test: unit tests added for full coverage

CyntiBinti · CyntiBinti · commit d0fd7236a6e8 · 2025-02-07T20:52:13.000Z
diff --git a/packages/middleware-allow-request-methods/lib/index.js b/packages/middleware-allow-request-methods/lib/index.js
@@ -1,4 +1,4 @@
-const { logRecoverableError } = require('@dotcom-reliability-kit/log-error');
+const { UserInputError } = require('@dotcom-reliability-kit/errors');
 
 /**
  * @typedef {object} RequestMethodOptions
@@ -8,65 +8,48 @@ const { logRecoverableError } = require('@dotcom-reliability-kit/log-error');
  */
 
 /**
- * @typedef {import('express').ErrorRequestHandler} ExpressErrorHandler
+ * @typedef {import('express').Response} ExpressResponse
  */
 
 /**
  * Create a middleware function to return 405 (rather than 404) for disallowed request methods.
  *
  * @param {RequestMethodOptions} [options]
- * @returns {ExpressErrorHandler}
+ * @returns {import('express').RequestHandler} - Returns an Express middleware function.
  */
 function allowRequestMethods(
 	options = { allowedMethods: [], message: 'Method Not Allowed' }
 ) {
+	// Check if allowed methods have been specified and are valid
+	const allowedMethodsSpecified = options?.allowedMethods;
+	if (
+		!allowedMethodsSpecified ||
+		allowedMethodsSpecified.length === 0 ||
+		allowedMethodsSpecified.every((method) => typeof method !== 'string')
+	) {
+		throw new TypeError(
+			'The `allowedMethods` option must be an array of strings'
+		);
+	}
+
 	const normalisedAllowedRequestMethods = normaliseAllowedRequestMethods(
-		options.allowedMethods || []
+		allowedMethodsSpecified
 	);
 
-	return function allowRequestMethodsMiddleware(
-		error,
-		request,
-		response,
-		next
-	) {
+	return function allowRequestMethodsMiddleware(request, response, next) {
 		// If headers are already sent, pass the error to the default Express error handler
-		if (response.headersSent) {
-			return next(error);
+		if (!response.headersSent) {
+			response.header('Allow', normalisedAllowedRequestMethods.join(', '));
 		}
 
-		try {
-			// If the allowed methods array is empty, you can either allow all methods or reject everything
-			if (normalisedAllowedRequestMethods.length === 0) {
-				// TODO: Option 1: Allow all methods (no restriction) i.e. request proceeds as normal
-				return next();
-
-				// TODO: or Option 2: Reject all methods (405 for every request) i.e. block all requests when no methods are explicitly stated
-				// response.header('Allow', normalisedAllowedRequestMethods.join(', '));
-				// response.status(405).send(options.message);
-				// return next(new MethodNotAllowedError(options.message));
-			}
-
-			// If the incoming request method is not in the allowed methods array, then send a 405 error
-			if (
-				!normalisedAllowedRequestMethods.includes(request.method.toUpperCase())
-			) {
-				response.header('Allow', normalisedAllowedRequestMethods.join(', '));
-				response.status(405).send(options.message);
-				return next(new MethodNotAllowedError(options.message));
-			} else {
-				// Else if it is, then pass the request to the next() middleware
-				next();
-			}
-		} catch (/** @type {any} */ error) {
-			if (options.logger) {
-				logRecoverableError({
-					error,
-					logger: options.logger,
-					request
-				});
-			}
-			next(error);
+		// If the incoming request method is not in the allowed methods array, then send a 405 error
+		if (
+			!normalisedAllowedRequestMethods.includes(request.method.toUpperCase())
+		) {
+			return next(new UserInputError({ statusCode: 405 }));
+		} else {
+			// Else if it is, then pass the request to the next() middleware
+			next();
 		}
 	};
 }
@@ -78,35 +61,7 @@ function allowRequestMethods(
  * @returns {string[]} - Returns an array of capitalised HTTP methods.
  */
 function normaliseAllowedRequestMethods(methods) {
-	if (!Array.isArray(methods) || methods.length === 0) {
-		return [];
-	}
-	return methods
-		.filter((method) => typeof method === 'string')
-		.map((method) => method.toUpperCase());
-}
-
-/**
- * Error class for 405 Method Not Allowed errors.
- *
- * @augments Error
- * @property {string} name
- * @property {number} status
- * @property {number} statusCode
- */
-class MethodNotAllowedError extends Error {
-	/**
-	 * @override
-	 * @type {string}
-	 */
-	name = 'MethodNotAllowedError';
-
-	/** @type {number} */
-	status = 405;
-
-	/** @type {number} */
-	statusCode = 405;
+	return methods.map((method) => method.toUpperCase());
 }
 
