npm - fastify - Versions diffs - 5.3.3 → 5.5.0 - Mend

fastify 5.3.3 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.vscode/settings.json +15 -15
package/LICENSE +1 -1
package/README.md +2 -0
package/SECURITY.md +158 -2
package/build/build-validation.js +20 -1
package/docs/Guides/Delay-Accepting-Requests.md +8 -5
package/docs/Guides/Ecosystem.md +20 -5
package/docs/Guides/Migration-Guide-V5.md +6 -10
package/docs/Guides/Recommendations.md +1 -1
package/docs/Reference/ContentTypeParser.md +1 -1
package/docs/Reference/Errors.md +5 -3
package/docs/Reference/Hooks.md +16 -20
package/docs/Reference/Lifecycle.md +2 -2
package/docs/Reference/Logging.md +3 -3
package/docs/Reference/Middleware.md +1 -1
package/docs/Reference/Reply.md +8 -8
package/docs/Reference/Request.md +2 -2
package/docs/Reference/Routes.md +7 -6
package/docs/Reference/Server.md +341 -200
package/docs/Reference/TypeScript.md +1 -3
package/docs/Reference/Validation-and-Serialization.md +56 -4
package/docs/Reference/Warnings.md +2 -1
package/fastify.d.ts +4 -3
package/fastify.js +47 -34
package/lib/configValidator.js +196 -28
package/lib/contentTypeParser.js +41 -48
package/lib/error-handler.js +3 -3
package/lib/errors.js +11 -0
package/lib/handleRequest.js +13 -17
package/lib/pluginOverride.js +3 -1
package/lib/promise.js +23 -0
package/lib/reply.js +24 -30
package/lib/request.js +3 -10
package/lib/route.js +37 -3
package/lib/server.js +36 -35
package/lib/symbols.js +1 -0
package/lib/warnings.js +19 -1
package/package.json +14 -10
package/test/404s.test.js +226 -325
package/test/allow-unsafe-regex.test.js +19 -48
package/test/als.test.js +28 -40
package/test/async-await.test.js +84 -128
package/test/async_hooks.test.js +18 -37
package/test/body-limit.test.js +90 -63
package/test/buffer.test.js +22 -0
package/test/build-certificate.js +1 -1
package/test/case-insensitive.test.js +44 -65
package/test/check.test.js +17 -21
package/test/close-pipelining.test.js +24 -15
package/test/constrained-routes.test.js +231 -0
package/test/custom-http-server.test.js +7 -15
package/test/custom-parser-async.test.js +17 -22
package/test/custom-parser.0.test.js +267 -348
package/test/custom-parser.1.test.js +141 -191
package/test/custom-parser.2.test.js +34 -44
package/test/custom-parser.3.test.js +56 -104
package/test/custom-parser.4.test.js +106 -144
package/test/custom-parser.5.test.js +56 -75
package/test/custom-querystring-parser.test.js +51 -77
package/test/decorator-namespace.test._js_ +3 -4
package/test/decorator.test.js +76 -259
package/test/delete.test.js +101 -110
package/test/diagnostics-channel/404.test.js +7 -15
package/test/diagnostics-channel/async-delay-request.test.js +7 -16
package/test/diagnostics-channel/async-request.test.js +8 -16
package/test/diagnostics-channel/error-request.test.js +7 -15
package/test/diagnostics-channel/sync-delay-request.test.js +7 -16
package/test/diagnostics-channel/sync-request-reply.test.js +9 -16
