fastify 4.29.0 → 4.29.1

package/fastify.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const VERSION = '4.29.0'
+const VERSION = '4.29.1'
 
 const Avvio = require('avvio')
 const http = require('node:http')

package/lib/validation.js

@@ -155,7 +155,7 @@ function validate (context, request, execution) {
       validatorFunction = context[bodySchema]
     } else if (context[bodySchema]) {
       // TODO: add request.contentType and reuse it here
-      const contentType = request.headers['content-type']?.split(';', 1)[0]
+      const contentType = getEssenceMediaType(request.headers['content-type'])
       const contentSchema = context[bodySchema][contentType]
       if (contentSchema) {
         validatorFunction = contentSchema
@@ -254,6 +254,16 @@ function wrapValidationError (result, dataVar, schemaErrorFormatter) {
   return error
 }
 
+/**
+ * simple function to retrieve the essence media type
+ * @param {string} header
+ * @returns {string} Mimetype string.
+ */
+function getEssenceMediaType (header) {
+  if (!header) return ''
+  return header.split(/[ ;]/, 1)[0].trim().toLowerCase()
+}
+
 module.exports = {
   symbols: { bodySchema, querystringSchema, responseSchema, paramsSchema, headersSchema },
   compileSchemasForValidation,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify",
-  "version": "4.29.0",
+  "version": "4.29.1",
   "description": "Fast and low overhead web framework, for Node.js",
   "main": "fastify.js",
   "type": "commonjs",

package/test/schema-validation.test.js

@@ -2,6 +2,7 @@
 
 const { test } = require('tap')
 const Fastify = require('..')
+const { request, Agent } = require('undici')
 
 const AJV = require('ajv')
 const Schema = require('fluent-json-schema')
@@ -1285,3 +1286,144 @@ test('Custom validator builder override by custom validator compiler in child in
   })
   t.equal(two.statusCode, 200)
 })
+
+test('Schema validation when no content type is provided', async t => {
+  // this case should not be happened in normal use-case,
+  // it is added for the completeness of code branch
+  const fastify = Fastify()
+
+  fastify.post('/', {
+    schema: {
+      body: {
+        content: {
+          'application/json': {
+            schema: {
+              type: 'object',
+              properties: {
+                foo: { type: 'string' }
+              },
+              required: ['foo'],
+              additionalProperties: false
+            }
+          }
+        }
+      }
+    },
+    preValidation: async (request) => {
+      request.headers['content-type'] = undefined
+    }
+  }, async () => 'ok')
+
+  await fastify.ready()
+
+  const invalid = await fastify.inject({
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: { invalid: 'string' }
+  })
+  t.equal(invalid.statusCode, 200)
+})
+
+test('Schema validation will not be bypass by different content type', async t => {
+  t.plan(10)
+
+  const fastify = Fastify()
+
+  fastify.post('/', {
+    schema: {
+      body: {
+        content: {
+          'application/json': {
+            schema: {
+              type: 'object',
+              properties: {
+                foo: { type: 'string' }
+              },
+              required: ['foo'],
+              additionalProperties: false
+            }
+          }
+        }
+      }
+    }
+  }, async () => 'ok')
+
+  await fastify.listen({ port: 0 })
+  t.teardown(() => fastify.close())
+  const address = fastify.listeningOrigin
+
+  const correct1 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: JSON.stringify({ foo: 'string' })
+  })
+  t.equal(correct1.statusCode, 200)
+  await correct1.body.dump()
+
+  const correct2 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'application/json; charset=utf-8'
+    },
+    body: JSON.stringify({ foo: 'string' })
+  })
+  t.equal(correct2.statusCode, 200)
+  await correct2.body.dump()
+
+  const invalid1 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'application/json ;'
+    },
+    body: JSON.stringify({ invalid: 'string' })
+  })
+  t.equal(invalid1.statusCode, 415)
+  t.equal((await invalid1.body.json()).code, 'FST_ERR_CTP_INVALID_MEDIA_TYPE')
+
+  const invalid2 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'ApPlIcAtIoN/JsOn;'
+    },
+    body: JSON.stringify({ invalid: 'string' })
+  })
+  t.equal(invalid2.statusCode, 415)
+  t.equal((await invalid2.body.json()).code, 'FST_ERR_CTP_INVALID_MEDIA_TYPE')
+
+  const invalid3 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'ApPlIcAtIoN/JsOn ;'
+    },
+    body: JSON.stringify({ invalid: 'string' })
+  })
+  t.equal(invalid3.statusCode, 415)
+  t.equal((await invalid3.body.json()).code, 'FST_ERR_CTP_INVALID_MEDIA_TYPE')
+
+  const invalid4 = await request(address, {
+    dispatcher: new Agent({ pipelining: 0 }),
+    method: 'POST',
+    url: '/',
+    headers: {
+      'content-type': 'ApPlIcAtIoN/JsOn foo;'
+    },
+    body: JSON.stringify({ invalid: 'string' })
+  })
+  t.equal(invalid4.statusCode, 415)
+  t.equal((await invalid4.body.json()).code, 'FST_ERR_CTP_INVALID_MEDIA_TYPE')
+})