Fail if maxAge option is not a positive integer (even if undefined)

helmetjs · Sep 1, 2019 · ff73062 · ff73062
1 parent 2464631
commit ff73062
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## Unreleased
+### Changed
+- You must now pass a positive integer for `maxAge` (instead of any positive number)
+- You cannot pass `undefined` for `maxAge` (though you can still omit the property)
+
 ## 0.2.0 - 2019-05-04
 ### Added
 - TypeScript type definitions. See [helmetjs/helmet#188](https://github.com/helmetjs/helmet/issues/188)

diff --git a/index.ts b/index.ts
@@ -6,16 +6,20 @@ interface ExpectCtOptions {
   reportUri?: string;
 }
 
-function parseMaxAge (option: void | number): number {
-  if (option === undefined) {
-    return 0;
-  }
+function isPositiveInteger(option: unknown): option is number {
+  return (
+    typeof option === 'number' &&
+    option >= 0 &&
+    Math.round(option) === option
+  );
+}
 
-  if (typeof option !== 'number' || option < 0) {
-    throw new Error(`${option } is not a valid value for maxAge. Please choose a positive integer.`);
+function parseMaxAge (option: unknown): number {
+  if (isPositiveInteger(option)) {
+    return option;
+  } else {
+    throw new Error(`${option} is not a valid value for maxAge. Please choose a positive integer.`);
   }
-
-  return option;
 }
 
 function getHeaderValueFromOptions (options?: ExpectCtOptions): string {
@@ -27,7 +31,8 @@ function getHeaderValueFromOptions (options?: ExpectCtOptions): string {
     directives.push('enforce');
   }
 
-  directives.push(`max-age=${parseMaxAge(options.maxAge)}`);
+  const maxAge = 'maxAge' in options ? options.maxAge : 0;
+  directives.push(`max-age=${parseMaxAge(maxAge)}`);
 
   if (options.reportUri) {
     directives.push(`report-uri="${options.reportUri}"`);

diff --git a/test/index.test.ts b/test/index.test.ts
@@ -29,14 +29,17 @@ describe('expectCt', () => {
       .expect('Expect-CT', 'max-age=123');
   });
 
-  it('throws an error if max-age is not a positive number', () => {
+  it('throws an error if max-age is not a positive integer', () => {
+    expect(expectCt.bind(null, { maxAge: -1 })).toThrow();
+    expect(expectCt.bind(null, { maxAge: -123 })).toThrow();
+    expect(expectCt.bind(null, { maxAge: 1.23 })).toThrow();
     /* eslint-disable @typescript-eslint/no-explicit-any */
+    expect(expectCt.bind(null, { maxAge: undefined as any })).toThrow();
+    expect(expectCt.bind(null, { maxAge: null as any })).toThrow();
     expect(expectCt.bind(null, { maxAge: true as any })).toThrow();
     expect(expectCt.bind(null, { maxAge: false as any })).toThrow();
     expect(expectCt.bind(null, { maxAge: '123' as any })).toThrow();
     expect(expectCt.bind(null, { maxAge: [123] as any })).toThrow();
-    expect(expectCt.bind(null, { maxAge: -1 })).toThrow();
-    expect(expectCt.bind(null, { maxAge: -123 })).toThrow();
     /* eslint-enable @typescript-eslint/no-explicit-any */
   });