fastify 3.27.2 → 4.0.0-alpha.1

package/test/http2/closing.test.js

@@ -3,7 +3,6 @@
 const t = require('tap')
 const Fastify = require('../..')
 const http2 = require('http2')
-const semver = require('semver')
 const { promisify } = require('util')
 const connect = promisify(http2.connect)
 const { once } = require('events')
@@ -37,8 +36,7 @@ t.test('http/2 request while fastify closing', t => {
     t.error(err)
     fastify.server.unref()
 
-    // Skipped because there is likely a bug on Node 8.
-    t.test('return 200', { skip: semver.lt(process.versions.node, '10.15.0') }, t => {
+    t.test('return 200', t => {
       const url = getUrl(fastify)
       const session = http2.connect(url, function () {
         this.request({
@@ -85,8 +83,7 @@ t.test('http/2 request while fastify closing - return503OnClosing: false', t =>
     t.error(err)
     fastify.server.unref()
 
-    // Skipped because there is likely a bug on Node 8.
-    t.test('return 200', { skip: semver.lt(process.versions.node, '10.15.0') }, t => {
+    t.test('return 200', t => {
       const url = getUrl(fastify)
       const session = http2.connect(url, function () {
         this.request({
@@ -115,8 +112,7 @@ t.test('http/2 request while fastify closing - return503OnClosing: false', t =>
   })
 })
 
-// Skipped because there is likely a bug on Node 8.
-t.test('http/2 closes successfully with async await', { skip: semver.lt(process.versions.node, '10.15.0') }, async t => {
+t.test('http/2 closes successfully with async await', async t => {
   const fastify = Fastify({
     http2SessionTimeout: 100,
     http2: true
@@ -131,8 +127,7 @@ t.test('http/2 closes successfully with async await', { skip: semver.lt(process.
   await fastify.close()
 })
 
-// Skipped because there is likely a bug on Node 8.
-t.test('https/2 closes successfully with async await', { skip: semver.lt(process.versions.node, '10.15.0') }, async t => {
+t.test('https/2 closes successfully with async await', async t => {
   const fastify = Fastify({
     http2SessionTimeout: 100,
     http2: true,
@@ -151,8 +146,7 @@ t.test('https/2 closes successfully with async await', { skip: semver.lt(process
   await fastify.close()
 })
 
-// Skipped because there is likely a bug on Node 8.
-t.test('http/2 server side session emits a timeout event', { skip: semver.lt(process.versions.node, '10.15.0') }, async t => {
+t.test('http/2 server side session emits a timeout event', async t => {
   let _resolve
   const p = new Promise((resolve) => { _resolve = resolve })
 

package/test/http2/unknown-http-method.test.js

@@ -6,15 +6,9 @@ const Fastify = require('../..')
 const h2url = require('h2url')
 const msg = { hello: 'world' }
 
-let fastify
-try {
-  fastify = Fastify({
-    http2: true
-  })
-  t.pass('http2 successfully loaded')
-} catch (e) {
-  t.fail('http2 loading failed', e)
-}
+const fastify = Fastify({
+  http2: true
+})
 
 fastify.get('/', function (req, reply) {
   reply.code(200).send(msg)

package/test/https/custom-https-server.test.js

@@ -5,15 +5,18 @@ const test = t.test
 const Fastify = require('../..')
 const https = require('https')
 const sget = require('simple-get').concat
+const dns = require('dns').promises
 
 const { buildCertificate } = require('../build-certificate')
 t.before(buildCertificate)
 
-test('Should support a custom https server', t => {
-  t.plan(6)
+test('Should support a custom https server', async t => {
+  const localAddresses = await dns.lookup('localhost', { all: true })
+
+  t.plan(localAddresses.length + 3)
 
   const serverFactory = (handler, opts) => {
-    t.ok(opts.serverFactory)
+    t.ok(opts.serverFactory, 'it is called twice for every HOST interface')
 
     const options = {
       key: global.context.key,
@@ -37,17 +40,20 @@ test('Should support a custom https server', t => {
     reply.send({ hello: 'world' })
   })
 
-  fastify.listen(0, err => {
-    t.error(err)
+  await fastify.listen(0)
 
