test(CookieService): reading valid & invalid session cookies

api/src/unraid-api/auth/cookie.service.spec.ts

@@ -1,18 +1,67 @@
-import { Test, TestingModule } from '@nestjs/testing';
-import { CookieService } from './cookie.service';
+import { Test, type TestingModule } from '@nestjs/testing';
+import { CookieService, SESSION_COOKIE_OPTIONS } from './cookie.service';
+import { describe, it, beforeAll, afterAll } from 'vitest';
+import { emptyDir, ensureFile } from 'fs-extra';
 
-describe('CookieService', () => {
-  let service: CookieService;
+describe.concurrent('CookieService', () => {
+    let service: CookieService;
+    const sessionDir = '/tmp/php/sessions';
 
-  beforeEach(async () => {
-    const module: TestingModule = await Test.createTestingModule({
-      providers: [CookieService],
-    }).compile();
+    // helper to create a session file
+    function makeSession(sessionId: string, cookieService: CookieService = service) {
+        const path = cookieService.getSessionFilePath(sessionId);
+        return ensureFile(path);
+    }
 
-    service = module.get<CookieService>(CookieService);
-  });
+    beforeAll(async () => {
+        const module: TestingModule = await Test.createTestingModule({
+            providers: [
+                CookieService,
+                { provide: SESSION_COOKIE_OPTIONS, useValue: { namePrefix: 'unraid_', sessionDir } },
+            ],
+        }).compile();
 
-  it('should be defined', () => {
-    expect(service).toBeDefined();
-  });
+        service = module.get<CookieService>(CookieService);
+        await emptyDir(sessionDir);
+    });
+
+    afterAll(async () => {
+        await emptyDir(sessionDir);
+    });
+
+    it('has completed test setup', ({ expect }) => {
+        expect(service).toBeDefined();
+        expect(service.opts.sessionDir).toEqual(sessionDir);
+        expect(service.opts.namePrefix).toEqual('unraid_');
+    });
+
+    it('handles session names robustly', ({ expect }) => {
+        const session = (name?: unknown) => service.getSessionFilePath(name as string);
+        expect(session('foo')).toEqual('/tmp/php/sessions/sess_foo');
+        expect(session('')).toEqual('/tmp/php/sessions/sess_');
+        expect(session(null)).toEqual('/tmp/php/sessions/sess_null');
+        expect(session(undefined)).toEqual('/tmp/php/sessions/sess_undefined');
+        expect(session(1)).toEqual('/tmp/php/sessions/sess_1');
+        expect(session(1.0)).toEqual('/tmp/php/sessions/sess_1');
+        expect(session(1.1)).toEqual('/tmp/php/sessions/sess_1.1');
+        expect(session({})).toEqual('/tmp/php/sessions/sess_[object Object]');
+        expect(session(['foo', 'bar'])).toEqual('/tmp/php/sessions/sess_foo,bar');
+        expect(session('foo/bar')).toEqual('/tmp/php/sessions/sess_foo/bar');
+    });
+
+    it('can read an existing session & reject a non-existent one', async ({ expect }) => {
+        const sessionId = '123abc';
+        expect(await service.hasValidAuthCookie({ unraid_session: sessionId })).toBe(false);
+        await makeSession(sessionId);
+        expect(await service.hasValidAuthCookie({ unraid_session: sessionId })).toBe(true);
+    });
+
+    it('can recognize session cookies', async ({ expect }) => {
+        const sessionId = '123abc';
+        await makeSession(sessionId);
+        expect(await service.hasValidAuthCookie({ unraid: sessionId })).toBe(false);
+        expect(await service.hasValidAuthCookie({ unraid_: sessionId })).toBe(true);
+        expect(await service.hasValidAuthCookie({ unraid_0: sessionId })).toBe(true);
+        expect(await service.hasValidAuthCookie({ unraid_session: sessionId })).toBe(true);
+    });
 });