package/test/diagnostics-channel/sync-request.test.js +9 -16
package/test/fastify-instance.test.js +1 -1
package/test/header-overflow.test.js +18 -29
package/test/helper.js +139 -135
package/test/hooks-async.test.js +259 -235
package/test/hooks.test.js +951 -996
package/test/http-methods/copy.test.js +14 -19
package/test/http-methods/get.test.js +131 -143
package/test/http-methods/head.test.js +53 -84
package/test/http-methods/lock.test.js +31 -31
package/test/http-methods/mkcalendar.test.js +45 -72
package/test/http-methods/mkcol.test.js +5 -9
package/test/http-methods/move.test.js +6 -10
package/test/http-methods/propfind.test.js +34 -44
package/test/http-methods/proppatch.test.js +23 -29
package/test/http-methods/report.test.js +44 -69
package/test/http-methods/search.test.js +67 -82
package/test/http-methods/unlock.test.js +5 -9
package/test/http2/closing.test.js +38 -20
package/test/http2/secure-with-fallback.test.js +31 -28
package/test/https/custom-https-server.test.js +9 -13
package/test/https/https.test.js +56 -53
package/test/input-validation.js +139 -150
package/test/internals/errors.test.js +50 -1
package/test/internals/handle-request.test.js +72 -65
package/test/internals/promise.test.js +63 -0
package/test/internals/reply.test.js +277 -496
package/test/issue-4959.test.js +12 -3
package/test/listen.4.test.js +31 -43
package/test/nullable-validation.test.js +33 -46
package/test/output-validation.test.js +24 -26
package/test/plugin.1.test.js +40 -68
package/test/plugin.2.test.js +108 -120
package/test/plugin.3.test.js +50 -72
package/test/plugin.4.test.js +124 -119
package/test/promises.test.js +42 -63
package/test/proto-poisoning.test.js +78 -97
package/test/register.test.js +8 -18
package/test/request-error.test.js +57 -146
package/test/request-id.test.js +30 -49
package/test/route-hooks.test.js +117 -101
package/test/route-prefix.test.js +194 -133
package/test/route-shorthand.test.js +9 -27
package/test/route.1.test.js +74 -131
package/test/route.8.test.js +9 -17
package/test/router-options.test.js +450 -0
package/test/schema-serialization.test.js +177 -154
package/test/schema-special-usage.test.js +165 -132
package/test/schema-validation.test.js +254 -218
package/test/server.test.js +143 -5
package/test/set-error-handler.test.js +58 -1
package/test/skip-reply-send.test.js +64 -69
package/test/stream.1.test.js +33 -50
package/test/stream.4.test.js +18 -28
package/test/stream.5.test.js +11 -19
package/test/trust-proxy.test.js +32 -58
package/test/types/errors.test-d.ts +13 -1
package/test/types/fastify.test-d.ts +3 -0
package/test/types/request.test-d.ts +1 -0
package/test/types/type-provider.test-d.ts +55 -0
package/test/url-rewriting.test.js +45 -62
package/test/use-semicolon-delimiter.test.js +117 -59
package/test/versioned-routes.test.js +39 -56
package/types/errors.d.ts +11 -1
package/types/hooks.d.ts +1 -1
package/types/instance.d.ts +1 -1
package/types/reply.d.ts +2 -2
package/types/request.d.ts +1 -0
package/.taprc +0 -7