+  await new Promise((resolve, reject) => {
     sget({
       method: 'GET',
       url: 'https://localhost:' + fastify.server.address().port,
       rejectUnauthorized: false
     }, (err, response, body) => {
-      t.error(err)
+      if (err) {
+        return reject(err)
+      }
       t.equal(response.statusCode, 200)
       t.same(JSON.parse(body), { hello: 'world' })
+      resolve()
     })
   })
 })

package/test/input-validation.js

@@ -3,7 +3,7 @@
 
 const sget = require('simple-get').concat
 const Ajv = require('ajv')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const yup = require('yup')
 
 module.exports.payloadMethod = function (method, t) {
@@ -182,7 +182,7 @@ module.exports.payloadMethod = function (method, t) {
         t.equal(response.statusCode, 400)
         t.same(body, {
           error: 'Bad Request',
-          message: 'body.hello should be integer',
+          message: 'body/hello must be integer',
           statusCode: 400
         })
       })

package/test/internals/handleRequest.test.js

@@ -1,7 +1,6 @@
 'use strict'
 
 const { test } = require('tap')
-const semver = require('semver')
 const handleRequest = require('../../lib/handleRequest')
 const internals = require('../../lib/handleRequest')[Symbol.for('internals')]
 const Request = require('../../lib/request')
@@ -40,13 +39,8 @@ test('handleRequest function - invoke with error', t => {
 })
 
 test('handler function - invalid schema', t => {
-  t.plan(2)
+  t.plan(1)
   const res = {}
-  res.end = () => {
-    t.equal(res.statusCode, 400)
-    t.pass()
-  }
-  res.writeHead = () => {}
   res.log = { error: () => {}, info: () => {} }
   const context = {
     config: {
@@ -61,6 +55,7 @@ test('handler function - invalid schema', t => {
         }
       }
     },
+    errorHandler: { func: () => { t.pass('errorHandler called') } },
     handler: () => {},
     Reply,
     Request,
@@ -108,39 +103,7 @@ test('handler function - preValidationCallback with finished response', t => {
   t.plan(0)
   const res = {}
   // Be sure to check only `writableEnded` where is available
-  if (semver.gte(process.versions.node, '12.9.0')) {
-    res.writableEnded = true
-  } else {
-    res.writable = false
-    res.finished = true
-  }
-  res.end = () => {
-    t.fail()
-  }
-  res.writeHead = () => {}
-  const context = {
-    handler: (req, reply) => {
-      t.fail()
-      reply.send(undefined)
-    },
-    Reply,
-    Request,
-    preValidation: null,
-    preHandler: [],
-    onSend: [],
-    onError: []
-  }
-  buildSchema(context, schemaValidator)
-  internals.handler({}, new Reply(res, { context }))
-})
-
-test('handler function - preValidationCallback with finished response (< v12.9.0)', t => {
-  t.plan(0)
-  const res = {}
-  // Be sure to check only `writableEnded` where is available
-  res.writable = false
-  res.finished = true
-
+  res.writableEnded = true
   res.end = () => {
     t.fail()
   }

package/test/internals/initialConfig.test.js

@@ -2,6 +2,7 @@
 
 const { test, before } = require('tap')
 const Fastify = require('../..')
+const helper = require('../helper')
 const http = require('http')
 const pino = require('pino')
 const split = require('split2')
@@ -9,10 +10,17 @@ const deepClone = require('rfdc')({ circles: true, proto: false })
 const { deepFreezeObject } = require('../../lib/initialConfigValidation').utils
 
 const { buildCertificate } = require('../build-certificate')
-before(buildCertificate)
 
 process.removeAllListeners('warning')
 
+let localhost
+let localhostForURL
+
+before(async function () {
+  await buildCertificate();
+  [localhost, localhostForURL] = await helper.getLoopbackHost()
+})
+
 test('Fastify.initialConfig is an object', t => {
   t.plan(1)
   t.type(Fastify().initialConfig, 'object')
@@ -23,7 +31,8 @@ test('without options passed to Fastify, initialConfig should expose default val
 
   const fastifyDefaultOptions = {
     connectionTimeout: 0,
-    keepAliveTimeout: 5000,
+    keepAliveTimeout: 72000,
+    forceCloseConnections: false,
     maxRequestsPerSocket: 0,
     requestTimeout: 0,
     bodyLimit: 1024 * 1024,
@@ -37,7 +46,8 @@ test('without options passed to Fastify, initialConfig should expose default val
     pluginTimeout: 10000,
     requestIdHeader: 'request-id',
     requestIdLogLabel: 'reqId',
-    http2SessionTimeout: 5000
+    http2SessionTimeout: 72000,
+    exposeHeadRoutes: true
   }
 
