@fastify/middie - npm Package Compare versions

Comparing version 9.2.0 to 9.3.0

lib/engine.js

@@ -68,2 +68,4 @@ 'use strict'
     holder.normalizedReqUrl = normalizePathForMatching(req.url, normalizationOptions)
+    const sanitized = sanitizeUrl(req.url)
+    holder.urlSuffix = req.url.slice(sanitized.length)
     holder.context = ctx
@@ -79,2 +81,3 @@ holder.done()
     this.normalizedReqUrl = null
+    this.urlSuffix = null
     this.context = null
@@ -89,2 +92,3 @@ this.i = 0
       const normalizedReqUrl = that.normalizedReqUrl
+      const urlSuffix = that.urlSuffix
       const context = that.context
@@ -100,2 +104,3 @@ const i = that.i++
         that.normalizedReqUrl = null
+        that.urlSuffix = null
         that.context = null
@@ -113,2 +118,3 @@ that.i = 0
         that.normalizedReqUrl = null
+        that.urlSuffix = null
         that.context = null
@@ -128,2 +134,3 @@ that.i = 0
             }
+            req.url = req.url + urlSuffix
             fn(req, res, that.done)
@@ -130,0 +137,0 @@ } else {

LICENSE

 MIT License
 
-Copyright (c) 2017-present The Fastify team
+Copyright (c) 2017-present The Fastify team <https://github.com/fastify/fastify#team>
 
-The Fastify team members are listed at https://github.com/fastify/fastify#team.
-
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -8,0 +6,0 @@ of this software and associated documentation files (the "Software"), to deal

package.json

 {
   "name": "@fastify/middie",
-  "version": "9.2.0",
+  "version": "9.3.0",
   "description": "Middleware engine for Fastify",
@@ -63,3 +63,3 @@ "main": "index.js",
     "@types/node": "^25.0.3",
-    "c8": "^10.1.3",
+    "c8": "^11.0.0",
     "cors": "^2.8.5",
@@ -66,0 +66,0 @@ "eslint": "^9.17.0",

test/req-url-stripping.test.js

@@ -145,2 +145,59 @@ 'use strict'
   t.assert.strictEqual(capturedUrl, '/data', '//secret//data// should strip to /data')
-})
+})
+
+test('req.url stripping preserves query string', async (t) => {
+  const app = Fastify()
+  t.after(() => app.close())
+
+  await app.register(middiePlugin)
+
+  let capturedUrl = null
+
+  app.use('/api', (req, _res, next) => {
+    capturedUrl = req.url
+    next()
+  })
+
+  app.get('/api/resource', async () => ({ ok: true }))
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/api/resource?foo=bar' })
+  t.assert.strictEqual(capturedUrl, '/resource?foo=bar', 'single query param preserved')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/api/resource?foo=bar&baz=qux' })
+  t.assert.strictEqual(capturedUrl, '/resource?foo=bar&baz=qux', 'multiple query params preserved')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/api/resource?a=1&b=2&c=3' })
+  t.assert.strictEqual(capturedUrl, '/resource?a=1&b=2&c=3', 'many query params preserved')
+})
+
+test('req.url stripping preserves query string with normalization options', async (t) => {
+  const app = Fastify({
+    routerOptions: {
+      ignoreDuplicateSlashes: true,
+      ignoreTrailingSlash: true
+    }
+  })
+  t.after(() => app.close())
+
+  await app.register(middiePlugin)
+
+  let capturedUrl = null
+
+  app.use('/secret', (req, _res, next) => {
+    capturedUrl = req.url
+    next()
+  })
+
+  app.get('/secret/data', async () => ({ ok: true }))
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '//secret/data?key=value' })
+  t.assert.strictEqual(capturedUrl, '/data?key=value', '//secret/data?key=value preserves query string')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/secret//data/?key=value' })
+  t.assert.strictEqual(capturedUrl, '/data?key=value', '/secret//data/?key=value preserves query string')
+})

No alert changes

Improved metrics

Total package byte prevSize

85331

2.35%

Lines of code

2336

2.19%

No dependency changes