@jaypie/express 1.2.4 → 1.2.6

package/README.md

@@ -8,6 +8,7 @@ See [Jaypie](https://github.com/finlaysonstudio/jaypie) for usage.
 
 | Date       | Version | Summary        |
 | ---------- | ------- | -------------- |
+|  1/23/2026 |   1.2.5 | Fix array query params with bracket notation in API Gateway v1 |
 |  5/21/2024 |   1.0.0 | Initial release |
 |  5/19/2024 |   0.1.0 | Initial deploy |
 |  5/12/2024 |   0.0.1 | Initial commit |

package/dist/cjs/adapter/LambdaRequest.d.ts

@@ -8,6 +8,7 @@ interface LambdaRequestOptions {
     lambdaEvent: LambdaEvent;
     method: string;
     protocol: string;
+    query?: Record<string, string | string[]>;
     remoteAddress: string;
     url: string;
 }

package/dist/cjs/index.cjs

@@ -34,13 +34,15 @@ class LambdaRequest extends node_stream.Readable {
         this.path = options.url.split("?")[0];
         this.headers = this.normalizeHeaders(options.headers);
         this.bodyBuffer = options.body ?? null;
-        // Parse query string from URL
-        const queryIndex = options.url.indexOf("?");
-        if (queryIndex !== -1) {
-            const queryString = options.url.slice(queryIndex + 1);
-            const params = new URLSearchParams(queryString);
-            for (const [key, value] of params) {
-                this.query[key] = value;
+        // Use pre-parsed query if provided, otherwise parse from URL
+        if (options.query) {
+            this.query = options.query;
+        }
+        else {
+            const queryIndex = options.url.indexOf("?");
+            if (queryIndex !== -1) {
+                const queryString = options.url.slice(queryIndex + 1);
+                this.query = parseQueryString(queryString);
             }
         }
         // Store Lambda context
@@ -103,6 +105,67 @@ class LambdaRequest extends node_stream.Readable {
 }
 //
 //
+// Helper Functions
+//
+/**
+ * Normalize bracket notation in query parameter key.
+ * Removes trailing `[]` from keys (e.g., `filterByStatus[]` → `filterByStatus`).
+ */
+function normalizeQueryKey(key) {
+    return key.endsWith("[]") ? key.slice(0, -2) : key;
+}
+/**
+ * Parse a query string into a record with proper array handling.
+ * Handles bracket notation (e.g., `param[]`) and multi-value parameters.
+ */
+function parseQueryString(queryString) {
+    const result = {};
+    const params = new URLSearchParams(queryString);
+    for (const [rawKey, value] of params) {
+        const key = normalizeQueryKey(rawKey);
+        const existing = result[key];
+        if (existing === undefined) {
+            // First occurrence - check if it's bracket notation to determine if it should be an array
+            result[key] = rawKey.endsWith("[]") ? [value] : value;
+        }
+        else if (Array.isArray(existing)) {
+            existing.push(value);
+        }
+        else {
+            // Convert to array when we encounter a second value
+            result[key] = [existing, value];
+        }
+    }
+    return result;
+}
+/**
+ * Build query object from API Gateway v1 multiValueQueryStringParameters.
+ * Normalizes bracket notation and preserves array values.
+ */
+function buildQueryFromMultiValue(multiValueParams) {
+    const result = {};
+    if (!multiValueParams)
+        return result;
+    for (const [rawKey, values] of Object.entries(multiValueParams)) {
+        const key = normalizeQueryKey(rawKey);
+        const existingValues = result[key];
+        if (existingValues === undefined) {
+            // First occurrence - use array if multiple values or bracket notation
+            result[key] =
+                values.length === 1 && !rawKey.endsWith("[]") ? values[0] : values;
+        }
+        else if (Array.isArray(existingValues)) {
+            existingValues.push(...values);
+        }
+        else {
+            // Convert to array and merge
+            result[key] = [existingValues, ...values];
+        }
+    }
+    return result;
+}
+//
+//
 // Type Guards
 //
 /**
@@ -128,6 +191,7 @@ function createLambdaRequest(event, context) {
     let url;
