refactor: move CustomRequest to fastify.ts and update FastifyRequest types

mdatelle · mdatelle · commit 95e3c1f1cc87 · 2025-03-10T12:18:38.000-04:00
diff --git a/api/src/types/fastify.ts b/api/src/types/fastify.ts
@@ -4,9 +4,30 @@ import type {
     FastifyRequest as BaseFastifyRequest,
 } from 'fastify';
 
-export type FastifyInstance = BaseFastifyInstance;
-export interface FastifyRequest extends BaseFastifyRequest {
-    cookies: Record<string, string | undefined>;
-    headers: Record<string, string | undefined>;
+// Common headers
+export interface CommonHeaders {
+    'x-api-key'?: string;
+    'x-csrf-token'?: string;
+    'x-unraid-api-version'?: string;
+    'x-flash-guid'?: string;
+}
+
+// Common query parameters
+export interface CommonQuery {
+    csrf_token?: string;
 }
+
+// Base types
+type Headers = Record<string, string | string[] | undefined> & Partial<CommonHeaders>;
+type Query = Record<string, string | undefined> & Partial<CommonQuery>;
+type Cookies = Record<string, string | undefined>;
+
+export type FastifyRequest = BaseFastifyRequest<{
+    Headers: Headers;
+    Querystring: Query;
+}> & {
+    cookies: Cookies;
+};
+
+export type FastifyInstance = BaseFastifyInstance;
 export type FastifyReply = BaseFastifyReply;
diff --git a/api/src/unraid-api/auth/auth.service.spec.ts b/api/src/unraid-api/auth/auth.service.spec.ts
@@ -5,8 +5,8 @@ import { AuthZService } from 'nest-authz';
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
 
 import type { ApiKey, ApiKeyWithSecret, UserAccount } from '@app/graphql/generated/api/types.js';
-import type { FastifyRequest } from '@app/types/fastify.js';
 import { Resource, Role } from '@app/graphql/generated/api/types.js';
+import { FastifyRequest } from '@app/types/fastify.js';
 import { ApiKeyService } from '@app/unraid-api/auth/api-key.service.js';
 import { AuthService } from '@app/unraid-api/auth/auth.service.js';
 import { CookieService } from '@app/unraid-api/auth/cookie.service.js';
@@ -50,17 +50,13 @@ describe('AuthService', () => {
     };
 
     // Mock FastifyRequest object for tests
-    const createMockRequest = (overrides = {}): FastifyRequest => {
-        return {
-            headers: {},
-            query: {},
+    const createMockRequest = (overrides = {}) =>
+        ({
+            headers: { 'x-csrf-token': undefined },
+            query: { csrf_token: undefined },
             cookies: {},
-            id: 'test-id',
-            params: {},
-            raw: {} as any,
             ...overrides,
-        } as FastifyRequest;
-    };
+        }) as FastifyRequest;
 
     beforeEach(async () => {
         const enforcer = await newEnforcer();
@@ -82,7 +78,9 @@ describe('AuthService', () => {
             vi.spyOn(authzService, 'getRolesForUser').mockResolvedValue([Role.ADMIN]);
             vi.spyOn(authService, 'validateCsrfToken').mockReturnValue(true);
 
-            const mockRequest = createMockRequest();
+            const mockRequest = createMockRequest({
+                headers: { 'x-csrf-token': 'valid-token' },
+            });
             const result = await authService.validateCookiesCasbin(mockRequest);
 
             expect(result).toEqual(mockUser);
@@ -92,7 +90,9 @@ describe('AuthService', () => {
             vi.spyOn(cookieService, 'hasValidAuthCookie').mockResolvedValue(false);
             vi.spyOn(authService, 'validateCsrfToken').mockReturnValue(true);
 
-            const mockRequest = createMockRequest();
+            const mockRequest = createMockRequest({
+                headers: { 'x-csrf-token': 'valid-token' },
+            });
             await expect(authService.validateCookiesCasbin(mockRequest)).rejects.toThrow(
                 UnauthorizedException
             );
@@ -126,11 +126,27 @@ describe('AuthService', () => {
         it('should throw UnauthorizedException when CSRF token is invalid', async () => {
             vi.spyOn(authService, 'validateCsrfToken').mockReturnValue(false);
 
-            const mockRequest = createMockRequest();
+            const mockRequest = createMockRequest({
+                headers: { 'x-csrf-token': 'invalid-token' },
+            });
             await expect(authService.validateCookiesCasbin(mockRequest)).rejects.toThrow(
                 new UnauthorizedException('Invalid CSRF token')
             );
         });
+
+        it('should accept CSRF token from query parameter', async () => {
+            vi.spyOn(cookieService, 'hasValidAuthCookie').mockResolvedValue(true);
+            vi.spyOn(authService, 'getSessionUser').mockResolvedValue(mockUser);
+            vi.spyOn(authzService, 'getRolesForUser').mockResolvedValue([Role.ADMIN]);
+            vi.spyOn(authService, 'validateCsrfToken').mockReturnValue(true);
+
+            const mockRequest = createMockRequest({
+                query: { csrf_token: 'valid-token' },
+            });
+            const result = await authService.validateCookiesCasbin(mockRequest);
+
+            expect(result).toEqual(mockUser);
+        });
     });
 
     describe('syncApiKeyRoles', () => {
diff --git a/api/src/unraid-api/auth/auth.service.ts b/api/src/unraid-api/auth/auth.service.ts
@@ -51,12 +51,7 @@ export class AuthService {
 
     async validateCookiesCasbin(request: FastifyRequest): Promise<UserAccount> {
         try {
-            if (
-                !this.validateCsrfToken(
-                    request.headers['x-csrf-token'] ||
-                        (request.query as { csrf_token?: string })?.csrf_token
-                )
-            ) {
+            if (!this.validateCsrfToken(request.headers['x-csrf-token'] || request.query.csrf_token)) {
                 throw new UnauthorizedException('Invalid CSRF token');
             }
 
diff --git a/api/src/unraid-api/types/request.ts b/api/src/unraid-api/types/request.ts
