@zero-server/body 0.9.1 → 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/LICENSE +21 -21
  2. package/index.d.ts +1 -1
  3. package/index.js +6 -6
  4. package/lib/body/index.js +14 -0
  5. package/lib/body/json.js +109 -0
  6. package/lib/body/multipart.js +440 -0
  7. package/lib/body/raw.js +71 -0
  8. package/lib/body/rawBuffer.js +161 -0
  9. package/lib/body/sendError.js +25 -0
  10. package/lib/body/text.js +75 -0
  11. package/lib/body/typeMatch.js +42 -0
  12. package/lib/body/urlencoded.js +235 -0
  13. package/package.json +10 -3
  14. package/types/app.d.ts +223 -0
  15. package/types/auth.d.ts +520 -0
  16. package/types/body.d.ts +14 -0
  17. package/types/cli.d.ts +2 -0
  18. package/types/cluster.d.ts +75 -0
  19. package/types/env.d.ts +80 -0
  20. package/types/errors.d.ts +316 -0
  21. package/types/fetch.d.ts +43 -0
  22. package/types/grpc.d.ts +432 -0
  23. package/types/index.d.ts +384 -0
  24. package/types/lifecycle.d.ts +60 -0
  25. package/types/middleware.d.ts +320 -0
  26. package/types/observe.d.ts +304 -0
  27. package/types/orm.d.ts +1887 -0
  28. package/types/request.d.ts +109 -0
  29. package/types/response.d.ts +157 -0
  30. package/types/router.d.ts +78 -0
  31. package/types/sse.d.ts +78 -0
  32. package/types/websocket.d.ts +126 -0
package/lib/body/raw.js ADDED
@@ -0,0 +1,71 @@
1
+ /**
2
+ * @module body/raw
3
+ * @description Raw-buffer body-parsing middleware.
4
+ * Stores the full request body as a Buffer on `req.body`.
5
+ * Also sets `req.rawBody` for signature verification workflows.
6
+ */
7
+ const rawBuffer = require('./rawBuffer');
8
+ const isTypeMatch = require('./typeMatch');
9
+ const sendError = require('./sendError');
10
+
11
+ /**
12
+ * Create a raw-buffer body-parsing middleware.
13
+ *
14
+ * @param {object} [options] - Configuration options.
15
+ * @param {string|number} [options.limit] - Max body size. Default `'1mb'`.
16
+ * @param {string|string[]|Function} [options.type='application/octet-stream'] - Content-Type(s) to match.
17
+ * @param {boolean} [options.requireSecure=false] - When true, reject non-HTTPS requests with 403.
18
+ * @param {Function} [options.verify] - `verify(req, res, buf)` — called before setting body. Throw to reject with 403.
19
+ * @param {boolean} [options.inflate=true] - Decompress gzip/deflate/br bodies. When false, compressed bodies return 415.
20
+ * @returns {Function} Async middleware `(req, res, next) => void`.
21
+ *
22
+ * @example
23
+ * const { raw } = require('@zero-server/sdk');
24
+ *
25
+ * app.use(raw({ type: 'application/octet-stream', limit: '5mb' }));
26
+ *
27
+ * app.post('/upload', (req, res) => {
28
+ * console.log(req.body); // Buffer
29
+ * res.send('received ' + req.body.length + ' bytes');
30
+ * });
31
+ */
32
+ function raw(options = {})
33
+ {
34
+ const opts = options || {};
35
+ const limit = opts.limit !== undefined ? opts.limit : '1mb';
36
+ const typeOpt = opts.type || 'application/octet-stream';
37
+ const requireSecure = !!opts.requireSecure;
38
+ const verify = opts.verify;
39
+ const inflate = opts.inflate !== undefined ? opts.inflate : true;
40
+
41
+ return async (req, res, next) =>
42
+ {
43
+ if (requireSecure && !req.secure) return sendError(res, 403, 'HTTPS required');
44
+ const ct = (req.headers['content-type'] || '');
45
+ if (!isTypeMatch(ct, typeOpt)) return next();
46
+ try
47
+ {
48
+ const buf = await rawBuffer(req, { limit, inflate });
49
+
50
+ // Store raw body for signature verification
51
+ req.rawBody = buf;
52
+
53
+ // Optional verification callback
54
+ if (verify)
55
+ {
56
+ try { verify(req, res, buf); }
57
+ catch (e) { return sendError(res, 403, e.message || 'verification failed'); }
58
+ }
59
+
60
+ req.body = buf;
61
+ } catch (err)
62
+ {
63
+ if (err && err.status === 413) return sendError(res, 413, 'payload too large');
64
+ if (err && err.status === 415) return sendError(res, 415, err.message || 'unsupported encoding');
65
+ req.body = Buffer.alloc(0);
66
+ }
67
+ next();
68
+ };
69
+ }
70
+
71
+ module.exports = raw;
package/lib/body/rawBuffer.js ADDED
@@ -0,0 +1,161 @@
1
+ /**
2
+ * @module body/rawBuffer
3
+ * @description Low-level helper that collects the raw request body into a
4
+ * single Buffer, enforcing an optional byte-size limit.
