should support info level', () => {
+            logger_1.default.info('Info message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should support debug level', () => {
+            logger_1.default.debug('Debug message');
+            expect(logger_1.default).toBeDefined();
+        });
+    });
+    describe('logger methods', () => {
+        it('should have all required logging methods', () => {
+            expect(typeof logger_1.default.info).toBe('function');
+            expect(typeof logger_1.default.error).toBe('function');
+            expect(typeof logger_1.default.warn).toBe('function');
+            expect(typeof logger_1.default.debug).toBe('function');
+        });
+    });
+    describe('various message formats', () => {
+        it('should log string messages', () => {
+            logger_1.default.info('Simple string message');
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log with empty metadata', () => {
+            logger_1.default.info('Message', {});
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log with nested objects', () => {
+            logger_1.default.info('Complex data', {
+                user: {
+                    id: 1,
+                    name: 'Test User',
+                    roles: ['admin', 'user'],
+                },
+            });
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should log with arrays', () => {
+            logger_1.default.info('Array data', {
+                items: [1, 2, 3, 4, 5],
+            });
+            expect(logger_1.default).toBeDefined();
+        });
+    });
+    describe('error scenarios', () => {
+        it('should handle logging errors gracefully', () => {
+            const circularObj = { name: 'test' };
+            circularObj.self = circularObj;
+            // Should not throw even with circular reference
+            expect(() => {
+                logger_1.default.info('Circular object', { data: 'safe' });
+            }).not.toThrow();
+        });
+        it('should handle undefined metadata', () => {
+            logger_1.default.info('Message', undefined);
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should handle null metadata', () => {
+            logger_1.default.info('Message', null);
+            expect(logger_1.default).toBeDefined();
+        });
+    });
+    describe('logger instance', () => {
+        it('should be defined', () => {
+            expect(logger_1.default).toBeDefined();
+        });
+        it('should have all required methods', () => {
+            expect(typeof logger_1.default.info).toBe('function');
+            expect(typeof logger_1.default.error).toBe('function');
+            expect(typeof logger_1.default.warn).toBe('function');
+            expect(typeof logger_1.default.debug).toBe('function');
+            expect(typeof logger_1.default.http).toBe('function');
+        });
+    });
+});

package/dist/__tests__/middleware/cors.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cors.test.d.ts.map

package/dist/__tests__/middleware/cors.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/middleware/cors.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/middleware/cors.test.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const cors_middleware_1 = require("../../middleware/cors.middleware");
+describe('CorsMiddleware', () => {
+    let mockReq;
+    let mockRes;
+    let nextFn;
+    beforeEach(() => {
+        mockReq = {
+            method: 'GET',
+            headers: {
+                origin: 'https://example.com',
+            },
+        };
+        mockRes = {
+            setHeader: jest.fn(),
+            status: jest.fn().mockReturnThis(),
+            end: jest.fn(),
+        };
+        nextFn = jest.fn();
+    });
+    describe('wildcard origin', () => {
+        it('should allow all origins with *', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ origin: '*' });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Origin', '*');
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('specific origin', () => {
+        it('should allow specific origin', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ origin: 'https://example.com' });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Origin', 'https://example.com');
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Vary', 'Origin');
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should not set origin header for disallowed origin', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ origin: 'https://allowed.com' });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).not.toHaveBeenCalledWith('Access-Control-Allow-Origin', expect.anything());
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('array of origins', () => {
+        it('should allow origins in array', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({
+                origin: ['https://example.com', 'https://test.com'],
+            });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Origin', 'https://example.com');
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('function origin', () => {
+        it('should use function to validate origin', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({
+                origin: (origin) => origin.endsWith('.example.com'),
+            });
+            mockReq.headers = { origin: 'https://app.example.com' };
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Origin', 'https://app.example.com');
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('credentials', () => {
+        it('should set credentials header when enabled', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ credentials: true });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Credentials', 'true');
+        });
+    });
+    describe('exposed headers', () => {
+        it('should set exposed headers', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({
+                exposedHeaders: ['X-Custom-Header', 'X-Another-Header'],
+            });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Expose-Headers', 'X-Custom-Header, X-Another-Header');
+        });
+    });
+    describe('preflight requests', () => {
+        beforeEach(() => {
+            mockReq.method = 'OPTIONS';
+        });
+        it('should handle preflight request', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware();
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Methods', expect.any(String));
+            expect(mockRes.status).toHaveBeenCalledWith(204);
+            expect(mockRes.end).toHaveBeenCalled();
+            expect(nextFn).not.toHaveBeenCalled();
+        });
+        it('should set allowed methods', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({
+                methods: ['GET', 'POST'],
+            });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Methods', 'GET, POST');
+        });
+        it('should set allowed headers from request', () => {
+            mockReq.headers = {
+                ...mockReq.headers,
+                'access-control-request-headers': 'Content-Type, Authorization',
+            };
+            const middleware = new cors_middleware_1.CorsMiddleware();
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+        });
+        it('should set max age', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ maxAge: 3600 });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Access-Control-Max-Age', '3600');
+        });
+        it('should continue if preflightContinue is true', () => {
+            const middleware = new cors_middleware_1.CorsMiddleware({ preflightContinue: true });
+            middleware.handle(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('static create method', () => {
+        it('should create middleware function', () => {
+            const middlewareFn = cors_middleware_1.CorsMiddleware.create({ origin: '*' });
+            expect(typeof middlewareFn).toBe('function');
+            middlewareFn(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+});

