fastify 4.28.0 → 5.0.0-alpha.2

package/lib/reply.js

@@ -55,7 +55,7 @@ const {
   FST_ERR_MISSING_SERIALIZATION_FN,
   FST_ERR_MISSING_CONTENTTYPE_SERIALIZATION_FN
 } = require('./errors')
-const { FSTDEP010, FSTDEP013, FSTDEP019, FSTDEP020, FSTDEP021 } = require('./warnings')
+const { FSTDEP010, FSTDEP013, FSTDEP019, FSTDEP021 } = require('./warnings')
 
 const toString = Object.prototype.toString
 
@@ -137,6 +137,11 @@ Object.defineProperties(Reply.prototype, {
   }
 })
 
+Reply.prototype.writeEarlyHints = function (hints, callback) {
+  this.raw.writeEarlyHints(hints, callback)
+  return this
+}
+
 Reply.prototype.hijack = function () {
   this[kReplyHijacked] = true
   return this
@@ -477,13 +482,6 @@ Reply.prototype.callNotFound = function () {
   return this
 }
 
-// TODO: should be removed in fastify@5
-Reply.prototype.getResponseTime = function () {
-  FSTDEP020()
-
-  return this.elapsedTime
-}
-
 // Make reply a thenable, so it could be used with async/await.
 // See
 // - https://github.com/fastify/fastify/issues/1864 for the discussions
@@ -910,9 +908,8 @@ function buildReply (R) {
     this[kReplyEndTime] = undefined
     this.log = log
 
-    // eslint-disable-next-line no-var
     var prop
-    // eslint-disable-next-line no-var
+
     for (var i = 0; i < props.length; i++) {
       prop = props[i]
       this[prop.key] = prop.value

package/lib/request.js

@@ -1,7 +1,6 @@
 'use strict'
 
 const proxyAddr = require('proxy-addr')
-const semver = require('semver')
 const {
   FSTDEP005,
   FSTDEP012,
@@ -49,8 +48,8 @@ function getTrustProxyFn (tp) {
     return tp
   }
   if (tp === true) {
-    // Support plain true/false
-    return function () { return true }
+    // Support trusting everything
+    return null
   }
   if (typeof tp === 'number') {
     // Support trusting hop count
@@ -115,7 +114,8 @@ function buildRequestWithTrustProxy (R, trustProxy) {
   Object.defineProperties(_Request.prototype, {
     ip: {
       get () {
-        return proxyAddr(this.raw, proxyFn)
+        const addrs = proxyAddr.all(this.raw, proxyFn)
+        return addrs[addrs.length - 1]
       }
     },
     ips: {
@@ -123,7 +123,7 @@ function buildRequestWithTrustProxy (R, trustProxy) {
         return proxyAddr.all(this.raw, proxyFn)
       }
     },
-    hostname: {
+    host: {
       get () {
         if (this.ip !== undefined && this.headers['x-forwarded-host']) {
           return getLastEntryInMultiHeaderValue(this.headers['x-forwarded-host'])
@@ -238,10 +238,7 @@ Object.defineProperties(Request.prototype, {
   },
   connection: {
     get () {
-      /* istanbul ignore next */
-      if (semver.gte(process.versions.node, '13.0.0')) {
-        FSTDEP005()
-      }
+      FSTDEP005()
       return this.raw.connection
     }
   },
@@ -257,11 +254,32 @@ Object.defineProperties(Request.prototype, {
       }
     }
   },
-  hostname: {
+  host: {
     get () {
       return this.raw.headers.host || this.raw.headers[':authority']
     }
   },
+  hostname: {
+    get () {
+      return (this.host).split(':')[0]
+    }
+  },
+  port: {
+    get () {
+      // first try taking port from host
+      const portFromHost = parseInt((this.host).split(':').slice(-1)[0])
+      if (!isNaN(portFromHost)) {
+        return portFromHost
+      }
+      // now fall back to port from host/:authority header
+      const portFromHeader = parseInt((this.headers.host || this.headers[':authority']).split(':').slice(-1)[0])
+      if (!isNaN(portFromHeader)) {
+        return portFromHeader
+      }
+      // fall back to null
+      return null
+    }
+  },
   protocol: {
     get () {
       if (this.socket) {
@@ -299,13 +317,13 @@ Object.defineProperties(Request.prototype, {
       }
 
