fastify 5.7.0 → 5.7.2

package/.idea/fastify.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/.idea/inspectionProfiles/Project_Default.xml

@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
+  </profile>
+</component>

package/.idea/jsLibraryMappings.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <includedPredefinedLibrary name="Node.js Core" />
+  </component>
+</project>

package/.idea/jsLinters/eslint.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="EslintConfiguration">
+    <option name="fix-on-save" value="true" />
+  </component>
+</project>

package/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/fastify.iml" filepath="$PROJECT_DIR$/.idea/fastify.iml" />
+    </modules>
+  </component>
+</project>

package/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

package/LICENSE

@@ -1,9 +1,6 @@
 MIT License
 
-Copyright (c) 2016-present The Fastify Team
-
-The Fastify team members are listed at https://github.com/fastify/fastify#team
-and in the README file.
+Copyright (c) 2016-present The Fastify Team (members are listed in the README file)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/SPONSORS.md

@@ -9,7 +9,7 @@ or [GitHub Sponsors](https://github.com/sponsors/fastify)!
 
 ## Tier 4
 
-- [SerpApi](http://serpapi.com/)
+- [SerpApi](https://serpapi.com/?utm_source=fastify)
 
 ## Tier 3
 
@@ -17,7 +17,7 @@ or [GitHub Sponsors](https://github.com/sponsors/fastify)!
 - [Val Town, Inc.](https://opencollective.com/valtown)
 - [Handsontable - JavaScript Data Grid](https://handsontable.com/docs/react-data-grid/?utm_source=Fastify_GH&utm_medium=sponsorship&utm_campaign=library_sponsorship_2024)
 - [Lokalise - A Localization and Translation Software Tool](https://lokalise.com/?utm_source=Fastify_GH&utm_medium=sponsorship)
-- [Lambdatest](https://www.lambdatest.com/)
+- [TestMu AI](https://www.testmu.ai/)
 
 ## Tier 2
 

package/docs/Guides/Ecosystem.md

@@ -427,6 +427,8 @@ section.
   context to take place per API call within the Fastify lifecycle of calls.
 - [`fastify-http-errors-enhanced`](https://github.com/ShogunPanda/fastify-http-errors-enhanced)
   An error handling plugin for Fastify that uses enhanced HTTP errors.
+- [`fastify-http-exceptions`](https://github.com/bhouston/fastify-http-exceptions)
+  Typed HTTP status exceptions which are automatically converted into Fastify responses.
 - [`fastify-http2https`](https://github.com/lolo32/fastify-http2https) Redirect
   HTTP requests to HTTPS, both using the same port number, or different response
   on HTTP and HTTPS.
@@ -746,7 +748,6 @@ middlewares into Fastify plugins
 - [`typeorm-fastify-plugin`](https://github.com/jclemens24/fastify-typeorm) A simple
   and updated Typeorm plugin for use with Fastify.
 
-
 #### [Community Tools](#community-tools)
 
 - [`@fastify-userland/workflows`](https://github.com/fastify-userland/workflows)

package/docs/Guides/Plugins-Guide.md

@@ -204,12 +204,12 @@ of an *arrow function expression*.
 
