Unit-tests refactored, test for env var option precedence added

tsmx · tsmx · commit fa248b32c185 · 2025-09-14T21:25:26.000+02:00
diff --git a/secure-config.js b/secure-config.js
@@ -81,14 +81,18 @@ function getConfigPath(options) {
 }
 
 module.exports = (options) => {
+    // load the configuration JSON
     let conf = require(getConfigPath(options));
+    // get the key and decrypt
     const key = getKey(getOptValue(options, 'keyVariable', defaultKeyVariableName));
     decryptConfig(conf, key);
+    // validate HMAC 
     if (getOptValue(options, 'hmacValidation', defaultHmacValidation)) {
         if (!oh.verifyHmac(conf, key, getOptValue(options, 'hmacProperty', defaultHmacProperty))) {
             throw new Error('HMAC validation failed.');
         }
     }
+    // export env vars as passed via options or in the configuration itself (options have precedence)
     let exports = getOptValue(options, 'envVarExports', defaultEnvVarExports);
     if(!Array.isArray(exports) || exports.length == 0) {
         exports = conf[defaultEnvVarProperty];
diff --git a/test/secure-config-envvars.test.js b/test/secure-config-envvars.test.js
@@ -1,4 +1,4 @@
-describe('secure-config multiconf feature test suite (v2 features)', () => {
+describe('secure-config environment variables setting test suite', () => {
 
     const key = '0123456789qwertzuiopasdfghjklyxc';
     const myconfKey = '11c4b6c3cdb7ebaff74a7a340d30c45fd2f7a49d6d0b56badb300dbe49f233ec';
@@ -11,9 +11,11 @@ describe('secure-config multiconf feature test suite (v2 features)', () => {
         delete process.env['CONFIG_INFO'];
         delete process.env['DB_USER'];
         delete process.env['DB_PASSWORD'];
+        delete process.env['DB_USER_2'];
+        delete process.env['DB_PASSWORD_2'];
     });
 
-    it('tests a successful configuration retrieval with custom name and a top level env var setting', () => {
+    it('tests a programmatic env var setting from a simple top level configuratisn item', () => {
         expect(process.env['CONFIG_INFO']).toBeUndefined();
         process.env['CONFIG_ENCRYPTION_KEY'] = myconfKey;
         const conf = require('../secure-config')({ prefix: 'myconf', envVarExports: [{ key: 'info', envVar: 'CONFIG_INFO' }] });
@@ -22,7 +24,7 @@ describe('secure-config multiconf feature test suite (v2 features)', () => {
         expect(process.env['CONFIG_INFO']).toEqual('myconf');
     });
 
-    it('tests a successful production configuration retrieval with multiple deep-level env var settings', () => {
+    it('tests a programmatic env var setting for multiple values from deep-nested configuration items', () => {
         expect(process.env['DB_USER']).toBeUndefined();
         expect(process.env['DB_PASSWORD']).toBeUndefined();
         const envVarExports = [
@@ -41,7 +43,7 @@ describe('secure-config multiconf feature test suite (v2 features)', () => {
         expect(process.env['DB_PASSWORD']).toEqual('SecretPassword-Prod');
     });
 
-    it('tests a successful production configuration retrieval with env var settings via the configuration file', () => {
+    it('tests a declarative env var setting for multiple values from deep-nested configuration items', () => {
         expect(process.env['DB_USER']).toBeUndefined();
         expect(process.env['DB_PASSWORD']).toBeUndefined();
         process.env['CONFIG_ENCRYPTION_KEY'] = key;
@@ -56,4 +58,27 @@ describe('secure-config multiconf feature test suite (v2 features)', () => {
         expect(process.env['DB_PASSWORD']).toEqual('SecretPassword-Prod');
     });
 
+    it('tests the precedence of programmatic over declarative env var settings', () => {
+        expect(process.env['DB_USER']).toBeUndefined();
+        expect(process.env['DB_USER_2']).toBeUndefined();
+        expect(process.env['DB_PASSWORD']).toBeUndefined();
+        expect(process.env['DB_PASSWORD_2']).toBeUndefined();
+        process.env['CONFIG_ENCRYPTION_KEY'] = key;
+        process.env['NODE_ENV'] = 'production-envvars';
+        const envVarExports = [
+            { key: 'database.user', envVar: 'DB_USER_2' },
+            { key: 'database.password', envVar: 'DB_PASSWORD_2' }
+        ];
+        const conf = require('../secure-config')( { hmacValidation: true, envVarExports });
+        expect(conf.database.host).toEqual('db.prod.com');
+        expect(conf.database.user).toEqual('SecretUser-Prod');
+        expect(conf.database.password).toEqual('SecretPassword-Prod');
+        expect(process.env['DB_USER']).toBeUndefined();
+        expect(process.env['DB_USER_2']).toBeDefined();
+        expect(process.env['DB_USER_2']).toEqual('SecretUser-Prod');
+        expect(process.env['DB_PASSWORD']).toBeUndefined();
+        expect(process.env['DB_PASSWORD_2']).toBeDefined();
+        expect(process.env['DB_PASSWORD_2']).toEqual('SecretPassword-Prod');
+    });
+
 });

Original file line number	Diff line number	Diff line change
`@@ -81,14 +81,18 @@ function getConfigPath(options) {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`module.exports = (options) => {`
	`84`	`+ // load the configuration JSON`
`84`	`85`	`let conf = require(getConfigPath(options));`
	`86`	`+ // get the key and decrypt`
`85`	`87`	`const key = getKey(getOptValue(options, 'keyVariable', defaultKeyVariableName));`
`86`	`88`	`decryptConfig(conf, key);`
	`89`	`+ // validate HMAC`
`87`	`90`	`if (getOptValue(options, 'hmacValidation', defaultHmacValidation)) {`
`88`	`91`	`if (!oh.verifyHmac(conf, key, getOptValue(options, 'hmacProperty', defaultHmacProperty))) {`
`89`	`92`	`throw new Error('HMAC validation failed.');`
`90`	`93`	`}`
`91`	`94`	`}`
	`95`	`+ // export env vars as passed via options or in the configuration itself (options have precedence)`
`92`	`96`	`let exports = getOptValue(options, 'envVarExports', defaultEnvVarExports);`
`93`	`97`	`if(!Array.isArray(exports) \|\| exports.length == 0) {`
`94`	`98`	`exports = conf[defaultEnvVarProperty];`