npm - @sigil-dev/grimoire - Versions diffs - 0.4.0 → 0.5.0 - Mend

@sigil-dev/grimoire 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/test/headers.test.ts CHANGED Viewed

@@ -1,96 +1,96 @@
-import { describe, expect, test } from "bun:test";
-import { securityHeaders } from "../src/headers";
-function fakeRequest(path = "/") {
-	return new Request(`http://localhost${path}`);
-}
-async function runPlugin(
-	config: Parameters<typeof securityHeaders>[0],
-	req?: Request,
-): Promise<Headers> {
-	const plugin = securityHeaders(config);
-	const res = new Response("<html></html>", {
-		headers: { "Content-Type": "text/html" },
-	});
-	const result = await plugin.onRequest!(req ?? fakeRequest(), async () => res);
-	return result.headers;
-}
-describe("securityHeaders()", () => {
-	test("applies default headers", async () => {
-		const headers = await runPlugin({});
-		expect(headers.get("X-Content-Type-Options")).toBe("nosniff");
-		expect(headers.get("X-Frame-Options")).toBe("DENY");
-		expect(headers.get("Referrer-Policy")).toBe("strict-origin-when-cross-origin");
-		expect(headers.get("Permissions-Policy")).toBe(
-			"camera=(), microphone=(), geolocation=()",
-		);
-		expect(headers.get("X-XSS-Protection")).toBe("0");
-	});
-	test("applies CSP by default", async () => {
-		const headers = await runPlugin({});
-		expect(headers.get("Content-Security-Policy")).toContain("default-src 'self'");
-	});
-	test("allows overriding individual headers", async () => {
-		const headers = await runPlugin({
-			frameOptions: "SAMEORIGIN",
-			contentTypeOptions: false,
-		});
-		expect(headers.get("X-Frame-Options")).toBe("SAMEORIGIN");
-		expect(headers.has("X-Content-Type-Options")).toBe(false);
-	});
-	test("disables headers when set to false", async () => {
-		const headers = await runPlugin({
-			contentSecurityPolicy: false,
-			strictTransportSecurity: false,
-			permissionsPolicy: false,
-		});
-		expect(headers.has("Content-Security-Policy")).toBe(false);
-		expect(headers.has("Strict-Transport-Security")).toBe(false);
-		expect(headers.has("Permissions-Policy")).toBe(false);
-	});
-	test("applies route overrides", async () => {
-		const headers = await runPlugin(
-			{
-				frameOptions: "DENY",
-				routes: {
-					"/admin": { frameOptions: "SAMEORIGIN" },
-				},
-			},
-			fakeRequest("/admin/settings"),
-		);
-		expect(headers.get("X-Frame-Options")).toBe("SAMEORIGIN");
-	});
-	test("route override only applies to matching prefix", async () => {
-		const headers = await runPlugin(
-			{
-				frameOptions: "DENY",
-				routes: {
-					"/admin": { frameOptions: "SAMEORIGIN" },
-				},
-			},
-			fakeRequest("/dashboard"),
-		);
-		expect(headers.get("X-Frame-Options")).toBe("DENY");
-	});
-	test("preserves existing response headers", async () => {
-		const plugin = securityHeaders({});
-		const res = new Response("<html></html>", {
-			headers: {
-				"Content-Type": "text/html",
-				"Set-Cookie": "session=abc",
-			},
-		});
-		const result = await plugin.onRequest!(fakeRequest(), async () => res);
-		expect(result.headers.get("Content-Type")).toBe("text/html");
-		expect(result.headers.get("Set-Cookie")).toBe("session=abc");
-		expect(result.headers.get("X-Frame-Options")).toBe("DENY");
-	});
-});
+import { describe, expect, test } from "bun:test";
+import { securityHeaders } from "../src/headers";
+function fakeRequest(path = "/") {
+	return new Request(`http://localhost${path}`);
+}
+async function runPlugin(
+	config: Parameters<typeof securityHeaders>[0],
+	req?: Request,
+): Promise<Headers> {
+	const plugin = securityHeaders(config);
