milliparsec 4.0.0 → 5.0.1

package/README.md

@@ -3,7 +3,6 @@
 <img src="logo.png" width="400px" />
 <br /><br />
 
-![Vulnerabilities][vulns-badge-url]
 [![Version][v-badge-url]][npm-url] [![Coverage][cov-img]][cov-url] [![Github actions][gh-actions-img]][github-actions] [![Downloads][dl-badge-url]][npm-url]
 
 </div>
@@ -15,8 +14,7 @@ Check out [deno-libs/parsec](https://github.com/deno-libs/parsec) for Deno port.
 
 ## Features
 
-- ⏩ built with `async` / `await`
-- 🛠 JSON / raw / urlencoded data support
+- 🛠 JSON / raw / urlencoded / multipart support
 - 📦 tiny package size (8KB dist size)
 - 🔥 no dependencies
 - ✨ [tinyhttp](https://github.com/tinyhttp/tinyhttp) and Express support
@@ -43,7 +41,7 @@ import { createServer } from 'node:http'
 import { json } from 'milliparsec'
 
 const server = createServer(async (req: ReqWithBody, res) => {
-  await json()(req, res, (err) => void err && console.log(err))
+  await json()(req, res, (err) => void err && res.end(err))
 
   res.setHeader('Content-Type', 'application/json')
 