       const validatorCompiler = this[kRouteContext].validatorCompiler ||
-      this.server[kSchemaController].validatorCompiler ||
-     (
-       // We compile the schemas if no custom validatorCompiler is provided
-       // nor set
-       this.server[kSchemaController].setupValidator(this.server[kOptions]) ||
-       this.server[kSchemaController].validatorCompiler
-     )
+        this.server[kSchemaController].validatorCompiler ||
+        (
+          // We compile the schemas if no custom validatorCompiler is provided
+          // nor set
+          this.server[kSchemaController].setupValidator(this.server[kOptions]) ||
+          this.server[kSchemaController].validatorCompiler
+        )
 
       const validateFn = validatorCompiler({
         schema,
@@ -342,8 +360,8 @@ Object.defineProperties(Request.prototype, {
 
       // We cannot compile if the schema is missed
       if (validate == null && (schema == null ||
-          typeof schema !== 'object' ||
-          Array.isArray(schema))
+        typeof schema !== 'object' ||
+        Array.isArray(schema))
       ) {
         throw new FST_ERR_REQ_INVALID_VALIDATION_INVOCATION(httpPart)
       }

package/lib/route.js

@@ -9,8 +9,7 @@ const { normalizeSchema } = require('./schemas')
 const { parseHeadOnSendHandlers } = require('./headRoute')
 const {
   FSTDEP007,
-  FSTDEP008,
-  FSTDEP014
+  FSTDEP008
 } = require('./warnings')
 
 const {
@@ -21,7 +20,6 @@ const {
 const {
   FST_ERR_SCH_VALIDATION_BUILD,
   FST_ERR_SCH_SERIALIZATION_BUILD,
-  FST_ERR_DEFAULT_ROUTE_INVALID_TYPE,
   FST_ERR_DUPLICATED_ROUTE,
   FST_ERR_INVALID_URL,
   FST_ERR_HOOK_INVALID_HANDLER,
@@ -72,7 +70,6 @@ function buildRouting (options) {
   let ignoreDuplicateSlashes
   let return503OnClosing
   let globalExposeHeadRoutes
-  let validateHTTPVersion
   let keepAliveConnections
 
   let closing = false
@@ -89,7 +86,6 @@ function buildRouting (options) {
       hasLogger = fastifyArgs.hasLogger
       setupResponseListeners = fastifyArgs.setupResponseListeners
       throwIfAlreadyStarted = fastifyArgs.throwIfAlreadyStarted
-      validateHTTPVersion = fastifyArgs.validateHTTPVersion
 
       globalExposeHeadRoutes = options.exposeHeadRoutes
       disableRequestLogging = options.disableRequestLogging
@@ -102,18 +98,6 @@ function buildRouting (options) {
     route, // configure a route in the fastify instance
     hasRoute,
     prepareRoute,
-    getDefaultRoute: function () {
-      FSTDEP014()
-      return router.defaultRoute
-    },
-    setDefaultRoute: function (defaultRoute) {
-      FSTDEP014()
-      if (typeof defaultRoute !== 'function') {
-        throw new FST_ERR_DEFAULT_ROUTE_INVALID_TYPE()
-      }
-
-      router.defaultRoute = defaultRoute
-    },
     routeHandler,
     closeRoutes: () => { closing = true },
     printRoutes: router.prettyPrint.bind(router),
@@ -169,10 +153,11 @@ function buildRouting (options) {
 
   function hasRoute ({ options }) {
     const normalizedMethod = options.method?.toUpperCase() ?? ''
-    return findRoute({
-      ...options,
-      method: normalizedMethod
-    }) !== null
+    return router.hasRoute(
+      normalizedMethod,
+      options.url || '',
+      options.constraints
+    )
   }
 
   function findRoute (options) {
@@ -460,19 +445,6 @@ function buildRouting (options) {
     const childLogger = createChildLogger(context, logger, req, id, loggerOpts)
     childLogger[kDisableRequestLogging] = disableRequestLogging
 