+	const res = new Response("<html></html>", {
+		headers: { "Content-Type": "text/html" },
+	});
+	const result = await plugin.onRequest!(req ?? fakeRequest(), async () => res);
+	return result.headers;
+}
+describe("securityHeaders()", () => {
+	test("applies default headers", async () => {
+		const headers = await runPlugin({});
+		expect(headers.get("X-Content-Type-Options")).toBe("nosniff");
+		expect(headers.get("X-Frame-Options")).toBe("DENY");
+		expect(headers.get("Referrer-Policy")).toBe("strict-origin-when-cross-origin");
+		expect(headers.get("Permissions-Policy")).toBe(
+			"camera=(), microphone=(), geolocation=()",
+		);
+		expect(headers.get("X-XSS-Protection")).toBe("0");
+	});
+	test("applies CSP by default", async () => {
+		const headers = await runPlugin({});
+		expect(headers.get("Content-Security-Policy")).toContain("default-src 'self'");
+	});
+	test("allows overriding individual headers", async () => {
+		const headers = await runPlugin({
+			frameOptions: "SAMEORIGIN",
+			contentTypeOptions: false,
+		});
+		expect(headers.get("X-Frame-Options")).toBe("SAMEORIGIN");
+		expect(headers.has("X-Content-Type-Options")).toBe(false);
+	});
+	test("disables headers when set to false", async () => {
+		const headers = await runPlugin({
+			contentSecurityPolicy: false,
+			strictTransportSecurity: false,
+			permissionsPolicy: false,
+		});
+		expect(headers.has("Content-Security-Policy")).toBe(false);
+		expect(headers.has("Strict-Transport-Security")).toBe(false);
+		expect(headers.has("Permissions-Policy")).toBe(false);
+	});
+	test("applies route overrides", async () => {
+		const headers = await runPlugin(
+			{
+				frameOptions: "DENY",
+				routes: {
+					"/admin": { frameOptions: "SAMEORIGIN" },
+				},
+			},
+			fakeRequest("/admin/settings"),
+		);
+		expect(headers.get("X-Frame-Options")).toBe("SAMEORIGIN");
+	});
+	test("route override only applies to matching prefix", async () => {
+		const headers = await runPlugin(
+			{
+				frameOptions: "DENY",
+				routes: {
+					"/admin": { frameOptions: "SAMEORIGIN" },
+				},
+			},
+			fakeRequest("/dashboard"),
+		);
+		expect(headers.get("X-Frame-Options")).toBe("DENY");
+	});
+	test("preserves existing response headers", async () => {
+		const plugin = securityHeaders({});
+		const res = new Response("<html></html>", {
+			headers: {
+				"Content-Type": "text/html",
+				"Set-Cookie": "session=abc",
+			},
+		});
+		const result = await plugin.onRequest!(fakeRequest(), async () => res);
+		expect(result.headers.get("Content-Type")).toBe("text/html");
+		expect(result.headers.get("Set-Cookie")).toBe("session=abc");
+		expect(result.headers.get("X-Frame-Options")).toBe("DENY");
+	});
+});

package/test/middleware.test.ts CHANGED Viewed

@@ -1,217 +1,217 @@
-import { describe, expect, test } from "bun:test";
-import { sequence, createHooks } from "../src/hooks";
-import { createCookies } from "../src/cookie-utils";
-import type { Handle, RequestEvent } from "../src/hooks";
-function fakeEvent(overrides?: Partial<RequestEvent>): RequestEvent {
-	return {
-		request: new Request("http://localhost/"),
-		url: new URL("http://localhost/"),
-		params: {},
-		locals: {},
-		cookies: {
-			get: () => undefined,
-			set: () => {},
-			delete: () => {},
-		},
-		setHeaders: () => {},
-		...overrides,
-	};
-}
-describe("sequence()", () => {
-	test("chains two handlers in order", async () => {
-		const order: string[] = [];
-		const a: Handle = async ({ event, resolve }) => {
-			order.push("a-before");
-			const res = await resolve(event);
-			order.push("a-after");