5
+ * Supports Content-Encoding decompression (gzip, deflate, br)
6
+ * and Content-Length pre-checking for early rejection.
7
+ */
8
+ const zlib = require('zlib');
9
+
10
+ /**
11
+ * Parse a human-readable size string (e.g. `'10kb'`, `'2mb'`) into bytes.
12
+ *
13
+ * @private
14
+ * @param {string|number|null} limit - Size limit value.
15
+ * @returns {number|null} Byte limit, or `null` for unlimited.
16
+ */
17
+ function parseLimit(limit)
18
+ {
19
+ if (!limit && limit !== 0) return null;
20
+ if (typeof limit === 'number') return limit;
21
+ if (typeof limit === 'string')
22
+ {
23
+ const v = limit.trim().toLowerCase();
24
+ const num = Number(v.replace(/[^0-9.]/g, ''));
25
+ if (v.endsWith('kb')) return Math.floor(num * 1024);
26
+ if (v.endsWith('mb')) return Math.floor(num * 1024 * 1024);
27
+ if (v.endsWith('gb')) return Math.floor(num * 1024 * 1024 * 1024);
28
+ return Math.floor(num);
29
+ }
30
+ return null;
31
+ }
32
+
33
+ /**
34
+ * Extract and normalise the charset from a Content-Type header value
35
+ * into a Node.js-compatible `BufferEncoding` name.
36
+ *
37
+ * @param {string} contentType - Full Content-Type header value.
38
+ * @returns {string|null} Normalised encoding or `null` when not specified.
39
+ */
40
+ function charsetFromContentType(contentType)
41
+ {
42
+ if (!contentType) return null;
43
+ const m = contentType.match(/charset=["']?([^\s;"']+)/i);
44
+ if (!m) return null;
45
+ const raw = m[1].toLowerCase().replace(/[^a-z0-9]/g, '');
46
+ if (raw === 'utf8') return 'utf8';
47
+ if (raw === 'utf16le' || raw === 'utf16' || raw === 'ucs2') return 'utf16le';
48
+ if (raw === 'latin1' || raw === 'iso88591') return 'latin1';
49
+ if (raw === 'ascii' || raw === 'usascii') return 'ascii';
50
+ return 'utf8'; // safe fallback for unknown charsets
51
+ }
52
+
53
+ /**
54
+ * Collect the raw request body into a Buffer.
55
+ *
56
+ * - Rejects with `{ status: 413 }` when `opts.limit` is exceeded.
57
+ * - Rejects with `{ status: 415 }` for unsupported Content-Encoding or
58
+ * when `opts.inflate` is `false` and the body is compressed.
59
+ * - Automatically decompresses gzip / deflate / br when `opts.inflate`
60
+ * is `true` (the default).
61
+ *
62
+ * @param {import('../http/request')} req - Wrapped request (`.raw` stream, `.headers`).
63
+ * @param {object} [opts] - Configuration options.
64
+ * @param {string|number|null} [opts.limit] - Max body size (post-decompression).
65
+ * @param {boolean} [opts.inflate=true] - Decompress gzip/deflate/br bodies.
