hapi
hapi copied to clipboard
Published
20 hours ago •
hapijs
hapijs
Ability to add custom "tap" into the request stream
Support plan
- is this issue currently blocking your project? (yes/no): no
- is this issue affecting a production system? (yes/no): no
Context
- node version: 12+
- module version: 20+
- environment (e.g. node, browser, native): node
- used with (e.g. hapi application, another framework, standalone, ...): hapi application
- any other relevant information:
What problem are you trying to solve?
Ability to perform an integrity check (and prevent any processing of corrupted data) of a request stream
I am currently performing request integrity check but this requires to do the following:
if (request.payload !== undefined) {
throw badImplementation('Integrity check requires that the payload was not already processed')
}
const hash = createHash(algorithm)
request.events.on('peek', (chunk, encoding) => {
hash.update(chunk, encoding)
})
request.events.on('finish', () => {
const payloadDigest = hash.digest('base64')
if (payloadDigest !== expectedDigest) {
request.raw.req.destroy(Boom.badData('Corrupted payload'))
}
})
There are several issues with that implementation:
- It relies on the fact that the finish handler is triggered synchronously (otherwise the destruction of the raw req would occur too late)
- It requires that the payload was not previously processed (e.g. by the
auth.payload) - We can't prevent the payload to be processed by other listeners
It would be nice to have the ability to manually tap into the request:
- From the
onRequestext - From an authentication scheme
Do you have a new or modified API suggestion to solve the problem?
const [algo, hash] = getDigestData(request)
request.tap(new DigestCheck(algo, hash)) // throws if `request.payload` is already set
I would be open to create a PR for this but I would like to make sure that:
- You would be open to add this
- What kind of API you would see for this
