fastify 4.0.2 → 4.0.3

package/README.md

@@ -56,7 +56,7 @@ developer experience with the least overhead and a powerful plugin architecture.
 It is inspired by Hapi and Express and as far as we know, it is one of the
 fastest web frameworks in town.
 
-This branch refers to the upcoming Fastify v4 release. Check out the
+This branch refers to the Fastify v4 release. Check out the
 [v3.x](https://github.com/fastify/fastify/tree/v3.x) branch for v3.
 
 ### Quick start
@@ -104,11 +104,11 @@ project as a dependency:
 
 Install with npm:
 ```sh
-npm i fastify@next
+npm i fastify
 ```
 Install with yarn:
 ```sh
-yarn add fastify@next
+yarn add fastify
 ```
 
 ### Example

package/docs/Guides/Ecosystem.md

@@ -346,6 +346,9 @@ section.
   minification and transformation of responses.
 - [`fastify-mongo-memory`](https://github.com/chapuletta/fastify-mongo-memory)
   Fastify MongoDB in Memory Plugin for testing support.
+- [`fastify-mongodb-sanitizer`](https://github.com/KlemenKozelj/fastify-mongodb-sanitizer)
+  Fastify plugin that sanitizes client input to prevent
+  potential MongoDB query injection attacks.
 - [`fastify-mongoose-api`](https://github.com/jeka-kiselyov/fastify-mongoose-api)
   Fastify plugin to create REST API methods based on Mongoose MongoDB models.
 - [`fastify-mongoose-driver`](https://github.com/alex-ppg/fastify-mongoose)

package/docs/Guides/Migration-Guide-V4.md

@@ -21,7 +21,7 @@ there and maintained. Use Fastify's [hooks](../Reference/Hooks.md) instead.
 ### Change of schema for multiple types
 
 
-Since Fastiy v4 has upgraded to Ajv v8. The "type" keywords with multiple types
+Since Fastify v4 has upgraded to Ajv v8. The "type" keywords with multiple types
 (other than with "null") are prohibited. Read more
 ['here'](https://ajv.js.org/strict-mode.html#strict-types)
 

package/docs/Reference/LTS.md

@@ -47,8 +47,8 @@ A "month" is defined as 30 consecutive days.
 | :------ | :----------- | :-------------- | :------------------- |
 | 1.0.0   | 2018-03-06   | 2019-09-01      | 6, 8, 9, 10, 11      |
 | 2.0.0   | 2019-02-25   | 2021-01-31      | 6, 8, 10, 12, 14     |
-| 3.0.0   | 2020-07-07   | TBD             | 10, 12, 14, 16, 18   |
-| 4.0.0   | TBD          | TBD             | 14, 16, 18           |
+| 3.0.0   | 2020-07-07   | 2023-06-30      | 10, 12, 14, 16, 18   |
+| 4.0.0   | 2022-06-08   | TBD             | 14, 16, 18           |
 
 ### CI tested operating systems
 <a id="supported-os"></a>

package/docs/Reference/Type-Providers.md

@@ -65,7 +65,8 @@ $ npm i @fastify/type-provider-typebox
 ```
 
 ```typescript
-import { TypeBoxTypeProvider, Type } from '@fastify/type-provider-typebox'
+import { TypeBoxTypeProvider } from '@fastify/type-provider-typebox'
+import { Type } from '@sinclair/typebox'
 
 import fastify from 'fastify'
 

package/fastify.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const VERSION = '4.0.2'
+const VERSION = '4.0.3'
 
 const Avvio = require('avvio')
 const http = require('http')

package/lib/error-serializer.js

@@ -1,15 +1,183 @@
 // This file is autogenerated by build/build-error-serializer.js, do not edit
 /* istanbul ignore file */
 
-'use strict'
+  'use strict'
 