-			return res;
-		};
-		const b: Handle = async ({ event, resolve }) => {
-			order.push("b-before");
-			const res = await resolve(event);
-			order.push("b-after");
-			return res;
-		};
-		const handler = sequence(a, b);
-		const res = await handler({
-			event: fakeEvent(),
-			resolve: async (evt) => new Response("OK"),
-		});
-		expect(order).toEqual(["a-before", "b-before", "b-after", "a-after"]);
-		expect(await res.text()).toBe("OK");
-	});
-	test("can short-circuit", async () => {
-		let reached = false;
-		const a: Handle = async () => {
-			return new Response("Blocked", { status: 403 });
-		};
-		const b: Handle = async ({ resolve, event }) => {
-			reached = true;
-			return resolve(event);
-		};
-		const handler = sequence(a, b);
-		const res = await handler({
-			event: fakeEvent(),
-			resolve: async () => new Response("OK"),
-		});
-		expect(reached).toBe(false);
-		expect(res.status).toBe(403);
-	});
-	test("can modify event.locals", async () => {
-		const a: Handle = async ({ event, resolve }) => {
-			event.locals.user = "alice";
-			return resolve(event);
-		};
-		const b: Handle = async ({ event, resolve }) => {
-			event.locals.greet = `hello ${event.locals.user}`;
-			return resolve(event);
-		};
-		const handler = sequence(a, b);
-		const event = fakeEvent();
-		await handler({
-			event,
-			resolve: async (evt) => {
-				return new Response(JSON.stringify(evt.locals));
-			},
-		});
-		expect(event.locals.user).toBe("alice");
-		expect(event.locals.greet).toBe("hello alice");
-	});
-	test("can modify response", async () => {
-		const a: Handle = async ({ event, resolve }) => {
-			const res = await resolve(event);
-			const headers = new Headers(res.headers);
-			headers.set("X-First", "1");
-			return new Response(res.body, { status: res.status, headers });
-		};
-		const b: Handle = async ({ event, resolve }) => {
-			const res = await resolve(event);
-			const headers = new Headers(res.headers);
-			headers.set("X-Second", "2");
-			return new Response(res.body, { status: res.status, headers });
-		};
-		const handler = sequence(a, b);
-		const res = await handler({
-			event: fakeEvent(),
-			resolve: async () => new Response("OK"),
-		});
-		expect(res.headers.get("X-First")).toBe("1");
-		expect(res.headers.get("X-Second")).toBe("2");
-	});
-	test("single handler works", async () => {
-		const handler: Handle = async ({ event, resolve }) => {
-			return resolve(event);
-		};
-		const res = await sequence(handler)({
-			event: fakeEvent(),
-			resolve: async () => new Response("Single"),
-		});
-		expect(await res.text()).toBe("Single");
-	});
-	test("three handlers chain correctly", async () => {
-		const order: string[] = [];
-		const a: Handle = async ({ event, resolve }) => {
-			order.push("a");
-			return resolve(event);
-		};
-		const b: Handle = async ({ event, resolve }) => {
-			order.push("b");
-			return resolve(event);
-		};
-		const c: Handle = async ({ event, resolve }) => {
-			order.push("c");
-			return resolve(event);
-		};
-		await sequence(a, b, c)({
-			event: fakeEvent(),
-			resolve: async () => new Response("OK"),
-		});
-		expect(order).toEqual(["a", "b", "c"]);
-	});
-});
-describe("Cookies", () => {
-	function makeEvent(cookieHeader = ""): RequestEvent {
-		return fakeEvent({
-			cookies: createCookies(cookieHeader),
-		});
-	}
-	test("cookies.get reads from header", async () => {
-		let value: string | undefined;
-		const handler: Handle = async ({ event, resolve }) => {
-			value = event.cookies.get("session");
-			return resolve(event);
-		};
-		await handler({