package/dist/__tests__/middleware/csrf.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=csrf.test.d.ts.map

package/dist/__tests__/middleware/csrf.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/middleware/csrf.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/middleware/csrf.test.js

@@ -0,0 +1,247 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const csrf_middleware_1 = require("../../middleware/csrf.middleware");
+const http_error_1 = require("../../errors/http.error");
+// Mock logger
+jest.mock('../../logger', () => ({
+    warn: jest.fn(),
+    error: jest.fn(),
+}));
+describe('CsrfMiddleware', () => {
+    let mockReq;
+    let mockRes;
+    let nextFn;
+    beforeEach(() => {
+        jest.useFakeTimers();
+        mockReq = {
+            method: 'GET',
+            url: '/test',
+            headers: {},
+        };
+        mockReq.socket = { remoteAddress: '127.0.0.1' };
+        mockRes = {
+            setHeader: jest.fn(),
+            status: jest.fn().mockReturnThis(),
+            json: jest.fn(),
+        };
+        nextFn = jest.fn();
+    });
+    afterEach(() => {
+        jest.useRealTimers();
+    });
+    describe('constructor', () => {
+        it('should create middleware with default options', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            expect(middleware).toBeDefined();
+        });
+        it('should accept custom options', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                cookieName: 'custom-csrf',
+                headerName: 'x-custom-csrf',
+                secret: 'test-secret',
+            });
+            expect(middleware).toBeDefined();
+        });
+    });
+    describe('use - GET requests', () => {
+        it('should allow GET requests without token', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+            expect(mockRes.setHeader).toHaveBeenCalledWith('X-CSRF-Token', expect.any(String));
+        });
+        it('should set CSRF cookie', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(mockRes.setHeader).toHaveBeenCalledWith('Set-Cookie', expect.stringContaining('_csrf='));
+        });
+        it('should generate token with signature', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const csrfTokenCall = setHeaderCalls.find((call) => call[0] === 'X-CSRF-Token');
+            const token = csrfTokenCall[1];
+            expect(token).toContain('.');
+            expect(token.split('.').length).toBe(2);
+        });
+    });
+    describe('use - POST requests', () => {
+        beforeEach(() => {
+            mockReq.method = 'POST';
+        });
+        it('should reject POST without token', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            expect(() => {
+                middleware.use(mockReq, mockRes, nextFn);
+            }).toThrow(http_error_1.HttpError);
+        });
+        it('should accept POST with valid token in header', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            // First request to get token
+            mockReq.method = 'GET';
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const csrfTokenCall = setHeaderCalls.find((call) => call[0] === 'X-CSRF-Token');
+            const token = csrfTokenCall[1];
+            // Second request with token
+            jest.clearAllMocks();
+            mockReq.method = 'POST';
+            mockReq.headers = {
+                'x-csrf-token': token,
+            };
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should accept POST with valid token in body', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            // Get token
+            mockReq.method = 'GET';
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const csrfTokenCall = setHeaderCalls.find((call) => call[0] === 'X-CSRF-Token');
+            const token = csrfTokenCall[1];
+            // POST with token in body
+            jest.clearAllMocks();
+            mockReq.method = 'POST';
+            mockReq.body = { _csrf: token };
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should accept POST with valid token in query', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            // Get token
+            mockReq.method = 'GET';
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const csrfTokenCall = setHeaderCalls.find((call) => call[0] === 'X-CSRF-Token');
+            const token = csrfTokenCall[1];
+            // POST with token in query
+            jest.clearAllMocks();
+            mockReq.method = 'POST';
+            mockReq.query = { _csrf: token };
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should reject POST with invalid token', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            mockReq.headers = {
+                'x-csrf-token': 'invalid-token',
+            };
