Add comprehensive backend test suite (#339)
* add test suite, mostly covers integration testing, tests are only backend side * workflow runs the correct script * workflow runs the correct script * workflow runs the correct script * unit tests incoming * Fix multer silent rejections and error handler info leak - Revert cb(null, false) to cb(new Error(...)) in auth.ts, collab.ts, and files.ts so invalid uploads return an error instead of silently dropping the file - Error handler in app.ts now always returns 500 / "Internal server error" instead of forwarding err.message to the client * Use statusCode consistently for multer errors and error handler - Error handler in app.ts reads err.statusCode to forward the correct HTTP status while keeping the response body generic
This commit is contained in:
Julien G.
56
server/tests/unit/services/cookie.test.ts
Normal file
56
server/tests/unit/services/cookie.test.ts
Normal file
@@ -0,0 +1,56 @@
|
||||
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
|
||||
|
||||
import { cookieOptions } from '../../../src/services/cookie';
|
||||
|
||||
describe('cookieOptions', () => {
|
||||
afterEach(() => {
|
||||
vi.unstubAllEnvs();
|
||||
});
|
||||
|
||||
it('always sets httpOnly: true', () => {
|
||||
expect(cookieOptions()).toHaveProperty('httpOnly', true);
|
||||
});
|
||||
|
||||
it('always sets sameSite: strict', () => {
|
||||
expect(cookieOptions()).toHaveProperty('sameSite', 'strict');
|
||||
});
|
||||
|
||||
it('always sets path: /', () => {
|
||||
expect(cookieOptions()).toHaveProperty('path', '/');
|
||||
});
|
||||
|
||||
it('sets secure: false in test environment (COOKIE_SECURE=false from setup)', () => {
|
||||
// setup.ts sets COOKIE_SECURE=false, so secure should be false
|
||||
const opts = cookieOptions();
|
||||
expect(opts.secure).toBe(false);
|
||||
});
|
||||
|
||||
it('sets secure: true when NODE_ENV=production and COOKIE_SECURE is not false', () => {
|
||||
vi.stubEnv('COOKIE_SECURE', 'true');
|
||||
vi.stubEnv('NODE_ENV', 'production');
|
||||
expect(cookieOptions().secure).toBe(true);
|
||||
});
|
||||
|
||||
it('sets secure: false when COOKIE_SECURE=false even in production', () => {
|
||||
vi.stubEnv('COOKIE_SECURE', 'false');
|
||||
vi.stubEnv('NODE_ENV', 'production');
|
||||
expect(cookieOptions().secure).toBe(false);
|
||||
});
|
||||
|
||||
it('sets secure: true when FORCE_HTTPS=true', () => {
|
||||
vi.stubEnv('COOKIE_SECURE', 'true');
|
||||
vi.stubEnv('FORCE_HTTPS', 'true');
|
||||
vi.stubEnv('NODE_ENV', 'development');
|
||||
expect(cookieOptions().secure).toBe(true);
|
||||
});
|
||||
|
||||
it('includes maxAge: 86400000 when clear is false (default)', () => {
|
||||
expect(cookieOptions()).toHaveProperty('maxAge', 24 * 60 * 60 * 1000);
|
||||
expect(cookieOptions(false)).toHaveProperty('maxAge', 24 * 60 * 60 * 1000);
|
||||
});
|
||||
|
||||
it('omits maxAge when clear is true', () => {
|
||||
const opts = cookieOptions(true);
|
||||
expect(opts).not.toHaveProperty('maxAge');
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user