Files
diegosouzapw--omniroute/tests/unit/live-ws-cookie-parse.test.ts
2026-07-13 13:39:12 +08:00

43 lines
1.7 KiB
TypeScript

// Regression for #4004: liveServer's cookie parser used an UNTAGGED template literal
// `(?:^|;\s*)` — \s collapsed to a literal "s", so auth_token only matched when it was
// the FIRST cookie. Browsers serialize "a=1; auth_token=…", so the same-origin
// reverse-proxy dashboard auth silently failed whenever any cookie preceded auth_token.
// Keep the server from auto-starting on import.
process.env.OMNIROUTE_ENABLE_LIVE_WS = "0";
import test from "node:test";
import assert from "node:assert/strict";
import { getCookieValueFromHeader } from "@/server/ws/liveServer";
test("getCookieValueFromHeader reads auth_token when it is the only cookie", () => {
assert.equal(getCookieValueFromHeader({ cookie: "auth_token=abc123" }, "auth_token"), "abc123");
});
test("getCookieValueFromHeader reads auth_token when preceded by other cookies (#4004)", () => {
// The standard browser "; " separator — the case the \s-vs-\\s bug broke.
assert.equal(
getCookieValueFromHeader({ cookie: "omni_pref=dark; auth_token=abc123" }, "auth_token"),
"abc123"
);
assert.equal(
getCookieValueFromHeader({ cookie: "a=1; b=2; auth_token=xyz" }, "auth_token"),
"xyz"
);
});
test("getCookieValueFromHeader handles a no-space separator too", () => {
assert.equal(getCookieValueFromHeader({ cookie: "a=1;auth_token=tok" }, "auth_token"), "tok");
});
test("getCookieValueFromHeader returns null when the cookie is absent", () => {
assert.equal(getCookieValueFromHeader({ cookie: "other=1; foo=2" }, "auth_token"), null);
assert.equal(getCookieValueFromHeader({}, "auth_token"), null);
});
test("getCookieValueFromHeader URL-decodes the value", () => {
assert.equal(
getCookieValueFromHeader({ cookie: "x=1; auth_token=a%20b" }, "auth_token"),
"a b"
);
});