dafortune / hapi-qs Goto Github PK
View Code? Open in Web Editor NEWBring back qs support for hapi 12
Bring back qs support for hapi 12
We need to enable parsing of multipart/form-data
uploads.
Release notes: hapijs/hapi#3871
look for request.setUrl() references in your code and ensure you are only passing valid arguments.
if you use request.setUrl() to override query processing (e.g. using the qs module), consider switching to the much simpler server.options.query.parser option.
I assume this package can be deprecated and alternatively the change to the query parser suggested?
The v18 way would be:
query: {
parser: (query) => qs.parse(query)
}
This module is currently shown as vulnerable by Node Security checks due to its reliance on a vulnerable version of hoek
through the joi
dependency.
NSP Security Advisory: https://nodesecurity.io/advisories/566
CVE Advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3728
Parsing can fail.
edit: provided there's any breaking changes related to this plugin -- haven't actually checked.
The payload is set to an object but it should be empty. That causes an error in hapijs/h2o2
. To reproduce, here is the minimal setup.
package.json
{
"name": "hapi-h2o2-error",
"version": "1.0.0",
"main": "index.js",
"dependencies": {
"good": "^7.0.1",
"good-console": "^6.1.2",
"good-squeeze": "^4.0.0",
"h2o2": "^5.1.0",
"hapi": "^13.5.0",
"hapi-qs": "^1.1.1"
}
}
The index.js:
var Hapi = require('hapi');
var server = new Hapi.Server();
server.connection({host: 'localhost', port: 3000});
server.register([
require('h2o2'),
require('hapi-qs'),
{
register: require('good'),
options: {
reporters: {
console: [{
module: 'good-squeeze',
name: 'Squeeze',
args: [{log: '*', response: '*'}]
}, {
module: 'good-console'
}, 'stdout']
}
}
}
], (error) => {
if (error) {
throw error;
}
server.route([ {
method: 'GET',
path: '/test',
handler: {
proxy: {
passThrough: true,
mapUri: (request, callback) => {
callback(null, 'https://api.github.com/users/ro-ka');
}
}
}
}]);
});
server.start(error => {
if (error) {
throw(error);
}
server.log('info', `Server running at: ${server.info.uri}`);
});
I installed good
for logging. What causes this error is this header: Content-Type: application/x-www-form-urlencoded
. So when using curl
, this is what happens:
~ – curl 'http://localhost:3000/test' -H 'Content-Type: application/x-www-form-urlencoded'
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}
~ – curl 'http://localhost:3000/test'
{
"login": "ro-ka",
"id": 840022,
"avatar_url": "https://avatars.githubusercontent.com/u/840022?v=3",
"gravatar_id": "",
"url": "https://api.github.com/users/ro-ka",
…
}
The error only occurs when the header set. The payload is an empty object which breaks the proxy plugin. Can the payload be set to null
or an empty string when there is nothing parsed?
It appears that there is a problem with hapi-qs that causes the stripTrailingSlash
to not be respected, thus triggering 404 errors for users accessing with a trailing slash.
We must accept both upper and lower case
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.