-const Serializer = require('fast-json-stringify/serializer')
-const buildAjv = require('fast-json-stringify/ajv')
+  
+
+class Serializer {
+  constructor (options = {}) {
+    switch (options.rounding) {
+      case 'floor':
+        this.parseInteger = Math.floor
+        break
+      case 'ceil':
+        this.parseInteger = Math.ceil
+        break
+      case 'round':
+        this.parseInteger = Math.round
+        break
+      default:
+        this.parseInteger = Math.trunc
+        break
+    }
+  }
 
-const serializer = new Serializer({"mode":"standalone"})
-const ajv = buildAjv({})
+  asAny (i) {
+    return JSON.stringify(i)
+  }
+
+  asNull () {
+    return 'null'
+  }
 
+  asInteger (i) {
+    if (typeof i === 'bigint') {
+      return i.toString()
+    } else if (Number.isInteger(i)) {
+      return '' + i
+    } else {
+      /* eslint no-undef: "off" */
+      const integer = this.parseInteger(i)
+      if (Number.isNaN(integer)) {
+        throw new Error(`The value "${i}" cannot be converted to an integer.`)
+      } else {
+        return '' + integer
+      }
+    }
+  }
+
+  asIntegerNullable (i) {
+    return i === null ? 'null' : this.asInteger(i)
+  }
+
+  asNumber (i) {
+    const num = Number(i)
+    if (Number.isNaN(num)) {
+      throw new Error(`The value "${i}" cannot be converted to a number.`)
+    } else {
+      return '' + num
+    }
+  }
+
+  asNumberNullable (i) {
+    return i === null ? 'null' : this.asNumber(i)
+  }
+
+  asBoolean (bool) {
+    return bool && 'true' || 'false' // eslint-disable-line
+  }
+
+  asBooleanNullable (bool) {
+    return bool === null ? 'null' : this.asBoolean(bool)
+  }
+
+  asDatetime (date, skipQuotes) {
+    const quotes = skipQuotes === true ? '' : '"'
+    if (date instanceof Date) {
+      return quotes + date.toISOString() + quotes
+    }
+    return this.asString(date, skipQuotes)
+  }
+
+  asDatetimeNullable (date, skipQuotes) {
+    return date === null ? 'null' : this.asDatetime(date, skipQuotes)
+  }
+
+  asDate (date, skipQuotes) {
+    const quotes = skipQuotes === true ? '' : '"'
+    if (date instanceof Date) {
+      return quotes + new Date(date.getTime() - (date.getTimezoneOffset() * 60000)).toISOString().slice(0, 10) + quotes
+    }
+    return this.asString(date, skipQuotes)
+  }
 
+  asDateNullable (date, skipQuotes) {
+    return date === null ? 'null' : this.asDate(date, skipQuotes)
+  }
+
+  asTime (date, skipQuotes) {
+    const quotes = skipQuotes === true ? '' : '"'
+    if (date instanceof Date) {
+      return quotes + new Date(date.getTime() - (date.getTimezoneOffset() * 60000)).toISOString().slice(11, 19) + quotes
+    }
+    return this.asString(date, skipQuotes)
+  }
+
+  asTimeNullable (date, skipQuotes) {
+    return date === null ? 'null' : this.asTime(date, skipQuotes)
+  }
+
+  asString (str, skipQuotes) {
+    const quotes = skipQuotes === true ? '' : '"'
+    if (str instanceof Date) {
+      return quotes + str.toISOString() + quotes
+    } else if (str === null) {
+      return quotes + quotes
+    } else if (str instanceof RegExp) {
+      str = str.source
+    } else if (typeof str !== 'string') {
+      str = str.toString()
+    }
+    // If we skipQuotes it means that we are using it as test
+    // no need to test the string length for the render
+    if (skipQuotes) {
+      return str
+    }
+
+    if (str.length < 42) {
+      return this.asStringSmall(str)
+    } else {
+      return JSON.stringify(str)
+    }
+  }
+
+  asStringNullable (str) {
+    return str === null ? 'null' : this.asString(str)
+  }
+
+  // magically escape strings for json
+  // relying on their charCodeAt
+  // everything below 32 needs JSON.stringify()
+  // every string that contain surrogate needs JSON.stringify()
+  // 34 and 92 happens all the time, so we
+  // have a fast case for them
+  asStringSmall (str) {
+    const l = str.length
+    let result = ''
+    let last = 0
+    let found = false
+    let surrogateFound = false
+    let point = 255
+    // eslint-disable-next-line
+    for (var i = 0; i < l && point >= 32; i++) {
+      point = str.charCodeAt(i)
+      if (point >= 0xD800 && point <= 0xDFFF) {
+        // The current character is a surrogate.
+        surrogateFound = true
+      }
+      if (point === 34 || point === 92) {
+        result += str.slice(last, i) + '\\'
+        last = i
+        found = true
+      }
+    }
+
+    if (!found) {
+      result = str
+    } else {
+      result += str.slice(last)
+    }
+    return ((point < 32) || (surrogateFound === true)) ? JSON.stringify(str) : '"' + result + '"'
+  }
+}
+
+  
+
+  const serializer = new Serializer({"mode":"standalone"})
+  
+
+  
     function main (input) {
       let json = ''
       json += anonymous0(input)
@@ -81,5 +249,5 @@ const ajv = buildAjv({})
     