-    // TODO: The check here should be removed once https://github.com/nodejs/node/issues/43115 resolve in core.
-    if (!validateHTTPVersion(req.httpVersion)) {
-      childLogger.info({ res: { statusCode: 505 } }, 'request aborted - invalid HTTP version')
-      const message = '{"error":"HTTP Version Not Supported","message":"HTTP Version Not Supported","statusCode":505}'
-      const headers = {
-        'Content-Type': 'application/json',
-        'Content-Length': message.length
-      }
-      res.writeHead(505, headers)
-      res.end(message)
-      return
-    }
-
     if (closing === true) {
       /* istanbul ignore next mac, windows */
       if (req.httpVersionMajor !== 2) {

package/lib/server.js

@@ -3,8 +3,8 @@
 const http = require('node:http')
 const https = require('node:https')
 const dns = require('node:dns')
+const os = require('node:os')
 
-const { FSTDEP011 } = require('./warnings')
 const { kState, kOptions, kServerBindings } = require('./symbols')
 const { onListenHookRunner } = require('./hooks')
 const {
@@ -15,7 +15,6 @@ const {
 } = require('./errors')
 
 module.exports.createServer = createServer
-module.exports.compileValidateHTTPVersion = compileValidateHTTPVersion
 
 function defaultResolveServerListeningText (address) {
   return `Server listening at ${address}`
@@ -25,27 +24,11 @@ function createServer (options, httpHandler) {
   const server = getServerInstance(options, httpHandler)
 
   // `this` is the Fastify object
-  function listen (listenOptions, ...args) {
-    let cb = args.slice(-1).pop()
-    // When the variadic signature deprecation is complete, the function
-    // declaration should become:
-    //   function listen (listenOptions = { port: 0, host: 'localhost' }, cb = undefined)
-    // Upon doing so, the `normalizeListenArgs` function is no longer needed,
-    // and all of this preamble to feed it correctly also no longer needed.
-    const firstArgType = Object.prototype.toString.call(arguments[0])
-    if (arguments.length === 0) {
-      listenOptions = normalizeListenArgs([])
-    } else if (arguments.length > 0 && (firstArgType !== '[object Object]' && firstArgType !== '[object Function]')) {
-      FSTDEP011()
-      listenOptions = normalizeListenArgs(Array.from(arguments))
-      cb = listenOptions.cb
-    } else if (args.length > 1) {
-      // `.listen(obj, a, ..., n, callback )`
-      FSTDEP011()
-      // Deal with `.listen(port, host, backlog, [cb])`
-      const hostPath = listenOptions.path ? [listenOptions.path] : [listenOptions.port ?? 0, listenOptions.host ?? 'localhost']
-      Object.assign(listenOptions, normalizeListenArgs([...hostPath, ...args]))
-    } else {
+  function listen (
+    listenOptions = { port: 0, host: 'localhost' },
+    cb = undefined
+  ) {
+    if (typeof cb === 'function') {
       listenOptions.cb = cb
     }
     if (listenOptions.signal) {
@@ -220,6 +203,7 @@ function multipleBindings (mainServer, httpHandler, serverOpts, listenOptions, o
 function listenCallback (server, listenOptions) {
   const wrap = (err) => {
     server.removeListener('error', wrap)
+    server.removeListener('listening', wrap)
     if (!err) {
       const address = logServerAddress.call(this, server, listenOptions.listenTextResolver || defaultResolveServerListeningText)
       listenOptions.cb(null, address)
@@ -240,7 +224,8 @@ function listenCallback (server, listenOptions) {
 