-			event: makeEvent("session=abc123; theme=dark"),
-			resolve: async () => new Response("OK"),
-		});
-		expect(value).toBe("abc123");
-	});
-	test("cookies.set adds Set-Cookie header", async () => {
-		const event = makeEvent();
-		const handler: Handle = async ({ event: evt, resolve }) => {
-			evt.cookies.set("token", "xyz", { httpOnly: true, path: "/" });
-			return resolve(evt);
-		};
-		await handler({
-			event,
-			resolve: async () => new Response("OK"),
-		});
-		expect(event.cookies.get("token")).toBe("xyz");
-		const cookieUtils = event.cookies as ReturnType<typeof createCookies>;
-		expect(cookieUtils.toHeaders().length).toBe(1);
-		expect(cookieUtils.toHeaders()[0]).toContain("token=xyz");
-		expect(cookieUtils.toHeaders()[0]).toContain("HttpOnly");
-		expect(cookieUtils.toHeaders()[0]).toContain("Path=/");
-	});
-});
-describe("createHooks()", () => {
-	test("returns handle and init", async () => {
-		const handle: Handle = async ({ resolve, event }) => resolve(event);
-		const init = () => {};
-		const hooks = createHooks(handle, init);
-		expect(hooks.handle).toBe(handle);
-		expect(hooks.init).toBe(init);
-	});
-	test("returns handle without init", () => {
-		const handle: Handle = async ({ resolve, event }) => resolve(event);
-		const hooks = createHooks(handle);
-		expect(hooks.handle).toBe(handle);
-		expect(hooks.init).toBeUndefined();
-	});
-});
+import { describe, expect, test } from "bun:test";
+import { sequence, createHooks } from "../src/hooks";
+import { createCookies } from "../src/cookie-utils";
+import type { Handle, RequestEvent } from "../src/hooks";
+function fakeEvent(overrides?: Partial<RequestEvent>): RequestEvent {
+	return {
+		request: new Request("http://localhost/"),
+		url: new URL("http://localhost/"),
+		params: {},
+		locals: {},
+		cookies: {
+			get: () => undefined,
+			set: () => {},
+			delete: () => {},
+		},
+		setHeaders: () => {},
+		...overrides,
+	};
+}
+describe("sequence()", () => {
+	test("chains two handlers in order", async () => {
+		const order: string[] = [];
+		const a: Handle = async ({ event, resolve }) => {
+			order.push("a-before");
+			const res = await resolve(event);
+			order.push("a-after");
+			return res;
+		};
+		const b: Handle = async ({ event, resolve }) => {
+			order.push("b-before");
+			const res = await resolve(event);
+			order.push("b-after");
+			return res;
+		};
+		const handler = sequence(a, b);
+		const res = await handler({
+			event: fakeEvent(),
+			resolve: async (evt) => new Response("OK"),
+		});
+		expect(order).toEqual(["a-before", "b-before", "b-after", "a-after"]);
+		expect(await res.text()).toBe("OK");
+	});
+	test("can short-circuit", async () => {
+		let reached = false;
+		const a: Handle = async () => {
+			return new Response("Blocked", { status: 403 });
+		};
+		const b: Handle = async ({ resolve, event }) => {
+			reached = true;
+			return resolve(event);
+		};
+		const handler = sequence(a, b);
+		const res = await handler({
+			event: fakeEvent(),
+			resolve: async () => new Response("OK"),
+		});
+		expect(reached).toBe(false);
+		expect(res.status).toBe(403);
+	});
+	test("can modify event.locals", async () => {
+		const a: Handle = async ({ event, resolve }) => {
+			event.locals.user = "alice";
+			return resolve(event);
+		};
+		const b: Handle = async ({ event, resolve }) => {
+			event.locals.greet = `hello ${event.locals.user}`;
+			return resolve(event);
+		};
+		const handler = sequence(a, b);
+		const event = fakeEvent();
+		await handler({
+			event,
+			resolve: async (evt) => {
