novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove GitHub Actions workflows, use Woodpecker CI exclusively

Browse Source
This commit is contained in:
张翔
2026-03-10 13:10:11 +08:00
parent 0a1adfc2a2
commit e8dffa4f05
82 changed files with 19565 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/integration.test.ts
+169
View File
@@ -0,0 +1,169 @@
import { sanitizeInput, sanitizeHTML, sanitizeURL } from './sanitize';
import { isAllowedType, validateFileSignature, isDangerousFile } from './upload';
import { generateCSRFToken, validateCSRFToken } from './csrf';
import { calculateContrastRatio, meetsWCAGStandard } from './color-contrast';
import { PerformanceMonitor } from './monitoring';
describe('Integration Tests', () => {
describe('Input Sanitization Flow', () => {
it('should sanitize user input end-to-end', () => {
const userInput = '<script>alert("xss")</script>Hello World';
const sanitized = sanitizeInput(userInput);
expect(sanitized).not.toContain('<script>');
expect(sanitized).toContain('Hello World');
});
it('should sanitize HTML content', () => {
const htmlContent = '<p onclick="alert(1)">Safe text</p><script>evil()</script>';
const sanitized = sanitizeHTML(htmlContent);
expect(sanitized).not.toContain('onclick');
expect(sanitized).not.toContain('<script>');
expect(sanitized).toContain('Safe text');
});
it('should sanitize URLs', () => {
const maliciousUrl = 'javascript:alert(1)';
const safeUrl = 'https://example.com';
expect(sanitizeURL(maliciousUrl)).toBe('');
expect(sanitizeURL(safeUrl)).toBe(safeUrl);
});
});
describe('CSRF Protection Flow', () => {
it('should generate and validate CSRF tokens', () => {
const token = generateCSRFToken();
expect(token).toBeDefined();
expect(typeof token).toBe('string');
expect(token.length).toBeGreaterThan(0);
const isValid = validateCSRFToken(token, token);
expect(isValid).toBe(true);
});
it('should reject invalid CSRF tokens', () => {
const invalidToken = 'invalid-token-123';
const storedToken = 'different-token';
const isValid = validateCSRFToken(invalidToken, storedToken);
expect(isValid).toBe(false);
});
it('should reject empty tokens', () => {
const isValid = validateCSRFToken('', 'some-token');
expect(isValid).toBe(false);
});
});
describe('File Validation Flow', () => {
it('should validate allowed file types', () => {
const isImageAllowed = isAllowedType('image/jpeg', 'image');
const isDocAllowed = isAllowedType('application/pdf', 'document');
expect(isImageAllowed).toBe(true);
expect(isDocAllowed).toBe(true);
});
it('should reject dangerous file types', () => {
const isDangerous = isDangerousFile('malware.exe');
expect(isDangerous).toBe(true);
const isSafe = isDangerousFile('document.pdf');
expect(isSafe).toBe(false);
});
it('should validate file signatures', async () => {
const pngSignature = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a]);
const isValid = validateFileSignature(pngSignature, 'image/png');
expect(isValid).toBe(true);
});
});
describe('Color Contrast Validation Flow', () => {
it('should validate accessible color combinations', () => {
const result = meetsWCAGStandard('#000000', '#FFFFFF', 'AA', 'normal');
expect(result.passes).toBe(true);
expect(result.ratio).toBeGreaterThan(4.5);
});
it('should reject inaccessible color combinations', () => {
const result = meetsWCAGStandard('#CCCCCC', '#FFFFFF', 'AA', 'normal');
expect(result.passes).toBe(false);
});
it('should calculate contrast ratios correctly', () => {
const blackOnWhite = calculateContrastRatio('#000000', '#FFFFFF');
const whiteOnBlack = calculateContrastRatio('#FFFFFF', '#000000');
expect(blackOnWhite).toBeCloseTo(21, 0);
expect(whiteOnBlack).toBeCloseTo(21, 0);
});
});
describe('Performance Monitoring Flow', () => {
beforeEach(() => {
PerformanceMonitor['instance'] = null as any;
});
it('should track metrics across operations', () => {
const monitor = PerformanceMonitor.getInstance();
monitor.recordMetric('response_time', 100);
monitor.recordMetric('response_time', 200);
monitor.recordMetric('response_time', 150);
const stats = monitor.getStats('response_time');
expect(stats.count).toBe(3);
expect(stats.avg).toBe(150);
expect(stats.min).toBe(100);
expect(stats.max).toBe(200);
});
it('should track multiple metrics independently', () => {
const monitor = PerformanceMonitor.getInstance();
monitor.recordMetric('api_calls', 1);
monitor.recordMetric('api_calls', 1);
monitor.recordMetric('db_queries', 5);
monitor.recordMetric('db_queries', 5);
expect(monitor.getCount('api_calls')).toBe(2);
expect(monitor.getCount('db_queries')).toBe(2);
expect(monitor.getAverage('api_calls')).toBe(1);
expect(monitor.getAverage('db_queries')).toBe(5);
});
});
describe('Combined Security Validation Flow', () => {
it('should validate and sanitize user input comprehensively', () => {
const maliciousInput = {
name: '<script>alert("xss")</script>John',
email: 'john@example.com',
website: 'javascript:alert(1)',
message: '<p onclick="evil()">Hello</p>',
};
const sanitized = {
name: sanitizeInput(maliciousInput.name),
email: sanitizeInput(maliciousInput.email),
website: sanitizeURL(maliciousInput.website),
message: sanitizeHTML(maliciousInput.message),
};
expect(sanitized.name).not.toContain('<script>');
expect(sanitized.email).toBe('john@example.com');
expect(sanitized.website).toBe('');
expect(sanitized.message).not.toContain('onclick');
});
it('should validate file upload with CSRF protection', () => {
const csrfToken = generateCSRFToken();
const isValidCSRF = validateCSRFToken(csrfToken, csrfToken);
expect(isValidCSRF).toBe(true);
const isAllowed = isAllowedType('application/pdf', 'document');
expect(isAllowed).toBe(true);
});
});
});