-module.exports = allowRequestMethods;
-module.exports.default = module.exports;
+exports.allowRequestMethods = allowRequestMethods;
diff --git a/packages/middleware-allow-request-methods/test/unit/lib/index.spec.js b/packages/middleware-allow-request-methods/test/unit/lib/index.spec.js
@@ -1,5 +1,130 @@
-describe('@dotcom-reliability-kit/middleware-allow-request-methods', () => {
-	it('has some tests', () => {
-		throw new Error('Please write some tests');
+const { allowRequestMethods } = require('../../../lib/index');
+const { UserInputError } = require('@dotcom-reliability-kit/errors');
+
+// Mock Express request and response objects
+let mockRequest;
+let mockResponse;
+let mockNext;
+
+describe('allowRequestMethods', () => {
+	beforeEach(() => {
+		// Reset all mocks before each test
+		mockRequest = {
+			method: 'GET'
+		};
+		mockResponse = {
+			headersSent: false,
+			header: jest.fn()
+		};
+		mockNext = jest.fn();
+	});
+
+	afterEach(() => {
+		// Clear all mocks after each test
+		jest.clearAllMocks();
+	});
+
+	describe('initialisation and validation', () => {
+		it('throws TypeError when no allowedMethods are provided', () => {
+			expect(() => {
+				allowRequestMethods();
+			}).toThrow(TypeError);
+
+			expect(() => {
+				allowRequestMethods({});
+			}).toThrow('The `allowedMethods` option must be an array of strings');
+		});
+
+		it('throws TypeError when allowedMethods is an empty array', () => {
+			expect(() => {
+				allowRequestMethods({ allowedMethods: [] });
+			}).toThrow(TypeError);
+		});
+
+		it('throws TypeError when allowedMethods contains non-string values', () => {
+			expect(() => {
+				allowRequestMethods({ allowedMethods: [123, true] });
+			}).toThrow(TypeError);
+		});
+
+		it('creates middleware function when valid allowedMethods are provided', () => {
+			const middleware = allowRequestMethods({
+				allowedMethods: ['GET', 'POST']
+			});
+			expect(typeof middleware).toBe('function');
+		});
+	});
+
+	describe('middleware behavior', () => {
+		it('sets Allow header with normalised methods', () => {
+			const middleware = allowRequestMethods({
+				allowedMethods: ['get', 'post']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockResponse.header).toHaveBeenCalledWith('Allow', 'GET, POST');
+		});
+
+		it('skips setting header if headers are already sent', () => {
+			mockResponse.headersSent = true;
+			const middleware = allowRequestMethods({
+				allowedMethods: ['GET', 'POST']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockResponse.header).not.toHaveBeenCalled();
+		});
+
+		it('calls next() with 405 error for disallowed method', () => {
+			mockRequest.method = 'DELETE';
+			const middleware = allowRequestMethods({
+				allowedMethods: ['GET', 'POST']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockNext).toHaveBeenCalledWith(expect.any(UserInputError));
+			const error = mockNext.mock.calls[0][0];
+			expect(error.statusCode).toBe(405);
+		});
+
+		it('calls next() without error for allowed method', () => {
+			mockRequest.method = 'GET';
+			const middleware = allowRequestMethods({
+				allowedMethods: ['GET', 'POST']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockNext).toHaveBeenCalledWith();
+		});
+
+		it('handles case-insensitive method matching', () => {
+			mockRequest.method = 'get';
+			const middleware = allowRequestMethods({
+				allowedMethods: ['GET', 'POST']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockNext).toHaveBeenCalledWith();
+		});
+	});
+
+	describe('normaliseAllowedRequestMethods', () => {
+		it('normalises methods to uppercase', () => {
+			const middleware = allowRequestMethods({
+				allowedMethods: ['get', 'Post', 'DELETE']
+			});
+
+			middleware(mockRequest, mockResponse, mockNext);
+
+			expect(mockResponse.header).toHaveBeenCalledWith(
+				'Allow',
+				'GET, POST, DELETE'
+			);
+		});
 	});
 });
