[Pkg-javascript-commits] [node-body-parser] 02/07: Imported Upstream version 1.8.1
Andrew Kelley
andrewrk-guest at moszumanska.debian.org
Fri Sep 12 05:57:32 UTC 2014
This is an automated email from the git hooks/post-receive script.
andrewrk-guest pushed a commit to branch master
in repository node-body-parser.
commit c3d83a273f3f023a09002f6e5d72d0cd06c9e12a
Author: Andrew Kelley <superjoe30 at gmail.com>
Date: Tue Sep 9 16:43:50 2014 +0000
Imported Upstream version 1.8.1
---
.npmignore | 3 -
HISTORY.md | 104 ++++++++++++++++++++++++++++++++
LICENSE | 23 +++++++
README.md | 48 +++++++--------
index.js | 1 +
lib/read.js | 38 +++++-------
lib/types/json.js | 9 ++-
lib/types/raw.js | 1 +
lib/types/text.js | 1 +
lib/types/urlencoded.js | 103 +++++++++++++++++++++++++++++++-
package.json | 29 +++++----
test/json.js | 18 +++---
test/raw.js | 8 +++
test/text.js | 10 ++++
test/urlencoded.js | 156 ++++++++++++++++++++++++++++++++++++++++++++++++
15 files changed, 473 insertions(+), 79 deletions(-)
diff --git a/.npmignore b/.npmignore
deleted file mode 100644
index cd39b77..0000000
--- a/.npmignore
+++ /dev/null
@@ -1,3 +0,0 @@
-coverage/
-test/
-.travis.yml
diff --git a/HISTORY.md b/HISTORY.md
index b818f66..3af70f4 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,3 +1,107 @@
+1.8.1 / 2014-09-07
+==================
+
+ * deps: media-typer at 0.3.0
+ * deps: type-is@~1.5.1
+
+1.8.0 / 2014-09-05
+==================
+
+ * make empty-body-handling consistent between chunked requests
+ - empty `json` produces `{}`
+ - empty `raw` produces `new Buffer(0)`
+ - empty `text` produces `''`
+ - empty `urlencoded` produces `{}`
+ * deps: qs at 2.2.3
+ - Fix issue where first empty value in array is discarded
+ * deps: type-is@~1.5.0
+ - fix `hasbody` to be true for `content-length: 0`
+
+1.7.0 / 2014-09-01
+==================
+
+ * add `parameterLimit` option to `urlencoded` parser
+ * change `urlencoded` extended array limit to 100
+ * respond with 415 when over `parameterLimit` in `urlencoded`
+
+1.6.7 / 2014-08-29
+==================
+
+ * deps: qs at 2.2.2
+ - Remove unnecessary cloning
+
+1.6.6 / 2014-08-27
+==================
+
+ * deps: qs at 2.2.0
+ - Array parsing fix
+ - Performance improvements
+
+1.6.5 / 2014-08-16
+==================
+
+ * deps: on-finished at 2.1.0
+
+1.6.4 / 2014-08-14
+==================
+
+ * deps: qs at 1.2.2
+
+1.6.3 / 2014-08-10
+==================
+
+ * deps: qs at 1.2.1
+
+1.6.2 / 2014-08-07
+==================
+
+ * deps: qs at 1.2.0
+ - Fix parsing array of objects
+
+1.6.1 / 2014-08-06
+==================
+
+ * deps: qs at 1.1.0
+ - Accept urlencoded square brackets
+ - Accept empty values in implicit array notation
+
+1.6.0 / 2014-08-05
+==================
+
+ * deps: qs at 1.0.2
+ - Complete rewrite
+ - Limits array length to 20
+ - Limits object depth to 5
+ - Limits parameters to 1,000
+
+1.5.2 / 2014-07-27
+==================
+
+ * deps: depd at 0.4.4
+ - Work-around v8 generating empty stack traces
+
+1.5.1 / 2014-07-26
+==================
+
+ * deps: depd at 0.4.3
+ - Fix exception when global `Error.stackTraceLimit` is too low
+
+1.5.0 / 2014-07-20
+==================
+
+ * deps: depd at 0.4.2
+ - Add `TRACE_DEPRECATION` environment variable
+ - Remove non-standard grey color from color output
+ - Support `--no-deprecation` argument
+ - Support `--trace-deprecation` argument
+ * deps: iconv-lite at 0.4.4
+ - Added encoding UTF-7
+ * deps: raw-body at 1.3.0
+ - deps: iconv-lite at 0.4.4
+ - Added encoding UTF-7
+ - Fix `Cannot switch to old mode now` error on Node.js 0.10+
+ * deps: type-is@~1.3.2
+
