fortunejs / fortune-http Goto Github PK
View Code? Open in Web Editor NEWHTTP integration for Fortune.js.
License: MIT License
HTTP integration for Fortune.js.
License: MIT License
When include query contains json like in
?include=foo,{"fields":{"bar":true,"baz":true}}
The json parsing fails with SyntaxError: Unexpected end of JSON input
because value is split by comma and JSON contains comma.
This is in function attachQueries
of initialize_context.js
in line
path.push(JSON.parse(parts[1]))
I suggest replacing that with
path.push(JSON.parse(parts.slice(1).join(',')))
v1.0.6 will not initialize. The error is:
TypeError: Invalid value used as weak map key
at WeakMap.set (native)
at new WeakMap (native)
at module.exports (/Users/jmeas/webdev/moolah/node_modules/fortune-http/lib/status_map.js:4:10)
at createListener (/Users/jmeas/webdev/moolah/node_modules/fortune-http/lib/index.js:108:15)
at module.exports (/Users/jmeas/webdev/moolah/server/app.js:211:20)
at throng (/Users/jmeas/webdev/moolah/node_modules/throng/lib/throng.js:25:12)
at Object.<anonymous> (/Users/jmeas/webdev/moolah/server/index.js:10:1)
at Module._compile (module.js:571:32)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:488:32)
Locking the dep to 1.0.5 is a temporary solution. I took a look at the source, but nothing immediately stood out as the issue.
MODULE 41183: load "node_modules/sse4_crc32/build/Release/crc32c.node" for module "node_modules/sse4_crc32/build/Release/crc32c.node"
dyld[41183]: missing symbol called
Abort trap: 6
fast-crc32c
does not support arm64 architecture ๐ - see ashi009/node-fast-crc32c#38
While trying to set up fortune-http
I found that it needs the documentation
field to be an object
to start to work correctly.
TypeError: Cannot use 'in' operator to search for 'name' in undefined
at E:\work\node_modules\fortune-http\lib\html_serializer.js:593:15
at HtmlSerializer.renderCollection (E:\work\node_modules\fortune-http\lib\html_serializer.js:647:4)
at HtmlSerializer.processResponse (E:\work\node_modules\fortune-http\lib\html_serializer.js:239:10)
at E:\work\node_modules\fortune-http\lib\index.js:357:12
at <anonymous>
We are currently using 1.0.4 of fortune-http we have an adapter that returns a promise from the find method. With 1.0.4 of fortune-http this works correctly and requesting the endpoint via the http api it correctly returns the data. After updating to 1.2.27 for fixing security issues the response via the http api results in a empty response. If I add debug logging into the promise that is being returned from the find method the promise does eventually resolve and have the correct expected data however it appears something in the 1.2.27 upgrade is causing the promise to not be correctly waited on for the data before returning the response.
Any thoughts/ideas about what maybe going on here?
Thanks
Hi.
Looks like something went wrong with the latest update. I cant use fortune through
fortune-http` API any more.
Before update request like this one
curl 'http://localhost:3000/api/fortune/recall' -H 'Pragma: no-cache' -H 'Origin: http://localhost:8080' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.138 Safari/537.36 Vivaldi/1.8.770.56' -H 'Accept: application/json, text/plain, */*' -H 'Cache-Control: no-cache' -H 'Referer: http://localhost:8080/' -H 'Cookie: _ga=GA1.1.1036470260.1491330952; connect.sid=s%3AKw-oFoBTn0N3wgQo1qaYjiavjLhE_ZBe.ZGS7MHoGNto0v4UC3Ajxf5Tddqmi66k4uyrwdPYZogE' -H 'Connection: keep-alive' -H 'DNT: 1' --compressed
returned raw string contained json.
After update it seems response containing gzipped json but I cant see any headers which signals about it.
Headers for this request:
X-Powered-By: Express
Access-Control-Allow-Origin: http://localhost:8080
Vary: Origin
Access-Control-Allow-Credentials: true
Date: Mon, 17 Apr 2017 20:58:24 GMT
Connection: keep-alive
I am using express to serve my api. So, problem can be in my config. If you have some idea why it may happen, please tell me.
Thank you for fortune!
Hi,
I'm doing some check in the input hook, and in case of error, I throw an error.
const fortune = require('fortune');
const roles = require('./model').roles;
const { errors: { BadRequestError } } = fortune;
function input(context, record, update) {
switch (context.request.method) {
case 'create':
if (roles.indexOf(record.role) === -1) {
throw new BadRequestError('Invalid role');
} else {
return record;
}
case 'update':
if (!update || !update.replace || !update.replace.role) {
return update;
}
if (roles.indexOf(update.replace.role) === -1) {
throw new BadRequestError('Invalid role');
} else {
return update;
}
default: return null;
}
}
module.exports = {
input,
};
I use fortune as a middleware for my express server like this (where api = fortuneHTTP(fortuneInstance, options)
)
app.use((req, res, next) => api(req, res).catch(error => {
console.log('WAZAAA')
console.log(error)
}));
The error is catch
WAZAAA
{ BadRequestError: Invalid role
at Array.input (/home/thomasthiebaud/Combain/mate-v2-server/app/user/hooks.js:21:15)
at /home/thomasthiebaud/Combain/mate-v2-server/node_modules/fortune/lib/dispatch/update.js:117:16
at map (/home/thomasthiebaud/Combain/mate-v2-server/node_modules/fortune/lib/common/array/map.js:14:14)
at /home/thomasthiebaud/Combain/mate-v2-server/node_modules/fortune/lib/dispatch/update.js:102:24
at process._tickCallback (internal/process/next_tick.js:103:7)
meta: { headers: { 'Content-Length': 123 } },
payload: <Buffer 1f 8b 08 00 00 00 00 00 00 03 35 cb 31 0a 80 30 0c 40 d1 bd a7 28 99 45 74 75 14 1c 5c 5d c5 a1 d0 0c 91 d2 6a 5a bb 48 ef 6e aa b8 04 f2 f3 72 2b ad ... > }
but I still have
(node:2803) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 12): BadRequestError: Invalid role
So here are my questions :
Hey there, I was warned that:
dicer 0.x is vulnerable to Uncaught Exception via dicer's header parsing behavior. A request to dicer with a folded header will cause the Node process to crash. No patch is available.
I see that Busboy use to use this library (Dicer) but no longer uses it in versions ^1.0.0 and instead uses streamsearch.
I was wondering if you would upgrade the busboy library to 1.0.0 in order to fix this vulnerability?
Currently with fortune-http relationship that are Array of Objects[] aren't editable as the offending line slices the JSON into pieces.
It should have three states to choose from:
null
true
false
It should be able to return partial responses, which is particularly useful for media.
Some ideas for improvement:
undefined
, this would be more helpful for debugging.textarea
tag for String types in the HTML serializer, more useful input.When adding/editing relationships, the current way is to copy & paste the long ids manually.
Would it be hard to use the select element to provide an appropriate list to select from to add/edit relationships?
It seems that Fortune HTTP relies on several low-level methods such as response.writeHead
.
Koa, a web framework designed by the team behind Express, provides access to Node's response
object but explicitly states:
Bypassing Koa's response handling is not supported. Avoid using the following node properties:
- res.statusCode
- res.writeHead()
- res.write()
- res.end()
Indeed, trying to pass ctx.req
and ctx.res
to the fortuneHttp()
listener results in errors:
RangeError: Invalid status code: null
and
Error: Can't remove headers after they are sent
Is there any planned support for Koa? It's an awesome framework that would be great to be able to use. For now, I'll use Express instead.
Thank you for any clarity you can provide!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.