/** * Integration tests for TLSEnforcementMiddleware. * * Tests: * 1. In production mode with non-https x-forwarded-proto, request gets 301 redirect * 2. In production mode with https x-forwarded-proto, request passes through * 3. In non-production (development) mode, request always passes through */ import express, { Application, Request, Response } from 'express'; import request from 'supertest'; import { tlsEnforcementMiddleware } from '../../../src/middleware/TLSEnforcementMiddleware'; // ============================================================================ // Helpers // ============================================================================ /** Creates a minimal Express app with the TLS middleware and a test route. */ function createTestApp(): Application { const app = express(); app.use(tlsEnforcementMiddleware); app.get('/test', (_req: Request, res: Response) => { res.status(200).json({ ok: true }); }); return app; } // ============================================================================ // Tests // ============================================================================ describe('TLSEnforcementMiddleware', () => { const originalNodeEnv = process.env['NODE_ENV']; afterEach(() => { // Restore NODE_ENV after each test if (originalNodeEnv === undefined) { delete process.env['NODE_ENV']; } else { process.env['NODE_ENV'] = originalNodeEnv; } }); describe('in production mode', () => { beforeEach(() => { process.env['NODE_ENV'] = 'production'; }); it('should return 301 redirect when x-forwarded-proto is http', async () => { const app = createTestApp(); const res = await request(app) .get('/test') .set('x-forwarded-proto', 'http') .set('host', 'api.sentryagent.ai'); expect(res.status).toBe(301); expect(res.headers['location']).toBe('https://api.sentryagent.ai/test'); }); it('should return 301 redirect when x-forwarded-proto is missing', async () => { const app = createTestApp(); const res = await request(app) .get('/test') .set('host', 'api.sentryagent.ai'); // No x-forwarded-proto header set expect(res.status).toBe(301); }); it('should pass through when x-forwarded-proto is https', async () => { const app = createTestApp(); const res = await request(app) .get('/test') .set('x-forwarded-proto', 'https') .set('host', 'api.sentryagent.ai'); expect(res.status).toBe(200); expect(res.body).toEqual({ ok: true }); }); it('should preserve the original URL path in the redirect', async () => { // Add a path that includes a query string const testApp = express(); testApp.use(tlsEnforcementMiddleware); testApp.get('/api/v1/agents', (_req: Request, res: Response) => { res.status(200).json({ ok: true }); }); const res = await request(testApp) .get('/api/v1/agents?page=1&limit=20') .set('x-forwarded-proto', 'http') .set('host', 'api.sentryagent.ai'); expect(res.status).toBe(301); expect(res.headers['location']).toBe('https://api.sentryagent.ai/api/v1/agents?page=1&limit=20'); }); }); describe('in development mode', () => { beforeEach(() => { process.env['NODE_ENV'] = 'development'; }); it('should pass through without redirect even for http requests', async () => { const app = createTestApp(); const res = await request(app) .get('/test') .set('x-forwarded-proto', 'http') .set('host', 'localhost:3000'); expect(res.status).toBe(200); expect(res.body).toEqual({ ok: true }); }); it('should pass through when no proto header is present', async () => { const app = createTestApp(); const res = await request(app) .get('/test'); expect(res.status).toBe(200); }); }); describe('in test mode', () => { beforeEach(() => { process.env['NODE_ENV'] = 'test'; }); it('should pass through without redirect in test mode', async () => { const app = createTestApp(); const res = await request(app) .get('/test') .set('x-forwarded-proto', 'http'); expect(res.status).toBe(200); }); }); });