 You can do the same for the `request` object:
 ```js
-fastify.decorate('getHeader', (req, header) => {
-  return req.headers[header]
+fastify.decorate('getBoolHeader', (req, name) => {
+  return req.headers[name] ?? false // We return `false` if header is missing
 })
 
 fastify.addHook('preHandler', (request, reply, done) => {
-  request.isHappy = fastify.getHeader(request.raw, 'happy')
+  request.isHappy = fastify.getBoolHeader(request, 'happy')
   done()
 })
 
@@ -219,14 +219,14 @@ fastify.get('/happiness', (request, reply) => {
 ```
 Again, it works, but it can be much better!
 ```js
-fastify.decorateRequest('setHeader', function (header) {
-  this.isHappy = this.headers[header]
+fastify.decorateRequest('setBoolHeader', function (name) {
+  this.isHappy = this.headers[name] ?? false
 })
 
 fastify.decorateRequest('isHappy', false) // This will be added to the Request object prototype, yay speed!
 
 fastify.addHook('preHandler', (request, reply, done) => {
-  request.setHeader('happy')
+  request.setBoolHeader('happy')
   done()
 })
 
@@ -337,11 +337,11 @@ fastify.register((instance, opts, done) => {
     }
   })
 
-  fastify.get('/plugin1', {config: {useUtil: true}}, (request, reply) => {
+  instance.get('/plugin1', {config: {useUtil: true}}, (request, reply) => {
     reply.send(request)
   })
 
-  fastify.get('/plugin2', (request, reply) => {
+  instance.get('/plugin2', (request, reply) => {
     reply.send(request)
   })
 

package/docs/Reference/Server.md

@@ -534,7 +534,9 @@ recommend using a custom parser to convert only the keys to lowercase.
 ```js
 const qs = require('qs')
 const fastify = require('fastify')({
-  querystringParser: str => qs.parse(str)
+  routerOptions: {
+    querystringParser: str => qs.parse(str)
+  }
 })
 ```
 
@@ -544,7 +546,9 @@ like the example below for case insensitive keys and values:
 ```js
 const querystring = require('fast-querystring')
 const fastify = require('fastify')({
-  querystringParser: str => querystring.parse(str.toLowerCase())
+  routerOptions: {
+    querystringParser: str => querystring.parse(str.toLowerCase())
+  }
 })
 ```
 

package/docs/Reference/Validation-and-Serialization.md

@@ -675,9 +675,12 @@ const schema = {
       content: {
         'application/json': {
           schema: {
-            name: { type: 'string' },
-            image: { type: 'string' },
-            address: { type: 'string' }
+            type: 'object',
+            properties: {
+              name: { type: 'string' },
+              image: { type: 'string' },
+              address: { type: 'string' }
+            }
           }
         },
         'application/vnd.v1+json': {
@@ -692,8 +695,11 @@ const schema = {
       content: {
         'application/vnd.v2+json': {
           schema: {
-            fullName: { type: 'string' },
-            phone: { type: 'string' }
+            type: 'object',
+            properties: {
+              fullName: { type: 'string' },
+              phone: { type: 'string' }
+            }
           }
         }
       }
@@ -703,7 +709,10 @@ const schema = {
         // */* is match-all content-type
         '*/*': {
           schema: {
-            desc: { type: 'string' }
+            type: 'object',
+            properties: {
+              desc: { type: 'string' }
+            }
           }
         }
       }

package/fastify.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const VERSION = '5.6.2'
+const VERSION = '5.7.2'
 
 const Avvio = require('avvio')
 const http = require('node:http')

package/lib/content-type-parser.js

@@ -3,6 +3,7 @@
 const { AsyncResource } = require('node:async_hooks')
 const { FifoMap: Fifo } = require('toad-cache')
 const { parse: secureJsonParse } = require('secure-json-parse')
+const ContentType = require('./content-type')
 const {
   kDefaultJsonParse,
   kContentTypeParser,
@@ -75,8 +76,13 @@ ContentTypeParser.prototype.add = function (contentType, opts, parserFn) {
     this.customParsers.set('', parser)
   } else {
     if (contentTypeIsString) {
-      this.parserList.unshift(contentType)
-      this.customParsers.set(contentType, parser)
+      const ct = new ContentType(contentType)
+      if (ct.isValid === false) {
+        throw new FST_ERR_CTP_INVALID_TYPE()
+      }
+      const normalizedContentType = ct.toString()
+      this.parserList.unshift(normalizedContentType)
+      this.customParsers.set(normalizedContentType, parser)
     } else {
       validateRegExp(contentType)
       this.parserRegExpList.unshift(contentType)
