add full express test suite

Author: hillac

package-lock.json

@@ -69,7 +69,7 @@
     "ejs": "^3.1.10",
     "errorhandler": "^1.5.1",
     "exit-hook": "^2.2.1",
-    "express": "^4.19.2",
+    "express": "^4.21.1",
     "express-art-template": "^1.0.1",
     "express-async-errors": "^3.1.1",
     "express-dot-engine": "^1.0.8",
@@ -78,16 +78,23 @@
     "express-rate-limit": "^7.4.0",
     "express-session": "^1.18.0",
     "express-subdomain": "^1.0.6",
+    "marked": "^14.1.3",
     "method-override": "^3.0.0",
+    "mocha": "^10.7.3",
+    "morgan": "^1.10.0",
     "multer": "^1.4.5-lts.1",
     "mustache-express": "^1.3.2",
     "pako": "^2.1.0",
+    "pbkdf2-password": "^1.2.1",
     "pkg-pr-new": "^0.0.29",
     "pug": "^3.0.3",
     "response-time": "^2.3.2",
     "serve-index": "^1.9.1",
     "serve-static": "^1.16.2",
+    "supertest": "^6.3.0",
     "swig": "^1.4.2",
-    "vhost": "^3.0.2"
+    "u-express-local": "file://./src/index.js",
+    "vhost": "^3.0.2",
+    "after": "0.8.2"
   }
 }

package.json

@@ -0,0 +1,29 @@
+# Express examples
+
+This page contains list of examples using Express.
+
+- [auth](./auth) - Authentication with login and password
+- [content-negotiation](./content-negotiation) - HTTP content negotiation
+- [cookie-sessions](./cookie-sessions) - Working with cookie-based sessions
+- [cookies](./cookies) - Working with cookies
+- [downloads](./downloads) - Transferring files to client
+- [ejs](./ejs) - Working with Embedded JavaScript templating (ejs)
+- [error-pages](./error-pages) - Creating error pages
+- [error](./error) - Working with error middleware
+- [hello-world](./hello-world) - Simple request handler
+- [markdown](./markdown) - Markdown as template engine
+- [multi-router](./multi-router) - Working with multiple Express routers
+- [mvc](./mvc) - MVC-style controllers
+- [online](./online) - Tracking online user activity with `online` and `redis` packages
+- [params](./params) - Working with route parameters
+- [resource](./resource) - Multiple HTTP operations on the same resource
+- [route-map](./route-map) - Organizing routes using a map
+- [route-middleware](./route-middleware) - Working with route middleware
+- [route-separation](./route-separation) - Organizing routes per each resource
+- [search](./search) - Search API
+- [session](./session) - User sessions
+- [static-files](./static-files) - Serving static files
+- [vhost](./vhost) - Working with virtual hosts
+- [view-constructor](./view-constructor) - Rendering views dynamically
+- [view-locals](./view-locals) - Saving data in request object between middleware calls
+- [web-service](./web-service) - Simple API service

