fastify 5.3.3 → 5.5.0

package/lib/contentTypeParser.js

@@ -24,7 +24,8 @@ const {
   FST_ERR_CTP_INVALID_MEDIA_TYPE,
   FST_ERR_CTP_INVALID_CONTENT_LENGTH,
   FST_ERR_CTP_EMPTY_JSON_BODY,
-  FST_ERR_CTP_INSTANCE_ALREADY_STARTED
+  FST_ERR_CTP_INSTANCE_ALREADY_STARTED,
+  FST_ERR_CTP_INVALID_JSON_BODY
 } = require('./errors')
 const { FSTSEC001 } = require('./warnings')
 
@@ -174,17 +175,18 @@ ContentTypeParser.prototype.run = function (contentType, handler, request, reply
   const parser = this.getParser(contentType)
 
   if (parser === undefined) {
-    if (request.is404) {
+    if (request.is404 === true) {
       handler(request, reply)
-    } else {
-      reply.send(new FST_ERR_CTP_INVALID_MEDIA_TYPE(contentType || undefined))
+      return
     }
 
-    // Early return to avoid allocating an AsyncResource if it's not needed
+    reply[kReplyIsError] = true
+    reply.send(new FST_ERR_CTP_INVALID_MEDIA_TYPE(contentType || undefined))
     return
   }
 
   const resource = new AsyncResource('content-type-parser:run', request)
+  const done = resource.bind(onDone)
 
   if (parser.asString === true || parser.asBuffer === true) {
     rawBody(
@@ -194,48 +196,44 @@ ContentTypeParser.prototype.run = function (contentType, handler, request, reply
       parser,
       done
     )
-  } else {
-    const result = parser.fn(request, request[kRequestPayloadStream], done)
+    return
+  }
 
-    if (result && typeof result.then === 'function') {
-      result.then(body => done(null, body), done)
-    }
+  const result = parser.fn(request, request[kRequestPayloadStream], done)
+  if (result && typeof result.then === 'function') {
+    result.then(body => { done(null, body) }, done)
   }
 
-  function done (error, body) {
-    // We cannot use resource.bind() because it is broken in node v12 and v14
-    resource.runInAsyncScope(() => {
-      resource.emitDestroy()
-      if (error) {
-        reply[kReplyIsError] = true
-        reply.send(error)
-      } else {
-        request.body = body
-        handler(request, reply)
-      }
-    })
+  function onDone (error, body) {
+    resource.emitDestroy()
+    if (error != null) {
+      // We must close the connection as the client may
+      // send more data
+      reply.header('connection', 'close')
+      reply[kReplyIsError] = true
+      reply.send(error)
+      return
+    }
+    request.body = body
+    handler(request, reply)
   }
 }
 
 function rawBody (request, reply, options, parser, done) {
-  const asString = parser.asString
+  const asString = parser.asString === true
   const limit = options.limit === null ? parser.bodyLimit : options.limit
   const contentLength = Number(request.headers['content-length'])
 
   if (contentLength > limit) {
-    // We must close the connection as the client is going
-    // to send this data anyway
-    reply.header('connection', 'close')
-    reply.send(new FST_ERR_CTP_BODY_TOO_LARGE())
+    done(new FST_ERR_CTP_BODY_TOO_LARGE(), undefined)
     return
   }
 
   let receivedLength = 0
-  let body = asString === true ? '' : []
-
+  let body = asString ? '' : []
   const payload = request[kRequestPayloadStream] || request.raw
 
-  if (asString === true) {
+  if (asString) {
     payload.setEncoding('utf8')
   }
 
@@ -245,7 +243,7 @@ function rawBody (request, reply, options, parser, done) {
   payload.resume()
 
   function onData (chunk) {
-    receivedLength += chunk.length
+    receivedLength += asString ? Buffer.byteLength(chunk) : chunk.length
     const { receivedEncodedLength = 0 } = payload
     // The resulting body length must not exceed bodyLimit (see "zip bomb").
     // The case when encoded length is larger than received length is rather theoretical,
@@ -254,11 +252,11 @@ function rawBody (request, reply, options, parser, done) {
       payload.removeListener('data', onData)
       payload.removeListener('end', onEnd)
       payload.removeListener('error', onEnd)
-      reply.send(new FST_ERR_CTP_BODY_TOO_LARGE())
+      done(new FST_ERR_CTP_BODY_TOO_LARGE(), undefined)
       return
     }
 