@@ -87,7 +93,7 @@ ContentTypeParser.prototype.add = function (contentType, opts, parserFn) {
 
 ContentTypeParser.prototype.hasParser = function (contentType) {
   if (typeof contentType === 'string') {
-    contentType = contentType.trim().toLowerCase()
+    contentType = new ContentType(contentType).toString()
   } else {
     if (!(contentType instanceof RegExp)) throw new FST_ERR_CTP_INVALID_TYPE()
     contentType = contentType.toString()
@@ -97,45 +103,49 @@ ContentTypeParser.prototype.hasParser = function (contentType) {
 }
 
 ContentTypeParser.prototype.existingParser = function (contentType) {
-  if (contentType === 'application/json' && this.customParsers.has(contentType)) {
-    return this.customParsers.get(contentType).fn !== this[kDefaultJsonParse]
-  }
-  if (contentType === 'text/plain' && this.customParsers.has(contentType)) {
-    return this.customParsers.get(contentType).fn !== defaultPlainTextParser
+  if (typeof contentType === 'string') {
+    const ct = new ContentType(contentType).toString()
+    if (contentType === 'application/json' && this.customParsers.has(contentType)) {
+      return this.customParsers.get(ct).fn !== this[kDefaultJsonParse]
+    }
+    if (contentType === 'text/plain' && this.customParsers.has(contentType)) {
+      return this.customParsers.get(ct).fn !== defaultPlainTextParser
+    }
   }
 
   return this.hasParser(contentType)
 }
 
 ContentTypeParser.prototype.getParser = function (contentType) {
-  let parser = this.customParsers.get(contentType)
-  if (parser !== undefined) return parser
-  parser = this.cache.get(contentType)
+  if (typeof contentType === 'string') {
+    contentType = new ContentType(contentType)
+  }
+  const ct = contentType.toString()
+
+  let parser = this.cache.get(ct)
   if (parser !== undefined) return parser
+  parser = this.customParsers.get(ct)
+  if (parser !== undefined) {
+    this.cache.set(ct, parser)
+    return parser
+  }
 
-  const caseInsensitiveContentType = contentType.toLowerCase()
-  for (let i = 0; i !== this.parserList.length; ++i) {
-    const parserListItem = this.parserList[i]
-    if (
-      caseInsensitiveContentType.slice(0, parserListItem.length) === parserListItem &&
-      (
-        caseInsensitiveContentType.length === parserListItem.length ||
-        caseInsensitiveContentType.charCodeAt(parserListItem.length) === 59 /* `;` */ ||
-        caseInsensitiveContentType.charCodeAt(parserListItem.length) === 32 /* ` ` */ ||
-        caseInsensitiveContentType.charCodeAt(parserListItem.length) === 9  /* `\t` */
-      )
-    ) {
-      parser = this.customParsers.get(parserListItem)
-      this.cache.set(contentType, parser)
-      return parser
-    }
+  // We have conflicting desires across our test suite. In some cases, we
+  // expect to get a parser by just passing the media-type. In others, we expect
+  // to get a parser registered under the media-type while also providing
+  // parameters. And in yet others, we expect to register a parser under the
+  // media-type and have it apply to any request with a header that starts
+  // with that type.
+  parser = this.customParsers.get(contentType.mediaType)
+  if (parser !== undefined) {
+    return parser
   }
 
   for (let j = 0; j !== this.parserRegExpList.length; ++j) {
     const parserRegExp = this.parserRegExpList[j]
-    if (parserRegExp.test(contentType)) {
+    if (parserRegExp.test(ct)) {
       parser = this.customParsers.get(parserRegExp.toString())
-      this.cache.set(contentType, parser)
+      this.cache.set(ct, parser)
       return parser
     }
   }
@@ -154,7 +164,7 @@ ContentTypeParser.prototype.remove = function (contentType) {
   let parsers
 
   if (typeof contentType === 'string') {
-    contentType = contentType.trim().toLowerCase()
+    contentType = new ContentType(contentType).toString()
     parsers = this.parserList
   } else {
     if (!(contentType instanceof RegExp)) throw new FST_ERR_CTP_INVALID_TYPE()

package/lib/content-type.js

@@ -0,0 +1,152 @@
+'use strict'
+
+/**
+ * keyValuePairsReg is used to split the parameters list into associated
+ * key value pairings.
+ *
+ * @see https://httpwg.org/specs/rfc9110.html#parameter
+ * @type {RegExp}
+ */
+const keyValuePairsReg = /([\w!#$%&'*+.^`|~-]+)=([^;]*)/gm
+
+/**
+ * typeNameReg is used to validate that the first part of the media-type
+ * does not use disallowed characters.
+ *
+ * @see https://httpwg.org/specs/rfc9110.html#rule.token.separators
+ * @type {RegExp}
+ */
+const typeNameReg = /^[\w!#$%&'*+.^`|~-]+$/
