alex/homeassistant-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: migrate to Elysia and enhance security middleware

Browse Source 
- Replaced Express with Elysia for improved performance and type safety
- Integrated Elysia middleware for rate limiting, security headers, and request validation
- Refactored security utilities to work with Elysia's context and request handling
- Updated token management and validation logic
- Added comprehensive security headers and input sanitization
- Simplified server initialization and error handling
- Updated documentation with new setup and configuration details
This commit is contained in:
jango-blockchained
2025-02-04 03:09:35 +01:00
parent bc1dc8278a
commit 790a37e49f
18 changed files with 1687 additions and 1064 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
__tests__/security/index.test.ts
View File

@@ -1,5 +1,5 @@
import { TokenManager, validateRequest, sanitizeInput, errorHandler } from '../../src/security/index.js';
import { Request, Response } from 'express';
import { TokenManager, validateRequest, sanitizeInput, errorHandler, rateLimiter, securityHeaders } from '../../src/security/index.js';
import { mock, describe, it, expect, beforeEach, afterEach } from 'bun:test';
import jwt from 'jsonwebtoken';
const TEST_SECRET = 'test-secret-that-is-long-enough-for-testing-purposes';
@@ -50,44 +50,75 @@ describe('Security Module', () => {
expect(result.valid).toBe(false);
expect(result.error).toBe('Token has expired');
});
it('should handle invalid token format', () => {
const result = TokenManager.validateToken('invalid-token');
expect(result.valid).toBe(false);
expect(result.error).toBe('Invalid token format');
});
it('should handle missing JWT secret', () => {
delete process.env.JWT_SECRET;
const payload = { data: 'test' };
const token = jwt.sign(payload, 'some-secret');
const result = TokenManager.validateToken(token);
expect(result.valid).toBe(false);
expect(result.error).toBe('JWT secret not configured');
});
it('should handle rate limiting for failed attempts', () => {
const invalidToken = 'x'.repeat(64);
const testIp = '127.0.0.1';
// First attempt
const firstResult = TokenManager.validateToken(invalidToken, testIp);
expect(firstResult.valid).toBe(false);
// Multiple failed attempts
for (let i = 0; i < 4; i++) {
TokenManager.validateToken(invalidToken, testIp);
}
// Next attempt should be rate limited
const limitedResult = TokenManager.validateToken(invalidToken, testIp);
expect(limitedResult.valid).toBe(false);
expect(limitedResult.error).toBe('Too many failed attempts. Please try again later.');
});
});
describe('Request Validation', () => {
let mockRequest: Partial<Request>;
let mockResponse: Partial<Response>;
let mockNext: jest.Mock;
let mockRequest: any;
let mockResponse: any;
let mockNext: any;
beforeEach(() => {
mockRequest = {
method: 'POST',
headers: {
'content-type': 'application/json'
} as Record<string, string>,
},
body: {},
ip: '127.0.0.1'
};
mockResponse = {
status: jest.fn().mockReturnThis(),
json: jest.fn().mockReturnThis(),
setHeader: jest.fn().mockReturnThis(),
removeHeader: jest.fn().mockReturnThis()
status: mock(() => mockResponse),
json: mock(() => mockResponse),
setHeader: mock(() => mockResponse),
removeHeader: mock(() => mockResponse)
};
mockNext = jest.fn();
mockNext = mock(() => { });
});
it('should pass valid requests', () => {
if (mockRequest.headers) {
mockRequest.headers.authorization = 'Bearer valid-token';
}
jest.spyOn(TokenManager, 'validateToken').mockReturnValue({ valid: true });
const validateTokenSpy = mock(() => ({ valid: true }));
TokenManager.validateToken = validateTokenSpy;
validateRequest(
mockRequest as Request,
mockResponse as Response,
mockNext
);
validateRequest(mockRequest, mockResponse, mockNext);
expect(mockNext).toHaveBeenCalled();
});
@@ -97,11 +128,7 @@ describe('Security Module', () => {
mockRequest.headers['content-type'] = 'text/plain';
}
validateRequest(
mockRequest as Request,
mockResponse as Response,
mockNext
);
validateRequest(mockRequest, mockResponse, mockNext);
expect(mockResponse.status).toHaveBeenCalledWith(415);
expect(mockResponse.json).toHaveBeenCalledWith({
@@ -117,11 +144,7 @@ describe('Security Module', () => {
delete mockRequest.headers.authorization;
}
validateRequest(
