npm - hapi-terminator - Versions diffs - 0.0.5 → 0.1.0 - Mend

hapi-terminator 0.0.5 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@ A Hapi plugin that terminates requests with payloads that exceed a specified siz
 - 🛡️ Protects against large payload attacks
 - 🔀 Different limits for registered vs unregistered routes
-- 🎯 Configurable thresholds using numbers or custom functions
+- 🎯 Per-route limit configuration
 - ⚡ Terminates connections early to save resources
 - 📦 TypeScript support included
@@ -54,39 +54,83 @@ await server.start();
 console.log('Server running on %s', server.info.uri);
 ```
-### Using Custom Functions
+### Per-Route Limits
-You can provide custom functions to determine whether a request should be terminated:
+You can override the global limits for specific routes by setting the limit in the route options:
 ```typescript
-const requestTerminateOptions: TerminatorOptions = {
-  registeredLimit: (request, size) => {
-    // Custom logic based on request properties
-    if (request.path === '/upload') {
-      return size > 10 * 1024 * 1024; // 10MB for upload route
-    }
-    return size > 500 * 1024; // 500KB for other routes
+import Hapi, { type PluginSpecificConfiguration } from '@hapi/hapi';
+import terminatorPlugin, { type TerminatorOptions, type TerminatorRouteOptions } from 'hapi-terminator';
+type RoutePluginOptions = PluginSpecificConfiguration & TerminatorRouteOptions;
+const server = Hapi.server({ port: 3000, host: '127.0.0.1' });
+await server.register({
+  plugin: terminatorPlugin,
+  options: {
+    registeredLimit: 500 * 1024, // 500KB default for registered routes
+    unregisteredLimit: 100 * 1024, // 100KB for unregistered routes
   },
-  unregisteredLimit: (request, size) => {
-    return size > 100 * 1024; // 100KB for unregistered routes
+});
+// Standard route with default limit (500KB)
+server.route({
+  method: ['GET', 'POST'],
+  path: '/',
+  handler: () => 'Hello World!',
+});
+// Upload route with higher limit (10MB)
+server.route({
+  method: ['POST'],
+  path: '/upload',
+  handler: () => ({ success: true }),
+  options: {
+    plugins: {
+      'hapi-terminator': { limit: 10 * 1024 * 1024 }, // 10MB
+    } as RoutePluginOptions,
   },
-};
+});
+// Unlimited route (disable limit for this specific route)
+server.route({
+  method: ['POST'],
+  path: '/stream',
+  handler: () => ({ success: true }),
+  options: {
+    plugins: {
+      'hapi-terminator': { limit: null }, // No limit
+    } as RoutePluginOptions,
+  },
+});
+await server.start();
 ```
 ## Configuration
 ### TerminatorOptions
-| Option              | Type                                                      | Description                                                                                                                                   |
-| ------------------- | --------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| `registeredLimit`   | `number \| ((request: Request, size: number) => boolean)` | Maximum payload size for registered routes. Can be a number in bytes or a function that returns `true` if the request should be terminated.   |
-| `unregisteredLimit` | `number \| ((request: Request, size: number) => boolean)` | Maximum payload size for unregistered routes. Can be a number in bytes or a function that returns `true` if the request should be terminated. |
+| Option              | Type     | Description                                                                                                   |
+| ------------------- | -------- | ------------------------------------------------------------------------------------------------------------- |
+| `registeredLimit`   | `number` | Maximum payload size in bytes for registered routes. Must be >= 0. Set to `null` or `undefined` to disable.   |
+| `unregisteredLimit` | `number` | Maximum payload size in bytes for unregistered routes. Must be >= 0. Set to `null` or `undefined` to disable. |
+### TerminatorRouteOptions
+You can configure per-route limits using the route options:
+| Option  | Type     | Description                                                                                                                            |
+| ------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------- |
+| `limit` | `number` | Maximum payload size in bytes for this specific route. Must be >= 0. Overrides the global `registeredLimit`. Set to `null` to disable. |
 ### Behavior
 - **Registered Routes**: When a payload exceeds the limit on a registered route, the socket is destroyed and a `413 Payload Too Large` error is thrown.