-    if (asString === true) {
+    if (asString) {
       body += chunk
     } else {
       body.push(chunk)
@@ -270,37 +268,33 @@ function rawBody (request, reply, options, parser, done) {
     payload.removeListener('end', onEnd)
     payload.removeListener('error', onEnd)
 
-    if (err !== undefined) {
+    if (err != null) {
       if (!(typeof err.statusCode === 'number' && err.statusCode >= 400)) {
         err.statusCode = 400
       }
-      reply[kReplyIsError] = true
-      reply.code(err.statusCode).send(err)
+      done(err, undefined)
       return
     }
 
-    if (asString === true) {
-      receivedLength = Buffer.byteLength(body)
-    }
-
     if (!Number.isNaN(contentLength) && (payload.receivedEncodedLength || receivedLength) !== contentLength) {
-      reply.header('connection', 'close')
-      reply.send(new FST_ERR_CTP_INVALID_CONTENT_LENGTH())
+      done(new FST_ERR_CTP_INVALID_CONTENT_LENGTH(), undefined)
       return
     }
 
-    if (asString === false) {
+    if (!asString) {
       body = Buffer.concat(body)
     }
 
     const result = parser.fn(request, body, done)
     if (result && typeof result.then === 'function') {
-      result.then(body => done(null, body), done)
+      result.then(body => { done(null, body) }, done)
     }
   }
 }
 
 function getDefaultJsonParser (onProtoPoisoning, onConstructorPoisoning) {
+  const parseOptions = { protoAction: onProtoPoisoning, constructorAction: onConstructorPoisoning }
+
   return defaultJsonParser
 
   function defaultJsonParser (req, body, done) {
@@ -309,10 +303,9 @@ function getDefaultJsonParser (onProtoPoisoning, onConstructorPoisoning) {
       return
     }
     try {
-      done(null, secureJsonParse(body, { protoAction: onProtoPoisoning, constructorAction: onConstructorPoisoning }))
-    } catch (err) {
-      err.statusCode = 400
-      done(err, undefined)
+      done(null, secureJsonParse(body, parseOptions))
+    } catch {
+      done(new FST_ERR_CTP_INVALID_JSON_BODY(), undefined)
     }
   }
 }

package/lib/error-handler.js

@@ -39,7 +39,7 @@ function handleError (reply, error, cb) {
         if (!reply.log[kDisableRequestLogging]) {
           reply.log.warn(
             { req: reply.request, res: reply, err: error },
-            error && error.message
+            error?.message
           )
         }
         reply.raw.writeHead(reply.raw.statusCode)
@@ -89,14 +89,14 @@ function defaultErrorHandler (error, request, reply) {
     if (!reply.log[kDisableRequestLogging]) {
       reply.log.info(
         { res: reply, err: error },
-        error && error.message
+        error?.message
       )
     }
   } else {
     if (!reply.log[kDisableRequestLogging]) {
       reply.log.error(
         { req: request, res: reply, err: error },
-        error && error.message
+        error?.message
       )
     }
   }

package/lib/errors.js

@@ -64,6 +64,12 @@ const codes = {
     500,
     TypeError
   ),
+  FST_ERR_ERROR_HANDLER_ALREADY_SET: createError(
+    'FST_ERR_ERROR_HANDLER_ALREADY_SET',
+    "Error Handler already set in this scope. Set 'allowErrorHandlerOverride: true' to allow overriding.",
+    500,
+    TypeError
+  ),
 