package/test/constrained-routes.test.js CHANGED Viewed

@@ -905,3 +905,234 @@ test('Allow regex constraints in routes', async t => {
     t.assert.strictEqual(res.statusCode, 404)
   }
 })
+test('Should allow registering custom rotuerOptions constrained routes', async t => {
+  t.plan(5)
+  const constraint = {
+    name: 'secret',
+    storage: function () {
+      const secrets = {}
+      return {
+        get: (secret) => { return secrets[secret] || null },
+        set: (secret, store) => { secrets[secret] = store }
+      }
+    },
+    deriveConstraint: (req, ctx) => {
+      return req.headers['x-secret']
+    },
+    validate () { return true }
+  }
+  const fastify = Fastify({ routerOptions: { constraints: { secret: constraint } } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'alpha' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from alpha' })
+    }
+  })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'beta' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from beta' })
+    }
+  })
+  {
+    const res = await fastify.inject({
+      method: 'GET',
+      url: '/',
+      headers: {
+        'X-Secret': 'alpha'
+      }
+    })
+    t.assert.deepStrictEqual(JSON.parse(res.payload), { hello: 'from alpha' })
+    t.assert.strictEqual(res.statusCode, 200)
+  }
+  {
+    const res = await fastify.inject({
+      method: 'GET',
+      url: '/',
+      headers: {
+        'X-Secret': 'beta'
+      }
+    })
+    t.assert.deepStrictEqual(JSON.parse(res.payload), { hello: 'from beta' })
+    t.assert.strictEqual(res.statusCode, 200)
+  }
+  {
+    const res = await fastify.inject({
+      method: 'GET',
+      url: '/',
+      headers: {
+        'X-Secret': 'gamma'
+      }
+    })
+    t.assert.strictEqual(res.statusCode, 404)
+  }
+})
+test('Custom rotuerOptions constrained routes registered also for HEAD method generated by fastify', (t, done) => {
+  t.plan(3)
+  const constraint = {
+    name: 'secret',
+    storage: function () {
+      const secrets = {}
+      return {
+        get: (secret) => { return secrets[secret] || null },
+        set: (secret, store) => { secrets[secret] = store }
+      }
+    },
+    deriveConstraint: (req, ctx) => {
+      return req.headers['x-secret']
+    },
+    validate () { return true }
+  }
+  const fastify = Fastify({ routerOptions: { constraints: { secret: constraint } } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'mySecret' },
+    handler: (req, reply) => {
+      reply.send('from mySecret - my length is 31')
+    }
+  })
+  fastify.inject({
+    method: 'HEAD',
+    url: '/',
+    headers: {
+      'X-Secret': 'mySecret'
+    }
+  }, (err, res) => {
+    t.assert.ifError(err)
+    t.assert.deepStrictEqual(res.headers['content-length'], '31')
+    t.assert.strictEqual(res.statusCode, 200)
+    done()
+  })
+})
+test('allow async rotuerOptions constraints', async (t) => {
+  t.plan(5)
+  const constraint = {
+    name: 'secret',
+    storage: function () {
+      const secrets = {}
+      return {
+        get: (secret) => { return secrets[secret] || null },
+        set: (secret, store) => { secrets[secret] = store }
+      }
+    },
+    deriveConstraint: (req, ctx, done) => {
+      done(null, req.headers['x-secret'])
+    },
+    validate () { return true }
+  }
+  const fastify = Fastify({ routerOptions: { constraints: { secret: constraint } } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'alpha' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from alpha' })
+    }
+  })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'beta' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from beta' })
+    }
+  })
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'alpha' } })
+    t.assert.deepStrictEqual(JSON.parse(payload), { hello: 'from alpha' })
+    t.assert.strictEqual(statusCode, 200)
+  }
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'beta' } })
+    t.assert.deepStrictEqual(JSON.parse(payload), { hello: 'from beta' })
+    t.assert.strictEqual(statusCode, 200)
+  }
+  {
+    const { statusCode } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'gamma' } })
+    t.assert.strictEqual(statusCode, 404)
+  }
+})
+test('error in async rotuerOptions constraints', async (t) => {
+  t.plan(8)
+  const constraint = {
+    name: 'secret',
+    storage: function () {
+      const secrets = {}
+      return {
+        get: (secret) => { return secrets[secret] || null },
+        set: (secret, store) => { secrets[secret] = store }
+      }
+    },
+    deriveConstraint: (req, ctx, done) => {
+      done(Error('kaboom'))
+    },
+    validate () { return true }
+  }
+  const fastify = Fastify({ routerOptions: { constraints: { secret: constraint } } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'alpha' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from alpha' })
+    }
+  })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    constraints: { secret: 'beta' },
+    handler: (req, reply) => {
+      reply.send({ hello: 'from beta' })
+    }
+  })
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'alpha' } })
+    t.assert.deepStrictEqual(JSON.parse(payload), { error: 'Internal Server Error', message: 'Unexpected error from async constraint', statusCode: 500 })
+    t.assert.strictEqual(statusCode, 500)
+  }
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'beta' } })
+    t.assert.deepStrictEqual(JSON.parse(payload), { error: 'Internal Server Error', message: 'Unexpected error from async constraint', statusCode: 500 })
+    t.assert.strictEqual(statusCode, 500)
+  }
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/', headers: { 'X-Secret': 'gamma' } })
+    t.assert.deepStrictEqual(JSON.parse(payload), { error: 'Internal Server Error', message: 'Unexpected error from async constraint', statusCode: 500 })
+    t.assert.strictEqual(statusCode, 500)
+  }
+  {
+    const { statusCode, payload } = await fastify.inject({ method: 'GET', path: '/' })
+    t.assert.deepStrictEqual(JSON.parse(payload), { error: 'Internal Server Error', message: 'Unexpected error from async constraint', statusCode: 500 })
+    t.assert.strictEqual(statusCode, 500)
+  }
+})

