supabase / storage / 26155689234

coverage: 57.697% (-17.2%) from 74.874%
26155689234

Pull #1115

github

web-flow 
Merge d6a84934b into 9a13d3ea2
Pull Request #1115: Encapsulate storage database transaction APIs

2784 of 5519 branches covered (50.44%)

Branch coverage included in aggregate %.

122 of 145 new or added lines in 7 files covered. (84.14%)

1665 existing lines in 69 files now uncovered.

5938 of 9598 relevant lines covered (61.87%)

407.09 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

56.25
/src/http/plugins/header-validator.ts
1 
import { ERRORS } from '@internal/errors'
2 
import { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'
3 
import fastifyPlugin from 'fastify-plugin'
4 









5



/**










6



 * Matches invalid HTTP header characters per RFC 7230 field-vchar specification.










7



 * Valid: TAB (0x09), visible ASCII (0x20-0x7E), obs-text (0x80-0xFF).










8



 * Invalid: control characters (0x00-0x1F except TAB) and DEL (0x7F).










9



 * @see https://tools.ietf.org/html/rfc7230#section-3.2










10



 */










11



const INVALID_HEADER_CHAR_PATTERN = /[^\t\x20-\x7e\x80-\xff]/




25





12












13



interface HeaderValidatorOptions {










14



  excludeUrls?: string[]










15



}










16












17



/**










18



 * Validates response headers before they're sent to prevent ERR_INVALID_CHAR crashes.










19



 *










20



 * Node.js throws ERR_INVALID_CHAR during writeHead() if headers contain control characters.










21



 * This hook validates headers in onSend (before writeHead) and throws InvalidHeaderChar error










22



 */










23



export const headerValidator = (options: HeaderValidatorOptions = {}) =>





271





24



  fastifyPlugin(










25



    async function headerValidatorPlugin(fastify: FastifyInstance) {










26



      fastify.addHook('onSend', async (request: FastifyRequest, reply: FastifyReply, payload) => {




271





27



        if (options.excludeUrls?.includes(request.url.toLowerCase())) {





1,209!





28



          return payload




×







29



        }










30












31



        const headers = reply.getHeaders()




1,209





32



        for (const key in headers) {




1,209





33



          if (!Object.prototype.hasOwnProperty.call(headers, key)) {





1,446!





34



            continue




×







35



          }










36



          const value = headers[key]




1,446





37



          if (typeof value === 'string' && INVALID_HEADER_CHAR_PATTERN.test(value)) {





1,446!






UNCOV

38



            throw ERRORS.InvalidHeaderChar(key, value)




×







39



          } else if (Array.isArray(value)) {





1,446!






UNCOV

40



            for (const item of value) {




×








UNCOV

41



              if (typeof item === 'string' && INVALID_HEADER_CHAR_PATTERN.test(item)) {





×








UNCOV

42



                throw ERRORS.InvalidHeaderChar(key, item)




×







43



              }










44



            }










45



          }










46



        }










47












48



        return payload




1,209





49



      })










50



    },










51



    { name: 'header-validator' }










52



  )
























    

  • 

    •