fastify 3.21.0 → 3.21.1

package/README.md

@@ -28,6 +28,19 @@ Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yello
 An efficient server implies a lower cost of the infrastructure, a better responsiveness under load and happy users.
 How can you efficiently handle the resources of your server, knowing that you are serving the highest number of requests as possible, without sacrificing security validations and handy development?
 
+ - [Quick start](./README.md#quick-start)
+ - [Install](./README.md#install)
+ - [Example](./README.md#example)
+ - [Fastify v1.x and v2.x](./README.md#fastify-v1x-and-v2x)
+ - [Core features](./README.md#core-features)
+ - [Benchmarks](./README.md#benchmarks)
+ - [Documentation](./README.md#documentation)
+ - [Ecosystem](./README.md#ecosystem)
+ - [Support](./README.md#support)
+ - [Team](./README.md#team)
+ - [Hosted by](./README.md#hosted-by)
+ - [License](./README.md#license)
+
 Enter Fastify. Fastify is a web framework highly focused on providing the best developer experience with the least overhead and a powerful plugin architecture. It is inspired by Hapi and Express and as far as we know, it is one of the fastest web frameworks in town.
 
 ### Quick start

package/docs/Ecosystem.md

@@ -47,7 +47,7 @@ Plugins maintained by the Fastify team are listed under [Core](#core) while plug
 - [`@fastify/session`](https://github.com/fastify/session) a session plugin for Fastify.
 - [`fastify-static`](https://github.com/fastify/fastify-static) Plugin for serving static files as fast as possible.
 - [`fastify-swagger`](https://github.com/fastify/fastify-swagger) Plugin for serving Swagger/OpenAPI documentation for Fastify, supporting dynamic generation.
-- [`fastify-websocket`](https://github.com/fastify/fastify-websocket) WebSocket support for Fastify. Built upon [websocket-stream](https://github.com/maxogden/websocket-stream).
+- [`fastify-websocket`](https://github.com/fastify/fastify-websocket) WebSocket support for Fastify. Built upon [ws](https://github.com/websockets/ws).
 - [`fastify-url-data`](https://github.com/fastify/fastify-url-data) Decorate the `Request` object with a method to access raw URL components.
 - [`point-of-view`](https://github.com/fastify/point-of-view) Templates rendering (_ejs, pug, handlebars, marko_) plugin support for Fastify.
 - [`under-pressure`](https://github.com/fastify/under-pressure) Measure process load with automatic handling of _"Service Unavailable"_ plugin for Fastify.

package/docs/Recommendations.md

@@ -39,7 +39,9 @@ For a concrete example, consider the situation where:
 
