just-another-http-api 1.2.9 → 1.4.0

package/api.js

@@ -8,6 +8,8 @@ const uploads = require ( './src/upload' );
 const auth = require ( './src/auth' );
 const cors = require ( './src/cors' );
 
+const preventDuplicateRequests = require('./utils/preventDuplicateRequest');
+
 let app;
 
 module.exports = async ( config, _app = null ) => {
@@ -36,6 +38,9 @@ async function createServer ( config ) {
         if ( config.websocket?.enabled ){
             app.register ( require ( '@fastify/websocket' ), config.websocket?.options );
         }
+        if (config.cookies?.enabled) {
+            app.register ( require ( '@fastify/cookie' ), config.cookies );
+        }
         await uploads.initialiseUploads ( app, config );
         await caching.initialiseCaching ( app, config );
         await auth.initialiseAuth ( app, config );
@@ -84,6 +89,9 @@ function registerEndpoint ( app, endpoint, globalConfig ) {
         if ( handlerConfig?.cors !== undefined ) {
             preHandlers.push ( cors.addCustomCors ( handlerConfig, globalConfig ) );
         }
+        if ( method.toLowerCase() === 'post' && handlerConfig?.preventDuplicate ) {
+            preHandlers.push( preventDuplicateRequests );
+        }
 
         const fastifyMethod = translateLegacyMethods ( method.toLowerCase () );
         const handler = endpoint.handlers[ method ];
@@ -94,6 +102,7 @@ function registerEndpoint ( app, endpoint, globalConfig ) {
             { 
                 preHandler: preHandlers,
                 websocket: handlerConfig?.websocket || false,
+                bodyLimit: handlerConfig?.bodyLimit || undefined,
             },
             wrappedHandler 
         );
@@ -200,8 +209,7 @@ function handleSpecialResponseTypes ( reply, response, method, path ) {
 }
 
 function sendGenericResponse ( reply, response, method, path ) {
-
-    const data = response.json ?? response.body ?? response.response ?? response;
+    const data = response.json !== undefined ? response.json : response.body ?? response.response ?? response;
 
     if ( data !== undefined ) {
         reply.type ( 'application/json' ).code ( method === 'post' ? 201 : 200 ).send ( data );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "just-another-http-api",
-  "version": "1.2.9",
+  "version": "1.4.0",
   "description": "A framework built on top of fastify aimed at removing the need for any network or server configuration. ",
   "homepage": "https://github.com/OllieEdge/just-another-http-api#readme",
   "repository": {
@@ -27,6 +27,7 @@
   "dependencies": {
     "@aws-sdk/lib-storage": "^3.454.0",
     "@fastify/caching": "^8.3.0",
+    "@fastify/cookie": "^9.4.0",
     "@fastify/cors": "^8.4.1",
     "@fastify/jwt": "^7.2.3",
     "@fastify/redis": "^6.1.1",

package/utils/preventDuplicateRequest.js

@@ -0,0 +1,27 @@
+const crypto = require('crypto');
+const { redis } = require('eip-cloud-services');
+
+const TIMEFRAME_TO_PREVENT_DUPLICATE_REQUEST_SECONDS = 5
+
+const hash = (item) => {
+    return crypto.createHash('sha256').update(item).digest('hex');
+};
+
+module.exports = async ( req ) => {
+    const clientIP = req.ip;
+    const requestBodyHash = hash(JSON.stringify(req.body));
+    const finalhash = hash(requestBodyHash);
+    const cacheKey = `hashedRequests:${clientIP}:${finalhash}`;
+    
+    try {
+        const existingRequest = await redis.get(cacheKey);
+        if (existingRequest)  {
+            const error = new Error('Too many requests');
+            error.code = 429;
+            throw error;
+        }
+        await redis.set(cacheKey, '1', TIMEFRAME_TO_PREVENT_DUPLICATE_REQUEST_SECONDS);
+    } catch (err) {
+        throw err;
+    }
+};