 - **Unregistered Routes**: When a payload exceeds the limit on an unregistered route, the socket is destroyed and a `404 Not Found` error is thrown.
-- **Disabled**: Set to `null`, `undefined`, or a negative number to disable termination for that category.
+- **Per-Route Limits**: Route-specific limits take precedence over global limits, allowing you to customize limits for individual routes.
+- **Disabled**: Set to `null` or `undefined` to disable termination for that category or route.
 ## How It Works

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,7 @@
-import type { Server, Request } from '@hapi/hapi';
-export type TerminatorOptions = {
-    registeredLimit?: number | ((request: Request, size: number) => boolean);
-    unregisteredLimit?: number | ((request: Request, size: number) => boolean);
-};
+import type { Server } from '@hapi/hapi';
+import { z } from 'zod/mini';
+export type TerminatorRouteOptions = z.infer<typeof TerminatorRouteOptionsSchema>;
+export type TerminatorOptions = z.infer<typeof TerminatorOptionsSchema>;
 export declare const plugin: {
     pkg: {
         name: string;
@@ -30,6 +29,7 @@ export declare const plugin: {
         };
         dependencies: {
             "@hapi/boom": string;
+            zod: string;
         };
         prettier: string;
         "lint-staged": {
@@ -54,7 +54,16 @@ export declare const plugin: {
     };
     register: typeof register;
 };
-declare function register(server: Server, options: TerminatorOptions): Promise<void>;
+declare const TerminatorRouteOptionsSchema: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniObject<{
+    "hapi-terminator": z.ZodMiniObject<{
+        limit: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>;
+    }, z.core.$strip>;
+}, z.core.$strip>>>;
+declare const TerminatorOptionsSchema: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniObject<{
+    registeredLimit: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>;
+    unregisteredLimit: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>;
+}, z.core.$strip>>>;
+declare function register(server: Server, rawOptions: TerminatorOptions): Promise<void>;
 declare const _default: {
     plugin: {
         pkg: {
@@ -83,6 +92,7 @@ declare const _default: {
             };
             dependencies: {
                 "@hapi/boom": string;
+                zod: string;
             };
             prettier: string;
             "lint-staged": {

package/dist/index.js CHANGED Viewed

@@ -1,13 +1,25 @@
+import assert from 'node:assert';
 import Boom from '@hapi/boom';
+import { z } from 'zod/mini';
 import pkg from './package.json';
+const LIMIT_OPTION_NAMES = {
+    REGISTERED: 'registeredLimit',
+    UNREGISTERED: 'unregisteredLimit',
+};
+const PACKAGE_NAME = 'hapi-terminator';
+assert(PACKAGE_NAME === pkg.name);
 export const plugin = { pkg, register };
-async function register(server, options) {
-    server.ext('onRequest', onRequest(options));
+const LimitOptionShape = z.nullish(z.number().check(z.minimum(0)));
+const TerminatorRouteOptionsSchema = z.nullish(z.object({ [PACKAGE_NAME]: z.object({ limit: LimitOptionShape }) }));
+const TerminatorOptionsSchema = z.nullish(z.object({ registeredLimit: LimitOptionShape, unregisteredLimit: LimitOptionShape }));
+async function register(server, rawOptions) {
+    const options = TerminatorOptionsSchema.parse(rawOptions);
+    const routeOptionsCache = new Map();
+    server.ext('onRequest', validateHookHandler(options, routeOptionsCache));
 }
-function onRequest(options) {
+function validateHookHandler(pluginOptions, routeOptionsCache) {
     return (request, h) => {
-        const unregisteredRouteHandler = handleUnregisteredRoute(request, h, options);
-        const registeredRouteHandler = handleRegisteredRoute(request, h, options);
+        const handler = validateRoute(request, h, pluginOptions);
         const rawContentLength = request.headers['content-length'];
         if (!rawContentLength) {
             return h.continue;
@@ -16,41 +28,47 @@ function onRequest(options) {
         if (Number.isNaN(contentLength)) {
             return h.continue;
         }
-        const matchedRoute = request.server.match(request.method, request.path);