     
 
-module.exports = main
-    
+  module.exports = main
+      

package/lib/server.js

@@ -41,7 +41,15 @@ function createServer (options, httpHandler) {
       listenOptions.cb = cb
     }
 
-    const { host = 'localhost' } = listenOptions
+    // If we have a path specified, don't default host to 'localhost' so we don't end up listening
+    // on both path and host
+    // See https://github.com/fastify/fastify/issues/4007
+    let host
+    if (listenOptions.path == null) {
+      host = listenOptions.host ?? 'localhost'
+    } else {
+      host = listenOptions.host
+    }
     if (Object.prototype.hasOwnProperty.call(listenOptions, 'host') === false) {
       listenOptions.host = host
     }

package/lib/wrapThenable.js

@@ -11,9 +11,14 @@ function wrapThenable (thenable, reply) {
       return
     }
 
-    // this is for async functions that
-    // are using reply.send directly
-    if (payload !== undefined || reply.sent === false) {
+    // this is for async functions that are using reply.send directly
+    //
+    // since wrap-thenable will be called when using reply.send directly
+    // without actual return. the response can be sent already or
+    // the request may be terminated during the reply. in this situation,
+    // it require an extra checking of request.aborted to see whether
+    // the request is killed by client.
+    if (payload !== undefined || (reply.sent === false && reply.raw.headersSent === false && reply.request.raw.aborted === false)) {
       // we use a try-catch internally to avoid adding a catch to another
       // promise, increase promise perf by 10%
       try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "description": "Fast and low overhead web framework, for Node.js",
   "main": "fastify.js",
   "type": "commonjs",
@@ -146,6 +146,7 @@
     "eslint-plugin-n": "^15.2.0",
     "eslint-plugin-promise": "^6.0.0",
     "fast-json-body": "^1.1.0",
+    "fast-json-stringify": "^4.2.0",
     "fastify-plugin": "^3.0.1",
     "fluent-json-schema": "^3.1.0",
     "form-data": "^4.0.0",
@@ -169,7 +170,7 @@
     "split2": "^4.1.0",
     "standard": "^17.0.0-2",
     "tap": "^16.2.0",
-    "tsd": "^0.20.0",
+    "tsd": "^0.21.0",
     "typescript": "^4.7.2",
     "undici": "^5.4.0",
     "x-xss-protection": "^2.0.0",
@@ -178,10 +179,9 @@
   "dependencies": {
     "@fastify/ajv-compiler": "^3.1.0",
     "@fastify/error": "^3.0.0",
-    "@fastify/fast-json-stringify-compiler": "^3.0.0",
+    "@fastify/fast-json-stringify-compiler": "^3.0.1",
     "abstract-logging": "^2.0.1",
     "avvio": "^8.1.3",
-    "fast-json-stringify": "^4.1.0",
     "find-my-way": "^6.3.0",
     "light-my-request": "^5.0.0",
     "pino": "^8.0.0",

package/test/listen.test.js

@@ -196,14 +196,28 @@ if (os.platform() !== 'win32') {
     const fastify = Fastify()
     t.teardown(fastify.close.bind(fastify))
 
