From cba41e2a8cd1e77858f358efcabfbb5f251cb201 Mon Sep 17 00:00:00 2001
From: Randy Tarampi <rt@randytarampi.ca>
Date: Mon, 4 May 2020 20:37:44 +0200
Subject: [PATCH] Also support `--disableCookieValidation` when we
 `createResourceRoutes`.

__This should close https://github.com/dherault/serverless-offline/issues/974 by forward porting my v5 solution from https://github.com/dherault/serverless-offline/pull/863__.

Requests to `resourceRoutes` created behind an API Gateway Proxy (i.e., running with `--resourceRoutes`) would fail due to hapi just exploding on the cookie validation.

This just rips off the strategy in https://github.com/dherault/serverless-offline/pull/513 (specifically https://github.com/dherault/serverless-offline/commit/5d9a67a5c460e456e54e5be0967807fcfdee2064) and https://github.com/dherault/serverless-offline/pull/863

Much of the credit here goes to @cassiohub (@cassiohubner on GitLab).
---
 src/events/http/HttpServer.js  | 12 +++++++
 tests/old-unit/offline.test.js | 61 ++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
index 636b64224..d64aba205 100644
--- a/src/events/http/HttpServer.js
+++ b/src/events/http/HttpServer.js
@@ -901,8 +901,20 @@ export default class HttpServer {
       }
 
       const hapiMethod = method === 'ANY' ? '*' : method
+
+      const state = this.#options.disableCookieValidation
+        ? {
+            failAction: 'ignore',
+            parse: false,
+          }
+        : {
+            failAction: 'error',
+            parse: true,
+          }
+
       const hapiOptions = {
         cors: this.#options.corsConfig,
+        state,
       }
 
       // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'
diff --git a/tests/old-unit/offline.test.js b/tests/old-unit/offline.test.js
index 956000e63..d41cc4112 100644
--- a/tests/old-unit/offline.test.js
+++ b/tests/old-unit/offline.test.js
@@ -1012,5 +1012,66 @@ describe('Offline', () => {
 
       expect(result.queryString).toHaveProperty('bar', 'baz')
     })
+
+    describe('disable cookie validation', () => {
+      test('should return bad request by default if invalid cookies are passed by the request', async () => {
+        const offline = await new OfflineBuilder(serviceBuilder, {
+          resourceRoutes: true,
+        })
+          .addFunctionConfig('cookie', {
+            events: [
+              {
+                http: {
+                  method: 'GET',
+                  path: 'cookie',
+                },
+              },
+            ],
+            handler: 'tests/old-unit/fixtures/handler.cookie',
+          })
+          .toObject()
+
+        const res = await offline.inject({
+          headers: {
+            Cookie:
+              'a.strange.cookie.with.newline.at.the.end=yummie123utuiwi-32432fe3-f3e2e32\n',
+          },
+          method: 'GET',
+          url: '/dev/cookie',
+        })
+
+        expect(res.statusCode).toEqual(400)
+      })
+
+      test('should return 200 if the "disableCookieValidation"-flag is set', async () => {
+        const offline = await new OfflineBuilder(serviceBuilder, {
+          resourceRoutes: true,
+          disableCookieValidation: true,
+        })
+          .addFunctionConfig('cookie', {
+            events: [
+              {
+                http: {
+                  method: 'GET',
+                  path: 'cookie',
+                },
+              },
+            ],
+            handler: 'tests/old-unit/fixtures/handler.cookie',
+          })
+          .toObject()
+
+        const res = await offline.inject({
+          headers: {
+            Cookie:
+              'a.strange.cookie.with.newline.at.the.end=yummie123utuiwi-32432fe3-f3e2e32\n',
+          },
+          method: 'GET',
+          url: '/dev/cookie',
+        })
+
+        expect(res.statusCode).toEqual(200)
+      })
+    })
   })
 })