     server.once('error', wrap)
     if (!this[kState].closing) {
-      server.listen(listenOptions, wrap)
+      server.once('listening', wrap)
+      server.listen(listenOptions)
       this[kState].listening = true
     }
   }
@@ -255,79 +240,37 @@ function listenPromise (server, listenOptions) {
 
   return this.ready().then(() => {
     let errEventHandler
+    let listeningEventHandler
+    function cleanup () {
+      server.removeListener('error', errEventHandler)
+      server.removeListener('listening', listeningEventHandler)
+    }
     const errEvent = new Promise((resolve, reject) => {
       errEventHandler = (err) => {
+        cleanup()
         this[kState].listening = false
         reject(err)
       }
       server.once('error', errEventHandler)
     })
-    const listen = new Promise((resolve, reject) => {
-      server.listen(listenOptions, () => {
-        server.removeListener('error', errEventHandler)
+    const listeningEvent = new Promise((resolve, reject) => {
+      listeningEventHandler = () => {
+        cleanup()
+        this[kState].listening = true
         resolve(logServerAddress.call(this, server, listenOptions.listenTextResolver || defaultResolveServerListeningText))
-      })
-      // we set it afterwards because listen can throw
-      this[kState].listening = true
+      }
+      server.once('listening', listeningEventHandler)
     })
 
+    server.listen(listenOptions)
+
     return Promise.race([
       errEvent, // e.g invalid port range error is always emitted before the server listening
-      listen
+      listeningEvent
     ])
   })
 }
 
-/**
- * Creates a function that, based upon initial configuration, will
- * verify that every incoming request conforms to allowed
- * HTTP versions for the Fastify instance, e.g. a Fastify HTTP/1.1
- * server will not serve HTTP/2 requests upon the result of the
- * verification function.
- *
- * @param {object} options fastify option
- * @param {function} [options.serverFactory] If present, the
- * validator function will skip all checks.
- * @param {boolean} [options.http2 = false] If true, the validator
- * function will allow HTTP/2 requests.
- * @param {object} [options.https = null] https server options
- * @param {boolean} [options.https.allowHTTP1] If true and use
- * with options.http2 the validator function will allow HTTP/1
- * request to http2 server.
- *
- * @returns {function} HTTP version validator function.
- */
-function compileValidateHTTPVersion (options) {
-  let bypass = false
-  // key-value map to store valid http version
-  const map = new Map()
-  if (options.serverFactory) {
-    // When serverFactory is passed, we cannot identify how to check http version reliably
-    // So, we should skip the http version check
-    bypass = true
-  }
-  if (options.http2) {
-    // HTTP2 must serve HTTP/2.0
-    map.set('2.0', true)
-    if (options.https && options.https.allowHTTP1 === true) {
-      // HTTP2 with HTTPS.allowHTTP1 allow fallback to HTTP/1.1 and HTTP/1.0
-      map.set('1.1', true)
-      map.set('1.0', true)
-    }
-  } else {
-    // HTTP must server HTTP/1.1 and HTTP/1.0
-    map.set('1.1', true)
-    map.set('1.0', true)
-  }
-  // The compiled function here placed in one of the hottest path inside fastify
-  // the implementation here must be as performant as possible
-  return function validateHTTPVersion (httpVersion) {
-    // `bypass` skip the check when custom server factory provided
-    // `httpVersion in obj` check for the valid http version we should support
-    return bypass || map.has(httpVersion)
-  }
-}
-
 function getServerInstance (options, httpHandler) {
   let server = null
   // node@20 do not accepts options as boolean
@@ -364,57 +307,53 @@ function getServerInstance (options, httpHandler) {
   }
   return server
 }
-
-function normalizeListenArgs (args) {
-  if (args.length === 0) {
-    return { port: 0, host: 'localhost' }
-  }
-
-  const cb = typeof args[args.length - 1] === 'function' ? args.pop() : undefined
-  const options = { cb }
-
-  const firstArg = args[0]
-  const argsLength = args.length
-  const lastArg = args[argsLength - 1]
-  if (typeof firstArg === 'string' && isNaN(firstArg)) {
-    /* Deal with listen (pipe[, backlog]) */
-    options.path = firstArg
-    options.backlog = argsLength > 1 ? lastArg : undefined
-  } else {
-    /* Deal with listen ([port[, host[, backlog]]]) */
-    options.port = argsLength >= 1 && Number.isInteger(firstArg) ? firstArg : normalizePort(firstArg)
-    // This will listen to what localhost is.
-    // It can be 127.0.0.1 or ::1, depending on the operating system.
-    // Fixes https://github.com/fastify/fastify/issues/1022.
-    options.host = argsLength >= 2 && args[1] ? args[1] : 'localhost'
-    options.backlog = argsLength >= 3 ? args[2] : undefined
+/**
+ * Inspects the provided `server.address` object and returns a
+ * normalized list of IP address strings. Normalization in this
+ * case refers to mapping wildcard `0.0.0.0` to the list of IP
+ * addresses the wildcard refers to.
+ *
+ * @see https://nodejs.org/docs/latest/api/net.html#serveraddress
+ *
+ * @param {object} A server address object as described in the
+ * linked docs.
+ *
+ * @returns {string[]}
+ */
+function getAddresses (address) {
+  if (address.address === '0.0.0.0') {
+    return Object.values(os.networkInterfaces()).flatMap((iface) => {
+      return iface.filter((iface) => iface.family === 'IPv4')
+    }).sort((iface) => {
+      /* c8 ignore next 2 */
+      // Order the interfaces so that internal ones come first
+      return iface.internal ? -1 : 1
+    }).map((iface) => { return iface.address })
   }
-
-  return options
-}
-
-function normalizePort (firstArg) {
-  const port = Number(firstArg)
-  return port >= 0 && !Number.isNaN(port) && Number.isInteger(port) ? port : 0
+  return [address.address]
 }
 
