UNPKG

hapi-hpkp

Version:

Hapi module to add HPKP headers

github.com/vbudhram/hapi-hpkp

vbudhram/hapi-hpkp

138 lines (124 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
var assert = require('chai').assert var hpkp = require('../lib/hpkp') var Hapi = require('hapi') var server async function createServer(port, hpkpOptions) { server = new Hapi.Server({ port: port }) try { await server.register({ plugin: require('../index.js'), options: hpkpOptions }) } catch(err) { console.error('Failed to load plugin:', err) } server.route({ method: 'GET', path: '/', handler: async function (request, h) { return 'HPKP!' } }) await server.start() return server } var sha256s = [ 'orlando=', 'magic=' ] var passingTestCases = [ { name: 'should process minimum HPKP header', options: { maxAge: 1, sha256s: sha256s }, expectedKey: 'public-key-pins', expectedHeader: 'pin-sha256="orlando="; pin-sha256="magic="; max-age=1' }, { name: 'should process with includeSubdomains', options: { maxAge: 1, sha256s: sha256s, includeSubdomains: true }, expectedKey: 'public-key-pins', expectedHeader: 'pin-sha256="orlando="; pin-sha256="magic="; max-age=1; includeSubdomains' }, { name: 'should process with reportOnly', options: { maxAge: 1, sha256s: sha256s, reportOnly: true }, expectedKey: 'public-key-pins-report-only', expectedHeader: 'pin-sha256="orlando="; pin-sha256="magic="; max-age=1' }, { name: 'should process with report-uri', options: { maxAge: 1, sha256s: sha256s, reportOnly: true, reportUri: 'http://test.site' }, expectedKey: 'public-key-pins-report-only', expectedHeader: 'pin-sha256="orlando="; pin-sha256="magic="; max-age=1; report-uri="http://test.site"' } ] passingTestCases.forEach(function (testCase) { describe('HPKP Headers ' + testCase.name, function () { var server var requestOptions = { method: "GET", url: "/" } before(async function () { server = await createServer(3000, testCase.options) return server }) after(function () { server.stop() }) it(testCase.name, () => { server.inject(requestOptions, function (response) { assert.equal(response.headers[testCase.expectedKey], testCase.expectedHeader) }) }) }) }) var failingTestCases = [ { name: 'should throw without any options', options: {}, message: 'ValidationError: child "maxAge" fails because ["maxAge" is required]' }, { name: 'should throw without sha256s', options: { maxAge: 1 }, message: 'ValidationError: child "sha256s" fails because ["sha256s" is required]' }, { name: 'should throw with empty sha256s', options: { maxAge: 1, sha256s: [] }, message: 'ValidationError: child "sha256s" fails because ["sha256s" must contain at least 1 items]' } ] describe('HPKP Config', function () { failingTestCases.forEach(function (testCase) { it(testCase.name, function () { assert.throws(function () { hpkp(testCase.options) }, testCase.message, 'threw error') }) }) })