Rewritten tests

README.md

@@ -33,18 +33,6 @@ import * as treehouse from 'tree-house'
 
 ## Security
 
-### setLocalHeaders(app, route)
-
-**Only for development purposes!**
-
-Set headers to allow all options calls responding with a 204. This will prevent web applications from receiving an unauthorised response when trying to send a request from localhost.
-
-```javascript
-const app = express();
-
-treehouse.setLocalHeaders(app, '*')
-```
-
 ### setBasicSecurity(app, route, options)
 
 Set some basic Express security using `cors` and `helmet`.

package.json

@@ -29,42 +29,32 @@
     "helmet": "~3.12.0",
     "https": "~1.0.0",
     "js-yaml": "~3.11.0",
-    "swagger-ui-express": "~2.0.9"
+    "swagger-ui-express": "~3.0.8"
   },
   "devDependencies": {
     "@types/cors": "~2.8.3",
     "@types/express": "~4.11.1",
     "@types/express-brute": "~0.0.36",
     "@types/express-brute-redis": "~0.0.1",
     "@types/helmet": "~0.0.37",
-    "@types/jest": "~22.2.0",
+    "@types/jest": "~22.2.3",
     "@types/joi": "~13.0.7",
     "@types/supertest": "~2.0.4",
     "coveralls": "^3.0.0",
-    "jest": "^22.4.2",
-    "joi": "~13.1.2",
+    "jest": "^22.4.3",
+    "joi": "~13.2.0",
     "np": "^2.20.1",
     "pre-commit": "^1.2.2",
     "redis-mock": "0.21.0",
     "supertest": "^3.0.0",
-    "ts-jest": "~22.4.1",
+    "ts-jest": "~22.4.4",
     "tslint": "^5.9.1",
-    "tslint-config-airbnb": "^5.7.0",
-    "typescript": "^2.7.2"
+    "tslint-config-airbnb": "^5.8.0",
+    "typescript": "^2.8.1"
   },
   "engines": {
     "node": ">=4.0.0"
   },
-  "contributors": [
-    {
-      "name": "Willem Horsten",
-      "email": "willem.horsten@icapps.com"
-    },
-    {
-      "name": "Brent Van Geertruy",
-      "email": "brent.vangeertruy@icapps.com"
-    }
-  ],
   "repository": {
     "type": "git",
     "url": "git+https://github.com/icapps/tree-house.git"
@@ -82,6 +72,6 @@
   },
   "homepage": "https://github.com/icapps/tree-house#readme",
   "directories": {
-    "test": "test"
+    "test": "tests"
   }
 }

src/lib/express.ts

@@ -8,24 +8,6 @@ import * as defaults from '../config/app.config';
 const redisStore = require('express-brute-redis');
 
 
-/**
- * Set headers for local development (Should only be used when environment is DEVELOPMENT)
- * Fix for Chrome etc. (headers for local development)
- */
-export function setLocalHeaders(app: Application, route: string): void {
-  // Add headers
-  app.use(route, (_req, res, next) => {
-    res.header('Access-Control-Allow-Origin', '*'); // TODO: Not best practice, allow to overwrite...
-    res.header('Access-Control-Allow-Headers', 'Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With');
-    res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, PATCH');
-    return next();
-  });
-
-  // Headers - fix for OPTIONS calls in localhost (Chrome etc.)
-  app.use(route, (req, res, next) => (req.method.toLowerCase() === 'options' ? res.sendStatus(204) : next()));
-}
-
-
 /**
  * Set some basic security measurements
  */

tests/express.test.ts

@@ -4,30 +4,6 @@ const redisMock = require('redis-mock');
 import { setLocalHeaders, setBasicSecurity, setBodyParser, setRateLimiter } from '../src';
 
 describe('Express', () => {
-  describe('#setLocalHeaders', () => {
-    let app;
-    beforeEach(() => {
-      app = express();
-    });
-
-    test('app should have Access-Control headers', async () => {
-      setLocalHeaders(app, '*');
-      app.use('/', (req, res) => res.status(200).send('Welcome'));
-
-      const { headers } = await request(app).get('/');
-      expect(headers).toHaveProperty('access-control-allow-origin');
-      expect(headers).toHaveProperty('access-control-allow-headers');
-      expect(headers).toHaveProperty('access-control-allow-methods');
-    });
-    test('app should return 204 on OPTIONS call', async () => {
-      setLocalHeaders(app, '*');
-      app.use('/', (req, res) => res.status(200).send('Welcome'));
-
-      const { status } = await request(app).options('/');
-      expect(status).toEqual(204);
-    });
-  });
-
   describe('#setBasicSecurity', () => {
     let app;
     beforeEach(() => {
@@ -64,13 +40,32 @@ describe('Express', () => {
       const { headers } = await request(app).get('/');
       expect(headers).toHaveProperty('content-type');
     });
+
     test('app should have content-type header (raw)', async () => {
       setBodyParser(app, '/', { raw: { limit: 500 } });
       app.use('/', (req, res) => res.status(200).send('Welcome'));
 
       const { headers } = await request(app).get('/');
       expect(headers).toHaveProperty('content-type');
     });
+
+    test('app should have content-type header (json)', async () => {
+      setBodyParser(app, '/', { json: { limit: 500 } });
+      app.use('/', (req, res) => res.status(200).json({ name: 'Welcome' }));
+
+      const { headers } = await request(app).get('/');
+      expect(headers).toHaveProperty('content-type');
+    });
+
+
+    test('app should have content-type header (urlEncoded)', async () => {
+      setBodyParser(app, '/', { json: { limit: 500 } });
+      app.use('/', (req, res) => res.status(200).send(encodeURI('Welcome')));
+
+      const { headers } = await request(app).get('/');
+      expect(headers).toHaveProperty('content-type');
+    });
+
     test('app should have content-type header (text)', async () => {
       setBodyParser(app, '/', { text: { limit: 500 } });
       app.use('/', (req, res) => res.status(200).send('Welcome'));