brendan/nanodrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): rename session cookie to nanodrop_session

Browse Source 
Flips SESSION_COOKIE_NAME from 'token' to 'nanodrop_session' per the
family per-app naming convention (<app>_session). fastify-jwt's
cookieName in server.ts is now sourced from the constant so a future
rename only needs to touch constants.ts.

Hard-cut migration with no dual-cookie shim: the existing 'token'
cookie has no Max-Age so it dies on browser close anyway, and this
is a single-user deployment per CLAUDE.md. Users re-log in once
after deploy.

Test files updated mechanically: cookies: { token } → cookies: {
nanodrop_session: token } (variable name 'token' kept locally),
clearCookie regex updated, login response now also asserts
Max-Age=2592000 from the family TTL.
This commit is contained in:
Brendan Chen
2026-05-09 10:12:25 -07:00
parent 86870db726
commit 623a3374cf
7 changed files with 31 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/integration/pages.test.ts
View File

@@ -25,7 +25,7 @@ describe('GET /', () => {
it('redirects to /upload when authenticated', async () => {
const token = await loginAs(ctx.app, 'alice', 'secret');
const res = await ctx.app.inject({ method: 'GET', url: '/', cookies: { token } });
const res = await ctx.app.inject({ method: 'GET', url: '/', cookies: { nanodrop_session: token } });
expect(res.statusCode).toBe(302);
expect(res.headers['location']).toBe('/upload');
});
@@ -46,7 +46,7 @@ describe('POST /login (page)', () => {
});
expect(res.statusCode).toBe(302);
expect(res.headers['location']).toBe('/upload');
expect(res.headers['set-cookie']).toMatch(/token=/);
expect(res.headers['set-cookie']).toMatch(/nanodrop_session=/);
});
it('shows login page with error on invalid credentials', async () => {
@@ -72,7 +72,7 @@ describe('GET /upload + POST /upload', () => {
afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });
it('shows upload form', async () => {
const res = await ctx.app.inject({ method: 'GET', url: '/upload', cookies: { token } });
const res = await ctx.app.inject({ method: 'GET', url: '/upload', cookies: { nanodrop_session: token } });
expect(res.statusCode).toBe(200);
expect(res.body).toContain('Upload');
});
@@ -87,7 +87,7 @@ describe('GET /upload + POST /upload', () => {
const res = await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token },
cookies: { nanodrop_session: token },
...buildMultipart({ file: { filename: 'doc.txt', contentType: 'text/plain', data: Buffer.from('content') } }),
});
expect(res.statusCode).toBe(200);
@@ -106,7 +106,7 @@ describe('GET /f/:id and GET /f/:id/raw', () => {
const uploadRes = await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token },
cookies: { nanodrop_session: token },
...buildMultipart({ file: { filename: 'hello.txt', contentType: 'text/plain', data: Buffer.from('hello!') } }),
});
// Extract file id from response body
@@ -188,7 +188,7 @@ describe('GET /f/:id — image inline', () => {
const uploadRes = await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token },
cookies: { nanodrop_session: token },
...buildMultipart({ file: { filename: 'photo.png', contentType: 'image/png', data: Buffer.from('fakepng') } }),
});
const match = uploadRes.body.match(/\/f\/([^/"]+)/);
@@ -213,14 +213,14 @@ describe('GET /files — copy link', () => {
await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token },
cookies: { nanodrop_session: token },
...buildMultipart({ file: { filename: 'test.txt', contentType: 'text/plain', data: Buffer.from('hi') } }),
});
});
afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });
it('shows Copy link button for each file', async () => {
const res = await ctx.app.inject({ method: 'GET', url: '/files', cookies: { token } });
const res = await ctx.app.inject({ method: 'GET', url: '/files', cookies: { nanodrop_session: token } });
expect(res.statusCode).toBe(200);
expect(res.body).toContain('Copy link');
expect(res.body).toContain('class="table-wrap"');
@@ -245,7 +245,7 @@ describe('GET /f/:id — owner-aware header', () => {
const uploadRes = await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token: aliceToken },
cookies: { nanodrop_session: aliceToken },
...buildMultipart({ file: { filename: 'owned.txt', contentType: 'text/plain', data: Buffer.from('data') } }),
});
const match = uploadRes.body.match(/\/f\/([^/"]+)/);
@@ -254,19 +254,19 @@ describe('GET /f/:id — owner-aware header', () => {
afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });
it('shows nav when owner views their file', async () => {
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { token: aliceToken } });
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { nanodrop_session: aliceToken } });
expect(res.statusCode).toBe(200);
expect(res.body).toContain('My Files');
});
it('shows delete button when owner views', async () => {
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { token: aliceToken } });
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { nanodrop_session: aliceToken } });
expect(res.statusCode).toBe(200);
expect(res.body).toContain('delete');
});
it('no header when non-owner views', async () => {
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { token: bobToken } });
const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}`, cookies: { nanodrop_session: bobToken } });
expect(res.statusCode).toBe(200);
expect(res.body).not.toContain('<header');
});
@@ -289,7 +289,7 @@ describe('POST /files/:id/delete', () => {
const uploadRes = await ctx.app.inject({
method: 'POST',
url: '/upload',
cookies: { token },
cookies: { nanodrop_session: token },
...buildMultipart({ file: { filename: 'del.txt', contentType: 'text/plain', data: Buffer.from('bye') } }),
});
const match = uploadRes.body.match(/\/f\/([^/"]+)/);
@@ -301,7 +301,7 @@ describe('POST /files/:id/delete', () => {
const res = await ctx.app.inject({
method: 'POST',
url: `/files/${fileId}/delete`,
cookies: { token },
cookies: { nanodrop_session: token },
});
expect(res.statusCode).toBe(302);
expect(res.headers['location']).toBe('/files');