maxp/lt-auth-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
fcb9daa30cf86901f32ec8d544d9ae3b423560d3
lt-auth-proxy/src/__tests__/ltProxyAuth.test.ts
Max P. 4326a2d92c fix(auth): validate API key from POST body and handle content type 
- Switch API key validation to use POST body parameters
- Add support for `application/x-www-form-urlencoded` content type
- Store parsed body in context state for further use
- Reject unsupported content types with 415 status
2025-05-11 10:59:39 +02:00

89 lines
2.3 KiB
TypeScript
Raw Blame History

// deno-lint-ignore-file require-await
import { assertEquals } from 'https://deno.land/std@0.204.0/assert/mod.ts';
import type { IContext } from 'http-kernel/Interfaces/mod.ts';
import { ltProxyAuth } from '../ltProxyAuth.ts';
Deno.test('ltProxyAuth: accepts valid API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const body = new URLSearchParams({ apiKey: 'valid123' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
query: {},
state: {},
};
const response = await ltProxyAuth(
ctx,
async () => new Response('OK', { status: 200 }),
);
assertEquals(response.status, 200);
assertEquals(await response.text(), 'OK');
});
Deno.test('ltProxyAuth: rejects invalid API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const body = new URLSearchParams({ apiKey: 'invalid456' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
query: {},
state: {},
};
const response = await ltProxyAuth(
ctx,
async () => new Response('SHOULD NOT HAPPEN'),
);
assertEquals(response.status, 403);
assertEquals(await response.text(), 'Forbidden – Invalid API key');
});
Deno.test('ltProxyAuth: rejects missing API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const body = new URLSearchParams({ text: 'nur text ohne apiKey' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
query: {},
state: {},
};
const response = await ltProxyAuth(
ctx,
async () => new Response('SHOULD NOT HAPPEN'),
);
assertEquals(response.status, 403);
assertEquals(await response.text(), 'Forbidden – Invalid API key');
});
Reference in New Issue View Git Blame Copy Permalink