@@ -51,67 +49,10 @@ const server = createServer(async (req: ReqWithBody, res) => {
 })
 ```
 
-### Web frameworks integration
-
-#### tinyhttp
-
-```ts
-import { App } from '@tinyhttp/app'
-import { urlencoded } from 'milliparsec'
-
-new App()
-  .use(urlencoded())
-  .post('/', (req, res) => void res.send(req.body))
-  .listen(3000, () => console.log(`Started on http://localhost:3000`))
-```
-
-## API
-
-### `raw(req, res, cb)`
-
-Minimal body parsing without any formatting.
-
-### `text(req, res, cb)`
-
-Converts request body to string.
-
-### `urlencoded(req, res, cb)`
-
-Parses request body using `new URLSearchParams`.
-
-### `json(req, res, cb)`
-
-Parses request body using `JSON.parse`.
-
-### `multipart(req, res, cb)`
-
-Parses request body using `multipart/form-data` content type and boundary. Supports files as well.
-
-```js
-// curl -F "textfield=textfield" -F "someother=textfield with text" localhost:3000
-await multipart()(req, res, (err) => void err && console.log(err))
-res.end(req.body) // { textfield: "textfield", someother: "textfield with text" }
-```
-
-### `custom(fn)(req, res, cb)`
-
-Custom function for `parsec`.
-
-```js
-// curl -d "this text must be uppercased" localhost:3000
-await custom(
-  req,
-  (d) => d.toUpperCase(),
-  (err) => {}
-)
-res.end(req.body) // "THIS TEXT MUST BE UPPERCASED"
-```
-
 ### What is "parsec"?
 
 The parsec is a unit of length used to measure large distances to astronomical objects outside the Solar System.
 
-[vulns-badge-url]: https://img.shields.io/snyk/vulnerabilities/npm/milliparsec.svg?style=for-the-badge&color=25608B&label=vulns
 [v-badge-url]: https://img.shields.io/npm/v/milliparsec.svg?style=for-the-badge&color=25608B&logo=npm&label=
 [npm-url]: https://www.npmjs.com/package/milliparsec
 [dl-badge-url]: https://img.shields.io/npm/dt/milliparsec?style=for-the-badge&color=25608B

package/dist/index.d.ts

@@ -1,15 +1,71 @@
-import type { EventEmitter } from 'node:events';
+import { Buffer } from 'node:buffer';
 import type { IncomingMessage, ServerResponse as Response } from 'node:http';
 type NextFunction = (err?: any) => void;
+/**
+ * Request extension with a body
+ */
 export type ReqWithBody<T = any> = IncomingMessage & {
     body?: T;
-} & EventEmitter;
+};
 export declare const hasBody: (method: string) => boolean;
-export declare const p: <T = any>(fn: (body: any) => any) => (req: ReqWithBody<T>, _res: Response, next: (err?: any) => void) => Promise<any>;
-declare const custom: <T = any>(fn: (body: any) => any) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const json: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
-declare const raw: () => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const text: () => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const urlencoded: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
-declare const multipart: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
+export type LimitErrorFn = (limit: number) => Error;
+export type ParserOptions = Partial<{
+    /**
+     * Limit payload size (in bytes)
+     * @default '100KB'
+     */
+    payloadLimit: number;
+    /**
+     * Custom error function for payload limit
+     */
+    payloadLimitErrorFn: LimitErrorFn;
+}>;
+export declare const p: <T = any>(fn: (body: Buffer) => void, payloadLimit?: number, payloadLimitErrorFn?: LimitErrorFn) => (req: ReqWithBody<T>, _res: Response, next?: (err?: any) => void) => Promise<void>;
+/**
+ * Parse payload with a custom function
+ * @param fn
+ */
+declare const custom: <T = any>(fn: (body: Buffer) => any) => (req: ReqWithBody, _res: Response, next?: NextFunction) => Promise<void>;
+/**
+ * Parse JSON payload
+ * @param options
+ */
+declare const json: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, res: Response, next?: NextFunction) => Promise<void>;
+/**
+ * Parse raw payload
+ * @param options
+ */
+declare const raw: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next?: NextFunction) => Promise<void>;
+/**
+ * Stringify request payload
+ * @param param0
+ * @returns
+ */
+declare const text: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next?: NextFunction) => Promise<void>;
+/**
+ * Parse urlencoded payload
+ * @param options
+ */
+declare const urlencoded: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next?: NextFunction) => Promise<void>;
+type MultipartOptions = Partial<{
+    /**
+     * Limit number of files
+     */
+    fileCountLimit: number;
+    /**
+     * Limit file size (in bytes)
+     */
+    fileSizeLimit: number;
+    /**
+     * Custom error function for file size limit
+     */
+    fileSizeLimitErrorFn: LimitErrorFn;
+}>;
+/**
+ * Parse multipart form data (supports files as well)
+ *
+ * Does not restrict total payload size by default.
+ * @param options
+ */
+declare const multipart: ({ payloadLimit, payloadLimitErrorFn, ...opts }?: MultipartOptions & ParserOptions) => (req: ReqWithBody, res: Response, next?: NextFunction) => Promise<void>;
 export { custom, json, raw, text, urlencoded, multipart };

package/dist/index.js

@@ -1,87 +1,124 @@
+import { Buffer } from 'node:buffer';
 export const hasBody = (method) => ['POST', 'PUT', 'PATCH', 'DELETE'].includes(method);
-export const p = (fn) => async (req, _res, next) => {
+const defaultPayloadLimit = 102400; // 100KB
+const defaultErrorFn = (payloadLimit) => new Error(`Payload too large. Limit: ${payloadLimit} bytes`);
+// Main function
+export const p = (fn, payloadLimit = defaultPayloadLimit, payloadLimitErrorFn = defaultErrorFn) => async (req, _res, next) => {
     try {
-        let body = '';
-        for await (const chunk of req)
-            body += chunk;
-        return fn(body);
+        const body = [];
+        for await (const chunk of req) {
+            const totalSize = body.reduce((total, buffer) => total + buffer.byteLength, 0);
+            if (totalSize > payloadLimit)
+                throw payloadLimitErrorFn(payloadLimit);
+            body.push(chunk);
+        }
+        return fn(Buffer.concat(body));
     }
     catch (e) {
-        next(e);
+        next === null || next === void 0 ? void 0 : next(e);
     }
 };
+/**
+ * Parse payload with a custom function
+ * @param fn
+ */
