node-fastify 5.8.3

package/test/http2/closing.test.js

@@ -0,0 +1,270 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const http2 = require('node:http2')
+const { promisify } = require('node:util')
+const connect = promisify(http2.connect)
+const { once } = require('node:events')
+const { buildCertificate } = require('../build-certificate')
+const { getServerUrl } = require('../helper')
+const { kHttp2ServerSessions } = require('../../lib/symbols')
+
+test.before(buildCertificate)
+
+const isNode24OrGreater = Number(process.versions.node.split('.')[0]) >= 24
+
+test('http/2 request while fastify closing Node <24', { skip: isNode24OrGreater }, (t, done) => {
+  const fastify = Fastify({
+    http2: true
+  })
+  t.assert.ok('http2 successfully loaded')
+
+  fastify.get('/', () => Promise.resolve({}))
+
+  t.after(() => { fastify.close() })
+  fastify.listen({ port: 0 }, err => {
+    t.assert.ifError(err)
+
+    const url = getServerUrl(fastify)
+    const session = http2.connect(url, function () {
+      this.request({
+        ':method': 'GET',
+        ':path': '/'
+      }).on('response', headers => {
+        t.assert.strictEqual(headers[':status'], 503)
+        done()
+        this.destroy()
+      }).on('error', () => {
+        // Nothing to do here,
+        // we are not interested in this error that might
+        // happen or not
+      })
+      session.on('error', () => {
+        // Nothing to do here,
+        // we are not interested in this error that might
+        // happen or not
+        done()
+      })
+      fastify.close()
+    })
+  })
+})
+
+test('http/2 request while fastify closing Node >=24', { skip: !isNode24OrGreater }, (t, done) => {
+  const fastify = Fastify({
+    http2: true
+  })
+  t.assert.ok('http2 successfully loaded')
+
+  fastify.get('/', () => Promise.resolve({}))
+
+  t.after(() => { fastify.close() })
+  fastify.listen({ port: 0 }, err => {
+    t.assert.ifError(err)
+
+    const url = getServerUrl(fastify)
+    const session = http2.connect(url, function () {
+      session.on('error', () => {
+        // Nothing to do here,
+        // we are not interested in this error that might
+        // happen or not
+      })
+      session.on('close', () => {
+        done()
+      })
+      fastify.close()
+    })
+  })
+})
+
+test('http/2 request while fastify closing - return503OnClosing: false', { skip: isNode24OrGreater }, (t, done) => {
+  const fastify = Fastify({
+    http2: true,
+    return503OnClosing: false
+  })
+
+  t.after(() => { fastify.close() })
+
+  fastify.get('/', () => Promise.resolve({}))
+
+  fastify.listen({ port: 0 }, err => {
+    t.assert.ifError(err)
+    const url = getServerUrl(fastify)
+    const session = http2.connect(url, function () {
+      this.request({
+        ':method': 'GET',
+        ':path': '/'
+      }).on('response', headers => {
+        t.assert.strictEqual(headers[':status'], 200)
+        done()
+        this.destroy()
+      }).on('error', () => {
+        // Nothing to do here,
+        // we are not interested in this error that might
+        // happen or not
+      })
+      fastify.close()
+    })
+    session.on('error', () => {
+      // Nothing to do here,
+      // we are not interested in this error that might
+      // happen or not
+      done()
+    })
+  })
+})
+
+test('http/2 closes successfully with async await', async t => {
+  const fastify = Fastify({
+    http2SessionTimeout: 100,
+    http2: true
+  })
+
+  await fastify.listen({ port: 0 })
+
+  const url = getServerUrl(fastify)
+  const session = await connect(url)
+  // An error might or might not happen, as it's OS dependent.
+  session.on('error', () => {})
+  await fastify.close()
+})
+
+test('https/2 closes successfully with async await', async t => {
+  const fastify = Fastify({
+    http2SessionTimeout: 100,
+    http2: true,
+    https: {
+      key: global.context.key,
+      cert: global.context.cert
+    }
+  })
+
+  await fastify.listen({ port: 0 })
+
+  const url = getServerUrl(fastify)
+  const session = await connect(url)
+  // An error might or might not happen, as it's OS dependent.
+  session.on('error', () => {})
+  await fastify.close()
+})
+
+test('http/2 server side session emits a timeout event', async t => {
+  let _resolve
+  const p = new Promise((resolve) => { _resolve = resolve })
+
+  const fastify = Fastify({
+    http2SessionTimeout: 100,
+    http2: true
+  })
+
+  fastify.get('/', async (req) => {
+    req.raw.stream.session.on('timeout', () => _resolve())
+    return {}
+  })
+
+  await fastify.listen({ port: 0 })
+
+  const url = getServerUrl(fastify)
+  const session = await connect(url)
+  const req = session.request({
+    ':method': 'GET',
+    ':path': '/'
+  }).end()
+
+  const [headers] = await once(req, 'response')
+  t.assert.strictEqual(headers[':status'], 200)
+  req.resume()
+
+  // An error might or might not happen, as it's OS dependent.
+  session.on('error', () => {})
+  await p
+  await fastify.close()
+})
+
+test('http/2 sessions closed after closing server', async t => {
+  t.plan(1)
+  const fastify = Fastify({
+    http2: true,
+    http2SessionTimeout: 100
+  })
+  await fastify.listen()
+  const url = getServerUrl(fastify)
+  const waitSessionConnect = once(fastify.server, 'session')
+  const session = http2.connect(url)
+  await once(session, 'connect')
+  await waitSessionConnect
+  const waitSessionClosed = once(session, 'close')
+  await fastify.close()
+  await waitSessionClosed
+  t.assert.strictEqual(session.closed, true)
+})
+
+test('http/2 sessions should be closed when setting forceClosedConnections to true', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  fastify.get('/', () => 'hello world')
+  await fastify.listen()
+  const client = await connect(getServerUrl(fastify))
+  const req = client.request({
+    [http2.HTTP2_HEADER_PATH]: '/',
+    [http2.HTTP2_HEADER_METHOD]: 'GET'
+  })
+  await once(req, 'response')
+  fastify.close()
+  const r2 = client.request({
+    [http2.HTTP2_HEADER_PATH]: '/',
+    [http2.TTP2_HEADER_METHOD]: 'GET'
+  })
+  r2.on('error', (err) => {
+    t.assert.strictEqual(err.toString(), 'Error [ERR_HTTP2_STREAM_ERROR]: Stream closed with error code NGHTTP2_REFUSED_STREAM')
+  })
+  await once(r2, 'error')
+  r2.end()
+  t.assert.strictEqual(client.closed, true)
+  client.destroy()
+})
+
+test('http/2 sessions should be removed from server[kHttp2ServerSessions] Set on goaway', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  const waitGoaway = once(session, 'goaway')
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  client.goaway()
+  await waitGoaway
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 0)
+  client.destroy()
+  await fastify.close()
+})
+
+test('http/2 sessions should be removed from server[kHttp2ServerSessions] Set on frameError', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  session.emit('frameError', 0, 0, 0)
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 0)
+  client.destroy()
+  await fastify.close()
+})
+
+test('http/2 sessions should not be removed from server[kHttp2ServerSessions] from Set if stream id passed on frameError', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  session.emit('frameError', 0, 0, 1)
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  client.destroy()
+  await fastify.close()
+})