tests/express-tests/examples/README.md

@@ -0,0 +1,133 @@
+'use strict'
+
+/**
+ * Module dependencies.
+ */
+
+var express = require("express");
+var hash = require('pbkdf2-password')()
+var path = require('path');
+var session = require('express-session');
+
+var app = module.exports = express();
+
+// config
+
+app.set('view engine', 'ejs');
+app.set('views', path.join(__dirname, 'views'));
+
+// middleware
+
+app.use(express.urlencoded({ extended: false }))
+app.use(session({
+  resave: false, // don't save session if unmodified
+  saveUninitialized: false, // don't create session until something stored
+  secret: 'shhhh, very secret'
+}));
+
+// Session-persisted message middleware
+
+app.use(function(req, res, next){
+  var err = req.session.error;
+  var msg = req.session.success;
+  delete req.session.error;
+  delete req.session.success;
+  res.locals.message = '';
+  if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
+  if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
+  next();
+});
+
+// dummy database
+
+var users = {
+  tj: { name: 'tj' }
+};
+
+// when you create a user, generate a salt
+// and hash the password ('foobar' is the pass here)
+
+hash({ password: 'foobar' }, function (err, pass, salt, hash) {
+  if (err) throw err;
+  // store the salt & hash in the "db"
+  users.tj.salt = salt;
+  users.tj.hash = hash;
+});
+
+
+// Authenticate using our plain-object database of doom!
+
+function authenticate(name, pass, fn) {
+  if (!module.parent) console.log('authenticating %s:%s', name, pass);
+  var user = users[name];
+  // query the db for the given username
+  if (!user) return fn(null, null)
+  // apply the same algorithm to the POSTed password, applying
+  // the hash against the pass / salt, if there is a match we
+  // found the user
+  hash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) {
+    if (err) return fn(err);
+    if (hash === user.hash) return fn(null, user)
+    fn(null, null)
+  });
+}
+
+function restrict(req, res, next) {
+  if (req.session.user) {
+    next();
+  } else {
+    req.session.error = 'Access denied!';
+    res.redirect('/login');
+  }
+}
+
+app.get('/', function(req, res){
+  res.redirect('/login');
+});
+
+app.get('/restricted', restrict, function(req, res){
+  res.send('Wahoo! restricted area, click to <a href="/logout">logout</a>');
+});
+
+app.get('/logout', function(req, res){
+  // destroy the user's session to log them out
+  // will be re-created next request
+  req.session.destroy(function(){
+    res.redirect('/');
+  });
+});
+
+app.get('/login', function(req, res){
+  res.render('login');
+});
+
+app.post('/login', function (req, res, next) {
+  authenticate(req.body.username, req.body.password, function(err, user){
+    if (err) return next(err)
+    if (user) {
+      // Regenerate session when signing in
+      // to prevent fixation
+      req.session.regenerate(function(){
+        // Store the user's primary key
+        // in the session store to be retrieved,
+        // or in this case the entire user object
+        req.session.user = user;
+        req.session.success = 'Authenticated as ' + user.name
+          + ' click to <a href="/logout">logout</a>. '
+          + ' You may now access <a href="/restricted">/restricted</a>.';
+        res.redirect('back');
+      });
+    } else {
+      req.session.error = 'Authentication failed, please check your '
+        + ' username and password.'
+        + ' (use "tj" and "foobar")';
+      res.redirect('/login');
+    }
+  });
+});
+
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}

tests/express-tests/examples/auth/index.js

@@ -0,0 +1,2 @@
+  </body>
+</html>

tests/express-tests/examples/auth/views/foot.ejs

@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <title><%= title %></title>
+    <style>
+      body {
+        padding: 50px;
+        font: 13px Helvetica, Arial, sans-serif;
+      }
+      .error {
+          color: red
+      }
+      .success {
+          color: green;
+      }
+    </style>
+  </head>
+  <body>

tests/express-tests/examples/auth/views/head.ejs

@@ -0,0 +1,21 @@
+
+<%- include('head', { title: 'Authentication Example' }) -%>
+
+<h1>Login</h1>
+<%- message %>
+Try accessing <a href="/restricted">/restricted</a>, then authenticate with "tj" and "foobar".
+<form method="post" action="/login">
+  <p>
+    <label for="username">Username:</label>
+    <input type="text" name="username" id="username">
+  </p>
+  <p>
+    <label for="password">Password:</label>
+    <input type="text" name="password" id="password">
+  </p>
+  <p>
+    <input type="submit" value="Login">
+  </p>
+</form>
+
+<%- include('foot') -%>

tests/express-tests/examples/auth/views/login.ejs

@@ -0,0 +1,9 @@
+'use strict'
+
+var users = [];
+
+users.push({ name: 'Tobi' });
+users.push({ name: 'Loki' });
+users.push({ name: 'Jane' });
+
+module.exports = users;

tests/express-tests/examples/content-negotiation/db.js

@@ -0,0 +1,46 @@
+'use strict'
+
+var express = require("express");
+var app = module.exports = express();
+var users = require('./db');
+
+// so either you can deal with different types of formatting
+// for expected response in index.js
+app.get('/', function(req, res){
+  res.format({
+    html: function(){
+      res.send('<ul>' + users.map(function(user){
+        return '<li>' + user.name + '</li>';
+      }).join('') + '</ul>');
+    },
+
+    text: function(){
+      res.send(users.map(function(user){
+        return ' - ' + user.name + '\n';
+      }).join(''));
+    },
+
+    json: function(){
+      res.json(users);
+    }
+  });
+});
+
+// or you could write a tiny middleware like
+// this to add a layer of abstraction
+// and make things a bit more declarative:
+
+function format(path) {
+  var obj = require(path);
+  return function(req, res){
+    res.format(obj);
+  };
+}
+
+app.get('/users', format('./users'));
+
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}

tests/express-tests/examples/content-negotiation/index.js

@@ -0,0 +1,19 @@
+'use strict'
+
+var users = require('./db');
+
+exports.html = function(req, res){
+  res.send('<ul>' + users.map(function(user){
+    return '<li>' + user.name + '</li>';
+  }).join('') + '</ul>');
+};
+
+exports.text = function(req, res){
+  res.send(users.map(function(user){
+    return ' - ' + user.name + '\n';
+  }).join(''));
+};
+
+exports.json = function(req, res){
+  res.json(users);
+};