1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
/*
* SPDX-FileCopyrightText: hazelnoot and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
import querystring from 'querystring';
import multipart from '@fastify/multipart';
import { Inject, Injectable } from '@nestjs/common';
import { FastifyInstance } from 'fastify';
import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js';
@Injectable()
export class ServerUtilityService {
constructor(
@Inject(DI.config)
private readonly config: Config,
) {}
public addMultipartFormDataContentType(fastify: FastifyInstance): void {
fastify.register(multipart, {
limits: {
fileSize: this.config.maxFileSize,
files: 1,
},
});
// Default behavior saves files to memory - we don't want that!
// Store to temporary file instead, and copy the body fields while we're at it.
fastify.addHook<{ Body?: Record<string, string | string[] | undefined> }>('onRequest', async request => {
if (request.isMultipart()) {
const body = request.body ??= {};
// Save upload to temp directory.
// These are attached to request.savedRequestFiles
await request.saveRequestFiles();
// Copy fields to body
const formData = await request.formData();
formData.forEach((v, k) => {
// This can be string or File, and we handle files above.
if (typeof(v) === 'string') {
// This is just progressive conversion from undefined -> string -> string[]
if (body[k]) {
if (Array.isArray(body[k])) {
body[k].push(v);
} else {
body[k] = [body[k], v];
}
} else {
body[k] = v;
}
}
});
}
});
}
public addFormUrlEncodedContentType(fastify: FastifyInstance) {
fastify.addContentTypeParser('application/x-www-form-urlencoded', (_, payload, done) => {
let body = '';
payload.on('data', (data) => {
body += data;
});
payload.on('end', () => {
try {
const parsed = querystring.parse(body);
done(null, parsed);
} catch (e) {
done(e as Error);
}
});
payload.on('error', done);
});
}
public addCORS(fastify: FastifyInstance) {
fastify.addHook('onRequest', (_, reply, done) => {
// Allow web-based clients to connect from other origins.
reply.header('Access-Control-Allow-Origin', '*');
// Mastodon uses all types of request methods.
reply.header('Access-Control-Allow-Methods', '*');
// Allow web-based clients to access Link header - required for mastodon pagination.
// https://stackoverflow.com/a/54928828
// https://docs.joinmastodon.org/api/guidelines/#pagination
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Expose-Headers
reply.header('Access-Control-Expose-Headers', 'Link');
// Cache to avoid extra pre-flight requests
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Max-Age
reply.header('Access-Control-Max-Age', 60 * 60 * 24); // 1 day in seconds
done();
});
}
public addFlattenedQueryType(fastify: FastifyInstance) {
// Remove trailing "[]" from query params
fastify.addHook<{ Querystring?: Record<string, string | string[] | undefined> }>('preValidation', (request, _reply, done) => {
if (!request.query || typeof(request.query) !== 'object') {
return done();
}
for (const key of Object.keys(request.query)) {
if (!key.endsWith('[]')) {
continue;
}
if (request.query[key] == null) {
continue;
}
const newKey = key.substring(0, key.length - 2);
const newValue = request.query[key];
const oldValue = request.query[newKey];
// Move the value to the correct key
if (oldValue != null) {
if (Array.isArray(oldValue)) {
// Works for both array and single values
request.query[newKey] = oldValue.concat(newValue);
} else if (Array.isArray(newValue)) {
// Preserve order
request.query[newKey] = [oldValue, ...newValue];
} else {
// Preserve order
request.query[newKey] = [oldValue, newValue];
}
} else {
request.query[newKey] = newValue;
}
// Remove the invalid key
delete request.query[key];
}
return done();
});
}
}
|