 function logServerAddress (server, listenTextResolver) {
-  let address = server.address()
-  const isUnixSocket = typeof address === 'string'
-  /* istanbul ignore next */
+  let addresses
+  const isUnixSocket = typeof server.address() === 'string'
   if (!isUnixSocket) {
-    if (address.address.indexOf(':') === -1) {
-      address = address.address + ':' + address.port
+    if (server.address().address.indexOf(':') === -1) {
+      // IPv4
+      addresses = getAddresses(server.address()).map((address) => address + ':' + server.address().port)
     } else {
-      address = '[' + address.address + ']:' + address.port
+      // IPv6
+      addresses = ['[' + server.address().address + ']:' + server.address().port]
     }
+
+    addresses = addresses.map((address) => ('http' + (this[kOptions].https ? 's' : '') + '://') + address)
+  } else {
+    addresses = [server.address()]
   }
-  /* istanbul ignore next */
-  address = (isUnixSocket ? '' : ('http' + (this[kOptions].https ? 's' : '') + '://')) + address
 
-  const serverListeningText = listenTextResolver(address)
-  this.log.info(serverListeningText)
-  return address
+  for (const address of addresses) {
+    this.log.info(listenTextResolver(address))
+  }
+  return addresses[0]
 }
 
 function http2 () {

package/lib/warnings.js

@@ -2,16 +2,30 @@
 
 const { createDeprecation, createWarning } = require('process-warning')
 
+/**
+ * Deprecation codes:
+ *   - FSTDEP005
+ *   - FSTDEP007
+ *   - FSTDEP008
+ *   - FSTDEP009
+ *   - FSTDEP010
+ *   - FSTDEP012
+ *   - FSTDEP013
+ *   - FSTDEP015
+ *   - FSTDEP016
+ *   - FSTDEP017
+ *   - FSTDEP018
+ *   - FSTDEP019
+ *   - FSTDEP021
+ *   - FSTWRN001
+ *   - FSTSEC001
+ */
+
 const FSTDEP005 = createDeprecation({
   code: 'FSTDEP005',
   message: 'You are accessing the deprecated "request.connection" property. Use "request.socket" instead.'
 })
 