+            expect(() => {
+                middleware.use(mockReq, mockRes, nextFn);
+            }).toThrow(http_error_1.HttpError);
+        });
+    });
+    describe('excluded paths', () => {
+        it('should skip CSRF check for excluded paths', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                excludePaths: ['/api/webhook'],
+            });
+            mockReq.method = 'POST';
+            mockReq.url = '/api/webhook';
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should check CSRF for non-excluded paths', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                excludePaths: ['/api/webhook'],
+            });
+            mockReq.method = 'POST';
+            mockReq.url = '/api/users';
+            expect(() => {
+                middleware.use(mockReq, mockRes, nextFn);
+            }).toThrow(http_error_1.HttpError);
+        });
+        it('should handle path with query string', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                excludePaths: ['/api/webhook'],
+            });
+            mockReq.method = 'POST';
+            mockReq.url = '/api/webhook?param=value';
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('custom methods', () => {
+        it('should protect custom methods', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                methods: ['POST', 'DELETE', 'CUSTOM'],
+            });
+            mockReq.method = 'CUSTOM';
+            expect(() => {
+                middleware.use(mockReq, mockRes, nextFn);
+            }).toThrow(http_error_1.HttpError);
+        });
+        it('should not protect methods not in list', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                methods: ['POST'],
+            });
+            mockReq.method = 'PUT';
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('cookie options', () => {
+        it('should set cookie with custom options', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                cookieOptions: {
+                    httpOnly: true,
+                    secure: true,
+                    sameSite: 'strict',
+                    path: '/api',
+                    maxAge: 7200,
+                },
+            });
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const cookieCall = setHeaderCalls.find((call) => call[0] === 'Set-Cookie');
+            const cookie = cookieCall[1];
+            expect(cookie).toContain('HttpOnly');
+            expect(cookie).toContain('Secure');
+            expect(cookie).toContain('SameSite=strict');
+            expect(cookie).toContain('Path=/api');
+            expect(cookie).toContain('Max-Age=7200');
+        });
+        it('should use custom cookie name', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware({
+                cookieName: 'custom-csrf-token',
+            });
+            middleware.use(mockReq, mockRes, nextFn);
+            const setHeaderCalls = mockRes.setHeader.mock.calls;
+            const cookieCall = setHeaderCalls.find((call) => call[0] === 'Set-Cookie');
+            const cookie = cookieCall[1];
+            expect(cookie).toContain('custom-csrf-token=');
+        });
+    });
+    describe('session handling', () => {
+        it('should use session ID from cookie', () => {
+            mockReq.headers = {
+                cookie: 'sessionId=abc123; other=value',
+            };
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+        it('should fallback to IP+UA hash when no session', () => {
+            mockReq.headers = {
+                'user-agent': 'Mozilla/5.0',
+            };
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            middleware.use(mockReq, mockRes, nextFn);
+            expect(nextFn).toHaveBeenCalled();
+        });
+    });
+    describe('token reuse', () => {
+        it('should reuse token for same session', () => {
+            const middleware = new csrf_middleware_1.CsrfMiddleware();
+            // First request
+            middleware.use(mockReq, mockRes, nextFn);
+            const token1 = mockRes.setHeader.mock.calls.find((call) => call[0] === 'X-CSRF-Token')[1];
+            // Second request
+            jest.clearAllMocks();
+            middleware.use(mockReq, mockRes, nextFn);
+            const token2 = mockRes.setHeader.mock.calls.find((call) => call[0] === 'X-CSRF-Token')[1];
+            expect(token1).toBe(token2);
+        });
+    });
+});

package/dist/__tests__/middleware/global-middleware.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=global-middleware.test.d.ts.map

package/dist/__tests__/middleware/global-middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"global-middleware.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/middleware/global-middleware.test.ts"],"names":[],"mappings":""}