1.4.3 / 2014-06-19
==================
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..53e49a3
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me at jongleberry.com>
+Copyright (c) 2014 Douglas Christopher Wilson <doug at somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
index 575f808..7b9b4ed 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,10 @@
# body-parser
-[](https://badge.fury.io/js/body-parser)
-[](https://travis-ci.org/expressjs/body-parser)
-[](https://coveralls.io/r/expressjs/body-parser)
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+[![Gittip][gittip-image]][gittip-url]
Node.js body parsing middleware.
@@ -33,7 +35,7 @@ var bodyParser = require('body-parser')
var app = express()
// parse application/x-www-form-urlencoded
-app.use(bodyParser.urlencoded())
+app.use(bodyParser.urlencoded({ extended: false }))
// parse application/json
app.use(bodyParser.json())
@@ -106,10 +108,13 @@ The options are:
- `extended` - parse extended syntax with the [qs](https://www.npmjs.org/package/qs#readme) module. (default: `true`)
- `inflate` - if deflated bodies will be inflated. (default: `true`)
- `limit` - maximum request body size. (default: `<100kb>`)
+- `parameterLimit` - maximum number of parameters. (default: `1000`)
- `type` - request content-type to parse (default: `urlencoded`)
- `verify` - function to verify body content
-The `extended` argument allows to choose between parsing the urlencoded data with the `querystring` library (when `false`) or the `qs` library (when `true`). The "extended" syntax allows for rich objects and arrays to be encoded into the urlencoded format, allowing for a JSON-like exterience with urlencoded. For more information, please [see the qs library](https://www.npmjs.org/package/qs#readme).
+The `extended` argument allows to choose between parsing the urlencoded data with the `querystring` library (when `false`) or the `qs` library (when `true`). The "extended" syntax allows for rich objects and arrays to be encoded into the urlencoded format, allowing for a JSON-like experience with urlencoded. For more information, please [see the qs library](https://www.npmjs.org/package/qs#readme).
+
+The `parameterLimit` argument controls the maximum number of parameters that are allowed in the urlencoded data. If a request contains more parameters than this value, a 415 will be returned to the client.
The `type` argument is passed directly to the [type-is](https://www.npmjs.org/package/type-is#readme) library. This can be an extension name (like `urlencoded`), a mime type (like `application/x-www-form-urlencoded`), or a mime time with a wildcard (like `*/x-www-form-urlencoded`).
@@ -121,24 +126,15 @@ A new `body` object containing the parsed data is populated on the `request` obj
## License
-The MIT License (MIT)
-
-Copyright (c) 2014 Jonathan Ong me at jongleberry.com
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/body-parser.svg?style=flat
+[npm-url]: https://npmjs.org/package/body-parser
+[travis-image]: https://img.shields.io/travis/expressjs/body-parser.svg?style=flat
+[travis-url]: https://travis-ci.org/expressjs/body-parser
+[coveralls-image]: https://img.shields.io/coveralls/expressjs/body-parser.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/body-parser.svg?style=flat
+[downloads-url]: https://npmjs.org/package/body-parser
+[gittip-image]: https://img.shields.io/gittip/dougwilson.svg?style=flat
+[gittip-url]: https://www.gittip.com/dougwilson/
diff --git a/index.js b/index.js
index bb9b04e..7c87204 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,6 @@
/*!