 There are many reverse proxy solutions available, and your environment may
 dictate the solution to use, e.g. AWS or GCP. Given the above, we could use
-[HAProxy][haproxy] to solve these requirements:
+[HAProxy][haproxy] or [Nginx][nginx] to solve these requirements:
+
+### HAProxy
 
 ```conf
 # The global section defines base HAProxy (engine) instance configuration.
@@ -161,6 +163,83 @@ backend static-backend
 [why-use]: https://web.archive.org/web/20190821102906/https://medium.com/intrinsic/why-should-i-use-a-reverse-proxy-if-node-js-is-production-ready-5a079408b2ca
 [haproxy]: https://www.haproxy.org/
 
+### Nginx
+
+```nginx
+upstream fastify_app {
+  # more info: http://nginx.org/en/docs/http/ngx_http_upstream_module.html
+  server 10.10.11.1:80;
+  server 10.10.11.2:80;
+  server 10.10.11.3:80 backup;
+}
+
+server {
+  # default server
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  
+  # specify host
+  # listen 80;
+  # listen [::]:80;
+  # server_name example.tld;
+
+  location / {
+    return 301 https://$host$request_uri;
+  }
+}
+
+server {
+  # default server
+  listen 443 ssl http2 default_server;
+  listen [::]:443 ssl http2 default_server;
+  
+  # specify host
+  # listen 443 ssl http2;
+  # listen [::]:443 ssl http2;
+  # server_name example.tld;
+
+  # public private keys
+  ssl_certificate /path/to/fullchain.pem;
+  ssl_certificate_key /path/to/private.pem;
+  ssl_trusted_certificate /path/to/chain.pem;
+
+  # use https://ssl-config.mozilla.org/ for best practice configuration
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:FastifyApp:10m;
+  ssl_session_tickets off;
+  
+  # modern configuration
+  ssl_protocols TLSv1.3;
+  ssl_prefer_server_ciphers off;
+  
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+  add_header Strict-Transport-Security "max-age=63072000" always;
+  
+  # OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  # custom resolver
+  # resolver 127.0.0.1;
+      
+  location / {
+    # more info: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+    proxy_http_version 1.1;
+    proxy_cache_bypass $http_upgrade;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    proxy_pass http://fastify_app:3000;
+  }
+}
+```
+
+[nginx]: http://nginx.org/
+
 ## Kubernetes
 <a id="kubernetes"></a>
 

package/docs/Server.md

@@ -8,6 +8,38 @@ The Fastify module exports a factory function that is used to create new
 an options object which is used to customize the resulting instance. This
 document describes the properties available in that options object.
 
+- [http2](./Server.md#http2)
+- [https](./Server.md#https)
+- [connectionTimeout](./Server.md#connectiontimeout)
+- [keepAliveTimeout](./Server.md#keepalivetimeout)
+- [ignoreTrailingSlash](./Server.md#ignoretrailingslash)
+- [maxParamLength](./Server.md#maxparamlength)
+- [onProtoPoisoning](./Server.md#onprotopoisoning)
+- [onConstructorPoisoning](./Server.md#onconstructorpoisoning)
+- [logger](./Server.md#logger)
+- [serverFactory](./Server.md#serverfactory)
+- [jsonShorthand](./Server.md#jsonshorthand)
+- [caseSensitive](./Server.md#casesensitive)
+- [requestIdHeader](./Server.md#requestidheader)
+- [requestIdLogLabel](./Server.md#requestidloglabel)
+- [genReqId](./Server.md#genreqid)
+- [trustProxy](./Server.md#trustProxy)
+- [pluginTimeout](./Server.md#plugintimeout)
+- [querystringParser](./Server.md#querystringParser)
+- [exposeHeadRoutes](./Server.md#exposeheadroutes)
+- [constraints](./Server.md#constraints)
+- [return503OnClosing](./Server.md#return503onclosing)
+- [ajv](./Server.md#ajv)
+- [serializerOpts](./Server.md#serializeropts)
+- [http2SessionTimeout](./Server.md#http2sessiontimeout)
+- [frameworkErrors](./Server.md#frameworkerrors)
+- [clientErrorHandler](./Server.md#clienterrorhandler)
+- [rewriteUrl](./Server.md#rewriteurl)
+- [Instance](./Server.md#instance)
+- [Server Methods](./Server.md#server-methods)
+- [initialConfig](./Server.md#initialConfig)
+
+
 <a name="factory-http2"></a>
 ### `http2`
 

package/docs/Validation-and-Serialization.md

@@ -255,6 +255,46 @@ curl -X GET "http://localhost:3000/?ids=1
 {"params":{"hello":["1"]}}
 ```
 
+You can also specify a custom schema validator for each parameter type (body, querystring, params, headers).
+
+For example, the following code disable type cohercion only for the `body` parameters, changing the ajv default options:
+
+```js
+const schemaCompilers = {
+  body: new Ajv({
+    removeAdditional: false,
+    coerceTypes: false,
+    allErrors: true
+  }),
+  params: new Ajv({
+    removeAdditional: false,
+    coerceTypes: true,
+    allErrors: true
+  }),
+  querystring: new Ajv({
+    removeAdditional: false,
+    coerceTypes: true,
+    allErrors: true
+  }),
+  headers: new Ajv({
+    removeAdditional: false,
+    coerceTypes: true,
+    allErrors: true
+  })
+}
+
+server.setValidatorCompiler(req => {
+    if (!req.httpPart) {
+      throw new Error('Missing httpPart')
+    }
+    const compiler = schemaCompilers[req.httpPart]
+    if (!compiler) {
+      throw new Error(`Missing compiler for ${req.httpPart}`)
+    }
+    return compiler.compile(req.schema)
+})
+```
+
 For further information see [here](https://ajv.js.org/coercion.html)
 
