test: validate functionality of mergeMiddlewareCookies

mrstork · mrstork · commit 93c8766ca823 · 2025-04-16T11:34:00.000-04:00
diff --git a/edge-runtime/lib/middleware.test.ts b/edge-runtime/lib/middleware.test.ts
@@ -0,0 +1,95 @@
+import { assertEquals } from 'https://deno.land/std@0.175.0/testing/asserts.ts'
+import { mergeMiddlewareCookies } from './middleware.ts'
+
+const MIDDLEWARE_HEADER = 'x-middleware-set-cookie'
+
+Deno.test('mergeMiddlewareCookies', async (t) => {
+  await t.step('should handle empty cookies', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, '')
+  })
+
+  await t.step('should return request cookies when there are no middleware headers', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    request.headers.set('Cookie', 'oatmeal=raisin')
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'oatmeal=raisin')
+  })
+
+  await t.step('should not require cookies in request to be set', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    response.headers.set(MIDDLEWARE_HEADER, 'peanut=butter; Path=/')
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'peanut=butter')
+  })
+
+  await t.step('should merge request and middleware cookies', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    request.headers.set('Cookie', 'oatmeal=raisin')
+    response.headers.set(MIDDLEWARE_HEADER, 'peanut=butter; Path=/')
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'oatmeal=raisin; peanut=butter')
+  })
+
+  await t.step('should overwrite request cookies with latest values', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    request.headers.set('Cookie', 'oatmeal=chocolate')
+    response.headers.set(MIDDLEWARE_HEADER, 'oatmeal=raisin; Path=/')
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'oatmeal=raisin')
+  })
+
+  await t.step('should not decode middleware cookie values', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    response.headers.set(
+      MIDDLEWARE_HEADER,
+      'greeting=Hello%20from%20the%20cookie; Path=/',
+    )
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'greeting=Hello%20from%20the%20cookie')
+  })
+
+  await t.step('should support multiple cookies being set in middleware', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    response.headers.set(
+      MIDDLEWARE_HEADER,
+      'oatmeal=raisin; Path=/,peanut=butter; Path=/,chocolate=chip; Path=/',
+    )
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'oatmeal=raisin; peanut=butter; chocolate=chip')
+  })
+
+  await t.step('should ignore comma in middleware cookie expiry', async () => {
+    const request = new Request('https://www.test-url.com')
+    const response = new Response()
+
+    response.headers.set(
+      MIDDLEWARE_HEADER,
+      'oatmeal=raisin; Path=/; Expires=Wed, 23 Apr 2025 13:37:43 GMT; Max-Age=604800',
+    )
+
+    const result = mergeMiddlewareCookies(response, request)
+    assertEquals(result, 'oatmeal=raisin')
+  })
+})
diff --git a/edge-runtime/lib/middleware.ts b/edge-runtime/lib/middleware.ts
@@ -60,16 +60,20 @@ export const addMiddlewareHeaders = async (
   return response
 }
 
-export function mergeMiddlewareCookies(middlewareResponse: Response, request: Request) {
-  let mergedCookies = getCookies(request.headers)
-  const middlewareCookies = middlewareResponse.headers.get('x-middleware-set-cookie') || ''
+// This serves the same purpose as the mergeMiddlewareCookies in Next.js but has been customized to our domain
+// See: https://github.com/vercel/next.js/blob/6e4495f8430eab33b12cd11dffdd8e27eee6e0cf/packages/next/src/server/async-storage/request-store.ts#L78-L105
+export function mergeMiddlewareCookies(middlewareResponse: Response, lambdaRequest: Request) {
+  let mergedCookies = getCookies(lambdaRequest.headers)
+  const middlewareCookies = middlewareResponse.headers.get('x-middleware-set-cookie')
   const regex = new RegExp(/,(?!\s)/) // commas that are not followed by whitespace
 
-  middlewareCookies.split(regex).forEach((entry) => {
-    const [cookie] = entry.split(';')
-    const [name, value] = cookie.split('=')
-    mergedCookies[name] = value
-  })
+  if (middlewareCookies) {
+    middlewareCookies.split(regex).forEach((entry) => {
+      const [cookie] = entry.split(';')
+      const [name, value] = cookie.split('=')
+      mergedCookies[name] = value
+    })
+  }
 
   return Object.entries(mergedCookies)
     .map((kv) => kv.join('='))
diff --git a/edge-runtime/lib/response.ts b/edge-runtime/lib/response.ts
@@ -234,7 +234,10 @@ export const buildResponse = async ({
 
     // coookies set in middleware need to be available during the lambda request
     const newRequest = new Request(request)
-    newRequest.headers.set('Cookie', mergeMiddlewareCookies(edgeResponse, newRequest))
+    const newRequestCookies = mergeMiddlewareCookies(edgeResponse, newRequest)
+    if (newRequestCookies) {
+      newRequest.headers.set('Cookie', newRequestCookies)
+    }
 
     return addMiddlewareHeaders(context.next(newRequest), edgeResponse)
   }