   t.same(Fastify().initialConfig, fastifyDefaultOptions)
@@ -81,7 +91,7 @@ test('Fastify.initialConfig should expose all options', t => {
     ignoreTrailingSlash: true,
     maxParamLength: 200,
     connectionTimeout: 0,
-    keepAliveTimeout: 5000,
+    keepAliveTimeout: 72000,
     bodyLimit: 1049600,
     onProtoPoisoning: 'remove',
     serverFactory,
@@ -103,11 +113,11 @@ test('Fastify.initialConfig should expose all options', t => {
 
   const fastify = Fastify(options)
   t.equal(fastify.initialConfig.http2, true)
-  t.equal(fastify.initialConfig.https, true)
+  t.equal(fastify.initialConfig.https, true, 'for security reason the key cert is hidden')
   t.equal(fastify.initialConfig.ignoreTrailingSlash, true)
   t.equal(fastify.initialConfig.maxParamLength, 200)
   t.equal(fastify.initialConfig.connectionTimeout, 0)
-  t.equal(fastify.initialConfig.keepAliveTimeout, 5000)
+  t.equal(fastify.initialConfig.keepAliveTimeout, 72000)
   t.equal(fastify.initialConfig.bodyLimit, 1049600)
   t.equal(fastify.initialConfig.onProtoPoisoning, 'remove')
   t.equal(fastify.initialConfig.caseSensitive, true)
@@ -157,10 +167,19 @@ test('We must avoid shallow freezing and ensure that the whole object is freezed
     t.type(error, TypeError)
     t.equal(error.message, "Cannot assign to read only property 'allowHTTP1' of object '#<Object>'")
     t.ok(error.stack)
-    t.pass()
+    t.same(fastify.initialConfig.https, {
+      allowHTTP1: true
+    }, 'key cert removed')
   }
 })
 
+test('https value check', t => {
+  t.plan(1)
+
+  const fastify = Fastify({})
+  t.notOk(fastify.initialConfig.https)
+})
+
 test('Return an error if options do not match the validation schema', t => {
   t.plan(6)
 
@@ -171,7 +190,7 @@ test('Return an error if options do not match the validation schema', t => {
   } catch (error) {
     t.type(error, Error)
     t.equal(error.name, 'FastifyError')
-    t.equal(error.message, 'Invalid initialization options: \'["should be boolean"]\'')
+    t.equal(error.message, 'Invalid initialization options: \'["must be boolean"]\'')
     t.equal(error.code, 'FST_ERR_INIT_OPTS_INVALID')
     t.ok(error.stack)
     t.pass()
@@ -241,7 +260,8 @@ test('Should not have issues when passing stream options to Pino.js', t => {
     t.type(fastify, 'object')
     t.same(fastify.initialConfig, {
       connectionTimeout: 0,
-      keepAliveTimeout: 5000,
+      keepAliveTimeout: 72000,
+      forceCloseConnections: false,
       maxRequestsPerSocket: 0,
       requestTimeout: 0,
       bodyLimit: 1024 * 1024,
@@ -255,7 +275,8 @@ test('Should not have issues when passing stream options to Pino.js', t => {
       pluginTimeout: 10000,
       requestIdHeader: 'request-id',
       requestIdLogLabel: 'reqId',
-      http2SessionTimeout: 5000
+      http2SessionTimeout: 72000,
+      exposeHeadRoutes: true
     })
   } catch (error) {
     t.fail()
@@ -287,11 +308,11 @@ test('Should not have issues when passing stream options to Pino.js', t => {
     })
   })
 
-  fastify.listen(0, err => {
+  fastify.listen(0, localhost, err => {
     t.error(err)
     fastify.server.unref()
 
-    http.get('http://localhost:' + fastify.server.address().port)
+    http.get(`http://${localhostForURL}:${fastify.server.address().port}`)
   })
 })
 

package/test/internals/reply.test.js

@@ -15,6 +15,21 @@ const {
   kReplyIsError,
   kReplySerializerDefault
 } = require('../../lib/symbols')
+const fs = require('fs')
+const path = require('path')
+const warning = require('../../lib/warnings')
+
+const doGet = function (url) {
+  return new Promise((resolve, reject) => {
+    sget({ method: 'GET', url, followRedirects: false }, (err, response, body) => {
+      if (err) {
+        reject(err)
+      } else {
+        resolve({ response, body })
+      }
+    })
+  })
+}
 
 test('Once called, Reply should return an object with methods', t => {
   t.plan(13)
@@ -37,7 +52,7 @@ test('Once called, Reply should return an object with methods', t => {
   t.equal(reply.request, request)
 })
 