 <a name="ajv-plugins"></a>

package/lib/reply.js

@@ -573,12 +573,17 @@ function handleError (reply, error, cb) {
         message: { value: error.message || '' },
         statusCode: { value: statusCode }
       }))
+
+    if (serializerFn !== false && typeof payload !== 'string') {
+      throw new FST_ERR_REP_INVALID_PAYLOAD_TYPE(typeof payload)
+    }
   } catch (err) {
     // error is always FST_ERR_SCH_SERIALIZATION_BUILD because this is called from route/compileSchemasForSerialization
     reply.log.error({ err, statusCode: res.statusCode }, 'The serializer for the given status code failed')
     res.statusCode = 500
     payload = serializeError({
       error: statusCodes['500'],
+      code: err.code,
       message: err.message,
       statusCode: 500
     })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify",
-  "version": "3.21.0",
+  "version": "3.21.1",
   "description": "Fast and low overhead web framework, for Node.js",
   "main": "fastify.js",
   "type": "commonjs",

package/test/schema-serialization.test.js

@@ -322,6 +322,47 @@ test('Custom setSerializerCompiler', t => {
   })
 })
 
+test('Custom setSerializerCompiler returns bad serialized output', t => {
+  t.plan(4)
+  const fastify = Fastify()
+
+  const outSchema = {
+    $id: 'test',
+    type: 'object',
+    whatever: 'need to be parsed by the custom serializer'
+  }
+
+  fastify.setSerializerCompiler(({ schema, method, url, httpStatus }) => {
+    return data => {
+      t.pass('returning an invalid serialization')
+      return { not: 'a string' }
+    }
+  })
+
+  fastify.get('/:id', {
+    handler (req, reply) { throw new Error('ops') },
+    schema: {
+      response: {
+        500: outSchema
+      }
+    }
+  })
+
+  fastify.inject({
+    method: 'GET',
+    url: '/123'
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 500)
+    t.strictSame(res.json(), {
+      error: 'Internal Server Error',
+      code: 'FST_ERR_REP_INVALID_PAYLOAD_TYPE',
+      message: 'Attempted to send payload of invalid type \'object\'. Expected a string or Buffer.',
+      statusCode: 500
+    })
+  })
+})
+
 test('Custom serializer per route', async t => {
   const fastify = Fastify()
 

package/test/schema-validation.test.js

@@ -5,6 +5,32 @@ const Fastify = require('..')
 
 const AJV = require('ajv')
 
+const customSchemaCompilers = {
+  body: new AJV({
+    coerceTypes: false
+  }),
+  params: new AJV({
+    coerceTypes: true
+  }),
+  querystring: new AJV({
+    coerceTypes: true
+  })
+}
+
+const customValidatorCompiler = req => {
+  if (!req.httpPart) {
+    throw new Error('Missing httpPart')
+  }
+
+  const compiler = customSchemaCompilers[req.httpPart]
+
+  if (!compiler) {
+    throw new Error(`Missing compiler for ${req.httpPart}`)
+  }
+
+  return compiler.compile(req.schema)
+}
+
 const schemaA = {
   $id: 'urn:schema:foo',
   type: 'object',
@@ -846,3 +872,77 @@ test('Custom AJV settings - pt2', t => {
     t.equal(res.statusCode, 400)
   })
 })
+
+test('Custom AJV settings on different parameters - pt1', t => {
+  t.plan(2)
+  const fastify = Fastify()
+
+  fastify.setValidatorCompiler(customValidatorCompiler)
+
+  fastify.post('/api/:id', {
+    schema: {
+      querystring: { id: { type: 'integer' } },
+      body: {
+        type: 'object',
+        properties: {
+          num: { type: 'number' }
+        },
+        required: ['num']
+      }
+    },
+    handler: (req, reply) => {
+      t.fail('the handler is not called because the "12" is not coerced to number')
+    }
+  })
+
+  fastify.inject({
+    method: 'POST',
+    url: '/api/42',
+    payload: {
+      num: '12'
+    }
+  }, (err, res) => {
+    t.error(err)
+    t.equal(res.statusCode, 400)
+  })
+})
+
+test('Custom AJV settings on different parameters - pt2', t => {
+  t.plan(4)
+  const fastify = Fastify()
+
+  fastify.setValidatorCompiler(customValidatorCompiler)
+
+  fastify.post('/api/:id', {
+    schema: {
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'number' }
+        },
+        required: ['id']
+      },
+      body: {
+        type: 'object',
+        properties: {
+          num: { type: 'number' }
+        },
+        required: ['num']
+      }
+    },
+    handler: (req, reply) => {
+      t.same(typeof req.params.id, 'number')
+      t.same(typeof req.body.num, 'number')
+      t.same(req.params.id, 42)
+      t.same(req.body.num, 12)
+    }
+  })
+
+  fastify.inject({
+    method: 'POST',
+    url: '/api/42',
+    payload: {
+      num: 12
+    }
+  })
+})