   /**
    * ContentTypeParser
@@ -118,6 +124,11 @@ const codes = {
     "Body cannot be empty when content-type is set to 'application/json'",
     400
   ),
+  FST_ERR_CTP_INVALID_JSON_BODY: createError(
+    'FST_ERR_CTP_INVALID_JSON_BODY',
+    "Body is not valid JSON but content-type is set to 'application/json'",
+    400
+  ),
   FST_ERR_CTP_INSTANCE_ALREADY_STARTED: createError(
     'FST_ERR_CTP_INSTANCE_ALREADY_STARTED',
     'Cannot call "%s" when fastify instance is already started!',

package/lib/handleRequest.js

@@ -21,9 +21,7 @@ function handleRequest (err, request, reply) {
     return
   }
 
-  const method = request.raw.method
-  const headers = request.headers
-  const context = request[kRouteContext]
+  const method = request.method
 
   if (this[kSupportedHTTPMethods].bodyless.has(method)) {
     handler(request, reply)
@@ -31,28 +29,26 @@ function handleRequest (err, request, reply) {
   }
 
   if (this[kSupportedHTTPMethods].bodywith.has(method)) {
+    const headers = request.headers
     const contentType = headers['content-type']
-    const contentLength = headers['content-length']
-    const transferEncoding = headers['transfer-encoding']
 
     if (contentType === undefined) {
-      if (
-        (contentLength === undefined || contentLength === '0') &&
-        transferEncoding === undefined
-      ) {
+      const contentLength = headers['content-length']
+      const transferEncoding = headers['transfer-encoding']
+      const isEmptyBody = transferEncoding === undefined &&
+        (contentLength === undefined || contentLength === '0')
+
+      if (isEmptyBody) {
         // Request has no body to parse
         handler(request, reply)
-      } else {
-        context.contentTypeParser.run('', handler, request, reply)
-      }
-    } else {
-      if (contentLength === undefined && transferEncoding === undefined && method === 'OPTIONS') {
-        // OPTIONS can have a Content-Type header without a body
-        handler(request, reply)
         return
       }
-      context.contentTypeParser.run(contentType, handler, request, reply)
+
+      request[kRouteContext].contentTypeParser.run('', handler, request, reply)
+      return
     }
+
+    request[kRouteContext].contentTypeParser.run(contentType, handler, request, reply)
     return
   }
 

package/lib/pluginOverride.js

@@ -12,7 +12,8 @@ const {
   kReply,
   kRequest,
   kFourOhFour,
-  kPluginNameChain
+  kPluginNameChain,
+  kErrorHandlerAlreadySet
 } = require('./symbols.js')
 
 const Reply = require('./reply')
@@ -57,6 +58,7 @@ module.exports = function override (old, fn, opts) {
   // Track the plugin chain since the root instance.
   // When an non-encapsulated plugin is added, the chain will be updated.
   instance[kPluginNameChain] = [fnName]
+  instance[kErrorHandlerAlreadySet] = false
 
   if (instance[kLogSerializers] || opts.logSerializers) {
     instance[kLogSerializers] = Object.assign(Object.create(instance[kLogSerializers]), opts.logSerializers)

package/lib/promise.js

@@ -0,0 +1,23 @@
+'use strict'
+
+const { kTestInternals } = require('./symbols')
+
+function withResolvers () {
+  let res, rej
+  const promise = new Promise((resolve, reject) => {
+    res = resolve
+    rej = reject
+  })
+  return { promise, resolve: res, reject: rej }
+}
+
+module.exports = {
+  // TODO(20.x): remove when node@20 is not supported
+  withResolvers: typeof Promise.withResolvers === 'function'
+    ? Promise.withResolvers.bind(Promise) // Promise.withResolvers must bind to itself
+    /* c8 ignore next */
+    : withResolvers, // Tested using the kTestInternals
+  [kTestInternals]: {
+    withResolvers
+  }
+}

package/lib/reply.js

@@ -126,16 +126,16 @@ Reply.prototype.hijack = function () {
 }
 
 Reply.prototype.send = function (payload) {
-  if (this[kReplyIsRunningOnErrorHook] === true) {
+  if (this[kReplyIsRunningOnErrorHook]) {
     throw new FST_ERR_SEND_INSIDE_ONERR()
   }
 
-  if (this.sent) {
+  if (this.sent === true) {
     this.log.warn({ err: new FST_ERR_REP_ALREADY_SENT(this.request.url, this.request.method) })
     return this
   }
 
