npm - hapi-terminator - Versions diffs - 0.1.0 → 0.3.0 - Mend

hapi-terminator 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # hapi-terminator
-A Hapi plugin that terminates requests with payloads that exceed a specified size limit. This plugin helps protect your server from excessively large payloads by destroying the socket connection before the entire payload is processed.
+A Hapi plugin that terminates requests with payloads that exceed a specified size limit. This plugin helps protect your server from excessively large payloads by gracefully ending the socket connection before the entire payload is processed.
 ## Features
@@ -108,14 +108,56 @@ server.route({
 await server.start();
 ```
+### Boolean Limits for Unregistered Routes
+You can use boolean values for `unregisteredLimit` to control unregistered route behavior:
+```typescript
+import Hapi from '@hapi/hapi';
+import terminatorPlugin, { type TerminatorOptions } from 'hapi-terminator';
+const server = Hapi.server({ port: 3000, host: '127.0.0.1' });
+// Reject all unregistered routes immediately
+await server.register({
+  plugin: terminatorPlugin,
+  options: {
+    registeredLimit: 1024 * 1024, // 1MB for registered routes
+    unregisteredLimit: true, // Immediately reject all unregistered routes
+  },
+});
+// This route will work normally
+server.route({
+  method: ['POST'],
+  path: '/api/data',
+  handler: () => ({ success: true }),
+});
+// Any request to unregistered routes (e.g., /unknown) will be rejected immediately
+await server.start();
+```
+You can also set `unregisteredLimit` to `false` to bypass payload size checks for unregistered routes:
+```typescript
+await server.register({
+  plugin: terminatorPlugin,
+  options: {
+    registeredLimit: 500 * 1024, // 500KB for registered routes
+    unregisteredLimit: false, // Bypass payload size checks for unregistered routes
+  },
+});
+```
 ## Configuration
 ### TerminatorOptions
-| Option              | Type     | Description                                                                                                   |
-| ------------------- | -------- | ------------------------------------------------------------------------------------------------------------- |
-| `registeredLimit`   | `number` | Maximum payload size in bytes for registered routes. Must be >= 0. Set to `null` or `undefined` to disable.   |
-| `unregisteredLimit` | `number` | Maximum payload size in bytes for unregistered routes. Must be >= 0. Set to `null` or `undefined` to disable. |
+| Option              | Type                | Description                                                                                                                                                                                                   |
+| ------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `registeredLimit`   | `number`            | Maximum payload size in bytes for registered routes. Must be >= 0. Set to `null` or `undefined` to disable.                                                                                                   |
+| `unregisteredLimit` | `number \| boolean` | Maximum payload size in bytes for unregistered routes. Must be >= 0. Set to `null` or `undefined` to disable. Set to `true` to reject all requests immediately. Set to `false` to bypass payload size checks. |
 ### TerminatorRouteOptions
@@ -127,17 +169,20 @@ You can configure per-route limits using the route options:
 ### Behavior
-- **Registered Routes**: When a payload exceeds the limit on a registered route, the socket is destroyed and a `413 Payload Too Large` error is thrown.
-- **Unregistered Routes**: When a payload exceeds the limit on an unregistered route, the socket is destroyed and a `404 Not Found` error is thrown.
+- **Registered Routes**: When a payload exceeds the limit on a registered route, the socket is gracefully ended and a `413 Payload Too Large` error is returned.
+- **Unregistered Routes**: When a payload exceeds the limit on an unregistered route, the socket is gracefully ended and a `404 Not Found` error is returned.
 - **Per-Route Limits**: Route-specific limits take precedence over global limits, allowing you to customize limits for individual routes.
 - **Disabled**: Set to `null` or `undefined` to disable termination for that category or route.
+- **Boolean Values for Unregistered Routes**:
+  - Set `unregisteredLimit` to `true` to immediately reject all unregistered route requests regardless of Content-Length (even 0 bytes).
+  - Set `unregisteredLimit` to `false` to bypass payload size checks for unregistered route requests (they will still receive 404 responses).
