Socket
Socket
Sign inDemoInstall

@middy/http-multipart-body-parser

Package Overview
Dependencies
Maintainers
3
Versions
159
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@middy/http-multipart-body-parser - npm Package Compare versions

Comparing version 5.0.0-alpha.1 to 5.0.0-alpha.2

196

index.js

@@ -1,107 +0,97 @@

import BusBoy from 'busboy'
import { createError } from '@middy/util'
const mimePattern = /^multipart\/form-data(;.*)?$/
const fieldnamePattern = /(.+)\[(.*)]$/
import BusBoy from 'busboy';
import { createError } from '@middy/util';
const mimePattern = /^multipart\/form-data(;.*)?$/;
const fieldnamePattern = /(.+)\[(.*)]$/;
const defaults = {
// busboy options as per documentation: https://www.npmjs.com/package/busboy#busboy-methods
busboy: {},
charset: 'utf8',
disableContentTypeError: false
}
const httpMultipartBodyParserMiddleware = (opts = {}) => {
const options = { ...defaults, ...opts }
const httpMultipartBodyParserMiddlewareBefore = async (request) => {
const { headers } = request.event
const contentType = headers?.['Content-Type'] ?? headers?.['content-type']
if (!mimePattern.test(contentType)) {
if (options.disableContentTypeError) {
return
}
throw createError(415, 'Unsupported Media Type', {
cause: { package: '@middy/multipart-body-parser', data: contentType }
})
}
return parseMultipartData(request.event, options)
.then((multipartData) => {
// request.event.rawBody = body
request.event.body = multipartData
})
.catch((err) => {
// UnprocessableEntity
throw createError(
415,
'Invalid or malformed multipart/form-data was provided',
{ cause: { package: '@middy/multipart-body-parser', data: err } }
)
})
}
return {
before: httpMultipartBodyParserMiddlewareBefore
}
}
const parseMultipartData = (event, options) => {
const multipartData = {}
const charset = event.isBase64Encoded ? 'base64' : options.charset
// header must be lowercase (content-type)
const busboy = BusBoy({
...options.busboy,
headers: {
'content-type':
event.headers['Content-Type'] ?? event.headers['content-type']
}
})
return new Promise((resolve, reject) => {
busboy
.on('file', (fieldname, file, info) => {
const { filename, encoding, mimeType: mimetype } = info
const attachment = {
filename,
mimetype,
encoding
// busboy options as per documentation: https://www.npmjs.com/package/busboy#busboy-methods
busboy: {},
charset: 'utf8',
disableContentTypeError: false
};
const httpMultipartBodyParserMiddleware = (opts = {})=>{
const options = {
...defaults,
...opts
};
const httpMultipartBodyParserMiddlewareBefore = async (request)=>{
const { headers } = request.event;
const contentType = headers?.['Content-Type'] ?? headers?.['content-type'];
if (!mimePattern.test(contentType)) {
if (options.disableContentTypeError) {
return;
}
throw createError(415, 'Unsupported Media Type', {
cause: {
package: '@middy/multipart-body-parser',
data: contentType
}
});
}
const chunks = []
file.on('data', (data) => {
chunks.push(data)
})
file.on('end', () => {
attachment.truncated = file.truncated
attachment.content = Buffer.concat(chunks)
if (!multipartData[fieldname]) {
multipartData[fieldname] = attachment
} else {
const current = multipartData[fieldname]
multipartData[fieldname] = [attachment].concat(current)
}
})
})
.on('field', (fieldname, value) => {
const matches = fieldname.match(fieldnamePattern)
if (!matches) {
multipartData[fieldname] = value
} else {
if (!multipartData[matches[1]]) {
multipartData[matches[1]] = []
}
multipartData[matches[1]].push(value)
return parseMultipartData(request.event, options).then((multipartData)=>{
// request.event.rawBody = body
request.event.body = multipartData;
}).catch((err)=>{
// UnprocessableEntity
throw createError(415, 'Invalid or malformed multipart/form-data was provided', {
cause: {
package: '@middy/multipart-body-parser',
data: err
}
});
});
};
return {
before: httpMultipartBodyParserMiddlewareBefore
};
};
const parseMultipartData = (event, options)=>{
const multipartData = {};
const charset = event.isBase64Encoded ? 'base64' : options.charset;
// header must be lowercase (content-type)
const busboy = BusBoy({
...options.busboy,
headers: {
'content-type': event.headers['Content-Type'] ?? event.headers['content-type']
}
})
.on('close', () => resolve(multipartData))
.on('error', (e) => reject(e))
});
return new Promise((resolve, reject)=>{
busboy.on('file', (fieldname, file, info)=>{
const { filename, encoding, mimeType: mimetype } = info;
const attachment = {
filename,
mimetype,
encoding
};
const chunks = [];
file.on('data', (data)=>{
chunks.push(data);
});
file.on('end', ()=>{
attachment.truncated = file.truncated;
attachment.content = Buffer.concat(chunks);
if (!multipartData[fieldname]) {
multipartData[fieldname] = attachment;
} else {
const current = multipartData[fieldname];
multipartData[fieldname] = [
attachment
].concat(current);
}
});
}).on('field', (fieldname, value)=>{
const matches = fieldname.match(fieldnamePattern);
if (!matches) {
multipartData[fieldname] = value;
} else {
if (!multipartData[matches[1]]) {
multipartData[matches[1]] = [];
}
multipartData[matches[1]].push(value);
}
}).on('close', ()=>resolve(multipartData)).on('error', (e)=>reject(e));
busboy.write(event.body, charset);
busboy.end();
});
};
export default httpMultipartBodyParserMiddleware;
busboy.write(event.body, charset)
busboy.end()
})
}
export default httpMultipartBodyParserMiddleware

6

package.json
{
"name": "@middy/http-multipart-body-parser",
"version": "5.0.0-alpha.1",
"version": "5.0.0-alpha.2",
"description": "Http event normalizer middleware for the middy framework",

@@ -63,7 +63,7 @@ "type": "module",

"dependencies": {
"@middy/util": "5.0.0-alpha.1",
"@middy/util": "5.0.0-alpha.2",
"busboy": "1.6.0"
},
"devDependencies": {
"@middy/core": "5.0.0-alpha.1",
"@middy/core": "5.0.0-alpha.2",
"@types/aws-lambda": "^8.10.101",

@@ -70,0 +70,0 @@ "type-fest": "^4.0.0"

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc