MCPist

Overview Schema Related Servers Score Discussions

state.test.ts•2.34 KiB

import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' import { generateState, verifyState } from './state' // Set env before tests beforeEach(() => { process.env.OAUTH_STATE_SECRET = 'test-secret-key-for-hmac-256' }) afterEach(() => { delete process.env.OAUTH_STATE_SECRET }) describe('generateState / verifyState roundtrip', () => { it('generates and verifies state with payload', () => { const data = { service: 'notion', redirect: '/dashboard' } const state = generateState(data) const result = verifyState(state) expect(result.service).toBe('notion') expect(result.redirect).toBe('/dashboard') expect(result.iat).toBeTypeOf('number') }) it('generates different state for same payload (different iat)', () => { const data = { service: 'notion' } const state1 = generateState(data) // Advance time slightly vi.useFakeTimers() vi.advanceTimersByTime(1) const state2 = generateState(data) vi.useRealTimers() // States may differ due to iat timestamp // Both should verify successfully expect(() => verifyState(state1)).not.toThrow() expect(() => verifyState(state2)).not.toThrow() }) }) describe('verifyState error cases', () => { it('throws on invalid format (no dot separator)', () => { expect(() => verifyState('nodot')).toThrow('Invalid state format') }) it('throws on tampered signature', () => { const state = generateState({ service: 'notion' }) const tampered = state.slice(0, -1) + 'X' expect(() => verifyState(tampered)).toThrow() }) it('throws on tampered payload', () => { const state = generateState({ service: 'notion' }) const [, sig] = state.split('.') const fakePayload = Buffer.from(JSON.stringify({ service: 'evil', iat: Date.now() })).toString('base64url') expect(() => verifyState(`${fakePayload}.${sig}`)).toThrow() }) it('throws on expired state (>10 minutes)', () => { vi.useFakeTimers() const state = generateState({ service: 'notion' }) // Advance 11 minutes vi.advanceTimersByTime(11 * 60 * 1000) expect(() => verifyState(state)).toThrow('State expired') vi.useRealTimers() }) }) describe('getSecret', () => { it('throws when OAUTH_STATE_SECRET is not set', () => { delete process.env.OAUTH_STATE_SECRET expect(() => generateState({})).toThrow('OAUTH_STATE_SECRET') }) })

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/shibaleo/mcpist'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

state.test.ts•2.34 KiB