66
+ * @returns {Promise<Buffer>} Resolved with the full body buffer.
67
+ */
68
+ function rawBuffer(req, opts = {})
69
+ {
70
+ const limit = parseLimit(opts.limit);
71
+ const inflate = opts.inflate !== false;
72
+
73
+ return new Promise((resolve, reject) =>
74
+ {
75
+ const headers = req.headers || (req.raw && req.raw.headers) || {};
76
+
77
+ // Content-Encoding handling
78
+ const encoding = (headers['content-encoding'] || '').toLowerCase().trim();
79
+ const isCompressed = encoding && encoding !== 'identity';
80
+
81
+ // Content-Length pre-check (skip for compressed bodies — CL is the compressed size)
82
+ if (!isCompressed)
83
+ {
84
+ const cl = parseInt(headers['content-length'], 10);
85
+ if (limit && cl && cl > limit)
86
+ {
87
+ const err = new Error('payload too large');
88
+ err.status = 413;
89
+ return reject(err);
90
+ }
91
+ }
92
+
93
+ // Select stream source (possibly a decompression transform)
94
+ let stream = req.raw;
95
+ if (isCompressed)
96
+ {
97
+ if (!inflate)
98
+ {
99
+ const err = new Error('compressed bodies not accepted');
100
+ err.status = 415;
101
+ return reject(err);
102
+ }
103
+ if (encoding === 'gzip' || encoding === 'x-gzip')
104
+ {
105
+ stream = req.raw.pipe(zlib.createGunzip());
106
+ }
107
+ else if (encoding === 'deflate')
108
+ {
109
+ stream = req.raw.pipe(zlib.createInflate());
110
+ }
111
+ else if (encoding === 'br')
112
+ {
113
+ stream = req.raw.pipe(zlib.createBrotliDecompress());
114
+ }
115
+ else
116
+ {
117
+ const err = new Error('unsupported Content-Encoding: ' + encoding);
118
+ err.status = 415;
119
+ return reject(err);
120
+ }
121
+ }
122
+
123
+ const chunks = [];
124
+ let total = 0;
125
+
126
+ function cleanup()
127
+ {
128
+ stream.removeListener('data', onData);
129
+ stream.removeListener('end', onEnd);
130
+ stream.removeListener('error', onError);
131
+ }
132
+ function onData(c)
133
+ {
134
+ total += c.length;
135
+ if (limit && total > limit)
136
+ {
137
+ cleanup();
138
+ const err = new Error('payload too large');
139
+ err.status = 413;
140
+ return reject(err);
141
+ }
142
+ chunks.push(c);
143
+ }
144
+ function onEnd()
145
+ {
146
+ cleanup();
147
+ resolve(Buffer.concat(chunks));
148
+ }
149
+ function onError(e)
150
+ {
151
+ cleanup();
152
+ reject(e);
153
+ }
154
+ stream.on('data', onData);
155
+ stream.on('end', onEnd);
156
+ stream.on('error', onError);
157
+ });
158
+ }
159
+
160
+ module.exports = rawBuffer;
161
+ module.exports.charsetFromContentType = charsetFromContentType;
package/lib/body/sendError.js ADDED
@@ -0,0 +1,25 @@
1
+ /**
2
+ * @module body/sendError
3
+ * @private
4
+ * @description Shared helper for sending HTTP error responses from body parsers.
5
+ * Centralizes the pattern used across all parsers so changes only happen in one place.
6
+ */
7
+
8
+ /**
9
+ * Send an HTTP error response.
10
+ *
11
+ * @private
12
+ * @param {object} res - The response wrapper (or raw response).
13
+ * @param {number} status - HTTP status code.
14
+ * @param {string} message - Error message string for the JSON body.
15
+ */
16
+ function sendError(res, status, message)
17
+ {
18
+ const raw = res.raw || res;
19
+ if (raw.headersSent) return;
20
+ raw.statusCode = status;
21
+ raw.setHeader('Content-Type', 'application/json');
22
+ raw.end(JSON.stringify({ error: message }));
23
+ }
24
+
25
+ module.exports = sendError;
package/lib/body/text.js ADDED
@@ -0,0 +1,75 @@
1
+ /**
2
+ * @module body/text
3
+ * @description Plain-text body-parsing middleware.
