95 lines
3.6 KiB
TypeScript
95 lines
3.6 KiB
TypeScript
import { describe, it, expect } from "vitest";
|
|
|
|
import { signPreviewUrl, verifyPreviewSignature } from "../../src/db/do-preview-sign.js";
|
|
|
|
const SECRET = "test-secret-key";
|
|
const DIGITS = /^\d+$/;
|
|
const HEX_64 = /^[0-9a-f]{64}$/;
|
|
|
|
describe("signPreviewUrl", () => {
|
|
it("returns a URL with source, exp, and sig params", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
|
|
expect(parsed.origin).toBe("https://preview.example.com");
|
|
expect(parsed.searchParams.get("source")).toBe("https://mysite.com");
|
|
expect(parsed.searchParams.get("exp")).toMatch(DIGITS);
|
|
expect(parsed.searchParams.get("sig")).toMatch(HEX_64);
|
|
});
|
|
|
|
it("sets expiry based on ttl", async () => {
|
|
const before = Math.floor(Date.now() / 1000);
|
|
const url = await signPreviewUrl(
|
|
"https://preview.example.com",
|
|
"https://mysite.com",
|
|
SECRET,
|
|
7200,
|
|
);
|
|
const after = Math.floor(Date.now() / 1000);
|
|
|
|
const exp = Number(new URL(url).searchParams.get("exp"));
|
|
expect(exp).toBeGreaterThanOrEqual(before + 7200);
|
|
expect(exp).toBeLessThanOrEqual(after + 7200);
|
|
});
|
|
|
|
it("defaults to 1 hour TTL", async () => {
|
|
const before = Math.floor(Date.now() / 1000);
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const exp = Number(new URL(url).searchParams.get("exp"));
|
|
expect(exp).toBeGreaterThanOrEqual(before + 3600);
|
|
});
|
|
});
|
|
|
|
describe("verifyPreviewSignature", () => {
|
|
it("verifies a signature produced by signPreviewUrl", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
const source = parsed.searchParams.get("source")!;
|
|
const exp = Number(parsed.searchParams.get("exp"));
|
|
const sig = parsed.searchParams.get("sig")!;
|
|
|
|
expect(await verifyPreviewSignature(source, exp, sig, SECRET)).toBe(true);
|
|
});
|
|
|
|
it("rejects a wrong secret", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
const source = parsed.searchParams.get("source")!;
|
|
const exp = Number(parsed.searchParams.get("exp"));
|
|
const sig = parsed.searchParams.get("sig")!;
|
|
|
|
expect(await verifyPreviewSignature(source, exp, sig, "wrong-secret")).toBe(false);
|
|
});
|
|
|
|
it("rejects a tampered source", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
const exp = Number(parsed.searchParams.get("exp"));
|
|
const sig = parsed.searchParams.get("sig")!;
|
|
|
|
expect(await verifyPreviewSignature("https://evil.com", exp, sig, SECRET)).toBe(false);
|
|
});
|
|
|
|
it("rejects a tampered expiry", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
const source = parsed.searchParams.get("source")!;
|
|
const sig = parsed.searchParams.get("sig")!;
|
|
|
|
expect(await verifyPreviewSignature(source, 9999999999, sig, SECRET)).toBe(false);
|
|
});
|
|
|
|
it("rejects a tampered signature", async () => {
|
|
const url = await signPreviewUrl("https://preview.example.com", "https://mysite.com", SECRET);
|
|
const parsed = new URL(url);
|
|
const source = parsed.searchParams.get("source")!;
|
|
const exp = Number(parsed.searchParams.get("exp"));
|
|
|
|
expect(await verifyPreviewSignature(source, exp, "a".repeat(64), SECRET)).toBe(false);
|
|
});
|
|
|
|
it("rejects a signature with wrong length", async () => {
|
|
expect(await verifyPreviewSignature("https://x.com", 123, "tooshort", SECRET)).toBe(false);
|
|
});
|
|
});
|