-  if (payload instanceof Error || this[kReplyIsError] === true) {
+  if (this[kReplyIsError] || payload instanceof Error) {
     this[kReplyIsError] = false
     onErrorHook(this, payload, onSendHook)
     return this
@@ -162,8 +162,8 @@ Reply.prototype.send = function (payload) {
       return this
     }
 
-    if (payload?.buffer instanceof ArrayBuffer) {
-      if (hasContentType === false) {
+    if (payload.buffer instanceof ArrayBuffer) {
+      if (!hasContentType) {
         this[kReplyHeaders]['content-type'] = CONTENT_TYPE.OCTET
       }
       const payloadToSend = Buffer.isBuffer(payload) ? payload : Buffer.from(payload.buffer, payload.byteOffset, payload.byteLength)
@@ -171,7 +171,7 @@ Reply.prototype.send = function (payload) {
       return this
     }
 
-    if (hasContentType === false && typeof payload === 'string') {
+    if (!hasContentType && typeof payload === 'string') {
       this[kReplyHeaders]['content-type'] = CONTENT_TYPE.PLAIN
       onSendHook(this, payload)
       return this
@@ -182,26 +182,24 @@ Reply.prototype.send = function (payload) {
     if (typeof payload !== 'string') {
       preSerializationHook(this, payload)
       return this
-    } else {
-      payload = this[kReplySerializer](payload)
     }
+    payload = this[kReplySerializer](payload)
 
     // The indexOf below also matches custom json mimetypes such as 'application/hal+json' or 'application/ld+json'
-  } else if (hasContentType === false || contentType.indexOf('json') > -1) {
-    if (hasContentType === false) {
+  } else if (!hasContentType || contentType.indexOf('json') !== -1) {
+    if (!hasContentType) {
       this[kReplyHeaders]['content-type'] = CONTENT_TYPE.JSON
-    } else {
+    } else if (contentType.indexOf('charset') === -1) {
       // If user doesn't set charset, we will set charset to utf-8
-      if (contentType.indexOf('charset') === -1) {
-        const customContentType = contentType.trim()
-        if (customContentType.endsWith(';')) {
-          // custom content-type is ended with ';'
-          this[kReplyHeaders]['content-type'] = `${customContentType} charset=utf-8`
-        } else {
-          this[kReplyHeaders]['content-type'] = `${customContentType}; charset=utf-8`
-        }
+      const customContentType = contentType.trim()
+      if (customContentType.endsWith(';')) {
+        // custom content-type is ended with ';'
+        this[kReplyHeaders]['content-type'] = `${customContentType} charset=utf-8`
+      } else {
+        this[kReplyHeaders]['content-type'] = `${customContentType}; charset=utf-8`
       }
     }
+
     if (typeof payload !== 'string') {
       preSerializationHook(this, payload)
       return this
@@ -215,12 +213,8 @@ Reply.prototype.send = function (payload) {
 
 Reply.prototype.getHeader = function (key) {
   key = key.toLowerCase()
-  const res = this.raw
-  let value = this[kReplyHeaders][key]
-  if (value === undefined && res.hasHeader(key)) {
-    value = res.getHeader(key)
-  }
-  return value
+  const value = this[kReplyHeaders][key]
+  return value !== undefined ? value : this.raw.getHeader(key)
 }
 
 Reply.prototype.getHeaders = function () {
@@ -315,12 +309,12 @@ Reply.prototype.removeTrailer = function (key) {
 }
 
 Reply.prototype.code = function (code) {
-  const intValue = Number(code)
-  if (isNaN(intValue) || intValue < 100 || intValue > 599) {
+  const statusCode = +code
+  if (!(statusCode >= 100 && statusCode <= 599)) {
     throw new FST_ERR_BAD_STATUS_CODE(code || String(code))
   }
 
-  this.raw.statusCode = intValue
+  this.raw.statusCode = statusCode
   this[kReplyHasStatusCode] = true
   return this
 }
@@ -500,11 +494,11 @@ function preSerializationHook (reply, payload) {
       preSerializationHookEnd
     )
   } else {
-    preSerializationHookEnd(null, reply.request, reply, payload)
+    preSerializationHookEnd(null, undefined, reply, payload)
   }
 }
 