 ## How It Works
 The plugin hooks into Hapi's `onRequest` extension point and checks the `Content-Length` header of incoming requests. If the content length exceeds the configured threshold:
-1. The socket connection is immediately destroyed
-2. An appropriate error response is thrown (413 for registered routes, 404 for unregistered routes)
+1. An appropriate error response is returned (413 for registered routes, 404 for unregistered routes)
+2. The socket connection is gracefully ended after the response is sent
 3. No further processing occurs, saving server resources
 ## License

package/dist/index.d.ts CHANGED Viewed

@@ -28,7 +28,6 @@ export declare const plugin: {
             "typescript-eslint": string;
         };
         dependencies: {
-            "@hapi/boom": string;
             zod: string;
         };
         prettier: string;
@@ -61,7 +60,7 @@ declare const TerminatorRouteOptionsSchema: z.ZodMiniOptional<z.ZodMiniNullable<
 }, z.core.$strip>>>;
 declare const TerminatorOptionsSchema: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniObject<{
     registeredLimit: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>;
-    unregisteredLimit: z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>;
+    unregisteredLimit: z.ZodMiniUnion<readonly [z.ZodMiniOptional<z.ZodMiniNullable<z.ZodMiniNumber<number>>>, z.ZodMiniBoolean<boolean>]>;
 }, z.core.$strip>>>;
 declare function register(server: Server, rawOptions: TerminatorOptions): Promise<void>;
 declare const _default: {
@@ -91,7 +90,6 @@ declare const _default: {
                 "typescript-eslint": string;
             };
             dependencies: {
-                "@hapi/boom": string;
                 zod: string;
             };
             prettier: string;

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,4 @@
 import assert from 'node:assert';
-import Boom from '@hapi/boom';
 import { z } from 'zod/mini';
 import pkg from './package.json';
 const LIMIT_OPTION_NAMES = {
@@ -9,9 +8,11 @@ const LIMIT_OPTION_NAMES = {
 const PACKAGE_NAME = 'hapi-terminator';
 assert(PACKAGE_NAME === pkg.name);
 export const plugin = { pkg, register };
-const LimitOptionShape = z.nullish(z.number().check(z.minimum(0)));
-const TerminatorRouteOptionsSchema = z.nullish(z.object({ [PACKAGE_NAME]: z.object({ limit: LimitOptionShape }) }));
-const TerminatorOptionsSchema = z.nullish(z.object({ registeredLimit: LimitOptionShape, unregisteredLimit: LimitOptionShape }));
+const TerminatorRouteOptionsSchema = z.nullish(z.object({ [PACKAGE_NAME]: z.object({ limit: z.nullish(z.number().check(z.minimum(0))) }) }));
+const TerminatorOptionsSchema = z.nullish(z.object({
+    registeredLimit: z.nullish(z.number().check(z.minimum(0))),
+    unregisteredLimit: z.union([z.nullish(z.number().check(z.minimum(0))), z.boolean()]),
+}));
 async function register(server, rawOptions) {
     const options = TerminatorOptionsSchema.parse(rawOptions);
     const routeOptionsCache = new Map();
@@ -31,17 +32,23 @@ function validateHookHandler(pluginOptions, routeOptionsCache) {
         const { route, options } = getRouteAndOptions(request, routeOptionsCache) ?? {};
         if (route != null) {
             return handler(contentLength, LIMIT_OPTION_NAMES.REGISTERED, options, option => {
-                throw Boom.entityTooLarge(`Payload content length greater than maximum allowed: ${option}`);
+                return h
+                    .response({
+                    error: 'Request Entity Too Large',
+                    message: `Payload content length greater than maximum allowed: ${option}`,
+                    statusCode: 413,
+                })
+                    .code(413);
             });
         }
         assert(options == null, "Unregistered routes can't have route options");
         return handler(contentLength, LIMIT_OPTION_NAMES.UNREGISTERED, null, () => {
-            throw Boom.notFound();
+            return h.response({ error: 'Not Found', message: 'Not Found', statusCode: 404 }).code(404);
         });
     };
 }
 function getRouteAndOptions(request, routeOptionsCache) {
-    const matchedRoute = request.server.match(request.method, request.path);
+    const matchedRoute = request.server.match(request.method, request.path, request.info.host);
     if (matchedRoute == null) {
         return null;
     }
@@ -55,17 +62,30 @@ function getRouteAndOptions(request, routeOptionsCache) {
     return { options, route: matchedRoute };
 }
 function validateRoute(request, h, options) {
-    return (contentLength, optionName, routeOptions, throwError) => {
+    return (contentLength, optionName, routeOptions, response) => {
         const option = options?.[optionName];
         const limit = routeOptions?.[PACKAGE_NAME]?.limit ?? option;
         if (limit == null) {
             return h.continue;
         }
-        if (contentLength > limit) {
-            request.raw.req.socket?.destroy();
-            throwError(limit);
+        if (limit === false) {
+            return h.continue;
+        }
+        if (limit === true) {
+            const result = response(0).takeover();
+            request.raw.res.once('finish', () => {
+                request.raw.req.socket.end();
+            });
+            return result;
         }
-        return h.continue;
+        if (contentLength <= limit) {
+            return h.continue;
+        }
+        const result = response(limit).takeover();
+        request.raw.res.once('finish', () => {
+            request.raw.req.socket.end();
+        });
+        return result;
     };
 }
 function getRoutePluginSettings(matchedRoute) {

package/dist/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
     "main": "dist/index.js",
     "typings": "dist/index.d.ts",
     "type": "module",
-    "version": "0.1.0",
+    "version": "0.3.0",
     "license": "MIT",
     "author": {
         "name": "Kamaal Farah"
@@ -23,7 +23,6 @@
         "typescript-eslint": "^8.52.0"
     },
     "dependencies": {
-        "@hapi/boom": "^10.0.1",
         "zod": "^4.3.5"
     },
     "prettier": "@kamaalio/prettier-config",

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
   "type": "module",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "license": "MIT",
   "author": {
     "name": "Kamaal Farah"
@@ -23,7 +23,6 @@
     "typescript-eslint": "^8.52.0"
   },
   "dependencies": {
-    "@hapi/boom": "^10.0.1",
     "zod": "^4.3.5"
   },
   "prettier": "@kamaalio/prettier-config",