 const custom = (fn) => async (req, _res, next) => {
-    req.body = await p(fn)(req, _res, next);
-    next();
+    if (hasBody(req.method))
+        req.body = await p(fn)(req, _res, next);
+    next === null || next === void 0 ? void 0 : next();
 };
-const json = () => async (req, res, next) => {
+/**
+ * Parse JSON payload
+ * @param options
+ */
+const json = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => (x ? JSON.parse(x.toString()) : {}))(req, res, next);
-        next();
+        req.body = await p((x) => {
+            const str = td.decode(x);
+            return str ? JSON.parse(str) : {};
+        }, payloadLimit, payloadLimitErrorFn)(req, res, next);
     }
-    else
-        next();
+    next === null || next === void 0 ? void 0 : next();
 };
-const raw = () => async (req, _res, next) => {
+/**
+ * Parse raw payload
+ * @param options
+ */
+const raw = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => x)(req, _res, next);
-        next();
+        req.body = await p((x) => x, payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
-    else
-        next();
+    next === null || next === void 0 ? void 0 : next();
 };
-const text = () => async (req, _res, next) => {
+const td = new TextDecoder();
+/**
+ * Stringify request payload
+ * @param param0
+ * @returns
+ */
+const text = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => x.toString())(req, _res, next);
-        next();
+        req.body = await p((x) => td.decode(x), payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
-    else
-        next();
+    next === null || next === void 0 ? void 0 : next();
 };
-const urlencoded = () => async (req, res, next) => {
+/**
+ * Parse urlencoded payload
+ * @param options
+ */
+const urlencoded = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => {
-            const urlSearchParam = new URLSearchParams(x.toString());
-            return Object.fromEntries(urlSearchParam.entries());
-        })(req, res, next);
-        next();
+        req.body = await p((x) => Object.fromEntries(new URLSearchParams(x.toString()).entries()), payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
-    else
-        next();
+    next === null || next === void 0 ? void 0 : next();
 };
 const getBoundary = (contentType) => {
     const match = /boundary=(.+);?/.exec(contentType);
     return match ? `--${match[1]}` : null;
 };
-const parseMultipart = (body, boundary) => {
+const defaultFileSizeLimitErrorFn = (limit) => new Error(`File too large. Limit: ${limit} bytes`);
+const defaultFileSizeLimit = 200 * 1024 * 1024;
+const parseMultipart = (body, boundary, { fileCountLimit, fileSizeLimit = defaultFileSizeLimit, fileSizeLimitErrorFn = defaultFileSizeLimitErrorFn }) => {
     const parts = body.split(new RegExp(`${boundary}(--)?`)).filter((part) => !!part && /content-disposition/i.test(part));
     const parsedBody = {};
-    parts.map((part) => {
+    if (fileCountLimit && parts.length > fileCountLimit)
+        throw new Error(`Too many files. Limit: ${fileCountLimit}`);
+    // biome-ignore lint/complexity/noForEach: for...of fails
+    parts.forEach((part) => {
         const [headers, ...lines] = part.split('\r\n').filter((part) => !!part);
         const data = lines.join('\r\n').trim();
+        if (data.length > fileSizeLimit)
+            throw fileSizeLimitErrorFn(fileSizeLimit);
+        // Extract the name and filename from the headers
         const name = /name="(.+?)"/.exec(headers)[1];
         const filename = /filename="(.+?)"/.exec(headers);
         if (filename) {
             const contentTypeMatch = /Content-Type: (.+)/i.exec(data);
             const fileContent = data.slice(contentTypeMatch[0].length + 2);
-            return Object.assign(parsedBody, {
-                [name]: new File([fileContent], filename[1], { type: contentTypeMatch[1] })
-            });
+            const file = new File([fileContent], filename[1], { type: contentTypeMatch[1] });
+            parsedBody[name] = parsedBody[name] ? [...parsedBody[name], file] : [file];
+            return;
         }
-        return Object.assign(parsedBody, { [name]: data });
+        parsedBody[name] = parsedBody[name] ? [...parsedBody[name], data] : [data];
+        return;
     });
     return parsedBody;
 };
-const multipart = () => async (req, res, next) => {
+/**
+ * Parse multipart form data (supports files as well)
+ *
+ * Does not restrict total payload size by default.
+ * @param options
+ */
+const multipart = ({ payloadLimit = Number.POSITIVE_INFINITY, payloadLimitErrorFn, ...opts } = {}) => async (req, res, next) => {
     if (hasBody(req.method)) {
         req.body = await p((x) => {
             const boundary = getBoundary(req.headers['content-type']);
             if (boundary)
-                return parseMultipart(x, boundary);
-        })(req, res, next);
-        next();
+                return parseMultipart(td.decode(x), boundary, opts);
+            return {};
+        }, payloadLimit, payloadLimitErrorFn)(req, res, next);
     }
-    else
-        next();
+    next === null || next === void 0 ? void 0 : next();
 };
 export { custom, json, raw, text, urlencoded, multipart };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "milliparsec",
-  "version": "4.0.0",
+  "version": "5.0.1",
   "description": "tiniest body parser in the universe",
   "repository": {
     "type": "git",
@@ -21,13 +21,13 @@
   },
   "exports": "./dist/index.js",
   "devDependencies": {
-    "@biomejs/biome": "1.8.3",
-    "@types/node": "^20.14.9",
+    "@biomejs/biome": "1.9.3",
+    "@tinyhttp/app": "^2.4.0",
+    "@types/node": "^22.7.4",
     "c8": "10.1.2",
     "supertest-fetch": "^2.0.0",
-    "tsm": "^2.3.0",
-    "typescript": "^5.5.3",
-    "uvu": "^0.5.6"
+    "tsx": "^4.19.1",
+    "typescript": "^5.6.2"
   },
   "files": [
     "dist"
@@ -36,9 +36,10 @@
     "provenance": true
   },
   "scripts": {
-    "test": "uvu -r tsm",
+    "test": "tsx --test test.ts",
     "test:coverage": "c8 --include=src pnpm test",
     "test:report": "c8 report --reporter=text-lcov > coverage.lcov",
-    "build": "tsc -p tsconfig.build.json"
+    "build": "tsc -p tsconfig.build.json",
+    "check": "biome check --write"
   }
 }