package/test/custom-http-server.test.js CHANGED Viewed

@@ -3,7 +3,6 @@
 const { test } = require('node:test')
 const http = require('node:http')
 const dns = require('node:dns').promises
-const sget = require('simple-get').concat
 const Fastify = require('..')
 const { FST_ERR_FORCE_CLOSE_CONNECTIONS_IDLE_NOT_AVAILABLE } = require('../lib/errors')
@@ -11,7 +10,7 @@ async function setup () {
   const localAddresses = await dns.lookup('localhost', { all: true })
   test('Should support a custom http server', { skip: localAddresses.length < 1 }, async t => {
-    t.plan(4)
+    t.plan(5)
     const fastify = Fastify({
       serverFactory: (handler, opts) => {
@@ -34,20 +33,13 @@ async function setup () {
     await fastify.listen({ port: 0 })
-    await new Promise((resolve, reject) => {
-      sget({
-        method: 'GET',
-        url: 'http://localhost:' + fastify.server.address().port,
-        rejectUnauthorized: false
-      }, (err, response, body) => {
-        if (err) {
-          return reject(err)
-        }
-        t.assert.strictEqual(response.statusCode, 200)
-        t.assert.deepStrictEqual(JSON.parse(body), { hello: 'world' })
-        resolve()
-      })
+    const response = await fetch('http://localhost:' + fastify.server.address().port, {
+      method: 'GET'
     })
+    t.assert.ok(response.ok)
+    t.assert.strictEqual(response.status, 200)
+    const body = await response.text()
+    t.assert.deepStrictEqual(JSON.parse(body), { hello: 'world' })
   })
   test('Should not allow forceCloseConnection=idle if the server does not support closeIdleConnections', t => {

package/test/custom-parser-async.test.js CHANGED Viewed

@@ -1,7 +1,6 @@
 'use strict'
 const { test } = require('node:test')
-const sget = require('simple-get').concat
 const Fastify = require('../fastify')
 process.removeAllListeners('warning')
@@ -24,41 +23,37 @@ test('contentTypeParser should add a custom async parser', async t => {
   })
   t.after(() => fastify.close())
-  await fastify.listen({ port: 0 })
+  const fastifyServer = await fastify.listen({ port: 0 })
-  await t.test('in POST', (t, done) => {
+  await t.test('in POST', async t => {
     t.plan(3)
-    sget({
+    const result = await fetch(fastifyServer, {
       method: 'POST',
-      url: 'http://localhost:' + fastify.server.address().port,
-      body: '{"hello":"world"}',
       headers: {
         'Content-Type': 'application/jsoff'
-      }
-    }, (err, response, body) => {
-      t.assert.ifError(err)
-      t.assert.strictEqual(response.statusCode, 200)
-      t.assert.deepStrictEqual(body.toString(), JSON.stringify({ hello: 'world' }))
-      done()
+      },
+      body: '{"hello":"world"}'
     })
+    t.assert.ok(result.ok)
+    t.assert.strictEqual(result.status, 200)
+    t.assert.deepStrictEqual(await result.json(), { hello: 'world' })
   })
-  await t.test('in OPTIONS', (t, done) => {
+  await t.test('in OPTIONS', async t => {
     t.plan(3)
-    sget({
+    const result = await fetch(fastifyServer, {
       method: 'OPTIONS',
-      url: 'http://localhost:' + fastify.server.address().port,
-      body: '{"hello":"world"}',
       headers: {
         'Content-Type': 'application/jsoff'
-      }
-    }, (err, response, body) => {
-      t.assert.ifError(err)
-      t.assert.strictEqual(response.statusCode, 200)
-      t.assert.deepStrictEqual(body.toString(), JSON.stringify({ hello: 'world' }))
-      done()
+      },
+      body: '{"hello":"world"}'
     })
+    t.assert.ok(result.ok)
+    t.assert.strictEqual(result.status, 200)
+    t.assert.deepStrictEqual(await result.json(), { hello: 'world' })
   })
 })