fastify-simple-form
v3.0.0
Published
Fastify plugin that adds content type parser for the application/x-www-form-urlencoded and/or multipart/form-data types
Downloads
1,206
Readme
fastify-simple-form
Fastify plugin that adds content type parser for the application/x-www-form-urlencoded
and/or multipart/form-data
types.
Description
Essentially a tiny wrapper around busboy, that parses application/x-www-form-urlencoded
and/or multipart/form-data
content types and attaches associated fields to request.body
.
NB! This plugin does not handle files
, these get simply discarded as described here.
Install
npm install fastify-simple-form
TypeScript
Although this package includes typings for the plugin itself, you must install ones for node.js and busboy manually:
npm install @types/node @types/busboy --save-dev
Usage & Options
Selectively enable content types to parse
fastify.register(require('fastify-simple-form'), {
multipart: true, // Enable parsing for `multipart/form-data`, default: true
urlencoded: false, // Disable parsing for `application/x-www-form-urlencoded`, default: true
});
This plugin has no effect when both options above are set to false
.
Options for busboy
Options for busboy can be passed in using busboyOptions
property which has identical shape to busboy constructor, e.g.:
fastify.register(require('fastify-simple-form'), {
busboyOptions: {
defCharset: 'utf8',
limits: {
fieldNameSize: 100, // Max field name size (in bytes), default: 100
fieldSize: 1000000, // Max field value size (in bytes), default: 1MB
fields: 10, // Max number of non-file fields, default: Infinity
// ...
},
},
});
Prototype poisoning protection
fastify.register(require('fastify-simple-form'), {
onConstructorPoisoning: 'ignore', // Possible values are 'error', 'remove' and 'ignore'
onProtoPoisoning: 'error' // Possible values are 'error', 'remove' and 'ignore'
});
onConstructorPoisoning
:error
- throws SyntaxError when aconstructor
key is foundremove
- field will not be attached torequest.body
ignore
- field be be attached torequest.body
onProtoPoisoning
:error
- throw SyntaxError when a key matching any property name ofObject.prototype
(besidesconstructor
) is foundremove
- field will not be attached torequest.body
ignore
- field be be attached torequest.body
Both options will default to what is defined on Fastify root instance (or Fastify own defaults) for safe parsing of JSON objects. See onConstructorPoisoning
and onProtoPoisoning
.
Example
Given server & handler:
import Fastify from 'fastify';
import SimpleFormPlugin from 'fastify-simple-form';
const fastify = Fastify();
fastify.register(SimpleFormPlugin);
fastify.post(
'/token',
{
schema: {
body: {
type: 'object',
properties: {
username: {
type: 'string',
},
password: {
type: 'string',
},
grant_type: {
type: 'string',
enum: ['password'],
},
},
required: ['grant_type'],
},
},
},
(request, reply) => {
reply.send(request.body);
},
);
fastify.listen(3000);
These requests would succeed:
curl -F "username=jon" -F "password=snow" -F "grant_type=password" \
localhost:3000/token
curl -d "username=jon" -d "password=snow" -d "grant_type=password" \
localhost:3000/token
Response:
{
"username": "jon",
"password": "snow",
"grant_type": "password"
}
While these won't pass the schema validation
curl -F "username=jon" -F "password=snow" -F "grant_type=refresh_token" \
localhost:3000/token
curl -d "username=jon" -d "password=snow" -d "grant_type=refresh_token" \
localhost:3000/token
Response
{
"statusCode": 400,
"error": "Bad Request",
"message": "body.grant_type should be equal to one of the allowed values"
}