4
+ * Reads the request body as a string and sets `req.body`.
5
+ * Stores the raw buffer on `req.rawBody` for signature verification.
6
+ */
7
+ const rawBuffer = require('./rawBuffer');
8
+ const { charsetFromContentType } = require('./rawBuffer');
9
+ const isTypeMatch = require('./typeMatch');
10
+ const sendError = require('./sendError');
11
+
12
+ /**
13
+ * Create a plain-text body-parsing middleware.
14
+ *
15
+ * @param {object} [options] - Configuration options.
16
+ * @param {string|number} [options.limit] - Max body size. Default `'1mb'`.
17
+ * @param {string} [options.encoding='utf8'] - Fallback character encoding when Content-Type has no charset.
18
+ * @param {string|string[]|Function} [options.type='text/*'] - Content-Type(s) to match.
19
+ * @param {boolean} [options.requireSecure=false] - When true, reject non-HTTPS requests with 403.
20
+ * @param {Function} [options.verify] - `verify(req, res, buf, encoding)` — called before decoding. Throw to reject with 403.
21
+ * @param {boolean} [options.inflate=true] - Decompress gzip/deflate/br bodies. When false, compressed bodies return 415.
22
+ * @returns {Function} Async middleware `(req, res, next) => void`.
23
+ *
24
+ * @example
25
+ * const { text } = require('@zero-server/sdk');
26
+ *
27
+ * app.use(text({ type: 'text/plain', limit: '256kb' }));
28
+ *
29
+ * app.post('/log', (req, res) => {
30
+ * console.log(req.body); // raw string
31
+ * res.send('ok');
32
+ * });
33
+ */
34
+ function text(options = {})
35
+ {
36
+ const opts = options || {};
37
+ const limit = opts.limit !== undefined ? opts.limit : '1mb';
38
+ const defaultEncoding = opts.encoding || 'utf8';
39
+ const typeOpt = opts.type || 'text/*';
40
+ const requireSecure = !!opts.requireSecure;
41
+ const verify = opts.verify;
42
+ const inflate = opts.inflate !== undefined ? opts.inflate : true;
43
+
44
+ return async (req, res, next) =>
45
+ {
46
+ if (requireSecure && !req.secure) return sendError(res, 403, 'HTTPS required');
47
+ const ct = (req.headers['content-type'] || '');
48
+ if (!isTypeMatch(ct, typeOpt)) return next();
49
+ try
50
+ {
51
+ const buf = await rawBuffer(req, { limit, inflate });
52
+ const encoding = charsetFromContentType(ct) || defaultEncoding;
53
+
54
+ // Store raw body for signature verification
55
+ req.rawBody = buf;
56
+
57
+ // Optional verification callback
58
+ if (verify)
59
+ {
60
+ try { verify(req, res, buf, encoding); }
61
+ catch (e) { return sendError(res, 403, e.message || 'verification failed'); }
62
+ }
63
+
64
+ req.body = buf.toString(encoding);
65
+ } catch (err)
66
+ {
67
+ if (err && err.status === 413) return sendError(res, 413, 'payload too large');
68
+ if (err && err.status === 415) return sendError(res, 415, err.message || 'unsupported encoding');
69
+ req.body = '';
70
+ }
71
+ next();
72
+ };
73
+ }
74
+
75
+ module.exports = text;
package/lib/body/typeMatch.js ADDED
@@ -0,0 +1,42 @@
1
+ /**
2
+ * @module body/typeMatch
3
+ * @private
4
+ * @description Shared Content-Type matching utility for body parsers.
5
+ */
6
+
7
+ /**
8
+ * Check whether a Content-Type header matches the configured type filter.
9
+ *
10
+ * @private
11
+ * @param {string} contentType - The request Content-Type header value.
12
+ * @param {string|string[]|function} typeOpt - MIME pattern to match against (e.g. 'application/json', 'text/*', '*\/*'),
13
+ * an array of patterns, or a custom predicate `(ct) => boolean`.
