Added test for reading body twice

chmking · Sep 1, 2022 · dfec1fb · dfec1fb
1 parent 569e0d2
commit dfec1fb
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 13 deletions.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@chmking/h3-csrf",
   "description": "CSRF token middleware for H3",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "author": "Christopher King <[email protected]>",
   "repository": {
     "type": "git",
@@ -26,7 +26,8 @@
   "dependencies": {
     "cookie-es": "^0.5.0",
     "csrf": "^3.1.0",
-    "defu": "^6.0.0"
+    "defu": "^6.0.0",
+    "h3": "^0.7.16"
   },
   "devDependencies": {
     "@types/chai": "^4.3.1",
@@ -39,7 +40,6 @@
     "eslint": "^8.15.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-prettier": "^4.0.0",
-    "h3": "^0.7.8",
     "mocha": "^10.0.0",
     "prettier": "2.6.2",
     "supertest": "^6.2.3",

diff --git a/src/index.spec.ts b/src/index.spec.ts
@@ -1,5 +1,5 @@
 import { createServer } from 'http'
-import { createApp, CompatibilityEvent } from 'h3'
+import { createApp, CompatibilityEvent, readBody } from 'h3'
 import { csrf, Options } from './index'
 import request, { Response } from 'supertest'
 import 'mocha'
@@ -211,6 +211,37 @@ describe('CSRF middleware', () => {
       })
     })
   })
+
+  describe('when the body is read twice', () => {
+    it('does not block', (done) => {
+      const app = createApp()
+      app.use(csrf())
+      app.use('/login', async (event: CompatibilityEvent) => {
+        await readBody(event)
+      })
+      app.use('/', (event: CompatibilityEvent) => {
+        return event.req.csrfToken()
+      })
+      const server = createServer(app)
+
+      request(server)
+        .get('/')
+        .expect(200)
+        .end((err, res) => {
+          if (err) return done(err)
+          const token = res.text
+          request(server)
+            .post('/login')
+            .set('Cookie', cookies(res))
+            .send({ _csrf: token })
+            .expect(200)
+            .end((err) => {
+              if (err) return done(err)
+              return done()
+            })
+        })
+    })
+  })
 })
 
 function cookies(res: Response) {

diff --git a/yarn.lock b/yarn.lock
@@ -864,15 +864,15 @@ globby@^11.1.0:
     merge2 "^1.4.1"
     slash "^3.0.0"
 
-h3@^0.7.8:
-  version "0.7.8"
-  resolved "https://registry.yarnpkg.com/h3/-/h3-0.7.8.tgz#98aab2b1128e0f4edf4515d1477e6389230d1388"
-  integrity sha512-E5hqrzQvQEYVE4h579pLb9gipHagQVZIMP2v83vSKxa40b7ctG1zNylXtW57BT3BGNVeQTccl6vIwyVK1L6lLw==
+h3@^0.7.16:
+  version "0.7.16"
+  resolved "https://registry.yarnpkg.com/h3/-/h3-0.7.16.tgz#eaebfdf748000feafb4db49a814240a8ce43a8bb"
+  integrity sha512-U8DasgLV1dIv/FjlePZB0oSGWk37Swnx3eYYGPxJ0pup/KAmEXHt733NXFlPdX42y0HEEx9QEvJhULJR546JMg==
   dependencies:
     cookie-es "^0.5.0"
     destr "^1.1.1"
     radix3 "^0.1.2"
-    ufo "^0.8.3"
+    ufo "^0.8.5"
 
 has-flag@^4.0.0:
   version "4.0.0"
@@ -1510,10 +1510,10 @@ typescript@^4.6.4:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.6.4.tgz#caa78bbc3a59e6a5c510d35703f6a09877ce45e9"
   integrity sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==
 
-ufo@^0.8.3:
-  version "0.8.4"
-  resolved "https://registry.yarnpkg.com/ufo/-/ufo-0.8.4.tgz#23e9ed82398d2116dcb378e8fba5ced8eca2ee40"
-  integrity sha512-/+BmBDe8GvlB2nIflWasLLAInjYG0bC9HRnfEpNi4sw77J2AJNnEVnTDReVrehoh825+Q/evF3THXTAweyam2g==
+ufo@^0.8.5:
+  version "0.8.5"
+  resolved "https://registry.yarnpkg.com/ufo/-/ufo-0.8.5.tgz#e367b4205ece9d9723f2fa54f887d43ed1bce5d0"
+  integrity sha512-e4+UtA5IRO+ha6hYklwj6r7BjiGMxS0O+UaSg9HbaTefg4kMkzj4tXzEBajRR+wkxf+golgAWKzLbytCUDMJAA==
 
 [email protected]:
   version "2.1.5"