mockRequest as Request,
mockResponse as Response,
mockNext
);
validateRequest(mockRequest, mockResponse, mockNext);
expect(mockResponse.status).toHaveBeenCalledWith(401);
expect(mockResponse.json).toHaveBeenCalledWith({
@@ -135,11 +158,7 @@ describe('Security Module', () => {
it('should reject invalid request body', () => {
mockRequest.body = null;
validateRequest(
mockRequest as Request,
mockResponse as Response,
mockNext
);
validateRequest(mockRequest, mockResponse, mockNext);
expect(mockResponse.status).toHaveBeenCalledWith(400);
expect(mockResponse.json).toHaveBeenCalledWith({
@@ -152,9 +171,9 @@ describe('Security Module', () => {
});
describe('Input Sanitization', () => {
let mockRequest: Partial<Request>;
let mockResponse: Partial<Response>;
let mockNext: jest.Mock;
let mockRequest: any;
let mockResponse: any;
let mockNext: any;
beforeEach(() => {
mockRequest = {
@@ -171,19 +190,15 @@ describe('Security Module', () => {
};
mockResponse = {
status: jest.fn().mockReturnThis(),
json: jest.fn().mockReturnThis()
status: mock(() => mockResponse),
json: mock(() => mockResponse)
};
mockNext = jest.fn();
mockNext = mock(() => { });
});
it('should sanitize HTML tags from request body', () => {
sanitizeInput(
mockRequest as Request,
mockResponse as Response,
mockNext
);
sanitizeInput(mockRequest, mockResponse, mockNext);
expect(mockRequest.body).toEqual({
text: 'Test',
@@ -196,19 +211,15 @@ describe('Security Module', () => {
it('should handle non-object body', () => {
mockRequest.body = 'string body';
sanitizeInput(
mockRequest as Request,
mockResponse as Response,
mockNext
);
sanitizeInput(mockRequest, mockResponse, mockNext);
expect(mockNext).toHaveBeenCalled();
});
});
describe('Error Handler', () => {
let mockRequest: Partial<Request>;
let mockResponse: Partial<Response>;
let mockNext: jest.Mock;
let mockRequest: any;
let mockResponse: any;
let mockNext: any;
beforeEach(() => {
mockRequest = {
@@ -217,22 +228,17 @@ describe('Security Module', () => {
};
mockResponse = {
status: jest.fn().mockReturnThis(),
json: jest.fn().mockReturnThis()
status: mock(() => mockResponse),
json: mock(() => mockResponse)
};
mockNext = jest.fn();
mockNext = mock(() => { });
});
it('should handle errors in production mode', () => {
process.env.NODE_ENV = 'production';
const error = new Error('Test error');
errorHandler(
error,
mockRequest as Request,
mockResponse as Response,
mockNext
);
errorHandler(error, mockRequest, mockResponse, mockNext);
expect(mockResponse.status).toHaveBeenCalledWith(500);
expect(mockResponse.json).toHaveBeenCalledWith({
@@ -245,12 +251,7 @@ describe('Security Module', () => {
it('should include error message in development mode', () => {
process.env.NODE_ENV = 'development';
const error = new Error('Test error');
errorHandler(
error,
mockRequest as Request,
mockResponse as Response,
mockNext
);
errorHandler(error, mockRequest, mockResponse, mockNext);
expect(mockResponse.status).toHaveBeenCalledWith(500);
expect(mockResponse.json).toHaveBeenCalledWith({
@@ -262,4 +263,52 @@ describe('Security Module', () => {
});
});
});
describe('Rate Limiter', () => {
it('should limit requests after threshold', async () => {
const mockContext = {
request: new Request('http://localhost', {
headers: new Headers({
'x-forwarded-for': '127.0.0.1'
})
}),
set: mock(() => { })
};
// Test multiple requests
for (let i = 0; i < 100; i++) {
await rateLimiter.derive(mockContext);
}
// The next request should throw
try {
await rateLimiter.derive(mockContext);
expect(false).toBe(true); // Should not reach here
} catch (error) {
expect(error instanceof Error).toBe(true);
expect(error.message).toBe('Too many requests from this IP, please try again later');
}
});
});
describe('Security Headers', () => {
it('should set security headers', async () => {
const mockHeaders = new Headers();
const mockContext = {
request: new Request('http://localhost', {
headers: mockHeaders
}),
set: mock(() => { })
};
await securityHeaders.derive(mockContext);
// Verify that security headers were set
const headers = mockContext.request.headers;
expect(headers.has('content-security-policy')).toBe(true);
expect(headers.has('x-frame-options')).toBe(true);
expect(headers.has('x-content-type-options')).toBe(true);
expect(headers.has('referrer-policy')).toBe(true);
});
});
});