14
+ * @returns {boolean} Boolean result.
15
+ */
16
+ function isTypeMatch(contentType, typeOpt)
17
+ {
18
+ if (!typeOpt) return true;
19
+ if (typeof typeOpt === 'function') return !!typeOpt(contentType);
20
+ if (Array.isArray(typeOpt)) return typeOpt.some(t => isTypeMatch(contentType, t));
21
+ if (!contentType) return false;
22
+ if (typeOpt === '*/*') return true;
23
+ // Strip charset/parameters from content-type for proper matching
24
+ const semiIdx = contentType.indexOf(';');
25
+ const baseType = semiIdx !== -1 ? contentType.substring(0, semiIdx).trim() : contentType;
26
+ if (typeOpt.endsWith('/*'))
27
+ {
28
+ return baseType.startsWith(typeOpt.slice(0, -1));
29
+ }
30
+ // Suffix pattern: application/*+json matches application/vnd.api+json
31
+ const starIdx = typeOpt.indexOf('/*+');
32
+ if (starIdx !== -1)
33
+ {
34
+ const prefix = typeOpt.slice(0, starIdx + 1); // 'application/'
35
+ const suffix = typeOpt.slice(starIdx + 2); // '+json'
36
+ return baseType.startsWith(prefix) && baseType.endsWith(suffix);
37
+ }
38
+ // Exact or substring match against the base type only
39
+ return baseType.indexOf(typeOpt) !== -1;
40
+ }
41
+
42
+ module.exports = isTypeMatch;
package/lib/body/urlencoded.js ADDED
@@ -0,0 +1,235 @@
1
+ /**
2
+ * @module body/urlencoded
3
+ * @description URL-encoded body-parsing middleware.
4
+ * Supports both flat (`URLSearchParams`) and extended
5
+ * (nested bracket syntax) parsing modes.
6
+ * Stores the raw buffer on `req.rawBody` for signature verification.
7
+ */
8
+ const rawBuffer = require('./rawBuffer');
9
+ const isTypeMatch = require('./typeMatch');
10
+ const sendError = require('./sendError');
11
+
12
+ /**
13
+ * Append a value to an existing key, converting to an array when needed.
14
+ *
15
+ * @private
16
+ * @param {*} prev - Previous value for the key (or `undefined`).
17
+ * @param {string} val - New value to append.
18
+ * @returns {string|string[]} Merged value.
19
+ */
20
+ function appendValue(prev, val)
21
+ {
22
+ if (prev === undefined) return val;
23
+ if (Array.isArray(prev)) { prev.push(val); return prev; }
24
+ // convert existing scalar or object into array to hold multiple values
25
+ return [prev, val];
26
+ }
27
+
28
+ /**
29
+ * Create a URL-encoded body-parsing middleware.
30
+ *
31
+ * @param {object} [options] - Configuration options.
32
+ * @param {string|number} [options.limit] - Max body size (e.g. `'10kb'`). Default `'1mb'`.
33
+ * @param {string|string[]|Function} [options.type='application/x-www-form-urlencoded'] - Content-Type(s) to match.
34
+ * @param {boolean} [options.extended=false] - Use nested bracket parsing (e.g. `a[b][c]=1`).
35
+ * @param {boolean} [options.requireSecure=false] - When true, reject non-HTTPS requests with 403.
36
+ * @param {number} [options.parameterLimit=1000] - Max number of parameters. Prevents DoS via huge payloads.
37
+ * @param {number} [options.depth=32] - Max nesting depth for bracket syntax. Prevents deep-nesting DoS.
38
+ * @param {Function} [options.verify] - `verify(req, res, buf, encoding)` — called before parsing. Throw to reject with 403.
39
+ * @param {boolean} [options.inflate=true] - Decompress gzip/deflate/br bodies.
40
+ * @returns {Function} Async middleware `(req, res, next) => void`.
