Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Patronus is a testing module used along with a testing framework (Mocha, Lab... whatever) so that all you have to do is provide a reference to your Hapi server object and supply a JS object with the values used in your API.
Patronus will generate every combo of params, payloads, and query args (based off of your routes Joi validations) and their values that you can think of and tests them all.
It even uses your route description for test names.
Load the npm module:
var Patronus = require('patronus');
Load value objects on a route:
apiServer.route({
method: 'POST',
path: route,
config: {
description: 'username is required, password is optional',
validate: {
payload: Joi.object({
username: Joi.string().required().example('matt'),
password: Joi.string(),
})
},
response: {
schema: Joi.object({
username: Joi.string().required(),
password: Joi.string(),
})
},
plugins:{
patronus: {
// Note it is an array, test with multiple value sets
testValues: [{
username: 'user-name',
password: 'password',
// An example value object looks like this, where keys are param/payload/query names
// except for __auth, this is reserved for the params used for authentication
__auth: {
headers: {
authorization: 'Bearer 1234'
}
}
}]
}
}
},
handler: function(request, reply) {
reply(request.payload);
}
});
Get all the tests for a single route from the server
var server = new Hapi.Server().connection({ host: 'test' });
var tests = Patronus.testsFromRoute('GET', '/any/route', server);
Or just test all the endpoints
var server = new Hapi.Server().connection({ host: 'test' });
var tests = Patronus.allTests(server);
The tests
array contains a sequence of request/response pairs. Test them against your service:
// This will test every endpoint on your server using every combo of
// optional params you could think of. Multiplied by the number of param combos you
// provided
describe('specification-driven tests', function () {
var tests = Patronus.allTests(server);
tests.forEach(function (test) {
it(test.description, function(done) {
server.inject(test.request, function(res) {
Patronus.assert(res, test.response);
done();
});
});
});
});
You can also pass into #.allTests() an options param like so:
var tests = Patronus.allTests(server, {
select: 'api', // [optional] select a connection by label
ignore: [{ // [optional] an array of objects defining routes you dont want to test
pathContains: '/docs' // [optional] does an indexOf on the path, ignoring matches
path: '/docs' // [optional] does a === on the path, ignoring matches
method: 'GET' // [optional] does a === on the method, ignoring matches
}, {
pathContains: '/debug'
}, {
pathContains: '/documentation'
}]
});
Note that for each object in the ignore array, all params must match on a route to ignore it.
We welcome contributions from the community and are pleased to have them. Please follow this guide when logging issues or making code changes.
All issues should be created using the new issue form. Clearly describe the issue including steps to reproduce if there are any. Just being honest here... issues that do not include a route and values object for testing will most likely not get worked on. Include those and we will do our best to fix it ASAP.
Code changes are welcome and should follow the guidelines below.
npm test
npm run coverage
to generate a report of test coverageFAQs
Specification-driven REST API testing
The npm package patronus receives a total of 21 weekly downloads. As such, patronus popularity was classified as not popular.
We found that patronus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.