eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-26 01:24:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fa006906f15c501520e82f4394aa8a22fcd4e3e0
worldmonitor/api/_turnstile.test.mjs
Elie Habib dea0f7c5c6 refactor: share edge Turnstile helper (#1628)
2026-03-15 09:21:22 +04:00

80 lines
2.2 KiB
JavaScript
Raw Blame History

import assert from 'node:assert/strict';
import test from 'node:test';
import { getClientIp, verifyTurnstile } from './_turnstile.js';
const originalFetch = globalThis.fetch;
const originalEnv = { ...process.env };
const originalConsoleError = console.error;
function restoreEnv() {
Object.keys(process.env).forEach((key) => {
if (!(key in originalEnv)) delete process.env[key];
});
Object.assign(process.env, originalEnv);
}
test.afterEach(() => {
globalThis.fetch = originalFetch;
console.error = originalConsoleError;
restoreEnv();
});
test('getClientIp prefers x-real-ip, then cf-connecting-ip, then x-forwarded-for', () => {
const request = new Request('https://worldmonitor.app/api/test', {
headers: {
'x-forwarded-for': '198.51.100.8, 203.0.113.10',
'cf-connecting-ip': '203.0.113.7',
'x-real-ip': '192.0.2.5',
},
});
assert.equal(getClientIp(request), '192.0.2.5');
});
test('verifyTurnstile allows missing secret when policy is allow', async () => {
delete process.env.TURNSTILE_SECRET_KEY;
process.env.VERCEL_ENV = 'production';
const ok = await verifyTurnstile({
token: 'token',
ip: '192.0.2.1',
missingSecretPolicy: 'allow',
});
assert.equal(ok, true);
});
test('verifyTurnstile rejects missing secret in production when policy is allow-in-development', async () => {
delete process.env.TURNSTILE_SECRET_KEY;
process.env.VERCEL_ENV = 'production';
console.error = () => {};
const ok = await verifyTurnstile({
token: 'token',
ip: '192.0.2.1',
logPrefix: '[test]',
missingSecretPolicy: 'allow-in-development',
});
assert.equal(ok, false);
});
test('verifyTurnstile posts to Cloudflare and returns success state', async () => {
process.env.TURNSTILE_SECRET_KEY = 'test-secret';
let requestBody;
globalThis.fetch = async (_url, options) => {
requestBody = options.body;
return new Response(JSON.stringify({ success: true }));
};
const ok = await verifyTurnstile({
token: 'valid-token',
ip: '203.0.113.15',
});
assert.equal(ok, true);
assert.equal(requestBody.get('secret'), 'test-secret');
assert.equal(requestBody.get('response'), 'valid-token');
assert.equal(requestBody.get('remoteip'), '203.0.113.15');
});
Reference in New Issue View Git Blame Copy Permalink