@apidevtools/swagger-express-middleware
Advanced tools
Comparing version 3.0.1 to 4.0.0
@@ -8,2 +8,37 @@ Change Log | ||
[v4.0.0](https://github.com/APIDevTools/swagger-express-middleware/tree/v4.0.0) (2020-03-24) | ||
---------------------------------------------------------------------------------------------------- | ||
- Moved from a [high security risk version](https://www.npmjs.com/package/multer/v/0.1.8) of multer | ||
to a more [up-to-date version](https://www.npmjs.com/package/multer/v/1.4.2) to remove a | ||
[high-security risk dependency](https://www.npmjs.com/advisories/1469) | ||
- This library change resulted in some API breaking changes to the library: | ||
* [CHANGE](https://github.com/APIDevTools/swagger-express-middleware/pull/165#discussion_r396014909): | ||
Files downloaded to disk are not saved with the extension in the name so Content-Type may need to | ||
be set manually or based on the File object since it can not be inferred from the downloaded filename | ||
* The File object created from multer is a little different: | ||
- For compatibility `extension` | ||
[is backfilled](https://github.com/APIDevTools/swagger-express-middleware/pull/165/files#diff-0819ff236dc445648af37b543cd2b958R63). | ||
- the `name` property on File is now `filename` and doesn't include a file extension | ||
- the `buffer` property on File is only present if `inMemory` or `storage: memoryStorage` is used. | ||
- the `truncated` property on File is no longer present. Instead, | ||
[an error is sent](https://github.com/expressjs/multer/blob/805170c61530e1f1cafd818c9b63d16a9dd46c36/lib/make-middleware.js#L84-L85) | ||
through the `next` function of middleware | ||
* multipart opts have changed significantly | ||
- [Old](https://github.com/expressjs/multer/tree/b3c444728277202d1f5f720cc7269883ff888386#options) | ||
vs [New](https://github.com/expressjs/multer/tree/v1.4.2#multeropts) | ||
- See [MemoryStorage](https://github.com/expressjs/multer/tree/v1.4.2#memorystorage) if you were previously using | ||
`inMemory: true`, though `inMemory` option [has been recreated](https://github.com/APIDevTools/swagger-express-middleware/pull/165#discussion_r396015204), | ||
it may be removed in the future. | ||
- See [Error handling](https://github.com/expressjs/multer/tree/v1.4.2#error-handling) for more info on how to | ||
recreate certain functionality. | ||
* As with previous versions extra files provided to swagger routes will 413 and any files coming | ||
in outside of the swagger routes will be passed through multer. The 413 functionality was recreated | ||
[like so](https://github.com/APIDevTools/swagger-express-middleware/pull/165#discussion_r396015249). | ||
* Indexed params are placed in exactly the index specified so `foo[0]=A&foo[2]=B` results in a param | ||
like `foo: ["A", undefined, "B"]` whereas previously it would have been `["A", "B"]`, | ||
[example here](https://github.com/APIDevTools/swagger-express-middleware/blob/244a1aa05e4bc21ee96b8a7973f98c76406ea4c5/test/specs/request-parser.spec.js#L668-L679) | ||
[Full Changelog](https://github.com/APIDevTools/swagger-express-middleware/compare/v3.0.1...v4.0.0) | ||
[v3.0.0](https://github.com/APIDevTools/swagger-express-middleware/tree/v3.0.0) (2020-03-15) | ||
@@ -10,0 +45,0 @@ ---------------------------------------------------------------------------------------------------- |
@@ -295,2 +295,3 @@ "use strict"; | ||
res.set("Content-Type", file.mimetype); | ||
if (isAttachment) { | ||
@@ -297,0 +298,0 @@ // Get the filename from the "Content-Disposition" header, |
@@ -59,3 +59,7 @@ "use strict"; | ||
// Validate the file (min/max size, etc.) | ||
req.files[param.name] = parseParameter(param, req.files[param.name], param); | ||
let file; | ||
if (req.files[param.name] && req.files[param.name][0]) { | ||
file = req.files[param.name][0]; | ||
} | ||
req.files[param.name] = parseParameter(param, file, param); | ||
} | ||
@@ -62,0 +66,0 @@ else { |
@@ -10,2 +10,4 @@ "use strict"; | ||
const tmp = require("tmp"); | ||
const path = require("path"); | ||
const util = require("./helpers/util"); | ||
@@ -16,2 +18,67 @@ // Clean-up the temp directory, even if the app crashes | ||
/** | ||
* Generates a middleware that parses multipart/form-data | ||
*/ | ||