* body-parser
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
diff --git a/lib/read.js b/lib/read.js
index 6dd3c2b..1e66cbf 100644
--- a/lib/read.js
+++ b/lib/read.js
@@ -1,5 +1,6 @@
/*!
* body-parser
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
@@ -9,6 +10,7 @@
var getBody = require('raw-body')
var iconv = require('iconv-lite')
+var onFinished = require('on-finished')
var typer = require('media-typer')
var zlib = require('zlib')
@@ -32,7 +34,6 @@ module.exports = read
function read(req, res, next, parse, options) {
var length
var stream
- var waitend = true
// flag as parsed
req._body = true
@@ -57,27 +58,21 @@ function read(req, res, next, parse, options) {
? null
: encoding
- req.on('aborted', cleanup)
- req.on('end', cleanup)
- req.on('error', cleanup)
-
// read body
getBody(stream, options, function (err, body) {
- if (err && waitend && req.readable) {
+ if (err) {
+ if (!err.status) {
+ err.status = 400
+ }
+
// read off entire request
- req.resume()
- req.once('end', function onEnd() {
+ stream.resume()
+ onFinished(req, function onfinished() {
next(err)
})
return
}
- if (err) {
- if (!err.status) err.status = 400
- next(err)
- return
- }
-
// verify
if (verify) {
try {
@@ -94,21 +89,16 @@ function read(req, res, next, parse, options) {
? iconv.decode(body, encoding)
: body
req.body = parse(body)
- } catch (err){
- err.body = body
- err.status = 400
+ } catch (err) {
+ if (!err.status) {
+ err.body = body
+ err.status = 400
+ }
return next(err)
}
next()
})
-
- function cleanup() {
- waitend = false
- req.removeListener('aborted', cleanup)
- req.removeListener('end', cleanup)
- req.removeListener('error', cleanup)
- }
}
/**
diff --git a/lib/types/json.js b/lib/types/json.js
index fe15a97..4ba1a4b 100644
--- a/lib/types/json.js
+++ b/lib/types/json.js
@@ -1,5 +1,7 @@
/*!
* body-parser
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
@@ -49,8 +51,10 @@ function json(options) {
}
function parse(body) {
- if (0 === body.length) {
- throw new Error('invalid json, empty body')
+ if (body.length === 0) {
+ // special-case empty json body, as it's a common client-side mistake
+ // TODO: maybe make this configurable or part of "strict" option
+ return {}
}
if (strict) {
@@ -99,7 +103,6 @@ function json(options) {
function firstchar(str) {
- if (!str) return ''
var match = firstcharRegExp.exec(str)
return match ? match[1] : ''
}
diff --git a/lib/types/raw.js b/lib/types/raw.js
index c1e7805..9d7e49a 100644
--- a/lib/types/raw.js
+++ b/lib/types/raw.js
@@ -1,5 +1,6 @@
/*!
* body-parser
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
diff --git a/lib/types/text.js b/lib/types/text.js
index 379ab6e..2330b5b 100644
--- a/lib/types/text.js
+++ b/lib/types/text.js
@@ -1,5 +1,6 @@
/*!
* body-parser
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
diff --git a/lib/types/urlencoded.js b/lib/types/urlencoded.js
index 9d3e7e2..d846e65 100644
--- a/lib/types/urlencoded.js
+++ b/lib/types/urlencoded.js
@@ -1,5 +1,7 @@
/*!
* body-parser
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014 Douglas Christopher Wilson
* MIT Licensed
*/
@@ -38,7 +40,7 @@ function urlencoded(options){
// notice because option default will flip in next major
if (options.extended === undefined) {
- deprecate('urlencoded: explicitly specify "extended: true" for extended parsing')
+ deprecate('undefined extended: provide extended option')
}
var extended = options.extended !== false
@@ -54,8 +56,8 @@ function urlencoded(options){
}
var queryparse = extended
- ? parser('qs')
- : parser('querystring')
+ ? extendedparser(options)
+ : simpleparser(options)
function parse(body) {
return body.length
@@ -88,6 +90,70 @@ function urlencoded(options){
}
/**
+ * Get the extended query parser.
