refactor: change pathname check from startsWith to strict equality for OAuth protected resource handling

kentcdodds · kentcdodds · commit 222b1d763922 · 2025-08-26T19:07:50.000-06:00
diff --git a/exercises/01.discovery/03.solution.pr/src/index.ts b/exercises/01.discovery/03.solution.pr/src/index.ts
@@ -79,7 +79,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/02.init/01.problem.authenticate/src/index.ts b/exercises/02.init/01.problem.authenticate/src/index.ts
@@ -79,7 +79,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/02.init/01.solution.authenticate/src/index.ts b/exercises/02.init/01.solution.authenticate/src/index.ts
@@ -80,7 +80,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/02.init/02.problem.params/src/index.ts b/exercises/02.init/02.problem.params/src/index.ts
@@ -80,7 +80,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/02.init/02.solution.params/src/index.ts b/exercises/02.init/02.solution.params/src/index.ts
@@ -80,7 +80,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/03.auth-info/01.problem.introspect/src/index.ts b/exercises/03.auth-info/01.problem.introspect/src/index.ts
@@ -80,7 +80,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/03.auth-info/01.solution.introspect/src/auth.ts b/exercises/03.auth-info/01.solution.introspect/src/auth.ts
@@ -8,7 +8,6 @@ const introspectResponseSchema = z.object({
 	client_id: z.string(),
 	scope: z.string(),
 	sub: z.string(),
-	exp: z.number(),
 })
 
 export async function getAuthInfo(
@@ -29,13 +28,12 @@ export async function getAuthInfo(
 
 	const data = introspectResponseSchema.parse(rawData)
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/03.auth-info/01.solution.introspect/src/index.ts b/exercises/03.auth-info/01.solution.introspect/src/index.ts
@@ -81,7 +81,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/03.auth-info/02.problem.active/src/auth.ts b/exercises/03.auth-info/02.problem.active/src/auth.ts
@@ -8,7 +8,6 @@ const introspectResponseSchema = z.object({
 	client_id: z.string(),
 	scope: z.string(),
 	sub: z.string(),
-	exp: z.number(),
 })
 
 export async function getAuthInfo(
@@ -29,13 +28,12 @@ export async function getAuthInfo(
 
 	const data = introspectResponseSchema.parse(rawData)
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/03.auth-info/02.problem.active/src/index.ts b/exercises/03.auth-info/02.problem.active/src/index.ts
@@ -81,7 +81,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/03.auth-info/02.solution.active/src/auth.ts b/exercises/03.auth-info/02.solution.active/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/03.auth-info/02.solution.active/src/index.ts b/exercises/03.auth-info/02.solution.active/src/index.ts
@@ -81,7 +81,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/04.user/01.problem.token/src/auth.ts b/exercises/04.user/01.problem.token/src/auth.ts
@@ -8,7 +8,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -35,13 +34,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/04.user/01.problem.token/src/index.ts b/exercises/04.user/01.problem.token/src/index.ts
@@ -81,7 +81,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/04.user/01.solution.token/src/auth.ts b/exercises/04.user/01.solution.token/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/04.user/01.solution.token/src/index.ts b/exercises/04.user/01.solution.token/src/index.ts
@@ -84,7 +84,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/04.user/02.problem.user/src/auth.ts b/exercises/04.user/02.problem.user/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/04.user/02.problem.user/src/index.ts b/exercises/04.user/02.problem.user/src/index.ts
@@ -84,7 +84,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/04.user/02.solution.user/src/auth.ts b/exercises/04.user/02.solution.user/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/04.user/02.solution.user/src/index.ts b/exercises/04.user/02.solution.user/src/index.ts
@@ -93,7 +93,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/05.scopes/01.problem.validate-scopes/src/auth.ts b/exercises/05.scopes/01.problem.validate-scopes/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/05.scopes/01.problem.validate-scopes/src/index.ts b/exercises/05.scopes/01.problem.validate-scopes/src/index.ts
@@ -93,7 +93,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/05.scopes/01.solution.validate-scopes/src/auth.ts b/exercises/05.scopes/01.solution.validate-scopes/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/05.scopes/01.solution.validate-scopes/src/index.ts b/exercises/05.scopes/01.solution.validate-scopes/src/index.ts
@@ -96,7 +96,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/05.scopes/02.problem.specify-scopes/src/auth.ts b/exercises/05.scopes/02.problem.specify-scopes/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/05.scopes/02.problem.specify-scopes/src/index.ts b/exercises/05.scopes/02.problem.specify-scopes/src/index.ts
@@ -96,7 +96,7 @@ export default {
 				return handleOAuthAuthorizationServerRequest()
 			}
 
-			if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {
+			if (url.pathname === '/.well-known/oauth-protected-resource') {
 				return handleOAuthProtectedResourceRequest(request)
 			}
 
diff --git a/exercises/05.scopes/02.solution.specify-scopes/src/auth.ts b/exercises/05.scopes/02.solution.specify-scopes/src/auth.ts
@@ -10,7 +10,6 @@ const introspectResponseSchema = z.discriminatedUnion('active', [
 		client_id: z.string(),
 		scope: z.string(),
 		sub: z.string(),
-		exp: z.number(),
 	}),
 	z.object({
 		active: z.literal(false),
@@ -37,13 +36,12 @@ export async function getAuthInfo(
 
 	if (!data.active) return undefined
 
-	const { sub, client_id, scope, exp } = data
+	const { sub, client_id, scope } = data
 
 	return {
 		token,
 		clientId: client_id,
 		scopes: scope.split(' '),
-		expiresAt: exp,
 		extra: { userId: sub },
 	}
 }
diff --git a/exercises/05.scopes/02.solution.specify-scopes/src/index.ts b/exercises/05.scopes/02.solution.specify-scopes/src/index.ts

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ export default {`
`79`	`79`	`return handleOAuthAuthorizationServerRequest()`
`80`	`80`	`}`
`81`	`81`
`82`		`- if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {`
	`82`	`+ if (url.pathname === '/.well-known/oauth-protected-resource') {`
`83`	`83`	`return handleOAuthProtectedResourceRequest(request)`
`84`	`84`	`}`
`85`	`85`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ export default {`
`80`	`80`	`return handleOAuthAuthorizationServerRequest()`
`81`	`81`	`}`
`82`	`82`
`83`		`- if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {`
	`83`	`+ if (url.pathname === '/.well-known/oauth-protected-resource') {`
`84`	`84`	`return handleOAuthProtectedResourceRequest(request)`
`85`	`85`	`}`
`86`	`86`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ export default {`
`81`	`81`	`return handleOAuthAuthorizationServerRequest()`
`82`	`82`	`}`
`83`	`83`
`84`		`- if (url.pathname.startsWith('/.well-known/oauth-protected-resource')) {`
	`84`	`+ if (url.pathname === '/.well-known/oauth-protected-resource') {`
`85`	`85`	`return handleOAuthProtectedResourceRequest(request)`
`86`	`86`	`}`
`87`	`87`