package/test/http2/constraint.test.js

@@ -0,0 +1,109 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+
+const alpha = { res: 'alpha' }
+const beta = { res: 'beta' }
+
+const { buildCertificate } = require('../build-certificate')
+test.before(buildCertificate)
+
+test('A route supports host constraints under http2 protocol and secure connection', async (t) => {
+  t.plan(5)
+
+  let fastify
+  try {
+    fastify = Fastify({
+      http2: true,
+      https: {
+        key: global.context.key,
+        cert: global.context.cert
+      }
+    })
+    t.assert.ok(true, 'Key/cert successfully loaded')
+  } catch (e) {
+    t.assert.fail('Key/cert loading failed')
+  }
+
+  const constrain = 'fastify.dev'
+
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    handler: function (_, reply) {
+      reply.code(200).send(alpha)
+    }
+  })
+  fastify.route({
+    method: 'GET',
+    url: '/beta',
+    constraints: { host: constrain },
+    handler: function (_, reply) {
+      reply.code(200).send(beta)
+    }
+  })
+  fastify.route({
+    method: 'GET',
+    url: '/hostname_port',
+    constraints: { host: constrain },
+    handler: function (req, reply) {
+      reply.code(200).send({ ...beta, hostname: req.hostname })
+    }
+  })
+  t.after(() => { fastify.close() })
+
+  await fastify.listen({ port: 0 })
+
+  await t.test('https get request - no constrain', async (t) => {
+    t.plan(3)
+
+    const url = `https://localhost:${fastify.server.address().port}`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.strictEqual(res.headers['content-length'], '' + JSON.stringify(alpha).length)
+    t.assert.deepStrictEqual(JSON.parse(res.body), alpha)
+  })
+
+  await t.test('https get request - constrain', async (t) => {
+    t.plan(3)
+
+    const url = `https://localhost:${fastify.server.address().port}/beta`
+    const res = await h2url.concat({
+      url,
+      headers: {
+        ':authority': constrain
+      }
+    })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.strictEqual(res.headers['content-length'], '' + JSON.stringify(beta).length)
+    t.assert.deepStrictEqual(JSON.parse(res.body), beta)
+  })
+
+  await t.test('https get request - constrain - not found', async (t) => {
+    t.plan(1)
+
+    const url = `https://localhost:${fastify.server.address().port}/beta`
+    const res = await h2url.concat({
+      url
+    })
+
+    t.assert.strictEqual(res.headers[':status'], 404)
+  })
+  await t.test('https get request - constrain - verify hostname and port from request', async (t) => {
+    t.plan(1)
+
+    const url = `https://localhost:${fastify.server.address().port}/hostname_port`
+    const res = await h2url.concat({
+      url,
+      headers: {
+        ':authority': constrain
+      }
+    })
+    const body = JSON.parse(res.body)
+    t.assert.strictEqual(body.hostname, constrain)
+  })
+})

