refactor(auth-mw): reduce cognitive complexity in auth-express-middleware index

[sirdeggen]

Summary

Wave 2 cognitive complexity refactor — clear 5 S3776 violations in packages/middleware/auth-express-middleware/src/index.ts.

Approach

• send() (complexity 18→2): Extracted sendGeneralMessage and sendNonGeneralMessage private methods; extracted readResponseHeaders helper
• handleIncomingRequest() (complexity 32→5): Extracted handleWellKnownAuth, handleGeneralMessage, and handleUnauthenticated private methods
• handleWellKnownAuth inner callbacks (complexity 23→split): Extracted registerCertificateListener and handleCertificatesForPeer private methods
• General message listener (complexity 17→split): Extracted setupAuthenticatedResponse, hijackResponse, and scheduleNextOrCertificateWait private methods
• writeBodyToWriter (complexity 28→7): Moved to authMiddlewareHelpers.ts with early-return pattern replacing nested if-else chain
• buildAuthMessageFromRequest (complexity 17→5): Extracted writeUrlToWriter and writeRequestHeadersToWriter into helpers; replaced dual debug-log calls with makeDebugLogger closure
• New helper file src/authMiddlewareHelpers.ts: Houses isLogLevelEnabled, getLogMethod, writeBodyToWriter, writeUrlToWriter, writeRequestHeadersToWriter, writeHeaderPair, convertValueToArray, makeDebugLogger; LOG_LEVELS and LOG_METHOD_MAP hoisted to module-level constants (efficiency); writeRequestHeadersToWriter deduped to use writeHeaderPair

Verification

• pnpm --filter @bsv/auth-express-middleware run build ✅
• pnpm --filter @bsv/auth-express-middleware run test ✅
• 20 tests pass (no new tests needed — all existing integration tests cover the refactored paths)
• Lint: pre-existing test-file warnings only (identical to main branch baseline); source files clean

Refs #38 #44

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[sirdeggen]

CodeQL note

Two critical CodeQL alerts (#103, #106) for js/type-confusion-through-parameter-tampering at authMiddlewareHelpers.ts:133,135 persist despite three escalating fixes:

1. Attempt 1: Normalized header values via Array.isArray(v) ? v[0] : v ternary in writeRequestHeadersToWriter. Cleared two alerts; uncovered two more in writeBodyToWriter.
2. Attempt 2: Added getHeader closure helper at top of writeBodyToWriter, extracted contentType once, replaced all headers['content-type'] comparisons.
3. Attempt 3: Replaced closure with inline narrowing (if typeof === 'string' / Array.isArray) for visibility to CodeQL's dataflow analyzer. Strengthened body type guard with body !== null && typeof body === 'object' && !Array.isArray(body) before Object.keys(body) and URLSearchParams(body).

The remaining alerts appear to be false positives of the CodeQL query: contentType is provably a string at every comparison site (inline narrowing immediately above the if-block), and body is provably a non-array plain object at every consumption site. Tests (20/20) pass.

Suggest: triage the two alerts as false-positive at merge time, or merge as-is and have CodeQL re-evaluate against main (where the type-guard narrowing should be more obvious to the analyzer).

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud