Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(http-server): discard request body if the content-length header i… #2103

Merged
merged 2 commits into from
Aug 11, 2022
Merged

fix(http-server): discard request body if the content-length header i… #2103

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a8c787f
fix(http-server): discard request body if the content-length header i…
acolombier Aug 6, 2022
9fc9cf0
Addressing PR feedback
acolombier Aug 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .nvmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
16
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have taken the freedom to add a NVM RC file. Let me know if you would like this out

26 changes: 17 additions & 9 deletions packages/http-server/src/__tests__/body-params-validation.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,13 +514,27 @@ describe('body params validation', () => {
});

describe('and no content is specified', () => {
test('returns 200', async () => {
test('returns 200 with no body', async () => {
const response = await makeRequest('/empty-body', {
method: 'GET',
headers: { 'content-type': 'application/json' },
});
expect(response.status).toBe(200);
});
test('returns 200 with empty plain body', async () => {
const response = await makeRequest('/empty-body', {
method: 'GET',
headers: { 'content-type': 'text/plain', 'content-length': '0' },
});
expect(response.status).toBe(200);
});
test('returns 200 with empty JSON body', async () => {
const response = await makeRequest('/empty-body', {
method: 'GET',
headers: { 'content-type': 'application/json', 'content-length': '0' },
});
expect(response.status).toBe(200);
});
});
});

Expand Down Expand Up @@ -669,6 +683,7 @@ describe('body params validation', () => {
request: {
body: {
id: faker.random.word(),
required: true,
contents: [
{
id: faker.random.word(),
Expand Down Expand Up @@ -716,16 +731,9 @@ describe('body params validation', () => {
type: 'https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY',
validation: [
{
location: ['body'],
severity: 'Error',
code: 'required',
message: "must have required property 'id'",
},
{
location: ['body'],
severity: 'Error',
code: 'required',
message: "must have required property 'status'",
message: 'Body parameter is required',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be better to update this test to have one of the required properties (either id or status) so that the spirit of the test is still the same: throws error if there's a missing required property in the body. Otherwise this test now changes to testing the behavior if the body is missing completely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe there is a problem:

My understanding of the describe/it is that this unit test might not have been covering the part it says it does.

I have made a change which I think should reflect a bit better the usecase this test was meant to test. The body required check seems to already be covered by this test, but happy to add an other one if you think it should have thorough testing.

},
],
});
Expand Down
10 changes: 6 additions & 4 deletions packages/http-server/src/server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import { IncomingMessage, ServerResponse, IncomingHttpHeaders } from 'http';
import { AddressInfo } from 'net';
import { IPrismHttpServer, IPrismHttpServerOpts } from './types';
import { IPrismDiagnostic } from '@stoplight/prism-core';
import { MicriHandler } from 'micri';
import { MicriError, MicriHandler } from 'micri';
import micri, { Router, json, send, text } from 'micri';
import * as typeIs from 'type-is';
import { getHttpConfigFromRequest } from './getHttpConfigFromRequest';
Expand Down Expand Up @@ -40,9 +40,11 @@ function addressInfoToString(addressInfo: AddressInfo | string | null) {
function parseRequestBody(request: IncomingMessage) {
// if no body provided then return null instead of empty string
if (
request.headers['content-type'] === undefined &&
request.headers['transfer-encoding'] === undefined &&
(request.headers['content-length'] === '0' || request.headers['content-length'] === undefined)
// If the body size is null, it means the body itself is null so the promise can resolve with a null value
request.headers['content-length'] === '0' ||
(request.headers['content-type'] === undefined &&
request.headers['transfer-encoding'] === undefined &&
request.headers['content-length'] === undefined)
) {
return Promise.resolve(null);
}
Expand Down