+ *
+ * @param {object} options
+ */
+
+function extendedparser(options) {
+ var parameterLimit = options.parameterLimit !== undefined
+ ? options.parameterLimit
+ : 1000
+ var parse = parser('qs')
+
+ if (isNaN(parameterLimit) || parameterLimit < 1) {
+ throw new TypeError('option parameterLimit must be a positive number')
+ }
+
+ if (isFinite(parameterLimit)) {
+ parameterLimit = parameterLimit | 0
+ }
+
+ var opts = {
+ arrayLimit: 100,
+ parameterLimit: parameterLimit
+ }
+
+ return function queryparse(body) {
+ if (overlimit(body, parameterLimit)) {
+ var err = new Error('too many parameters')
+ err.status = 413
+ throw err
+ }
+
+ return parse(body, opts)
+ }
+}
+
+/**
+ * Determine if the parameter count is over the limit.
+ *
+ * @param {string} body
+ * @param {number} limit
+ * @api private
+ */
+
+function overlimit(body, limit) {
+ if (limit === Infinity) {
+ return false
+ }
+
+ var count = 0
+ var index = 0
+
+ while ((index = body.indexOf('&', index)) !== -1) {
+ count++
+ index++
+
+ if (count === limit) {
+ return true
+ }
+ }
+
+ return false
+}
+
+/**
* Get parser for module name dynamically.
*
* @param {string} name
@@ -107,3 +173,34 @@ function parser(name) {
return mod.parse
}
+
+/**
+ * Get the simple query parser.
+ *
+ * @param {object} options
+ */
+
+function simpleparser(options) {
+ var parameterLimit = options.parameterLimit !== undefined
+ ? options.parameterLimit
+ : 1000
+ var parse = parser('querystring')
+
+ if (isNaN(parameterLimit) || parameterLimit < 1) {
+ throw new TypeError('option parameterLimit must be a positive number')
+ }
+
+ if (isFinite(parameterLimit)) {
+ parameterLimit = parameterLimit | 0
+ }
+
+ return function queryparse(body) {
+ if (overlimit(body, parameterLimit)) {
+ var err = new Error('too many parameters')
+ err.status = 413
+ throw err
+ }
+
+ return parse(body, undefined, undefined, {maxKeys: parameterLimit})
+ }
+}
diff --git a/package.json b/package.json
index a086aee..bcea3f8 100644
--- a/package.json
+++ b/package.json
@@ -1,28 +1,35 @@
{
"name": "body-parser",
"description": "Node.js body parsing middleware",
- "version": "1.4.3",
- "author": "Jonathan Ong <me at jongleberry.com> (http://jongleberry.com)",
+ "version": "1.8.1",
"contributors": [
- "Douglas Christopher Wilson <doug at somethingdoug.com>"
+ "Douglas Christopher Wilson <doug at somethingdoug.com>",
+ "Jonathan Ong <me at jongleberry.com> (http://jongleberry.com)"
],
"license": "MIT",
"repository": "expressjs/body-parser",
"dependencies": {
"bytes": "1.0.0",
- "depd": "0.3.0",
- "iconv-lite": "0.4.3",
- "media-typer": "0.2.0",
- "qs": "0.6.6",
- "raw-body": "1.2.2",
- "type-is": "1.3.1"
+ "depd": "0.4.4",
+ "iconv-lite": "0.4.4",
+ "media-typer": "0.3.0",
+ "on-finished": "2.1.0",
+ "qs": "2.2.3",
+ "raw-body": "1.3.0",
+ "type-is": "~1.5.1"
},
"devDependencies": {
- "istanbul": "0.2.10",
- "mocha": "~1.20.1",
+ "istanbul": "0.3.2",
+ "mocha": "~1.21.4",
"should": "~4.0.4",
"supertest": "~0.13.0"
},
+ "files": [
+ "lib/",
+ "LICENSE",
+ "HISTORY.md",
+ "index.js"
+ ],
"engines": {
"node": ">= 0.8"
},
diff --git a/test/json.js b/test/json.js
index d6df309..f7a33db 100644
--- a/test/json.js
+++ b/test/json.js
@@ -36,34 +36,34 @@ describe('bodyParser.json()', function(){
.expect(200, '{}', done)
})
- it('should handle no message-body', function(done){
+ it('should handle empty message-body', function(done){
var server = createServer()
request(server)
.get('/')
.set('Content-Type', 'application/json')
- .unset('Transfer-Encoding')
