@fastify/middie - npm Package Compare versions

Comparing version 9.3.0 to 9.3.1

lib/engine.js

@@ -66,5 +66,5 @@ 'use strict'
     holder.res = res
-    holder.normalizedUrl = normalizePathForMatching(sanitizeUrl(req.url), normalizationOptions)
-    holder.normalizedReqUrl = normalizePathForMatching(req.url, normalizationOptions)
     const sanitized = sanitizeUrl(req.url)
+    holder.normalizedUrl = normalizePathForMatching(sanitized, normalizationOptions)
+    holder.sanitizedUrl = sanitized
     holder.urlSuffix = req.url.slice(sanitized.length)
@@ -80,3 +80,3 @@ holder.context = ctx
     this.normalizedUrl = null
-    this.normalizedReqUrl = null
+    this.sanitizedUrl = null
     this.urlSuffix = null
@@ -91,3 +91,3 @@ this.context = null
       const normalizedUrl = that.normalizedUrl
-      const normalizedReqUrl = that.normalizedReqUrl
+      const sanitizedUrl = that.sanitizedUrl
       const urlSuffix = that.urlSuffix
@@ -103,3 +103,3 @@ const context = that.context
         that.normalizedUrl = null
-        that.normalizedReqUrl = null
+        that.sanitizedUrl = null
         that.urlSuffix = null
@@ -117,3 +117,3 @@ that.context = null
         that.normalizedUrl = null
-        that.normalizedReqUrl = null
+        that.sanitizedUrl = null
         that.urlSuffix = null
@@ -130,3 +130,14 @@ that.context = null
           if (result) {
-            req.url = normalizedReqUrl.replace(result[0], '')
+            const origResult = regexp.exec(sanitizedUrl)
+            if (origResult) {
+              req.url = sanitizedUrl.slice(origResult[0].length)
+              if (ignoreDuplicateSlashes) {
+                req.url = FindMyWay.removeDuplicateSlashes(req.url)
+              }
+              if (ignoreTrailingSlash) {
+                req.url = FindMyWay.trimLastSlash(req.url)
+              }
+            } else {
+              req.url = normalizedUrl.slice(result[0].length)
+            }
             if (req.url[0] !== '/') {
@@ -133,0 +144,0 @@ req.url = '/' + req.url

package.json

 {
   "name": "@fastify/middie",
-  "version": "9.3.0",
+  "version": "9.3.1",
   "description": "Middleware engine for Fastify",
@@ -5,0 +5,0 @@ "main": "index.js",

test/req-url-stripping.test.js

@@ -7,2 +7,34 @@ 'use strict'
 
+test('req.url stripping preserves percent-encoded characters', async (t) => {
+  const app = Fastify()
+  t.after(() => app.close())
+
+  await app.register(middiePlugin)
+
+  let capturedUrl = null
+
+  app.use('/prefix', (req, _res, next) => {
+    capturedUrl = req.url
+    next()
+  })
+
+  app.get('/prefix/*', async () => ({ ok: true }))
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/prefix/hello%20world' })
+  t.assert.strictEqual(capturedUrl, '/hello%20world', 'percent-encoded space preserved')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/prefix/hello%20world%2Ffoo' })
+  t.assert.strictEqual(capturedUrl, '/hello%20world%2Ffoo', 'percent-encoded slash preserved')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/prefix/path%2Fwith%2Fslashes' })
+  t.assert.strictEqual(capturedUrl, '/path%2Fwith%2Fslashes', 'multiple percent-encoded slashes preserved')
+
+  capturedUrl = null
+  await app.inject({ method: 'GET', url: '/prefix/%E4%B8%AD%E6%96%87' })
+  t.assert.strictEqual(capturedUrl, '/%E4%B8%AD%E6%96%87', 'percent-encoded unicode preserved')
+})
+
 test('req.url stripping with duplicate slashes', async (t) => {
@@ -9,0 +41,0 @@ const app = Fastify({

No alert changes

Improved metrics

Total package byte prevSize

86784

1.7%

Lines of code

2370

1.46%

No dependency changes