package/test/types/instance.test-d.ts

@@ -42,9 +42,15 @@ expectAssignable<FastifyInstance>(
 function fastifyErrorHandler (this: FastifyInstance, error: FastifyError) {}
 server.setErrorHandler(fastifyErrorHandler)
 
+async function asyncFastifyErrorHandler (this: FastifyInstance, error: FastifyError) {}
+server.setErrorHandler(asyncFastifyErrorHandler)
+
 function nodeJSErrorHandler (error: NodeJS.ErrnoException) {}
 server.setErrorHandler(nodeJSErrorHandler)
 
+function asyncNodeJSErrorHandler (error: NodeJS.ErrnoException) {}
+server.setErrorHandler(asyncNodeJSErrorHandler)
+
 function notFoundHandler (request: FastifyRequest, reply: FastifyReply) {}
 function notFoundpreHandlerHandler (request: FastifyRequest, reply: FastifyReply, done: HookHandlerDoneFunction) { done() }
 async function notFoundpreHandlerAsyncHandler (request: FastifyRequest, reply: FastifyReply) {}

package/test/types/plugin.test-d.ts

@@ -48,8 +48,8 @@ expectType<FastifyInstance<https.Server, http.IncomingMessage, http.ServerRespon
 httpsServer
   .register(testPluginOpts)
   .after((_error) => { })
-  .close(() => { })
   .ready((_error) => { })
+  .close(() => { })
 
 // Thenable
 expectAssignable<PromiseLike<undefined>>(httpsServer.after())

package/types/.eslintrc.json

@@ -35,7 +35,8 @@
         "@typescript-eslint/no-empty-function": "off",
         "@typescript-eslint/explicit-function-return-type": "off",
         "@typescript-eslint/no-unused-vars": "off",
-        "@typescript-eslint/no-non-null-assertion": "off"
+        "@typescript-eslint/no-non-null-assertion": "off",
+        "@typescript-eslint/no-misused-promises": ["error"]
       },
       "globals": {
         "NodeJS": "readonly"

package/types/instance.d.ts

@@ -37,8 +37,8 @@ export interface FastifyInstance<
   after(): FastifyInstance<RawServer, RawRequest, RawReply, Logger> & PromiseLike<undefined>;
   after(afterListener: (err: Error) => void): FastifyInstance<RawServer, RawRequest, RawReply, Logger>;
 
-  close(): FastifyInstance<RawServer, RawRequest, RawReply, Logger> & PromiseLike<undefined>;
-  close(closeListener: () => void): FastifyInstance<RawServer, RawRequest, RawReply, Logger>;
+  close(): Promise<undefined>;
+  close(closeListener: () => void): undefined;
 
   // should be able to define something useful with the decorator getter/setter pattern using Generics to enforce the users function returns what they expect it to
   decorate<T>(property: string | symbol,
@@ -357,7 +357,7 @@ export interface FastifyInstance<
    * Set a function that will be called whenever an error happens
    */
   setErrorHandler<TError extends Error = FastifyError, RouteGeneric extends RouteGenericInterface = RouteGenericInterface>(
-    handler: (this: FastifyInstance<RawServer, RawRequest, RawReply, Logger>, error: TError, request: FastifyRequest<RouteGeneric, RawServer, RawRequest>, reply: FastifyReply<RawServer, RawRequest, RawReply, RouteGeneric>) => void
+    handler: (this: FastifyInstance<RawServer, RawRequest, RawReply, Logger>, error: TError, request: FastifyRequest<RouteGeneric, RawServer, RawRequest>, reply: FastifyReply<RawServer, RawRequest, RawReply, RouteGeneric>) => void | Promise<void>
   ): FastifyInstance<RawServer, RawRequest, RawReply, Logger>;
 
   /**