+				return new Response(JSON.stringify(evt.locals));
+			},
+		});
+		expect(event.locals.user).toBe("alice");
+		expect(event.locals.greet).toBe("hello alice");
+	});
+	test("can modify response", async () => {
+		const a: Handle = async ({ event, resolve }) => {
+			const res = await resolve(event);
+			const headers = new Headers(res.headers);
+			headers.set("X-First", "1");
+			return new Response(res.body, { status: res.status, headers });
+		};
+		const b: Handle = async ({ event, resolve }) => {
+			const res = await resolve(event);
+			const headers = new Headers(res.headers);
+			headers.set("X-Second", "2");
+			return new Response(res.body, { status: res.status, headers });
+		};
+		const handler = sequence(a, b);
+		const res = await handler({
+			event: fakeEvent(),
+			resolve: async () => new Response("OK"),
+		});
+		expect(res.headers.get("X-First")).toBe("1");
+		expect(res.headers.get("X-Second")).toBe("2");
+	});
+	test("single handler works", async () => {
+		const handler: Handle = async ({ event, resolve }) => {
+			return resolve(event);
+		};
+		const res = await sequence(handler)({
+			event: fakeEvent(),
+			resolve: async () => new Response("Single"),
+		});
+		expect(await res.text()).toBe("Single");
+	});
+	test("three handlers chain correctly", async () => {
+		const order: string[] = [];
+		const a: Handle = async ({ event, resolve }) => {
+			order.push("a");
+			return resolve(event);
+		};
+		const b: Handle = async ({ event, resolve }) => {
+			order.push("b");
+			return resolve(event);
+		};
+		const c: Handle = async ({ event, resolve }) => {
+			order.push("c");
+			return resolve(event);
+		};
+		await sequence(a, b, c)({
+			event: fakeEvent(),
+			resolve: async () => new Response("OK"),
+		});
+		expect(order).toEqual(["a", "b", "c"]);
+	});
+});
+describe("Cookies", () => {
+	function makeEvent(cookieHeader = ""): RequestEvent {
+		return fakeEvent({
+			cookies: createCookies(cookieHeader),
+		});
+	}
+	test("cookies.get reads from header", async () => {
+		let value: string | undefined;
+		const handler: Handle = async ({ event, resolve }) => {
+			value = event.cookies.get("session");
+			return resolve(event);
+		};
+		await handler({
+			event: makeEvent("session=abc123; theme=dark"),
+			resolve: async () => new Response("OK"),
+		});
+		expect(value).toBe("abc123");
+	});
+	test("cookies.set adds Set-Cookie header", async () => {
+		const event = makeEvent();
+		const handler: Handle = async ({ event: evt, resolve }) => {
+			evt.cookies.set("token", "xyz", { httpOnly: true, path: "/" });
+			return resolve(evt);
+		};
+		await handler({
+			event,
+			resolve: async () => new Response("OK"),
+		});
+		expect(event.cookies.get("token")).toBe("xyz");
+		const cookieUtils = event.cookies as ReturnType<typeof createCookies>;
+		expect(cookieUtils.toHeaders().length).toBe(1);
+		expect(cookieUtils.toHeaders()[0]).toContain("token=xyz");
+		expect(cookieUtils.toHeaders()[0]).toContain("HttpOnly");
+		expect(cookieUtils.toHeaders()[0]).toContain("Path=/");
+	});
+});
+describe("createHooks()", () => {
+	test("returns handle and init", async () => {
+		const handle: Handle = async ({ resolve, event }) => resolve(event);
+		const init = () => {};
+		const hooks = createHooks(handle, init);
+		expect(hooks.handle).toBe(handle);
+		expect(hooks.init).toBe(init);
+	});
+	test("returns handle without init", () => {
+		const handle: Handle = async ({ resolve, event }) => resolve(event);
+		const hooks = createHooks(handle);
+		expect(hooks.handle).toBe(handle);
+		expect(hooks.init).toBeUndefined();
+	});
+});