Refactoring

tkrotoff · tkrotoff · commit 3da41f6898c4 · 2021-11-17T14:51:25.000+01:00
diff --git a/src/fixRequestBody.test.ts b/src/fixRequestBody.test.ts
@@ -5,8 +5,7 @@ import { fixRequestBody } from './fixRequestBody';
 
 const fakeProxyRequest = () => {
   const proxyRequest = new http.ClientRequest('http://some-host');
-  proxyRequest.emit = jest.fn();
-
+  proxyRequest.emit = () => false; // Otherwise we get "Error: getaddrinfo ENOTFOUND some-host"
   return proxyRequest;
 };
 
@@ -16,12 +15,7 @@ test('should not write when body is undefined', () => {
   jest.spyOn(proxyRequest, 'setHeader');
   jest.spyOn(proxyRequest, 'write');
 
-  fixRequestBody(
-    proxyRequest,
-    { body: undefined } as express.Request,
-    {} as http.ServerResponse,
-    {}
-  );
+  fixRequestBody(proxyRequest, { body: undefined } as express.Request);
 
   expect(proxyRequest.setHeader).not.toHaveBeenCalled();
   expect(proxyRequest.write).not.toHaveBeenCalled();
@@ -33,7 +27,7 @@ test('should not write when body is empty', () => {
   jest.spyOn(proxyRequest, 'setHeader');
   jest.spyOn(proxyRequest, 'write');
 
-  fixRequestBody(proxyRequest, { body: {} } as express.Request, {} as http.ServerResponse, {});
+  fixRequestBody(proxyRequest, { body: {} } as express.Request);
 
   expect(proxyRequest.setHeader).not.toHaveBeenCalled();
   expect(proxyRequest.write).not.toHaveBeenCalled();
@@ -46,12 +40,7 @@ test('should write when body is not empty and Content-Type is application/json',
   jest.spyOn(proxyRequest, 'setHeader');
   jest.spyOn(proxyRequest, 'write');
 
-  fixRequestBody(
-    proxyRequest,
-    { body: { someField: 'some value' } } as express.Request,
-    {} as http.ServerResponse,
-    {}
-  );
+  fixRequestBody(proxyRequest, { body: { someField: 'some value' } } as express.Request);
 
   const expectedBody = JSON.stringify({ someField: 'some value' });
   expect(proxyRequest.setHeader).toHaveBeenCalledWith('Content-Length', expectedBody.length);
@@ -65,14 +54,9 @@ test('should write when body is not empty and Content-Type is application/x-www-
   jest.spyOn(proxyRequest, 'setHeader');
   jest.spyOn(proxyRequest, 'write');
 
-  fixRequestBody(
-    proxyRequest,
-    { body: { someField: 'some value' } } as express.Request,
-    {} as http.ServerResponse,
-    {}
-  );
+  fixRequestBody(proxyRequest, { body: { someField: 'some value' } } as express.Request);
 
-  const expectedBody = new URLSearchParams({ someField: 'some value' }).toString();
+  const expectedBody = 'someField=some+value';
   expect(proxyRequest.setHeader).toHaveBeenCalledWith('Content-Length', expectedBody.length);
   expect(proxyRequest.write).toHaveBeenCalledWith(expectedBody);
 });
diff --git a/src/fixRequestBody.ts b/src/fixRequestBody.ts
@@ -1,13 +1,13 @@
-import { ProxyReqCallback } from 'http-proxy';
+import http from 'http';
 
 /**
  * Fix proxied body if bodyParser is involved.
  *
- * https://github.com/chimurai/http-proxy-middleware/blob/v2.0.1/src/handlers/fix-request-body.ts
- * https://github.com/chimurai/http-proxy-middleware/issues/320
- * https://github.com/chimurai/http-proxy-middleware/pull/492
+ * @see https://github.com/chimurai/http-proxy-middleware/blob/v2.0.1/src/handlers/fix-request-body.ts
+ * @see https://github.com/chimurai/http-proxy-middleware/issues/320
+ * @see https://github.com/chimurai/http-proxy-middleware/pull/492
  */
-const fixRequestBody: ProxyReqCallback = (proxyReq, req) => {
+const fixRequestBody = (proxyReq: http.ClientRequest, req: http.IncomingMessage) => {
   const requestBody = (req as unknown as Request).body;
 
   if (!requestBody || Object.keys(requestBody).length === 0) {
diff --git a/src/proxy.ts b/src/proxy.ts
@@ -2,7 +2,7 @@ import express from 'express';
 import { createProxyServer } from 'http-proxy';
 
 import { fixRequestBody } from './fixRequestBody';
-import { removeSecurityFromCookie } from './removeSecurityFromCookie';
+import { removeSecureFromSetCookie } from './removeSecureFromSetCookie';
 import { ProxyParams } from './stubServer';
 
 const send = (
@@ -31,7 +31,7 @@ const send = (
   });
 
   proxy.on('proxyReq', fixRequestBody);
-  proxy.on('proxyRes', removeSecurityFromCookie);
+  proxy.on('proxyRes', removeSecureFromSetCookie);
   proxy.web(req, res, { target }, next);
 };
 
diff --git a/src/removeSecureFromSetCookie.test.ts b/src/removeSecureFromSetCookie.test.ts
@@ -0,0 +1,31 @@
+import { removeSecureFromSetCookie } from './removeSecureFromSetCookie';
+
+test('should remove Secure attribute from Set-Cookie header', () => {
+  const proxyRes = {
+    headers: {
+      'set-cookie': [
+        'cookie1=ZYADVSQYTDZA1; Secure; SameSite',
+        'cookie2=ZYADVSQYTDZA2; Secure',
+        'cookie3=ZYADVSQYTDZA3'
+      ]
+    }
+  };
+
+  removeSecureFromSetCookie(proxyRes);
+
+  expect(proxyRes.headers['set-cookie']).toEqual([
+    'cookie1=ZYADVSQYTDZA1; SameSite',
+    'cookie2=ZYADVSQYTDZA2',
+    'cookie3=ZYADVSQYTDZA3'
+  ]);
+});
+
+test('do nothing if no Set-Cookie header', () => {
+  const proxyRes = {
+    headers: {}
+  };
+
+  removeSecureFromSetCookie(proxyRes);
+
+  expect(proxyRes.headers).toEqual({});
+});
diff --git a/src/removeSecureFromSetCookie.ts b/src/removeSecureFromSetCookie.ts
@@ -0,0 +1,20 @@
+import http from 'http';
+
+/**
+ * http-proxy does not remove 'Secure' attribute from Set-Cookie header.
+ *
+ * @see https://github.com/http-party/node-http-proxy/issues/1165
+ * @see https://github.com/http-party/node-http-proxy/pull/1166
+ */
+const removeSecureFromSetCookie = (proxyRes: { headers: http.IncomingHttpHeaders }) => {
+  // ["Header names are lower-cased"](https://nodejs.org/dist/latest-v16.x/docs/api/http.html#messageheaders)
+
+  if (proxyRes.headers['set-cookie']) {
+    const cookies = proxyRes.headers['set-cookie'].map(cookie => cookie.replace(/; secure/gi, ''));
+    /* eslint-disable no-param-reassign */
+    proxyRes.headers['set-cookie'] = cookies;
+    /* eslint-enable no-param-reassign */
+  }
+};
+
+export { removeSecureFromSetCookie };
diff --git a/src/removeSecurityFromCookie.test.ts b/src/removeSecurityFromCookie.test.ts
diff --git a/src/removeSecurityFromCookie.ts b/src/removeSecurityFromCookie.ts