-const FSTDEP006 = createDeprecation({
-  code: 'FSTDEP006',
-  message: 'You are decorating Request/Reply with a reference type. This reference is shared amongst all requests. Use onRequest hook instead. Property: %s'
-})
-
 const FSTDEP007 = createDeprecation({
   code: 'FSTDEP007',
   message: 'You are trying to set a HEAD route using "exposeHeadRoute" route flag when a sibling route is already set. See documentation for more info.'
@@ -32,11 +46,6 @@ const FSTDEP010 = createDeprecation({
   message: 'Modifying the "reply.sent" property is deprecated. Use the "reply.hijack()" method instead.'
 })
 
-const FSTDEP011 = createDeprecation({
-  code: 'FSTDEP011',
-  message: 'Variadic listen method is deprecated. Please use ".listen(optionsObject)" instead. The variadic signature will be removed in `fastify@5`.'
-})
-
 const FSTDEP012 = createDeprecation({
   code: 'FSTDEP012',
   message: 'request.context property access is deprecated. Please use "request.routeOptions.config" or "request.routeOptions.schema" instead for accessing Route settings. The "request.context" will be removed in `fastify@5`.'
@@ -47,11 +56,6 @@ const FSTDEP013 = createDeprecation({
   message: 'Direct return of "trailers" function is deprecated. Please use "callback" or "async-await" for return value. The support of direct return will removed in `fastify@5`.'
 })
 
-const FSTDEP014 = createDeprecation({
-  code: 'FSTDEP014',
-  message: 'You are trying to set/access the default route. This property is deprecated. Please, use setNotFoundHandler if you want to custom a 404 handler or the wildcard (*) to match all routes.'
-})
-
 const FSTDEP015 = createDeprecation({
   code: 'FSTDEP015',
   message: 'You are accessing the deprecated "request.routeSchema" property. Use "request.routeOptions.schema" instead. Property "req.routeSchema" will be removed in `fastify@5`.'
@@ -77,11 +81,6 @@ const FSTDEP019 = createDeprecation({
   message: 'reply.context property access is deprecated. Please use "request.routeOptions.config" or "request.routeOptions.schema" instead for accessing Route settings. The "reply.context" will be removed in `fastify@5`.'
 })
 
-const FSTDEP020 = createDeprecation({
-  code: 'FSTDEP020',
-  message: 'You are using the deprecated "reply.getResponseTime()" method. Use the "reply.elapsedTime" property instead. Method "reply.getResponseTime()" will be removed in `fastify@5`.'
-})
-
 const FSTDEP021 = createDeprecation({
   code: 'FSTDEP021',
   message: 'The `reply.redirect()` method has a new signature: `reply.redirect(url: string, code?: number)`. It will be enforced in `fastify@v5`'
@@ -94,31 +93,27 @@ const FSTWRN001 = createWarning({
   unlimited: true
 })
 
-const FSTWRN002 = createWarning({
-  name: 'FastifyWarning',
-  code: 'FSTWRN002',
-  message: 'The %s plugin being registered mixes async and callback styles, which will result in an error in `fastify@5`',
+const FSTSEC001 = createWarning({
+  name: 'FastifySecurity',
+  code: 'FSTSEC001',
+  message: 'You are using /%s/ Content-Type which may be vulnerable to CORS attack. Please make sure your RegExp start with "^" or include ";?" to proper detection of the essence MIME type.',
   unlimited: true
 })
 
 module.exports = {
   FSTDEP005,
-  FSTDEP006,
   FSTDEP007,
   FSTDEP008,
   FSTDEP009,
   FSTDEP010,
-  FSTDEP011,
   FSTDEP012,
   FSTDEP013,
-  FSTDEP014,
   FSTDEP015,
   FSTDEP016,
   FSTDEP017,
   FSTDEP018,
   FSTDEP019,
-  FSTDEP020,
   FSTDEP021,
   FSTWRN001,
-  FSTWRN002
+  FSTSEC001
 }