fix: patch vuln in web-sdk dev dep @happy-dom/jest-environment (#1519)

Define custom happy-dom jest env for running web-sdk integration tests that force credentials to be passed since tests were failing on node 18 but not 16 or 20 due to obscure reason w/ fetch still being experimental in node 18 :(
momentohq · Feb 5, 2025 · 5722497 · 5722497
1 parent f7c584d
commit 5722497
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 28 deletions.
diff --git a/packages/client-sdk-web/package-lock.json b/packages/client-sdk-web/package-lock.json
diff --git a/packages/client-sdk-web/package.json b/packages/client-sdk-web/package.json
@@ -23,11 +23,11 @@
     "integration-test-leaderboard": "jest --env=jsdom leaderboard/ --maxWorkers 1 -- useConsistentReads",
     "integration-test-storage": "jest --env=jsdom storage/ --maxWorkers 1 -- useConsistentReads",
     "integration-test-store": "npm run integration-test-storage",
-    "integration-test-topics": "jest --env=jsdom topics/ --maxWorkers 1 && jest --env=@happy-dom/jest-environment webhooks/ --maxWorkers 1 -- useConsistentReads",
+    "integration-test-topics": "jest --env=jsdom topics/ --maxWorkers 1 && jest --env=./test/integration/CustomHappyDomEnv.js webhooks/ --maxWorkers 1 -- useConsistentReads",
     "integration-test-jsdom": "jest integration --env=jsdom --testMatch \"**/dictionary.test.ts|**/ping.test.ts|*/topic-client.test.ts|leaderboard.test.ts\" --maxWorkers 1",
     "integration-test-jsdom-consistent-reads": "jest integration --env=jsdom --testMatch \"**/dictionary.test.ts|**/ping.test.ts|*/topic-client.test.ts|leaderboard.test.ts\" --maxWorkers 1 -- useConsistentReads",
-    "integration-test-happy-dom": "jest integration --env=@happy-dom/jest-environment --testPathIgnorePatterns \"dictionary.test.ts|ping.test.ts|topic-client.test.ts|auth-client.test.ts|leaderboard.test.ts|storage.test.ts\" --maxWorkers 1",
-    "integration-test-happy-dom-consistent-reads": "jest integration --env=@happy-dom/jest-environment --testPathIgnorePatterns \"dictionary.test.ts|ping.test.ts|topic-client.test.ts|auth-client.test.ts|leaderboard.test.ts|storage.test.ts\" --maxWorkers 1 -- useConsistentReads",
+    "integration-test-happy-dom": "jest integration --env=./test/integration/CustomHappyDomEnv.js --testPathIgnorePatterns \"dictionary.test.ts|ping.test.ts|topic-client.test.ts|auth-client.test.ts|leaderboard.test.ts|storage.test.ts\" --maxWorkers 1",
+    "integration-test-happy-dom-consistent-reads": "jest integration --env=./test/integration/CustomHappyDomEnv.js --testPathIgnorePatterns \"dictionary.test.ts|ping.test.ts|topic-client.test.ts|auth-client.test.ts|leaderboard.test.ts|storage.test.ts\" --maxWorkers 1 -- useConsistentReads",
     "integration-test": "npm run integration-test-happy-dom && npm run integration-test-jsdom",
     "integration-test-consistent-reads": "npm run integration-test-happy-dom-consistent-reads && npm run integration-test-jsdom-consistent-reads",
     "build-deps": "cd ../core && npm run build && cd - && cd ../common-integration-tests && npm run build && cd -",
@@ -41,7 +41,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@gomomento/common-integration-tests": "file:../common-integration-tests",
-    "@happy-dom/jest-environment": "^12.10.3",
+    "@happy-dom/jest-environment": "^16.8.1",
     "@types/jest": "27.5.2",
     "@types/node": "16.18.97",
     "@types/uuid": "^9.0.7",

diff --git a/packages/client-sdk-web/test/integration/CustomHappyDomEnv.js b/packages/client-sdk-web/test/integration/CustomHappyDomEnv.js
@@ -0,0 +1,29 @@
+const HappyDomEnvironment = require('@happy-dom/jest-environment').default;
+
+class CustomHappyDomEnvironment extends HappyDomEnvironment {
+  async setup() {
+    await super.setup();
+
+    // Grab the prototype once the environment is ready:
+    const xhrProto = this.global.window.XMLHttpRequest.prototype;
+
+    const originalOpen = xhrProto.open;
+    xhrProto.open = function (method, url, async, user, password) {
+      // This line is the main reason we need this custom happy dom env to force
+      // creds to be passed w/ requests.
+      // Node18 has some funkiness since fetch wasn't included in core runtime yet.
+      // It explains why node 16 and 20 worked but not 18 when updating Happy Dom
+      // a major version due to critical vulnerability warnings.
+      //
+      // These issues and prs from AWS dev on their JS sdk clued me into what was happening
+      // https://github.com/capricorn86/happy-dom/issues/1042
+      // https://github.com/aws/aws-sdk-js-v3/pull/6780/files
+      //
+      // Note: im overriding 'xhrProto' though not 'fetch' since that is what grpc-web uses
+      this.withCredentials = true;
+      return originalOpen.apply(this, arguments);
+    };
+  }
+}
+
+module.exports = CustomHappyDomEnvironment;