package/test/http2/head.test.js

@@ -0,0 +1,34 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+const msg = { hello: 'world' }
+
+test('http2 HEAD test', async (t) => {
+  let fastify
+  try {
+    fastify = Fastify({
+      http2: true
+    })
+    t.assert.ok(true, 'http2 successfully loaded')
+  } catch (e) {
+    t.assert.fail('http2 loading failed')
+  }
+
+  fastify.all('/', function (req, reply) {
+    reply.code(200).send(msg)
+  })
+  t.after(() => { fastify.close() })
+
+  await fastify.listen({ port: 0 })
+
+  await t.test('http HEAD request', async (t) => {
+    t.plan(1)
+
+    const url = `http://localhost:${fastify.server.address().port}`
+    const res = await h2url.concat({ url, method: 'HEAD' })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+  })
+})

package/test/http2/plain.test.js

@@ -0,0 +1,68 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+const msg = { hello: 'world' }
+
+test('http2 plain test', async t => {
+  let fastify
+  try {
+    fastify = Fastify({
+      http2: true
+    })
+    t.assert.ok(true, 'http2 successfully loaded')
+  } catch (e) {
+    t.assert.fail('http2 loading failed')
+  }
+
+  fastify.get('/', function (req, reply) {
+    reply.code(200).send(msg)
+  })
+
+  fastify.get('/host', function (req, reply) {
+    reply.code(200).send(req.host)
+  })
+
+  fastify.get('/hostname_port', function (req, reply) {
+    reply.code(200).send({ hostname: req.hostname, port: req.port })
+  })
+
+  t.after(() => { fastify.close() })
+
+  await fastify.listen({ port: 0 })
+
+  await t.test('http get request', async (t) => {
+    t.plan(3)
+
+    const url = `http://localhost:${fastify.server.address().port}`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.strictEqual(res.headers['content-length'], '' + JSON.stringify(msg).length)
+
+    t.assert.deepStrictEqual(JSON.parse(res.body), msg)
+  })
+
+  await t.test('http host', async (t) => {
+    t.plan(1)
+
+    const host = `localhost:${fastify.server.address().port}`
+
+    const url = `http://${host}/host`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(res.body, host)
+  })
+  await t.test('http hostname and port', async (t) => {
+    t.plan(2)
+
+    const host = `localhost:${fastify.server.address().port}`
+
+    const url = `http://${host}/hostname_port`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(JSON.parse(res.body).hostname, host.split(':')[0])
+    t.assert.strictEqual(JSON.parse(res.body).port, parseInt(host.split(':')[1]))
+  })
+})

package/test/http2/secure-with-fallback.test.js

@@ -0,0 +1,113 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+const msg = { hello: 'world' }
+
+const { buildCertificate } = require('../build-certificate')
+const { Agent } = require('undici')
+test.before(buildCertificate)
+
+test('secure with fallback', async (t) => {
+  t.plan(6)
+
+  let fastify
+  try {
+    fastify = Fastify({
+      http2: true,
+      https: {
+        allowHTTP1: true,
+        key: global.context.key,
+        cert: global.context.cert
+      }
+    })
+    t.assert.ok(true, 'Key/cert successfully loaded')
+  } catch (e) {
+    t.assert.fail('Key/cert loading failed')
+  }
+
+  fastify.get('/', function (req, reply) {
+    reply.code(200).send(msg)
+  })
+
+  fastify.post('/', function (req, reply) {
+    reply.code(200).send(req.body)
+  })
+
+  fastify.get('/error', async function (req, reply) {
+    throw new Error('kaboom')
+  })
+
+  t.after(() => fastify.close())
+
+  const fastifyServer = await fastify.listen({ port: 0 })
+
+  await t.test('https get error', async (t) => {
+    t.plan(1)
+
+    const url = `${fastifyServer}/error`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(res.headers[':status'], 500)
+  })
+
+  await t.test('https post', async (t) => {
+    t.plan(2)
+
+    const res = await h2url.concat({
+      url: fastifyServer,
+      method: 'POST',
+      body: JSON.stringify({ hello: 'http2' }),
+      headers: {
+        'content-type': 'application/json'
+      }
+    })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.deepStrictEqual(JSON.parse(res.body), { hello: 'http2' })
+  })
+
+  await t.test('https get request', async (t) => {
+    t.plan(3)
+
+    const res = await h2url.concat({ url: fastifyServer })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.strictEqual(res.headers['content-length'], '' + JSON.stringify(msg).length)
+    t.assert.deepStrictEqual(JSON.parse(res.body), msg)
+  })
+
+  await t.test('http1 get request', async t => {
+    t.plan(4)
+
+    const result = await fetch(fastifyServer, {
+      dispatcher: new Agent({
+        connect: {
+          rejectUnauthorized: false
+        }
+      })
+    })
+
+    const body = await result.text()
+    t.assert.ok(result.ok)
+    t.assert.strictEqual(result.status, 200)
+    t.assert.strictEqual(result.headers.get('content-length'), '' + body.length)
+    t.assert.deepStrictEqual(JSON.parse(body), msg)
+  })
+
+  await t.test('http1 get error', async t => {
+    t.plan(2)
+
+    const result = await fetch(`${fastifyServer}/error`, {
+      dispatcher: new Agent({
+        connect: {
+          rejectUnauthorized: false
+        }
+      })
+    })
+
+    t.assert.ok(!result.ok)
+    t.assert.strictEqual(result.status, 500)
+  })
+})

