Jennie Robinson Faber
29c96a207e
Set up Vitest with server (node) and client (jsdom) test projects. 79 tests across 8 files verify all Phase 0-1 security controls: escapeHtml sanitization, DOMPurify markdown XSS prevention, CSRF enforcement, security headers, rate limiting, auth guards, profile field allowlist, and login anti-enumeration. Updated SECURITY_EVALUATION.md with remediation status, implementation summary, and automated test coverage details.
34 lines
929 B
JavaScript
34 lines
929 B
JavaScript
import { vi } from 'vitest'
|
|
import {
|
|
getCookie,
|
|
setCookie,
|
|
getMethod,
|
|
getHeader,
|
|
getHeaders,
|
|
setHeader,
|
|
getRequestURL,
|
|
createError,
|
|
defineEventHandler,
|
|
readBody,
|
|
getQuery,
|
|
getRouterParam
|
|
} from 'h3'
|
|
|
|
// Register real h3 functions as globals so server code that relies on
|
|
// Nitro auto-imports can find them in the test environment.
|
|
vi.stubGlobal('getCookie', getCookie)
|
|
vi.stubGlobal('setCookie', setCookie)
|
|
vi.stubGlobal('getMethod', getMethod)
|
|
vi.stubGlobal('getHeader', getHeader)
|
|
vi.stubGlobal('getHeaders', getHeaders)
|
|
vi.stubGlobal('setHeader', setHeader)
|
|
vi.stubGlobal('getRequestURL', getRequestURL)
|
|
vi.stubGlobal('createError', createError)
|
|
vi.stubGlobal('defineEventHandler', defineEventHandler)
|
|
vi.stubGlobal('readBody', readBody)
|
|
vi.stubGlobal('getQuery', getQuery)
|
|
vi.stubGlobal('getRouterParam', getRouterParam)
|
|
|
|
vi.stubGlobal('useRuntimeConfig', () => ({
|
|
jwtSecret: 'test-jwt-secret'
|
|
}))
|