fix: explicitly check that request.body is a string
#1010
Conversation
…atibility with fastify/middie middleware library
|
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with |
|
Is it possible to test that this won't break in a future release |
src/middleware/node/get-payload.ts
Outdated
| @@ -12,7 +12,7 @@ import AggregateError from "aggregate-error"; | |||
| type IncomingMessage = any; | |||
|
|
|||
| export function getPayload(request: IncomingMessage): Promise<string> { | |||
| if ("body" in request) { | |||
| if (request.body) { | |||
There was a problem hiding this comment.
@wolfy1339 I feel like we should probably remove this check entirely, and change our else branch to be else if typeof 'string', as this change means an empty string won't get treated as a string anymore - while in practice I doubt it'll break anything, I think we should ensure we have a clear official logic which I think should be "if object, we assume; if string, we assume" (i.e. regardless of actual value)
what do you think?
There was a problem hiding this comment.
Thanks Gareth, yes that sounds like it could be a good approach, although I've just briefly tested that this morning and it breaks quite a few unit tests. I can investigate it further this afternoon.
There was a problem hiding this comment.
After further investigation if (request.body === undefined || typeof request.body === "string") // parsing block gets the unit tests close to passing, but unfortunately I don't think is the right approach.
The existence of a body indicates it has been parsed even if it was a string. Many of the unit tests make this assumption[0]. This is also how node:http treats the body, the body key isn't created unless by a body parser or external logic.
The crux of the issue is @fastify/middie attaches the body key even if it's undefined. I think if (request.body !== undefined) will be a good approach, it will solve the case for Middie while also aligning the handling of body with node:http, and allows for the null and '' case.
[0] such as resolves with the body, if passed via the request within get-payload.test.ts.
There was a problem hiding this comment.
I'm a bit confused by this - just to be sure, when you say "... gets the unit tests close to passing", you are accounting for the nested conditions right? because otherwise yes the tests will fail since you'll be disabling the "is the request.body already a parsed body?" flow.
What I'm getting at is our logic is currently this:
if ('body' in request) {
if (<something about body>) {
return ...;
} else {
return ...;
}
}
and with your change, it strikes me that we should be able to do this instead:
if(<something about the body>) {
return ...;
} else if(typeof request.body === 'string') {
return ...;
}
From what I'm seeing that should be equivalent because we explicitly type the return of this function as a string and our comment says it should be a string even though we're technically not checking it is a string - if what you're saying is that we actually are sometimes not returning a string due to that lack of check, then that's a whole other concerning thing.
There was a problem hiding this comment.
Apologies, I misunderstood with my initial attempt. I've just pushed a change that I think you're meaning. Yes this works well, it fixes the issue with the compatibility with @fastify/middie and all unit tests are passing as expected.
|
@wolfy1339 I have added a unit test covering this case. Is there anything else you had in mind to ensue this won't break a future release? |
G-Rath
changed the title
request.body is a string
|
🎉 This PR is included in version 13.2.7 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
Thank you @G-Rath and everyone else involved! |
Resolves #1009
Before the change?
request.bodythat was made within v12.0.10. This broke webhooks for libraries that define the requestbodykey, ifbodyis undefined such as@fastify/middierather than not including thebodyproperty likenode:httpandexpress.After the change?
getPayload()will resolve with a string rather than the undefined if the request body key is defined but has a value undefined.Pull request checklist
Does this introduce a breaking change?
Please see our docs on breaking changes to help!
UPDATE: This may be being fixed upstream within
@fastify/middie, if attempting to reproduce this bug please use a Middie <=8.3.0. I think the@octokit/webhookspatch should still be completed as this could be quite difficult to diagnose if the user is on a <=8.3.0 of Middie or if they have constraints for upgrading it.