-test('reply.send will logStream error and destroy the stream', { only: true }, t => {
+test('reply.send will logStream error and destroy the stream', t => {
   t.plan(1)
   let destroyCalled
   const payload = new EventEmitter()
@@ -452,8 +467,6 @@ test('stream with content type should not send application/octet-stream', t => {
   t.plan(4)
 
   const fastify = require('../..')()
-  const fs = require('fs')
-  const path = require('path')
 
   const streamPath = path.join(__dirname, '..', '..', 'package.json')
   const stream = fs.createReadStream(streamPath)
@@ -477,6 +490,32 @@ test('stream with content type should not send application/octet-stream', t => {
   })
 })
 
+test('stream without content type should not send application/octet-stream', t => {
+  t.plan(4)
+
+  const fastify = require('../..')()
+
+  const stream = fs.createReadStream(__filename)
+  const buf = fs.readFileSync(__filename)
+
+  fastify.get('/', function (req, reply) {
+    reply.send(stream)
+  })
+
+  fastify.listen(0, err => {
+    t.error(err)
+    fastify.server.unref()
+    sget({
+      method: 'GET',
+      url: 'http://localhost:' + fastify.server.address().port
+    }, (err, response, body) => {
+      t.error(err)
+      t.equal(response.headers['content-type'], undefined)
+      t.same(body, buf)
+    })
+  })
+})
+
 test('stream using reply.raw.writeHead should return customize headers', t => {
   t.plan(6)
 
@@ -1301,6 +1340,34 @@ test('reply.header setting multiple cookies as multiple Set-Cookie headers', t =
   })
 })
 
+test('should emit deprecation warning when trying to modify the reply.sent property', t => {
+  t.plan(4)
+  const fastify = require('../..')()
+
+  const deprecationCode = 'FSTDEP010'
+  warning.emitted.delete(deprecationCode)
+
+  process.removeAllListeners('warning')
+  process.on('warning', onWarning)
+  function onWarning (warning) {
+    t.equal(warning.name, 'FastifyDeprecation')
+    t.equal(warning.code, deprecationCode)
+  }
+
+  fastify.get('/', (req, reply) => {
+    reply.sent = true
+
+    reply.raw.end()
+  })
+
+  fastify.inject('/', (err, res) => {
+    t.error(err)
+    t.pass()
+
+    process.removeListener('warning', onWarning)
+  })
+})
+
 test('should throw error when passing falsy value to reply.sent', t => {
   t.plan(4)
   const fastify = require('../..')()
@@ -1329,6 +1396,7 @@ test('should throw error when attempting to set reply.sent more than once', t =>
     reply.sent = true
     try {
       reply.sent = true
+      t.fail('must throw')
     } catch (err) {
       t.equal(err.code, 'FST_ERR_REP_ALREADY_SENT')
       t.equal(err.message, 'Reply was already sent.')
@@ -1342,6 +1410,23 @@ test('should throw error when attempting to set reply.sent more than once', t =>
   })
 })
 