+ .set('Transfer-Encoding', 'chunked')
.expect(200, '{}', done)
})
- it('should 400 on malformed JSON', function(done){
+ it('should handle no message-body', function(done){
var server = createServer()
request(server)
- .post('/')
+ .get('/')
.set('Content-Type', 'application/json')
- .send('{"foo')
- .expect(400, done);
+ .unset('Transfer-Encoding')
+ .expect(200, '{}', done)
})
- it('should 400 when no body is given', function(done){
+ it('should 400 on malformed JSON', function(done){
var server = createServer()
request(server)
.post('/')
.set('Content-Type', 'application/json')
- .set('Transfer-Encoding', 'chunked')
- .expect(400, 'invalid json, empty body', done)
+ .send('{"foo')
+ .expect(400, done);
})
it('should 400 when invalid content-length', function(done){
diff --git a/test/raw.js b/test/raw.js
index 3dfad00..a9dff51 100644
--- a/test/raw.js
+++ b/test/raw.js
@@ -30,6 +30,14 @@ describe('bodyParser.raw()', function(){
test.expect(400, /content length/, done)
})
+ it('should handle Content-Length: 0', function(done){
+ request(server)
+ .post('/')
+ .set('Content-Type', 'application/octet-stream')
+ .set('Content-Length', '0')
+ .expect(200, 'buf:', done)
+ })
+
it('should handle empty message-body', function(done){
request(server)
.post('/')
diff --git a/test/text.js b/test/text.js
index 7f4b74a..ea1d027 100644
--- a/test/text.js
+++ b/test/text.js
@@ -30,6 +30,16 @@ describe('bodyParser.text()', function(){
test.expect(400, /content length/, done)
})
+ it('should handle Content-Length: 0', function(done){
+ var server = createServer({ limit: '1kb' })
+
+ request(server)
+ .post('/')
+ .set('Content-Type', 'text/plain')
+ .set('Content-Length', '0')
+ .expect(200, '""', done)
+ })
+
it('should handle empty message-body', function(done){
var server = createServer({ limit: '1kb' })
diff --git a/test/urlencoded.js b/test/urlencoded.js
index c7fd88c..fba7424 100644
--- a/test/urlencoded.js
+++ b/test/urlencoded.js
@@ -39,6 +39,15 @@ describe('bodyParser.urlencoded()', function(){
test.expect(400, /content length/, done)
})
+ it('should handle Content-Length: 0', function(done){
+ request(server)
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .set('Content-Length', '0')
+ .send('')
+ .expect(200, '{}', done)
+ })
+
it('should handle empty message-body', function(done){
var server = createServer({ limit: '1kb' })
@@ -87,6 +96,22 @@ describe('bodyParser.urlencoded()', function(){
.send('user[name][first]=Tobi')
.expect(200, '{"user":{"name":{"first":"Tobi"}}}', done)
})
+
+ it('should parse fully-encoded extended syntax', function(done){
+ request(server)
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send('user%5Bname%5D%5Bfirst%5D=Tobi')
+ .expect(200, '{"user":{"name":{"first":"Tobi"}}}', done)
+ })
+
+ it('should parse array of objects syntax', function(done){
+ request(server)
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send('foo[0][bar]=baz&foo[0][fizz]=buzz')
+ .expect(200, '{"foo":[{"bar":"baz","fizz":"buzz"}]}', done)
+ })
})
})
@@ -195,6 +220,114 @@ describe('bodyParser.urlencoded()', function(){
})
})
+ describe('with parameterLimit option', function () {
+ describe('with extended: false', function () {
+ it('should reject 0', function () {
+ assert.throws(createServer.bind(null, { extended: false, parameterLimit: 0 }), /option parameterLimit/)
+ })
+
+ it('should reject string', function () {
+ assert.throws(createServer.bind(null, { extended: false, parameterLimit: 'beep' }), /option parameterLimit/)
+ })
+