+
+/**
+ * subtypeNameReg is used to validate that the second part of the media-type
+ * does not use disallowed characters.
+ *
+ * @see https://httpwg.org/specs/rfc9110.html#rule.token.separators
+ * @type {RegExp}
+ */
+const subtypeNameReg = /^[\w!#$%&'*+.^`|~-]+\s*/
+
+/**
+ * ContentType parses and represents the value of the content-type header.
+ *
+ * @see https://httpwg.org/specs/rfc9110.html#media.type
+ * @see https://httpwg.org/specs/rfc9110.html#parameter
+ */
+class ContentType {
+  #valid = false
+  #empty = true
+  #type = ''
+  #subtype = ''
+  #parameters = new Map()
+  #string
+
+  constructor (headerValue) {
+    if (headerValue == null || headerValue === '' || headerValue === 'undefined') {
+      return
+    }
+
+    let sepIdx = headerValue.indexOf(';')
+    if (sepIdx === -1) {
+      // The value is the simplest `type/subtype` variant.
+      sepIdx = headerValue.indexOf('/')
+      if (sepIdx === -1) {
+        // Got a string without the correct `type/subtype` format.
+        return
+      }
+
+      const type = headerValue.slice(0, sepIdx).trimStart().toLowerCase()
+      const subtype = headerValue.slice(sepIdx + 1).trimEnd().toLowerCase()
+
+      if (
+        typeNameReg.test(type) === true &&
+        subtypeNameReg.test(subtype) === true
+      ) {
+        this.#valid = true
+        this.#empty = false
+        this.#type = type
+        this.#subtype = subtype
+      }
+
+      return
+    }
+
+    // We have a `type/subtype; params=list...` header value.
+    const mediaType = headerValue.slice(0, sepIdx).toLowerCase()
+    const paramsList = headerValue.slice(sepIdx + 1).trim()
+
+    sepIdx = mediaType.indexOf('/')
+    if (sepIdx === -1) {
+      // We got an invalid string like `something; params=list...`.
+      return
+    }
+    const type = mediaType.slice(0, sepIdx).trimStart()
+    const subtype = mediaType.slice(sepIdx + 1).trimEnd()
+
+    if (
+      typeNameReg.test(type) === false ||
+      subtypeNameReg.test(subtype) === false
+    ) {
+      // Some portion of the media-type is using invalid characters. Therefore,
+      // the content-type header is invalid.
+      return
+    }
+    this.#type = type
+    this.#subtype = subtype
+    this.#valid = true
+    this.#empty = false
+
+    let matches = keyValuePairsReg.exec(paramsList)
+    while (matches) {
+      const key = matches[1]
+      const value = matches[2]
+      if (value[0] === '"') {
+        if (value.at(-1) !== '"') {
+          this.#parameters.set(key, 'invalid quoted string')
+          matches = keyValuePairsReg.exec(paramsList)
+          continue
+        }
+        // We should probably verify the value matches a quoted string
+        // (https://httpwg.org/specs/rfc9110.html#rule.quoted-string) value.
+        // But we are not really doing much with the parameter values, so we
+        // are omitting that at this time.
+        this.#parameters.set(key, value.slice(1, value.length - 1))
+      } else {
+        this.#parameters.set(key, value)
+      }
+      matches = keyValuePairsReg.exec(paramsList)
+    }
+  }
+
+  get [Symbol.toStringTag] () { return 'ContentType' }
+
+  get isEmpty () { return this.#empty }
+
+  get isValid () { return this.#valid }
+
+  get mediaType () { return `${this.#type}/${this.#subtype}` }
+
+  get type () { return this.#type }
+
+  get subtype () { return this.#subtype }
+
+  get parameters () { return this.#parameters }
+
+  toString () {
+    /* c8 ignore next: we don't need to verify the cache */
+    if (this.#string) return this.#string
+    const parameters = []
+    for (const [key, value] of this.#parameters.entries()) {
+      parameters.push(`${key}="${value}"`)
+    }
+    const result = [this.#type, '/', this.#subtype]
+    if (parameters.length > 0) {
+      result.push('; ')
+      result.push(parameters.join('; '))
+    }
+    this.#string = result.join('')
+    return this.#string
+  }
+}
+
+module.exports = ContentType

package/lib/error-serializer.js

@@ -13,6 +13,20 @@
   module.exports = function anonymous(validator,serializer
 ) {
 
+    
+const {
+  asString,
+  asNumber,
+  asBoolean,
+  asDateTime,
+  asDate,
+  asTime,
+  asUnsafeString
+} = serializer
+
+const asInteger = serializer.asInteger.bind(serializer)
+
+
     const JSON_STR_BEGIN_OBJECT = '{'
     const JSON_STR_END_OBJECT = '}'
     const JSON_STR_BEGIN_ARRAY = '['
@@ -43,7 +57,7 @@ let addComma = false
       if (value !== undefined) {
         !addComma && (addComma = true) || (json += JSON_STR_COMMA)