+test('should not throw error when attempting to set reply.sent if the underlining request was sent', t => {
+  t.plan(3)
+  const fastify = require('../..')()
+
+  fastify.get('/', function (req, reply) {
+    reply.raw.end()
+    t.doesNotThrow(() => {
+      reply.sent = true
+    })
+  })
+
+  fastify.inject('/', (err, res) => {
+    t.error(err)
+    t.pass()
+  })
+})
+
 test('reply.getResponseTime() should return 0 before the timer is initialised on the reply by setting up response listeners', t => {
   t.plan(1)
   const response = { statusCode: 200 }
@@ -1727,3 +1812,160 @@ test('reply.then', t => {
     response.destroy(_err)
   })
 })
+
+test('reply.sent should read from response.writableEnded if it is defined', t => {
+  t.plan(1)
+
+  const reply = new Reply({ writableEnded: true }, {}, {})
+
+  t.equal(reply.sent, true)
+})
+
+test('redirect to an invalid URL should not crash the server', async t => {
+  const fastify = require('../..')()
+  fastify.route({
+    method: 'GET',
+    url: '/redirect',
+    handler: (req, reply) => {
+      reply.log.warn = function mockWarn (obj, message) {
+        t.equal(message, 'Invalid character in header content ["location"]')
+      }
+
+      switch (req.query.useCase) {
+        case '1':
+          reply.redirect('/?key=a’b')
+          break
+
+        case '2':
+          reply.redirect(encodeURI('/?key=a’b'))
+          break
+
+        default:
+          reply.redirect('/?key=ab')
+          break
+      }
+    }
+  })
+
+  await fastify.listen(0)
+
+  {
+    const { response, body } = await doGet(`http://localhost:${fastify.server.address().port}/redirect?useCase=1`)
+    t.equal(response.statusCode, 500)
+    t.same(JSON.parse(body), {
+      statusCode: 500,
+      code: 'ERR_INVALID_CHAR',
+      error: 'Internal Server Error',
+      message: 'Invalid character in header content ["location"]'
+    })
+  }
+  {
+    const { response } = await doGet(`http://localhost:${fastify.server.address().port}/redirect?useCase=2`)
+    t.equal(response.statusCode, 302)
+    t.equal(response.headers.location, '/?key=a%E2%80%99b')
+  }
+
+  {
+    const { response } = await doGet(`http://localhost:${fastify.server.address().port}/redirect?useCase=3`)
+    t.equal(response.statusCode, 302)
+    t.equal(response.headers.location, '/?key=ab')
+  }
+
+  await fastify.close()
+})
+
+test('invalid response headers should not crash the server', async t => {
+  const fastify = require('../..')()
+  fastify.route({
+    method: 'GET',
+    url: '/bad-headers',
+    handler: (req, reply) => {
+      reply.log.warn = function mockWarn (obj, message) {
+        t.equal(message, 'Invalid character in header content ["smile-encoded"]', 'only the first invalid header is logged')
+      }
+
+      reply.header('foo', '$')
+      reply.header('smile-encoded', '\uD83D\uDE00')
+      reply.header('smile', '😄')
+      reply.header('bar', 'ƒ∂å')
+
+      reply.send({})
+    }
+  })
+
+  await fastify.listen(0)
+
+  const { response, body } = await doGet(`http://localhost:${fastify.server.address().port}/bad-headers`)
+  t.equal(response.statusCode, 500)
+  t.same(JSON.parse(body), {
+    statusCode: 500,
+    code: 'ERR_INVALID_CHAR',
+    error: 'Internal Server Error',
+    message: 'Invalid character in header content ["smile-encoded"]'
+  })
+
+  await fastify.close()
+})
+
+test('invalid response headers when sending back an error', async t => {
+  const fastify = require('../..')()
+  fastify.route({
+    method: 'GET',
+    url: '/bad-headers',
+    handler: (req, reply) => {
+      reply.log.warn = function mockWarn (obj, message) {
+        t.equal(message, 'Invalid character in header content ["smile"]', 'only the first invalid header is logged')
+      }
+
+      reply.header('smile', '😄')
+      reply.send(new Error('user land error'))
+    }
+  })
+
+  await fastify.listen(0)
+
+  const { response, body } = await doGet(`http://localhost:${fastify.server.address().port}/bad-headers`)
+  t.equal(response.statusCode, 500)
+  t.same(JSON.parse(body), {
+    statusCode: 500,
+    code: 'ERR_INVALID_CHAR',
+    error: 'Internal Server Error',
+    message: 'Invalid character in header content ["smile"]'
+  })
+
+  await fastify.close()
+})
+
+test('invalid response headers and custom error handler', async t => {
+  const fastify = require('../..')()
+  fastify.route({
+    method: 'GET',
+    url: '/bad-headers',
+    handler: (req, reply) => {
+      reply.log.warn = function mockWarn (obj, message) {
+        t.equal(message, 'Invalid character in header content ["smile"]', 'only the first invalid header is logged')
+      }
+
+      reply.header('smile', '😄')
+      reply.send(new Error('user land error'))
+    }
+  })
+
+  fastify.setErrorHandler(function (error, request, reply) {
+    t.equal(error.message, 'user land error', 'custom error handler receives the error')
+    reply.status(500).send({ ops: true })
+  })
+
+  await fastify.listen(0)
+
+  const { response, body } = await doGet(`http://localhost:${fastify.server.address().port}/bad-headers`)
+  t.equal(response.statusCode, 500)
+  t.same(JSON.parse(body), {
+    statusCode: 500,
+    code: 'ERR_INVALID_CHAR',
+    error: 'Internal Server Error',
+    message: 'Invalid character in header content ["smile"]'
+  })
+
+  await fastify.close()
+})