Files
2026-07-13 13:39:12 +08:00

139 lines
5.7 KiB
TypeScript

import test from "node:test";
import assert from "node:assert/strict";
const {
extractCookieValue,
normalizeSessionCookieHeader,
stripCookieInputPrefix,
buildGrokCookieHeader,
buildQwenCookieHeader,
extractQwenToken,
} = await import("../../src/lib/providers/webCookieAuth.ts");
test("stripCookieInputPrefix removes 'cookie:' and 'bearer ' prefixes", () => {
assert.equal(stripCookieInputPrefix("Cookie: sso=abc"), "sso=abc");
assert.equal(stripCookieInputPrefix("bearer xyz"), "xyz");
assert.equal(stripCookieInputPrefix(" plain "), "plain");
assert.equal(stripCookieInputPrefix(""), "");
});
test("normalizeSessionCookieHeader returns input as-is when it already has '='", () => {
assert.equal(
normalizeSessionCookieHeader(
"__Secure-authjs.session-token=abc",
"__Secure-authjs.session-token"
),
"__Secure-authjs.session-token=abc"
);
assert.equal(
normalizeSessionCookieHeader("bare-value", "__Secure-authjs.session-token"),
"__Secure-authjs.session-token=bare-value"
);
});
test("extractCookieValue: bare value returns unchanged", () => {
assert.equal(extractCookieValue("eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
});
test("extractCookieValue: single name=value pair returns the value", () => {
assert.equal(extractCookieValue("sso=eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
assert.equal(extractCookieValue("Cookie: sso=eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
});
test("extractCookieValue: full DevTools cookie blob picks the named cookie", () => {
const blob =
"i18nextLng=en; stblid=aaaaaaaa; __cf_bm=foo; sso-rw=eyJOTHER; sso=eyJTARGET.abc.def; cf_clearance=baz;";
assert.equal(extractCookieValue(blob, "sso"), "eyJTARGET.abc.def");
assert.equal(extractCookieValue(blob, "sso-rw"), "eyJOTHER");
assert.equal(extractCookieValue(blob, "cf_clearance"), "baz");
});
test("extractCookieValue: blob without target cookie returns empty string", () => {
assert.equal(extractCookieValue("foo=1; bar=2;", "sso"), "");
});
test("extractCookieValue: empty input returns empty string", () => {
assert.equal(extractCookieValue("", "sso"), "");
assert.equal(extractCookieValue(" ", "sso"), "");
});
test("extractCookieValue: cookie name with regex metacharacters is escaped", () => {
const blob = "foo=1; my.cookie+name=hello; bar=2;";
assert.equal(extractCookieValue(blob, "my.cookie+name"), "hello");
});
// #3063 — Grok now requires the paired `sso-rw` write cookie alongside `sso`.
test("buildGrokCookieHeader: bare sso value emits only sso (no phantom sso-rw)", () => {
assert.equal(buildGrokCookieHeader("eyJ0eXAi.abc.def"), "sso=eyJ0eXAi.abc.def");
});
test("buildGrokCookieHeader: single sso= pair emits only sso", () => {
assert.equal(buildGrokCookieHeader("sso=eyJ0eXAi.abc"), "sso=eyJ0eXAi.abc");
});
test("buildGrokCookieHeader: full cookie blob forwards sso, sso-rw and cf_clearance", () => {
const blob = "cf_clearance=zzz; sso=AAA.bbb; sso-rw=CCC.ddd; other=1";
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; sso-rw=CCC.ddd; cf_clearance=zzz");
});
// #5350 — forward the Cloudflare cookies (cf_clearance + __cf_bm) when the pasted
// blob carries them, matching the real browser request (parity with AIClient2API).
test("buildGrokCookieHeader: forwards sso, sso-rw, cf_clearance and __cf_bm (order-independent)", () => {
const blob = "i18nextLng=en; __cf_bm=BM; sso=SSO; sso-rw=RW; cf_clearance=CF; x-userid=U";
const header = buildGrokCookieHeader(blob);
assert.match(header, /(?:^|;\s*)sso=SSO(?:;|$)/);
assert.match(header, /(?:^|;\s*)sso-rw=RW(?:;|$)/);
assert.match(header, /(?:^|;\s*)cf_clearance=CF(?:;|$)/);
assert.match(header, /(?:^|;\s*)__cf_bm=BM(?:;|$)/);
});
test("buildGrokCookieHeader: bare sso emits no phantom cf_clearance/__cf_bm keys", () => {
assert.equal(buildGrokCookieHeader("sso=SSO"), "sso=SSO");
assert.doesNotMatch(buildGrokCookieHeader("sso=SSO"), /cf_clearance|__cf_bm/);
});
test("buildGrokCookieHeader: forwards __cf_bm even when cf_clearance is absent", () => {
const blob = "foo=1; __cf_bm=BM; sso=AAA.bbb";
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; __cf_bm=BM");
});
test("buildGrokCookieHeader: order-independent — sso-rw before sso in the blob", () => {
const blob = "sso-rw=CCC.ddd; sso=AAA.bbb";
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; sso-rw=CCC.ddd");
});
test("buildGrokCookieHeader: blob with sso but no sso-rw emits only sso", () => {
assert.equal(buildGrokCookieHeader("foo=1; sso=AAA.bbb; bar=2"), "sso=AAA.bbb");
});
test("buildGrokCookieHeader: blob without sso returns empty string", () => {
assert.equal(buildGrokCookieHeader("foo=1; sso-rw=CCC.ddd; bar=2"), "");
assert.equal(buildGrokCookieHeader(""), "");
});
test("buildQwenCookieHeader: passes through a full DevTools cookie blob", () => {
const blob = "cna=ABC; token=jwt.tok; ssxmod_itna=1-XYZ; ssxmod_itna2=1-QRS";
assert.equal(buildQwenCookieHeader(blob), blob);
});
test("buildQwenCookieHeader: strips a leading 'Cookie:' prefix", () => {
assert.equal(buildQwenCookieHeader("Cookie: cna=ABC; token=jwt"), "cna=ABC; token=jwt");
});
test("buildQwenCookieHeader: a bare token (no cookie pairs) yields no cookie header", () => {
assert.equal(buildQwenCookieHeader("eyJ0eXAi.abc.def"), "");
assert.equal(buildQwenCookieHeader(""), "");
});
test("extractQwenToken: pulls the token= value out of a cookie blob", () => {
assert.equal(extractQwenToken("cna=ABC; token=jwt.tok; ssxmod_itna=1-XYZ"), "jwt.tok");
});
test("extractQwenToken: returns a bare token unchanged", () => {
assert.equal(extractQwenToken("eyJ0eXAi.abc.def"), "eyJ0eXAi.abc.def");
});
test("extractQwenToken: a cookie blob without a token cookie yields empty string", () => {
assert.equal(extractQwenToken("cna=ABC; ssxmod_itna=1-XYZ"), "");
});