CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
d140c4226f
stack/apps/e2e/tests/snapshot-serializer.ts
Zai Shi 16e14240bf
General project provisioning (#694) 
<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md

-->

<!-- ELLIPSIS_HIDDEN -->


----

> [!IMPORTANT]
> This pull request adds support for custom integrations alongside Neon,
including environment updates, database schema changes, new API
endpoints, and comprehensive tests.
> 
>   - **Environment**:
> - Renamed `STACK_NEON_INTEGRATION_CLIENTS_CONFIG` to
`STACK_INTEGRATION_CLIENTS_CONFIG` in `.env.development`.
> - Added `custom-local` client configuration to
`STACK_INTEGRATION_CLIENTS_CONFIG`.
>   - **Database**:
> - Renamed `NeonProvisionedProject` table to `ProvisionedProject` and
updated related constraints and columns in `migration.sql`.
>     - Updated `schema.prisma` to reflect table and column renames.
>   - **API Endpoints**:
>     - Added CRUD operations for custom domains in `domains/`.
> - Implemented OAuth authorization and token exchange for custom
integrations in `oauth/`.
> - Added project provisioning and transfer endpoints for custom
integrations in `projects/`.
>   - **IDP**:
> - Updated `createOidcProvider` to handle both Neon and custom
integrations in `idp.ts`.
>   - **Tests**:
> - Added e2e tests for custom domain, OAuth, project provisioning, and
transfer in `e2e/tests/backend/endpoints/api/v1/integrations/custom/`.
> - Updated snapshot serializer to handle custom integration paths in
`snapshot-serializer.ts`.
> 
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 7da89c38eb. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>