package/test/http2/secure.test.js

@@ -0,0 +1,67 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+const msg = { hello: 'world' }
+
+const { buildCertificate } = require('../build-certificate')
+test.before(buildCertificate)
+
+test('secure', async (t) => {
+  t.plan(4)
+
+  let fastify
+  try {
+    fastify = Fastify({
+      http2: true,
+      https: {
+        key: global.context.key,
+        cert: global.context.cert
+      }
+    })
+    t.assert.ok(true, 'Key/cert successfully loaded')
+  } catch (e) {
+    t.assert.fail('Key/cert loading failed')
+  }
+
+  fastify.get('/', function (req, reply) {
+    reply.code(200).send(msg)
+  })
+  fastify.get('/proto', function (req, reply) {
+    reply.code(200).send({ proto: req.protocol })
+  })
+  fastify.get('/hostname_port', function (req, reply) {
+    reply.code(200).send({ hostname: req.hostname, port: req.port })
+  })
+
+  t.after(() => { fastify.close() })
+  await fastify.listen({ port: 0 })
+
+  await t.test('https get request', async (t) => {
+    t.plan(3)
+
+    const url = `https://localhost:${fastify.server.address().port}`
+    const res = await h2url.concat({ url })
+
+    t.assert.strictEqual(res.headers[':status'], 200)
+    t.assert.strictEqual(res.headers['content-length'], '' + JSON.stringify(msg).length)
+    t.assert.deepStrictEqual(JSON.parse(res.body), msg)
+  })
+
+  await t.test('https get request without trust proxy - protocol', async (t) => {
+    t.plan(2)
+
+    const url = `https://localhost:${fastify.server.address().port}/proto`
+    t.assert.deepStrictEqual(JSON.parse((await h2url.concat({ url })).body), { proto: 'https' })
+    t.assert.deepStrictEqual(JSON.parse((await h2url.concat({ url, headers: { 'X-Forwarded-Proto': 'lorem' } })).body), { proto: 'https' })
+  })
+  await t.test('https get request - test hostname and port', async (t) => {
+    t.plan(2)
+
+    const url = `https://localhost:${fastify.server.address().port}/hostname_port`
+    const parsedbody = JSON.parse((await h2url.concat({ url })).body)
+    t.assert.strictEqual(parsedbody.hostname, 'localhost')
+    t.assert.strictEqual(parsedbody.port, fastify.server.address().port)
+  })
+})

package/test/http2/unknown-http-method.test.js

@@ -0,0 +1,34 @@
+'use strict'
+
+const { test } = require('node:test')
+const Fastify = require('../..')
+const h2url = require('h2url')
+const msg = { hello: 'world' }
+
+test('http2 unknown http method', async t => {
+  const fastify = Fastify({
+    http2: true
+  })
+
+  fastify.get('/', function (req, reply) {
+    reply.code(200).send(msg)
+  })
+
+  t.after(() => { fastify.close() })
+  await fastify.listen({ port: 0 })
+
+  await t.test('http UNKNOWN_METHOD request', async (t) => {
+    t.plan(2)
+
+    const url = `http://localhost:${fastify.server.address().port}`
+    const res = await h2url.concat({ url, method: 'UNKNOWN_METHOD' })
+
+    t.assert.strictEqual(res.headers[':status'], 404)
+    t.assert.deepStrictEqual(JSON.parse(res.body), {
+      statusCode: 404,
+      code: 'FST_ERR_NOT_FOUND',
+      error: 'Not Found',
+      message: 'Not Found'
+    })
+  })
+})