         json += "\"statusCode\":"
-        json += serializer.asNumber(value)
+        json += asNumber(value)
       }
 
       value = obj["code"]
@@ -57,12 +71,12 @@ let addComma = false
           } else if (value instanceof Date) {
             json += JSON_STR_QUOTE + value.toISOString() + JSON_STR_QUOTE
           } else if (value instanceof RegExp) {
-            json += serializer.asString(value.source)
+            json += asString(value.source)
           } else {
-            json += serializer.asString(value.toString())
+            json += asString(value.toString())
           }
         } else {
-          json += serializer.asString(value)
+          json += asString(value)
         }
         
       }
@@ -78,12 +92,12 @@ let addComma = false
           } else if (value instanceof Date) {
             json += JSON_STR_QUOTE + value.toISOString() + JSON_STR_QUOTE
           } else if (value instanceof RegExp) {
-            json += serializer.asString(value.source)
+            json += asString(value.source)
           } else {
-            json += serializer.asString(value.toString())
+            json += asString(value.toString())
           }
         } else {
-          json += serializer.asString(value)
+          json += asString(value)
         }
         
       }
@@ -99,12 +113,12 @@ let addComma = false
           } else if (value instanceof Date) {
             json += JSON_STR_QUOTE + value.toISOString() + JSON_STR_QUOTE
           } else if (value instanceof RegExp) {
-            json += serializer.asString(value.source)
+            json += asString(value.source)
           } else {
-            json += serializer.asString(value.toString())
+            json += asString(value.toString())
           }
         } else {
-          json += serializer.asString(value)
+          json += asString(value)
         }
         
       }

package/lib/handle-request.js

@@ -1,9 +1,11 @@
 'use strict'
 
 const diagnostics = require('node:diagnostics_channel')
+const ContentType = require('./content-type')
+const wrapThenable = require('./wrap-thenable')
 const { validate: validateSchema } = require('./validation')
 const { preValidationHookRunner, preHandlerHookRunner } = require('./hooks')
-const wrapThenable = require('./wrap-thenable')
+const { FST_ERR_CTP_INVALID_MEDIA_TYPE } = require('./errors')
 const { setErrorStatusCode } = require('./error-status')
 const {
   kReplyIsError,
@@ -31,9 +33,9 @@ function handleRequest (err, request, reply) {
 
   if (this[kSupportedHTTPMethods].bodywith.has(method)) {
     const headers = request.headers
-    const contentType = headers['content-type']
+    const ctHeader = headers['content-type']
 
-    if (contentType === undefined) {
+    if (ctHeader === undefined) {
       const contentLength = headers['content-length']
       const transferEncoding = headers['transfer-encoding']
       const isEmptyBody = transferEncoding === undefined &&
@@ -49,7 +51,13 @@ function handleRequest (err, request, reply) {
       return
     }
 
-    request[kRouteContext].contentTypeParser.run(contentType, handler, request, reply)
+    const contentType = new ContentType(ctHeader)
+    if (contentType.isValid === false) {
+      reply[kReplyIsError] = true
+      reply.status(415).send(new FST_ERR_CTP_INVALID_MEDIA_TYPE())
+      return
+    }
+    request[kRouteContext].contentTypeParser.run(contentType.toString(), handler, request, reply)
     return
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify",
-  "version": "5.7.0",
+  "version": "5.7.2",
   "description": "Fast and low overhead web framework, for Node.js",
   "main": "fastify.js",
   "type": "commonjs",
@@ -12,7 +12,7 @@
     "benchmark:parser:error": "concurrently -k -s first \"node ./examples/benchmark/parser.js\" \"autocannon -c 100 -d 30 -p 10 -i ./examples/benchmark/body.json -H \"content-type:application/jsoff\" -H \"content-length:123\" -m POST localhost:3000/\"",
     "build:validation": "node build/build-error-serializer.js && node build/build-validation.js",
     "build:sync-version": "node build/sync-version.js",
-    "coverage": "c8 --reporter html borp --reporter=@jsumners/line-reporter --coverage --check-coverage --lines 100 ",
+    "coverage": "c8 --reporter html borp --reporter=@jsumners/line-reporter",
     "coverage:ci-check-coverage": "borp --reporter=@jsumners/line-reporter --coverage --check-coverage --lines 100",
     "lint": "npm run lint:eslint",
     "lint:fix": "eslint --fix",