41
+ *
42
+ * @example
43
+ * const { urlencoded } = require('@zero-server/sdk');
44
+ *
45
+ * // Flat parsing (default)
46
+ * app.use(urlencoded({ limit: '100kb' }));
47
+ *
48
+ * // Nested bracket syntax
49
+ * app.use(urlencoded({ extended: true }));
50
+ *
51
+ * app.post('/form', (req, res) => {
52
+ * console.log(req.body); // { name: 'Tony', age: '30' }
53
+ * res.json(req.body);
54
+ * });
55
+ */
56
+ function urlencoded(options = {})
57
+ {
58
+ const opts = options || {};
59
+ const limit = opts.limit !== undefined ? opts.limit : '1mb';
60
+ const typeOpt = opts.type || 'application/x-www-form-urlencoded';
61
+ const extended = !!opts.extended;
62
+ const requireSecure = !!opts.requireSecure;
63
+ const parameterLimit = opts.parameterLimit !== undefined ? opts.parameterLimit : 1000;
64
+ const maxDepth = opts.depth !== undefined ? opts.depth : 32;
65
+ const verify = opts.verify;
66
+ const inflate = opts.inflate !== undefined ? opts.inflate : true;
67
+
68
+ return async (req, res, next) =>
69
+ {
70
+ if (requireSecure && !req.secure) return sendError(res, 403, 'HTTPS required');
71
+ const ct = (req.headers['content-type'] || '');
72
+ if (!isTypeMatch(ct, typeOpt)) return next();
73
+ try
74
+ {
75
+ const buf = await rawBuffer(req, { limit, inflate });
76
+
77
+ // Store raw body for signature verification
78
+ req.rawBody = buf;
79
+
80
+ // Optional verification callback
81
+ if (verify)
82
+ {
83
+ try { verify(req, res, buf, 'utf8'); }
84
+ catch (e) { return sendError(res, 403, e.message || 'verification failed'); }
85
+ }
86
+
87
+ const txt = buf.toString('utf8');
88
+ if (!extended)
89
+ {
90
+ const params = new URLSearchParams(txt);
91
+ // Enforce parameter limit
92
+ if (parameterLimit)
93
+ {
94
+ let count = 0;
95
+ for (const _ of params) { if (++count > parameterLimit) return sendError(res, 413, 'too many parameters'); }
96
+ }
97
+ req.body = Object.fromEntries(params);
98
+ }
99
+ else
100
+ {
101
+ // extended parsing: support nested bracket syntax like a[b][c]=1 and arrays a[]=1
102
+ const out = {};
103
+ if (txt.trim() === '') { req.body = out; return next(); }
104
+ const pairs = txt.split('&');
105
+ // Enforce parameter limit
106
+ if (parameterLimit && pairs.length > parameterLimit)
107
+ {
108
+ return sendError(res, 413, 'too many parameters');
109
+ }
110
+ for (const p of pairs)
111
+ {
112
+ if (!p) continue;
113
+ const eq = p.indexOf('=');
114
+ let k, v;
115
+ if (eq === -1) { k = decodeURIComponent(p.replace(/\+/g, ' ')); v = ''; }
116
+ else { k = decodeURIComponent(p.slice(0, eq).replace(/\+/g, ' ')); v = decodeURIComponent(p.slice(eq + 1).replace(/\+/g, ' ')); }
117
+ // parse key into parts
118
+ const parts = [];
119
+ const re = /([^\[\]]+)|\[(.*?)\]/g;
120
+ let m;
121
+ while ((m = re.exec(k)) !== null)
122
+ {
123
+ const part = m[1] || m[2];
124
+ // Prevent prototype pollution
125
+ if (part === '__proto__' || part === 'constructor' || part === 'prototype') continue;
126
+ parts.push(part);
127
+ }
128
+
129
+ // Enforce depth limit
130
+ if (maxDepth && parts.length > maxDepth)
131
+ {
132
+ return sendError(res, 400, 'nesting depth exceeded');
133
+ }
134
+
135
+ // set value into out following parts
136
+ // _parent/_parentKey track the container holding `cur` so we can
137
+ // convert it from object → array when the `[]` push syntax is used.