+ it('should 415 if over limit', function (done) {
+ request(createServer({ extended: false, parameterLimit: 10 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(11))
+ .expect(413, /too many parameters/, done)
+ })
+
+ it('should work when at the limit', function (done) {
+ request(createServer({ extended: false, parameterLimit: 10 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(10))
+ .expect(expectKeyCount(10))
+ .expect(200, done)
+ })
+
+ it('should work if number is floating point', function (done) {
+ request(createServer({ extended: false, parameterLimit: 10.1 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(11))
+ .expect(413, /too many parameters/, done)
+ })
+
+ it('should work with large limit', function (done) {
+ request(createServer({ extended: false, parameterLimit: 5000 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(5000))
+ .expect(expectKeyCount(5000))
+ .expect(200, done)
+ })
+
+ it('should work with Infinity limit', function (done) {
+ request(createServer({ extended: false, parameterLimit: Infinity }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(10000))
+ .expect(expectKeyCount(10000))
+ .expect(200, done)
+ })
+ })
+
+ describe('with extended: true', function () {
+ it('should reject 0', function () {
+ assert.throws(createServer.bind(null, { extended: true, parameterLimit: 0 }), /option parameterLimit/)
+ })
+
+ it('should reject string', function () {
+ assert.throws(createServer.bind(null, { extended: true, parameterLimit: 'beep' }), /option parameterLimit/)
+ })
+
+ it('should 415 if over limit', function (done) {
+ request(createServer({ extended: true, parameterLimit: 10 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(11))
+ .expect(413, /too many parameters/, done)
+ })
+
+ it('should work when at the limit', function (done) {
+ request(createServer({ extended: true, parameterLimit: 10 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(10))
+ .expect(expectKeyCount(10))
+ .expect(200, done)
+ })
+
+ it('should work if number is floating point', function (done) {
+ request(createServer({ extended: true, parameterLimit: 10.1 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(11))
+ .expect(413, /too many parameters/, done)
+ })
+
+ it('should work with large limit', function (done) {
+ request(createServer({ extended: true, parameterLimit: 5000 }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(5000))
+ .expect(expectKeyCount(5000))
+ .expect(200, done)
+ })
+
+ it('should work with Infinity limit', function (done) {
+ request(createServer({ extended: true, parameterLimit: Infinity }))
+ .post('/')
+ .set('Content-Type', 'application/x-www-form-urlencoded')
+ .send(createManyParams(10000))
+ .expect(expectKeyCount(10000))
+ .expect(200, done)
+ })
+ })
+ })
+
describe('with type option', function(){
var server;
before(function(){
@@ -355,6 +488,23 @@ describe('bodyParser.urlencoded()', function(){
})
})
+function createManyParams(count) {
+ var str = ''
+
+ if (count === 0) {
+ return str
+ }
+
+ str += '0=0'
+
+ for (var i = 1; i < count; i++) {
+ var n = i.toString(36)
+ str += '&' + n + '=' + n
+ }
+
+ return str
+}
+
function createServer(opts){
var _bodyParser = bodyParser.urlencoded(opts)
@@ -365,3 +515,9 @@ function createServer(opts){
})
})
}
+
+function expectKeyCount(count) {
+ return function (res) {
+ assert.equal(Object.keys(JSON.parse(res.text)).length, count)
+ }
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-body-parser.git
More information about the Pkg-javascript-commits
mailing list