-function preSerializationHookEnd (err, request, reply, payload) {
+function preSerializationHookEnd (err, _request, reply, payload) {
   if (err != null) {
     onErrorHook(reply, err)
     return

package/lib/request.js

@@ -188,19 +188,12 @@ Object.defineProperties(Request.prototype, {
         exposeHeadRoute: context.exposeHeadRoute,
         prefixTrailingSlash: context.prefixTrailingSlash,
         handler: context.handler,
+        config: context.config,
+        schema: context.schema,
         version
       }
 
-      Object.defineProperties(options, {
-        config: {
-          get: () => context.config
-        },
-        schema: {
-          get: () => context.schema
-        }
-      })
-
-      return Object.freeze(options)
+      return options
     }
   },
   is404: {

package/lib/route.js

@@ -29,6 +29,8 @@ const {
   FST_ERR_HOOK_INVALID_ASYNC_HANDLER
 } = require('./errors')
 
+const { FSTDEP022 } = require('./warnings')
+
 const {
   kRoutePrefix,
   kSupportedHTTPMethods,
@@ -52,6 +54,20 @@ const { buildErrorHandler } = require('./error-handler')
 const { createChildLogger } = require('./logger-factory.js')
 const { getGenReqId } = require('./reqIdGenFactory.js')
 
+const routerKeys = [
+  'allowUnsafeRegex',
+  'buildPrettyMeta',
+  'caseSensitive',
+  'constraints',
+  'defaultRoute',
+  'ignoreDuplicateSlashes',
+  'ignoreTrailingSlash',
+  'maxParamLength',
+  'onBadUrl',
+  'querystringParser',
+  'useSemicolonDelimiter'
+]
+
 function buildRouting (options) {
   const router = FindMyWay(options.config)
 
@@ -85,8 +101,8 @@ function buildRouting (options) {
 
       globalExposeHeadRoutes = options.exposeHeadRoutes
       disableRequestLogging = options.disableRequestLogging
-      ignoreTrailingSlash = options.ignoreTrailingSlash
-      ignoreDuplicateSlashes = options.ignoreDuplicateSlashes
+      ignoreTrailingSlash = options.routerOptions.ignoreTrailingSlash
+      ignoreDuplicateSlashes = options.routerOptions.ignoreDuplicateSlashes
       return503OnClosing = Object.hasOwn(options, 'return503OnClosing') ? options.return503OnClosing : true
       keepAliveConnections = fastifyArgs.keepAliveConnections
     },
@@ -572,6 +588,24 @@ function runPreParsing (err, request, reply) {
   }
 }
 
+function buildRouterOptions (options, defaultOptions) {
+  const routerOptions = options.routerOptions || Object.create(null)
+
+  const usedDeprecatedOptions = routerKeys.filter(key => Object.hasOwn(options, key))
+
+  if (usedDeprecatedOptions.length > 0) {
+    FSTDEP022(usedDeprecatedOptions.join(', '))
+  }
+
+  for (const key of routerKeys) {
+    if (!Object.hasOwn(routerOptions, key)) {
+      routerOptions[key] = options[key] ?? defaultOptions[key]
+    }
+  }
+
+  return routerOptions
+}
+
 /**
  * Used within the route handler as a `net.Socket.close` event handler.
  * The purpose is to remove a socket from the tracked sockets collection when
@@ -583,4 +617,4 @@ function removeTrackedSocket () {
 
 function noop () { }
 
-module.exports = { buildRouting, validateBodyLimitOption }
+module.exports = { buildRouting, validateBodyLimitOption, buildRouterOptions }

package/lib/server.js

@@ -14,6 +14,7 @@ const {
   FST_ERR_REOPENED_SERVER,
   FST_ERR_LISTEN_OPTIONS_INVALID
 } = require('./errors')
+const PonyPromise = require('./promise')
 
 module.exports.createServer = createServer
 
@@ -41,10 +42,14 @@ function createServer (options, httpHandler) {
         throw new FST_ERR_LISTEN_OPTIONS_INVALID('Invalid options.signal')
       }
 