-    const sockFile = path.join(os.tmpdir(), `${(Math.random().toString(16) + '0000000').substr(2, 8)}-server.sock`)
+    const sockFile = path.join(os.tmpdir(), `${(Math.random().toString(16) + '0000000').slice(2, 10)}-server.sock`)
     try {
       fs.unlinkSync(sockFile)
     } catch (e) { }
 
     fastify.listen({ path: sockFile }, (err, address) => {
       t.error(err)
-      t.equal(sockFile, fastify.server.address())
+      t.strictSame(fastify.addresses(), [sockFile])
+      t.equal(address, sockFile)
+    })
+  })
+} else {
+  test('listen on socket', t => {
+    t.plan(3)
+    const fastify = Fastify()
+    t.teardown(fastify.close.bind(fastify))
+
+    const sockFile = `\\\\.\\pipe\\${(Math.random().toString(16) + '0000000').slice(2, 10)}-server-sock`
+
+    fastify.listen({ path: sockFile }, (err, address) => {
+      t.error(err)
+      t.strictSame(fastify.addresses(), [sockFile])
       t.equal(address, sockFile)
     })
   })

package/test/stream.test.js

@@ -741,3 +741,76 @@ test('reply.send handles aborted requests', t => {
     }, 1)
   })
 })
+
+test('request terminated should not crash fastify', t => {
+  t.plan(10)
+
+  const spyLogger = {
+    level: 'error',
+    fatal: () => { },
+    error: () => {
+      t.fail('should not log an error')
+    },
+    warn: () => { },
+    info: () => { },
+    debug: () => { },
+    trace: () => { },
+    child: () => { return spyLogger }
+  }
+  const fastify = Fastify({
+    logger: spyLogger
+  })
+
+  fastify.get('/', async (req, reply) => {
+    const stream = new Readable()
+    stream._read = () => {}
+    reply.header('content-type', 'text/html; charset=utf-8')
+    reply.header('transfer-encoding', 'chunked')
+    stream.push('<h1>HTML</h1>')
+
+    reply.send(stream)
+
+    await new Promise((resolve) => { setTimeout(resolve, 6).unref() })
+
+    stream.push('<h1>should disply on second stream</h1>')
+    stream.push(null)
+    return reply
+  })
+
+  fastify.listen({ port: 0 }, err => {
+    t.error(err)
+    t.teardown(() => { fastify.close() })
+
+    const port = fastify.server.address().port
+    const http = require('http')
+    const req = http.get(`http://localhost:${port}`, function (res) {
+      const { statusCode, headers } = res
+      t.equal(statusCode, 200)
+      t.equal(headers['content-type'], 'text/html; charset=utf-8')
+      t.equal(headers['transfer-encoding'], 'chunked')
+      res.on('data', function (chunk) {
+        t.equal(chunk.toString(), '<h1>HTML</h1>')
+      })
+
+      setTimeout(() => {
+        req.destroy()
+
+        // the server is not crash, we can connect it
+        http.get(`http://localhost:${port}`, function (res) {
+          const { statusCode, headers } = res
+          t.equal(statusCode, 200)
+          t.equal(headers['content-type'], 'text/html; charset=utf-8')
+          t.equal(headers['transfer-encoding'], 'chunked')
+          let payload = ''
+          res.on('data', function (chunk) {
+            payload += chunk.toString()
+          })
+          res.on('end', function () {
+            t.equal(payload, '<h1>HTML</h1><h1>should disply on second stream</h1>')
+            t.pass('should end properly')
+          })
+        })
+      }, 1)
+    })
+  })
+})