Skip to content

Support h3 #572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Support h3 #572

wants to merge 13 commits into from

Conversation

timokoessler
Copy link
Member

@codecov Codecov
Copy link

codecov bot commented Apr 3, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 95.48387% with 14 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
library/sources/H3.ts 95.12% 6 Missing ⚠️
library/sources/h3/wrapMiddleware.ts 87.80% 5 Missing ⚠️
library/sources/h3/wrapReadBody.ts 85.71% 3 Missing ⚠️

📢 Thoughts on this report? Let us know!

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 4, 2025
View reviewed changes
hansott
hansott reviewed Apr 4, 2025
View reviewed changes
library/sources/H3.ts Outdated
return [wrapEventHandler(args[0] as EventHandler, h3)];
}

if (args[0] && typeof args[0] === "object" && !Array.isArray(args[0])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use isPlainObject helper?

library/sources/H3.ts Outdated
// Can be a function or a array of functions
if (typeof config[func] === "function") {
config[func] = wrapMiddleware(
config[func] as (...args: unknown[]) => void | Promise<void>,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extract type for (...args: unknown[]) => void | Promise<void>?

library/sources/H3.ts Outdated
}

private wrapCreateApp(args: unknown[], h3: typeof import("h3")) {
if (args.length < 1 || typeof args[0] !== "object" || !args[0]) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (args.length < 1 || typeof args[0] !== "object" || !args[0]) {
if (args.length === 0 || typeof args[0] !== "object" || !args[0]) {

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use isPlainObject helper?

@hansott
Copy link
Member

hansott commented Apr 4, 2025

Probably need install docs?

@timokoessler timokoessler marked this pull request as ready for review April 4, 2025 13:04
hansott added 5 commits May 16, 2025 15:08
@hansott
Merge branch 'main' of github.com:AikidoSec/node-RASP into h3
073bd75 
* 'main' of github.com:AikidoSec/node-RASP: (166 commits)
  Let all benchmarks run even if one fails
  Pass `t` in function
  Format
  Add test case for use case
  Revert "Add more test cases"
  Add more test cases
  Speed up safeDecodeURIComponent unit tests
  Allow access to route if exact match does
  Rename variable to make it more clear
  Remove redundant methods
  Improve comment
  Remove `isMonitoredIPAddress`
  Use userAgent variable
  Iterate through monitored IP lists only once
  Add comment about empty string and regexp
  Refactor safeCreateRegExp to its own file
  Fix end2end test
  Fix missing imports
  Format file
  Add end2end test to ensure monitored IPs and user agents are never blocked
  ...
@hansott
Regenerate package lock
403ca9d
@hansott
Improve comment
da8aac6
@hansott
Fix missing kind for wrapExport
d6a5d9f
@hansott
Use Map instead of object
58a523d
hansott
hansott reviewed May 16, 2025
View reviewed changes
library/middleware/h3.ts
};

// eslint-disable-next-line camelcase
handler.__is_handler__ = true;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why this is added? Can't find this in h3 codebase?
Wouldn't it be okay to require something from h3 so that we don't have to do this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only on mobile right now, but it was added in H3 codebase. Importing is always a bit problematic with bundlers, no?

library/helpers/formDataToPlainObject.ts Outdated
if (!(key in object)) {
object[key] = value;
return;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prototype pollution?

sample-apps/express-postgres/README.md
@@ -8,4 +8,4 @@ Try the following URLs:

- http://localhost:4000/ : List all cats
- http://localhost:4000/?petname=Kitty : This will add a new cat named "Kitty"
- http://localhost:4000/?petname=Kitty'); DELETE FROM cats;-- H : This will delete all cats
- http://localhost:4000/?petname=Kitty'); DELETE FROM cats_3;-- H : This will delete all cats
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We modified the wrong one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hansott hansott hansott left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timokoessler @hansott