-      if (listenOptions.signal.aborted) {
-        this.close()
+      // copy the current signal state
+      this[kState].aborted = listenOptions.signal.aborted
+
+      if (this[kState].aborted) {
+        return this.close()
       } else {
         const onAborted = () => {
+          this[kState].aborted = true
           this.close()
         }
         listenOptions.signal.addEventListener('abort', onAborted, { once: true })
@@ -99,18 +104,18 @@ function createServer (options, httpHandler) {
     if (cb === undefined) {
       const listening = listenPromise.call(this, server, listenOptions)
       return listening.then(address => {
-        return new Promise((resolve, reject) => {
-          if (host === 'localhost') {
-            multipleBindings.call(this, server, httpHandler, options, listenOptions, () => {
-              this[kState].listening = true
-              resolve(address)
-              onListenHookRunner(this)
-            })
-          } else {
+        const { promise, resolve } = PonyPromise.withResolvers()
+        if (host === 'localhost') {
+          multipleBindings.call(this, server, httpHandler, options, listenOptions, () => {
+            this[kState].listening = true
             resolve(address)
             onListenHookRunner(this)
-          }
-        })
+          })
+        } else {
+          resolve(address)
+          onListenHookRunner(this)
+        }
+        return promise
       })
     }
 
@@ -126,7 +131,7 @@ function multipleBindings (mainServer, httpHandler, serverOpts, listenOptions, o
 
   // let's check if we need to bind additional addresses
   dns.lookup(listenOptions.host, { all: true }, (dnsErr, addresses) => {
-    if (dnsErr) {
+    if (dnsErr || this[kState].aborted) {
       // not blocking the main server listening
       // this.log.warn('dns.lookup error:', dnsErr)
       onListen()
@@ -239,35 +244,31 @@ function listenPromise (server, listenOptions) {
   }
 
   return this.ready().then(() => {
-    let errEventHandler
-    let listeningEventHandler
+    // skip listen when aborted during ready
+    if (this[kState].aborted) return
+
+    const { promise, resolve, reject } = PonyPromise.withResolvers()
+
+    const errEventHandler = (err) => {
+      cleanup()
+      this[kState].listening = false
+      reject(err)
+    }
+    const listeningEventHandler = () => {
+      cleanup()
+      this[kState].listening = true
+      resolve(logServerAddress.call(this, server, listenOptions.listenTextResolver || defaultResolveServerListeningText))
+    }
     function cleanup () {
       server.removeListener('error', errEventHandler)
       server.removeListener('listening', listeningEventHandler)
     }
-    const errEvent = new Promise((resolve, reject) => {
-      errEventHandler = (err) => {
-        cleanup()
-        this[kState].listening = false
-        reject(err)
-      }
-      server.once('error', errEventHandler)
-    })
-    const listeningEvent = new Promise((resolve, reject) => {
-      listeningEventHandler = () => {
-        cleanup()
-        this[kState].listening = true
-        resolve(logServerAddress.call(this, server, listenOptions.listenTextResolver || defaultResolveServerListeningText))
-      }
-      server.once('listening', listeningEventHandler)
-    })
+    server.once('error', errEventHandler)
+    server.once('listening', listeningEventHandler)
 
     server.listen(listenOptions)
 
-    return Promise.race([
-      errEvent, // e.g invalid port range error is always emitted before the server listening
-      listeningEvent
-    ])
+    return promise
   })
 }
 

package/lib/symbols.js

@@ -56,6 +56,7 @@ const keys = {
   // This symbol is only meant to be used for fastify tests and should not be used for any other purpose
   kTestInternals: Symbol('fastify.testInternals'),
   kErrorHandler: Symbol('fastify.errorHandler'),
+  kErrorHandlerAlreadySet: Symbol('fastify.errorHandlerAlreadySet'),
   kChildLoggerFactory: Symbol('fastify.childLoggerFactory'),
   kHasBeenDecorated: Symbol('fastify.hasBeenDecorated'),
   kKeepAliveConnections: Symbol('fastify.keepAliveConnections'),