UNPKG

@waelhabbaldev/next-jwt-auth

Version:

A secure, lightweight JWT authentication solution for Next.js, providing access and refresh token handling, middleware support, and easy React integration.

github.com/waelhabbalDev/next-jwt-auth

waelhabbalDev/next-jwt-auth

105 lines (95 loc) 3.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
import { describe, it, expect, mock, beforeEach } from "bun:test"; import { protectPage, protectAction, protectApi } from "./protection"; import { NotAuthenticatedError, ForbiddenError, IdentityForbiddenError, } from "../common/errors"; import { mockUser } from "../common/authentication.test-helpers"; import { EffectiveAuthConfig, SessionFailureReason } from "./authentication"; import { NextResponse } from "next/server"; import { AuthSession, UserIdentity } from "../common/types"; const mockRedirect = mock((path: string) => { throw new Error(`NEXT_REDIRECT:${path}`); }); mock.module("next/navigation", () => ({ redirect: mockRedirect })); type GetSession<T extends UserIdentity> = () => Promise<{ session: AuthSession<T>; failureReason?: SessionFailureReason; }>; const mockConfig: EffectiveAuthConfig<any> = { redirects: { unauthenticated: "/login", unauthorized: "/unauthorized", forbidden: "/forbidden", }, errorMessages: { NotAuthenticatedError: "Auth required", ForbiddenError: "Permission denied", IdentityForbiddenError: "Account suspended", }, baseUrl: "http://localhost:3000", dal: {} as any, secrets: {} as any, cookies: {} as any, jwt: {} as any, debug: false, refreshTokenRotationIntervalSeconds: 0, rateLimit: async () => false, logger: () => {}, providers: {}, csrfEnabled: false, }; const getMockHeaders = (pathname: string) => new Headers({ "x-next-pathname": pathname }); describe("server/protection", () => { beforeEach(() => { mockRedirect.mockClear(); }); describe("protectPage", () => { // This test now also implicitly checks that callbackUrl is added correctly it("should redirect to unauthenticated path with callbackUrl if no session", async () => { const getSession: GetSession<UserIdentity> = async () => ({ session: null, }); const expectedRedirectPath = `${mockConfig.redirects.unauthenticated}?callbackUrl=%2Fdashboard`; await expect( protectPage(getSession, mockConfig, getMockHeaders("/dashboard")) ).rejects.toThrow(`NEXT_REDIRECT:${expectedRedirectPath}`); }); // NEW TEST CASE: Verify custom redirects are used it("should use custom redirect path from options if provided", async () => { const getSession: GetSession<UserIdentity> = async () => ({ session: null, }); const options = { unauthenticatedRedirect: "/custom-login-path", context: {}, }; const expectedRedirectPath = `${options.unauthenticatedRedirect}?callbackUrl=%2Fdashboard`; await expect( protectPage( getSession, mockConfig, getMockHeaders("/dashboard"), options ) ).rejects.toThrow(`NEXT_REDIRECT:${expectedRedirectPath}`); }); }); describe("protectApi", () => { // NEW TEST CASE: Verify success path for protectApi it("should return session object on success", async () => { const getSession: GetSession<UserIdentity> = async () => ({ session: { identity: mockUser }, }); const result = await protectApi(getSession, mockConfig); // Use type assertion to check the successful shape of the return value expect( (result as { session: NonNullable<AuthSession<UserIdentity>> }).session .identity ).toEqual(mockUser); expect((result as { response: NextResponse }).response).toBeUndefined(); }); }); });