function generateMultipartFormDataMiddleware (options) { | ||
options.allowAll = options.allowAll === undefined ? true : options.allowAll; | ||
if (options.inMemory && options.storage === undefined) { | ||
options.storage = multer.memoryStorage(); | ||
} | ||
const uploader = multer(options); | ||
return function multipartFormData (req, res, next) { | ||
// Compatibility with old multer | ||
req.body = req.body || {}; | ||
req.files = req.files || {}; | ||
// Get all the "file" params | ||
if (util.isSwaggerRequest(req) && req.swagger.params.length > 0) { | ||
const fileFields = []; | ||
req.swagger.params.forEach((param) => { | ||
if (param.in === "formData" && param.type === "file") { | ||
fileFields.push({ | ||
name: param.name, | ||
maxCount: 1 | ||
}); | ||
} | ||
}); | ||
uploader.fields(fileFields)(req, res, (err) => { | ||
if (err && err.code === "LIMIT_UNEXPECTED_FILE") { | ||
next(); // let request-validator handle | ||
} | ||
else { | ||
next(err); | ||
} | ||
}); | ||
} | ||
else { | ||
// Handle the multipart/form-data (even if it doesn't have any file fields) | ||
uploader.any()(req, res, next); | ||
} | ||
}; | ||
} | ||
function multerCompatability (req, res, next) { | ||
function standardize (file) { | ||
if (file.originalname) { | ||
file.extension = path.extname(file.originalname).slice(1); | ||
} | ||
} | ||
if (req.files) { | ||
if (req.files.length > 0) { | ||
req.files.forEach((file) => standardize(file)); | ||
} | ||
if (Object.keys(req.files).length > 0) { | ||
Object.keys(req.files).forEach((filekey) => { | ||
const filearray = Array.from(req.files[filekey]); | ||
filearray.forEach((fileRecord) => standardize(fileRecord)); | ||
}); | ||
} | ||
} | ||
next(); | ||
} | ||
/** | ||
* Parses the HTTP request into useful objects. | ||
@@ -34,33 +101,5 @@ * This middleware populates {@link Request#params}, {@link Request#headers}, {@link Request#cookies}, | ||
bodyParser.raw(options.raw), | ||
multer(options.multipart) | ||
generateMultipartFormDataMiddleware(options.multipart), | ||
multerCompatability | ||
]; | ||
// | ||
// This code is for Multer 1.x. But we're still using Multer 0.x until this bug is fixed: | ||
// https://github.com/expressjs/multer/issues/212 | ||
// | ||
// // Create a Multer uploader | ||
// let uploader = multer(options.multipart); | ||
// | ||
// /** | ||
// * Parses multipart/form-data | ||
// */ | ||
// function multipartFormData(req, res, next) { | ||
// if (util.isSwaggerRequest(req) && req.swagger.params.length > 0) { | ||
// let fileFields = []; | ||
// | ||
// // Get all the "file" params | ||
// req.swagger.params.forEach(function(param) { | ||
// if (param.in === 'formData' && param.type === 'file') { | ||
// fileFields.push({name: param.name, maxCount: 1}); | ||
// } | ||
// }); | ||
// | ||
// // Handle the multipart/form-data (even if it doesn't have any file fields) | ||
// let upload = uploader.fields(fileFields); | ||
// upload(req, res, next); | ||
// } | ||
// | ||
// next(); | ||
// } | ||
} | ||
@@ -67,0 +106,0 @@ |
{ | ||
"name": "@apidevtools/swagger-express-middleware", | ||
"version": "3.0.1", | ||
"version": "4.0.0", | ||
"description": "Swagger middleware and mocks for Express", | ||
@@ -64,3 +64,3 @@ "keywords": [ | ||
"lodash": "^4.17.15", | ||
"multer": "^0.1.8", | ||
"multer": "^1.4.2", | ||
"@jsdevtools/ono": "^7.1.0", | ||
@@ -67,0 +67,0 @@ "@apidevtools/swagger-methods": "^3.0.0", |
'use strict'; | ||
module.exports = require('../../../'); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
182425
4200
+ Addedappend-field@1.0.0(transitive)
+ Addedbuffer-from@1.1.2(transitive)
+ Addedconcat-stream@1.6.2(transitive)
+ Addedisarray@1.0.0(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedmkdirp@0.5.6(transitive)
+ Addedmulter@1.4.4(transitive)
+ Addedobject-assign@4.1.1(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedreadable-stream@2.3.8(transitive)
+ Addedsafe-buffer@5.1.2(transitive)
+ Addedstring_decoder@1.1.1(transitive)
+ Addedtypedarray@0.0.6(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedxtend@4.0.2(transitive)
- Removedmime-db@1.12.0(transitive)
- Removedmime-types@2.0.14(transitive)
- Removedmkdirp@0.3.5(transitive)
- Removedmulter@0.1.8(transitive)
- Removedqs@1.2.2(transitive)
- Removedtype-is@1.5.7(transitive)
Updatedmulter@^1.4.2