138
+ let cur = out;
139
+ let _parent = null;
140
+ let _parentKey = null;
141
+ for (let i = 0; i < parts.length; i++)
142
+ {
143
+ const part = parts[i];
144
+ const isLast = (i === parts.length - 1);
145
+
146
+ if (part === '')
147
+ {
148
+ // Empty-bracket array-push syntax: a[]=val / a[][key]=val
149
+ if (isLast)
150
+ {
151
+ // Ensure cur is an array before pushing, converting parent ref if needed
152
+ if (!Array.isArray(cur))
153
+ {
154
+ const arr = [];
155
+ if (_parent !== null) _parent[_parentKey] = arr;
156
+ cur = arr;
157
+ }
158
+ cur.push(v);
159
+ break;
160
+ }
161
+ // Intermediate empty bracket — navigate into next element of the array
162
+ if (!Array.isArray(cur))
163
+ {
164
+ const arr = [];
165
+ if (_parent !== null) _parent[_parentKey] = arr;
166
+ cur = arr;
167
+ }
168
+ if (cur.length === 0 || typeof cur[cur.length - 1] !== 'object') cur.push({});
169
+ _parent = cur;
170
+ _parentKey = cur.length - 1;
171
+ cur = cur[cur.length - 1];
172
+ continue;
173
+ }
174
+
175
+ // normal key
176
+ if (isLast)
177
+ {
178
+ if (Array.isArray(cur))
179
+ {
180
+ // numeric key may indicate index
181
+ const idx = Number(part);
182
+ if (!Number.isNaN(idx)) cur[idx] = appendValue(cur[idx], v);
183
+ else cur[part] = appendValue(cur[part], v);
184
+ }
185
+ else
186
+ {
187
+ cur[part] = appendValue(cur[part], v);
188
+ }
189
+ }
190
+ else
191
+ {
192
+ if (Array.isArray(cur))
193
+ {
194
+ const idx = Number(part);
195
+ if (!Number.isNaN(idx))
196
+ {
197
+ if (!cur[idx]) cur[idx] = {};
198
+ _parent = cur;
199
+ _parentKey = idx;
200
+ cur = cur[idx];
201
+ } else
202
+ {
203
+ // Non-numeric key on array — navigate into last pushed object
204
+ if (cur.length === 0) cur.push({});
205
+ if (typeof cur[cur.length - 1] !== 'object') cur.push({});
206
+ const obj = cur[cur.length - 1];
207
+ if (!obj[part]) obj[part] = {};
208
+ _parent = obj;
209
+ _parentKey = part;
210
+ cur = obj[part];
211
+ }
212
+ }
213
+ else
214
+ {
215
+ if (!cur[part]) cur[part] = {};
216
+ _parent = cur;
217
+ _parentKey = part;
218
+ cur = cur[part];
219
+ }
220
+ }
221
+ }
222
+ }
223
+ req.body = out;
224
+ }
225
+ } catch (err)
226
+ {
227
+ if (err && err.status === 413) return sendError(res, 413, 'payload too large');
228
+ if (err && err.status === 415) return sendError(res, 415, err.message || 'unsupported encoding');
229
+ req.body = {};
230
+ }
231
+ next();
232
+ };
233
+ }
234
+
235
+ module.exports = urlencoded;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zero-server/body",
3
- "version": "0.9.1",
3
+ "version": "0.9.3",
4
4
  "description": "json, urlencoded, text, raw, multipart parsers.",
5
5
  "keywords": [
6
6
  "zero-server",
@@ -20,6 +20,8 @@
20
20
  "./package.json": "./package.json"
21
21
  },
22
22
  "files": [
23
+ "lib",
24
+ "types",
23
25
  "index.js",
24
26
  "index.d.ts",
25
27
  "README.md",
@@ -42,7 +44,12 @@
42
44
  "access": "public"
43
45
  },
44
46
  "sideEffects": false,
45
- "dependencies": {
46
- "@zero-server/sdk": "0.9.1"
47
+ "peerDependencies": {
48
+ "@zero-server/sdk": ">=0.9.3"
49
+ },
50
+ "peerDependenciesMeta": {
51
+ "@zero-server/sdk": {
52
+ "optional": true
53
+ }
47
54
  }
48
55
  }