<!-- ELLIPSIS_HIDDEN -->

---------

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-05-23 23:23:14 +02:00

258 lines
8.7 KiB
TypeScript
Raw Blame History

import { isApiKey, parseProjectApiKey } from "@stackframe/stack-shared/dist/utils/api-keys";
import { typedIncludes } from "@stackframe/stack-shared/dist/utils/arrays";
import { StackAssertionError } from "@stackframe/stack-shared/dist/utils/errors";
import { nicify } from "@stackframe/stack-shared/dist/utils/strings";
import { SnapshotSerializer } from "vitest";
const hideHeaders = [
"access-control-allow-headers",
"access-control-allow-methods",
"access-control-allow-origin",
"access-control-expose-headers",
"access-control-max-age",
"cache-control",
"connection",
"content-security-policy",
"content-type",
"content-length",
"cross-origin-opener-policy",
"date",
"keep-alive",
"permissions-policy",
"referrer-policy",
"transfer-encoding",
"vary",
"x-content-type-options",
"x-frame-options",
"content-encoding",
"etag",
"x-stack-request-id",
"x-middleware-rewrite",
] as const;
const stripHeaders = [] as const;
const stripFields = [
"access_token",
"refresh_token",
"refreshTokenId",
"date",
"last_active_at_millis",
"signed_up_at_millis",
"expires_at_millis",
"created_at_millis",
"sent_at_millis",
"updated_at_millis",
"manually_revoked_at_millis",
"last_four",
"attempt_code",
"nonce",
"authorization_code",
"secret",
"token",
"createdAt",
"updatedAt",
"response",
"msgId",
"endpointId",
"timestamp",
"responseStatusCode",
"responseDurationMs",
"iterator",
"prevIterator",
"nextAttempt",
"lastFour",
] as const;
const stripFieldsIfString = [
"secret_api_key",
"publishable_client_key",
"secret_server_key",
"super_secret_admin_key",
] as const;
const stripCookies = [
"_interaction",
"_interaction.sig",
"_interaction_resume",
"_interaction_resume.sig",
"_session",
"_session.sig",
"_session.legacy",
"_session.legacy.sig",
] as const;
const stripUrlQueryParams = [
"redirect_uri",
"state",
"code",
"code_challenge",
"interaction_uid",
] as const;
const keyedCookieNamePrefixes = [
"stack-oauth-inner-",
] as const;
const stringRegexReplacements = [
[/(\/integrations\/(neon|custom)\/oauth\/idp\/(interaction|auth)\/)[a-zA-Z0-9_-]+/gi, "$1<stripped $3 UID>"],
] as const;
function addAll<T>(set: Set<T>, values: readonly T[]) {
for (const value of values) {
set.add(value);
}
}
const snapshotSerializer: SnapshotSerializer = {
serialize(val, config, indentation, depth, refs, printer) {
return nicify(val, {
currentIndent: indentation,
maxDepth: config.maxDepth - depth,
refs: new Map(refs.map((ref, i) => [ref, `vitestRef[${i}]`])),
lineIndent: config.indent,
multiline: true,
path: "snapshot",
overrides: (value, options) => {
const parentValue = options?.parent?.value;
// Strip all string regex replacements
if (typeof value === "string") {
for (const [regex, replacement] of stringRegexReplacements) {
const newValue: string = value.replace(regex, replacement);
if (newValue !== value) return nicify(newValue, options);
}
}
// Strip all API keys
if (typeof value === "string" && isApiKey(value)) {
const apiKey = parseProjectApiKey(value);
return `${apiKey.prefix}_<stripped ${apiKey.isPublic ? "public " : ""}${apiKey.type} API key>`;
}
// Strip all UUIDs except all-zero UUID
if (typeof value === "string") {
const newValue = value.replace(
/[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}/gi,
"<stripped UUID>"
);
if (newValue !== value) return nicify(newValue, options);
}
// match something like "Your code is 34JXKG" and replace it with "Your code is <stripped code>"
if (typeof value === "string") {
const newValue = value.replace(
/Your code is [0-9A-Z]{6}/gi,
"Your code is <stripped code>"
);
if (newValue !== value) return nicify(newValue, options);
}
// strip svix message id with the format msg_2ssgKCpeddVpe8ZpqB8Zl0rmXyD
if (typeof value === "string") {
const newValue = value.replace(/msg_[0-9a-zA-Z]{27}/gi, "<stripped svix message id>");
if (newValue !== value) return nicify(newValue, options);
}
// Strip URL query params
const urlRegexHeuristic = /(?:(?:https?|ftp|file):\/\/|www\.|ftp\.)(?:\([-A-Z0-9+&@#\/%=~_|$?!:,.]*\)|[-A-Z0-9+&@#\/%=~_|$?!:,.])*(?:\([-A-Z0-9+&@#\/%=~_|$?!:,.]*\)|[A-Z0-9+&@#\/%=~_|$])/igm;
if (typeof value === "string") {
for (const urlMatch of value.matchAll(urlRegexHeuristic)) {
const questionMarkIndex = urlMatch[0].indexOf("?");
if (questionMarkIndex >= 0) {
const searchParamsObj = new URLSearchParams(urlMatch[0].slice(questionMarkIndex + 1));
for (const param of stripUrlQueryParams) {
if (searchParamsObj.has(param)) {
searchParamsObj.set(param, "<stripped query param>");
}
}
let newValue = `${urlMatch[0].slice(0, questionMarkIndex)}?${searchParamsObj.toString()}`;
if (urlMatch[0].endsWith("/") !== newValue.endsWith("/")) {
if (urlMatch[0].endsWith("/")) {
newValue += "/";
} else {
newValue = newValue.slice(0, -1);
}
}
if (newValue !== value) return nicify(newValue, options);
}
}
}
// Strip headers
if (options?.parent?.value instanceof Headers) {
if (typeof value !== "string") {
throw new StackAssertionError("Headers should only contain string values");
}
const headerName = options.keyInParent?.toString().toLowerCase();
if (typedIncludes(stripHeaders, headerName)) {
return `<stripped header '${headerName}'>`;
}
if (headerName === "set-cookie") {
const partsStrings = value.split(";").map((part) => part.trim());
let cookieName = partsStrings[0].split("=")[0];
if (keyedCookieNamePrefixes.some((prefix) => cookieName.startsWith(prefix))) {
cookieName = `${keyedCookieNamePrefixes}<stripped cookie name key>`;
}
const cookieValue = partsStrings[0].split("=")[1];
const parts = new Map(partsStrings.map((part) => {
const [key, value] = part.split("=");
return [key, value];
}));
const expiresDate = new Date(parts.get("Expires") ?? "2002-01-01");
if (expiresDate.getTime() < new Date("2001-01-01").getTime()) {
return `<deleting cookie '${cookieName}' at path '${parts.get("Path") ?? "/"}'>`;
} else {
return `<setting cookie ${JSON.stringify(cookieName)} at path ${JSON.stringify(parts.get("path") ?? "/")} to ${typedIncludes(stripCookies, cookieName) ? "<stripped cookie value>" : JSON.stringify(cookieValue)}>`;
}
}
}
// Hide fields
const oldHideFields = options?.hideFields ?? [];
let newHideFields = new Set<PropertyKey>(oldHideFields);
if (
(typeof value === "object" || typeof value === "function")
&& value
&& "getSnapshotSerializerOptions" in value
) {
const snapshotSerializerOptions = (value.getSnapshotSerializerOptions as any)();
addAll(newHideFields, snapshotSerializerOptions?.hideFields ?? []);
}
if (value instanceof Headers) {
addAll(newHideFields, hideHeaders);
}
if (newHideFields.size !== oldHideFields.length) {
return nicify(value, {
...options,
hideFields: [...newHideFields],
});
}
// Strip fields
if (
(typeof parentValue === "object" || typeof parentValue === "function")
&& parentValue
&& options.keyInParent
&& "getSnapshotSerializerOptions" in parentValue
) {
const parentSnapshotSerializerOptions = (parentValue.getSnapshotSerializerOptions as any)();
if (parentSnapshotSerializerOptions?.stripFields?.includes(options.keyInParent)) {
return `<stripped field '${options.keyInParent.toString()}'>`;
}
}
const allStripFields = [...stripFields, ...typeof value === "string" ? stripFieldsIfString : []];
if (typedIncludes(allStripFields, options?.keyInParent)) {
return `<stripped field '${options.keyInParent}'>`;
}
// Otherwise, use default serialization
return null;
},
});
},
test(val) {
return true;
},
};
export default snapshotSerializer;
Reference in New Issue View Git Blame Copy Permalink