     let method;
     let protocol;
+    let query;
     let remoteAddress;
     const headers = { ...event.headers };
     if (isFunctionUrlEvent(event)) {
@@ -138,6 +202,10 @@ function createLambdaRequest(event, context) {
         method = event.requestContext.http.method;
         protocol = event.requestContext.http.protocol.split("/")[0].toLowerCase();
         remoteAddress = event.requestContext.http.sourceIp;
+        // Parse query string with proper multi-value and bracket notation support
+        if (event.rawQueryString) {
+            query = parseQueryString(event.rawQueryString);
+        }
         // Normalize cookies into Cookie header if not already present
         if (event.cookies && event.cookies.length > 0 && !headers.cookie) {
             headers.cookie = event.cookies.join("; ");
@@ -145,7 +213,13 @@ function createLambdaRequest(event, context) {
     }
     else if (isApiGatewayV1Event(event)) {
         // API Gateway REST API v1 format
+        // Use multiValueQueryStringParameters for proper array support
+        const multiValueParams = event.multiValueQueryStringParameters;
         const queryParams = event.queryStringParameters;
+        if (multiValueParams && Object.keys(multiValueParams).length > 0) {
+            query = buildQueryFromMultiValue(multiValueParams);
+        }
+        // Build URL with query string
         if (queryParams && Object.keys(queryParams).length > 0) {
             const queryString = new URLSearchParams(queryParams).toString();
             url = `${event.path}?${queryString}`;
@@ -179,6 +253,7 @@ function createLambdaRequest(event, context) {
         lambdaEvent: event,
         method,
         protocol,
+        query,
         remoteAddress,
         url,
     });
@@ -975,7 +1050,9 @@ function createLambdaHandler(app, _options) {
                         {
                             status: 500,
                             title: "Internal Server Error",
-                            detail: error instanceof Error ? error.message : "Unknown error occurred",
+                            detail: error instanceof Error
+                                ? error.message
+                                : "Unknown error occurred",
                         },
                     ],
                 }),
@@ -1062,6 +1139,33 @@ const ensureProtocol = (url) => {
         return url;
     return HTTPS_PROTOCOL + url;
 };
+const extractHostname = (origin) => {
+    try {
+        const url = new URL(origin);
+        return url.hostname;
+    }
+    catch {
+        return undefined;
+    }
+};
+const isOriginAllowed = (requestOrigin, allowed) => {
+    const normalizedAllowed = ensureProtocol(allowed);
+    const normalizedRequest = ensureProtocol(requestOrigin);
+    const allowedHostname = extractHostname(normalizedAllowed);
+    const requestHostname = extractHostname(normalizedRequest);
+    if (!allowedHostname || !requestHostname) {
+        return false;
+    }
+    // Exact match
+    if (requestHostname === allowedHostname) {
+        return true;
+    }
+    // Subdomain match
+    if (requestHostname.endsWith(`.${allowedHostname}`)) {
+        return true;
+    }
+    return false;
+};
 const dynamicOriginCallbackHandler = (origin) => {
     return (requestOrigin, callback) => {
         // Handle wildcard origin
@@ -1095,7 +1199,7 @@ const dynamicOriginCallbackHandler = (origin) => {
             if (allowed instanceof RegExp) {
                 return allowed.test(requestOrigin);
             }
-            return requestOrigin.includes(allowed);
+            return isOriginAllowed(requestOrigin, allowed);
         });
         if (isAllowed) {
             callback(null, true);
@@ -1366,7 +1470,7 @@ const logger$1 = logger$2.log;
  * Uses Symbol marker to survive prototype chain modifications from Express and dd-trace.
  */
 function isLambdaMockResponse(res) {
-    return res[JAYPIE_LAMBDA_MOCK] === true;
+    return (res[JAYPIE_LAMBDA_MOCK] === true);
 }
 /**
  * Safely send a JSON response, avoiding dd-trace interception.