-        if (matchedRoute != null) {
-            return registeredRouteHandler(contentLength);
+        const { route, options } = getRouteAndOptions(request, routeOptionsCache) ?? {};
+        if (route != null) {
+            return handler(contentLength, LIMIT_OPTION_NAMES.REGISTERED, options, option => {
+                throw Boom.entityTooLarge(`Payload content length greater than maximum allowed: ${option}`);
+            });
         }
-        return unregisteredRouteHandler(contentLength);
-    };
-}
-function handleUnregisteredRoute(request, h, options) {
-    return (contentLength) => {
-        if (options.unregisteredLimit == null ||
-            (typeof options.unregisteredLimit === 'number' && options.unregisteredLimit < 0)) {
-            return h.continue;
-        }
-        if ((typeof options.unregisteredLimit === 'number' && contentLength > options.unregisteredLimit) ||
-            (typeof options.unregisteredLimit === 'function' && options.unregisteredLimit(request, contentLength))) {
-            request.raw.req.socket?.destroy();
+        assert(options == null, "Unregistered routes can't have route options");
+        return handler(contentLength, LIMIT_OPTION_NAMES.UNREGISTERED, null, () => {
             throw Boom.notFound();
-        }
-        return h.continue;
+        });
     };
 }
-function handleRegisteredRoute(request, h, options) {
-    return (contentLength) => {
-        if (options.registeredLimit == null ||
-            (typeof options.registeredLimit === 'number' && options.registeredLimit < 0)) {
+function getRouteAndOptions(request, routeOptionsCache) {
+    const matchedRoute = request.server.match(request.method, request.path);
+    if (matchedRoute == null) {
+        return null;
+    }
+    const cacheKey = `${matchedRoute.method}-${matchedRoute.path}`;
+    const cachedResult = routeOptionsCache.get(cacheKey);
+    if (cachedResult != null) {
+        return { options: cachedResult, route: matchedRoute };
+    }
+    const options = getRoutePluginSettings(matchedRoute);
+    routeOptionsCache.set(cacheKey, options);
+    return { options, route: matchedRoute };
+}
+function validateRoute(request, h, options) {
+    return (contentLength, optionName, routeOptions, throwError) => {
+        const option = options?.[optionName];
+        const limit = routeOptions?.[PACKAGE_NAME]?.limit ?? option;
+        if (limit == null) {
             return h.continue;
         }
-        if ((typeof options.registeredLimit === 'number' && contentLength > options.registeredLimit) ||
-            (typeof options.registeredLimit === 'function' && options.registeredLimit(request, contentLength))) {
+        if (contentLength > limit) {
             request.raw.req.socket?.destroy();
-            throw Boom.entityTooLarge(typeof options.registeredLimit === 'number'
-                ? `Payload content length greater than maximum allowed: ${options.registeredLimit}`
-                : undefined);
+            throwError(limit);
         }
         return h.continue;
     };
 }
+function getRoutePluginSettings(matchedRoute) {
+    return TerminatorRouteOptionsSchema.safeParse(matchedRoute?.settings.plugins).data;
+}
 export default { plugin };

package/dist/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
     "main": "dist/index.js",
     "typings": "dist/index.d.ts",
     "type": "module",
-    "version": "0.0.5",
+    "version": "0.1.0",
     "license": "MIT",
     "author": {
         "name": "Kamaal Farah"
@@ -23,7 +23,8 @@
         "typescript-eslint": "^8.52.0"
     },
     "dependencies": {
-        "@hapi/boom": "^10.0.1"
+        "@hapi/boom": "^10.0.1",
+        "zod": "^4.3.5"
     },
     "prettier": "@kamaalio/prettier-config",
     "lint-staged": {

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
   "type": "module",
-  "version": "0.0.5",
+  "version": "0.1.0",
   "license": "MIT",
   "author": {
     "name": "Kamaal Farah"
@@ -23,7 +23,8 @@
     "typescript-eslint": "^8.52.0"
   },
   "dependencies": {
-    "@hapi/boom": "^10.0.1"
+    "@hapi/boom": "^10.0.1",
+    "zod": "^4.3.5"
   },
   "prettier": "@kamaalio/prettier-config",
   "lint-staged": {