0
0
mirror of https://github.com/honojs/hono.git synced 2024-12-01 10:51:01 +00:00
Commit Graph

26 Commits

Author SHA1 Message Date
Bruno Marques
cca7577cf4
fix: return status 500 when using validator 'form' (#1554)
* fix: return status 500 when using validator 'form'

When using `validator('form', ...)` hono is returning a 500 status
when receiving a POST request with a JSON in request body, instead
of a bad request 400, .

This is happenning due to a unhandled error in an
underlying library (@miniflare).
https://github.com/cloudflare/miniflare/pull/711

The code changes in this PR are responsible to prepare the code to
handle possible TypeError that can be thrown in the future, by the lib
doing the FormData parsing, as per, https://fetch.spec.whatwg.org/#dom-body-formdata.

This PR should wait for bugfix on @miniflare.

* fix: json validator allowing Content-Type value other than json/application

Forgery attacks will try to avoid preflight requests when POSTing JSON
payloads manipulating the HTTP header Content-Type. For example, it will
send a JSON payload with `Content-Type=text/plain`, but the request stills
containing a JSON in its body. Those requests must be rejected.

Thus, when using the validator with the target set to `json`, we must
check the Content-Type header.

* fix: change check for json Content-Type header

Change JSON validation to only allow Content-Type header starting with
'application/json'.

Change from regexp test to starsWith builtin function, to make code more
expressive.

---------

Co-authored-by: Bruno Nascimento <bruno.nascimento@csghq.com>
2023-10-12 00:21:01 +09:00
Yusuke Wada
c7fc8a033a
fix(utils/buffer): fix bufferToFormData() (#1500)
* fix(utils/buffer): fix `bufferToFormData()`

* denoify
2023-09-23 23:46:09 +09:00
Yusuke Wada
5cbd89c3ae
fix(validator): cache arrayBuffer to use after validation (#1393)
* wip

* fix(validator): cache `arrayBuffer` to use after validation

* denoify

* refactor

* denoify

* make it `bufferToFormData()` in utils/buffer.ts
2023-09-03 14:43:01 +09:00
Yusuke Wada
e07019125d
feat: introduce "Helpers" (#1353)
* mv jsx

* introduce helper

* denoify & add src/helper.ts for Deno

* remove `c` not used

* remove `c` in lagon test

* remove `src/adapter.ts` not used
2023-08-21 15:22:37 +09:00
Yusuke Wada
8adc8c14c4
feat(validator): supports header and cookie (#1352)
* feat(validator): supports `header` and `cookie`

* denoify
2023-08-19 18:23:04 +09:00
Yusuke Wada
9e391cf8f9
feat(validator): deprecate queries (use query instead) (#1350)
* fixed test

* denoify
2023-08-19 17:50:50 +09:00
Yusuke Wada
f254fdc846
feat(req): cache body content (#1333)
* feat(req): cache body content

* denoify

* use destruction

* denoify
2023-08-18 16:25:48 +09:00
Yusuke Wada
f7bce19751
fix(validator): support async validator func (#1303)
* fix(validator): support async validator func

* denoify
2023-08-07 21:26:53 +09:00
Yusuke Wada
cadb6eab41
feat(validator): query supports array params (#984)
* feat(validator): `query` supports array params

* denoify
2023-03-16 21:49:28 +09:00
Taku Amano
287498bdec
feat(validator): Allow validator to apply validation to path param. (#982)
* Allow validator to apply validation to path param.

* chore: denoify

* feat(validator): Enable passing the path to ValidationFunction as a template parameter.

* chore: denoify

Co-authored-by: yusukebe <yusuke@kamawada.com>
2023-03-15 22:20:50 +09:00
Yusuke Wada
e2a174b8ac
fix(types): infer types correctly (#983)
* v3.1.0-rc.2

* fix(types): infer path param types correctly

* denoify

* fix: infer the value type in the validation funtion

* denoify
2023-03-14 23:43:33 +09:00
Yusuke Wada
9c4197a772
feat(validator): support type transformation (#969)
* feat(validator): support type transformation

* denoify

* create `ValidationFunction` and add a test

* denoify

* rename

* denoify
2023-03-11 22:17:08 +09:00
Yusuke Wada
b788fe619f
fix(validator): clone Request object if json or form (#926) 2023-02-25 02:36:11 +09:00
Yusuke Wada
68cbbbcde7
refactor: rename ValidationTypes to ValidationTargets (#890)
* refactor: rename `ValidationTypes` to `ValidationTargets`

* denoify
2023-02-14 06:21:30 +09:00
Yusuke Wada
17af727d49
feat(validator): moved validator outside of middleware (#879) 2023-02-11 01:18:27 +09:00
Yusuke Wada
85e3c6a275 feat: new validator middleware using 3rd-party & current middleware obsolete (#745)
* feat: introduce HonoRequest with "wrapper pattern" (#733)

* feat: HonoRequest

* avoid `awaits`

* use `raw` instead of `original`

* feat: types for "RPC" support & build-in validator obsolete

* feat: introduce HonoRequest with "wrapper pattern" (#733)

* feat: HonoRequest

* avoid `awaits`

* use `raw` instead of `original`

* create generic middleare for 3rd-party validator

* indent

* support multiple validators and refactor

* remove unsed lines

* denoify
2023-01-19 22:40:13 +09:00
Yusuke Wada
a6d54dbff3 feat: introduce HonoRequest with "wrapper pattern" (#733)
* feat: HonoRequest

* avoid `awaits`

* use `raw` instead of `original`
2023-01-19 22:40:13 +09:00
Yusuke Wada
b1973d0c7f
fix(type): make SchemaToProp work correctly (#720) 2022-12-13 17:22:33 +09:00
Dario Piotrowicz
1f43164da5
Fix Validation of optional empty/undefined arrays (#690)
* * fix(validator): allow empty and undefined optional arrays

fix the bug of empty and undefined array causing a validation fail
when those are anyways optional

resolves #677

* denonify changes
2022-11-30 19:48:43 +09:00
Dario Piotrowicz
07efdb5103
fix(validator): fix subsequent nested objects names (#683)
* fix(validator): fix subsequent nested objects names

fix the bug of having subsequent objects inside a nested structure
causing the validator to forget the previous keys in the scheme's path

fixes point 1 of #677

* deonify changes
2022-11-29 22:02:20 +09:00
Yusuke Wada
9f7b5de9aa chore: denoify 2022-11-28 08:45:57 +09:00
Jayden
e92dbe9558
fix(sanitizer) (#661)
* Add test for #660

* Implement sanitizeValue

* Mark sanitizeValue private
2022-11-12 20:33:18 +09:00
Yusuke Wada
c14dd5ad43
feat(validator): support v.queries (#636) 2022-11-01 14:22:04 +09:00
Yusuke Wada
7b8a25126f
fix(validator): enable handling "Bad Request" in validator (#635) 2022-11-01 00:03:17 +09:00
Yusuke Wada
b4d58eca64
test(validator): add test for custom rules (#620)
* test(validator): add test for custom rules

* fixed value
2022-10-23 10:11:18 +09:00
Yusuke Wada
8627010094
refactor(types): refactor and add tests for checking Types (#615)
* refactor(types): refactor and add tests for checking Types

* remove unused

* uncomment

* use `Handler` in validator middleware

* remove unused

* create `src/validator` dir and move some files into it

* add the case that the context is in `validator`

* rename `D` to `S`
2022-10-23 08:10:00 +09:00