erin-noe-payne / super-router Goto Github PK

utils.normalizePath

Is creating havok on a lot of URL types which have query parameters since it normalizes them into lower case values.

Example URL:

http://www.foo.com/something?Key1=Value1&Key2=Value2

It will lowercase the query parameters into:

http://www.foo.com/something?key1=value1&key2=value2

That pretty much breaks RFC URI

It would probably be better if you're going to do normalization to use a helper utility that expressJS and others use to parse out the URI first. Then apply selective normalizations to the path.

parseurl

Example usage of it is:

const parseurl = require('parseurl');
const parsed = parseurl({ url: 'http://www.Google.com/hi/Hi/Hello?someKey=someValue&someSecondKey=someSecondValue' });
console.log(JSON.stringify(parsed, undefined, 2));

Output is:

{
  "protocol": "http:",
  "slashes": true,
  "auth": null,
  "host": "www.google.com",
  "port": null,
  "hostname": "www.google.com",
  "hash": null,
  "search": "?someKey=someValue&someSecondKey=someSecondValue",
  "query": "someKey=someValue&someSecondKey=someSecondValue",
  "pathname": "/hi/Hi/Hello",
  "path": "/hi/Hi/Hello?someKey=someValue&someSecondKey=someSecondValue",
  "href": "http://www.google.com/hi/Hi/Hello?someKey=someValue&someSecondKey=someSecondValue",
  "_raw": "http://www.Google.com/hi/Hi/Hello?someKey=someValue&someSecondKey=someSecondValue"
}

You can see it would be easier to normalize your pathname above without using regular expressions.

Context: before calling toString on request objects, we can specify request.sensitive to identify specific fields in the header or body as private so they do not show up on the toString'd request object. See the test.

We would like to be able to do the same for response objects. This is trickier, however: requests are clearly objects before they get JSON.stringify'd over the wire, so scrubbing fields marked as sensitive is easier. Response bodies come over the wire as strings and remain attached to the Response object as strings. This is because a server's response to a request may not actually be in proper JSON.

To scrub toString'd responses, we must first attempt to parse the request body.
If it can't be parsed, theres not much we can do about sanitizing it 😕
If it can be parsed, then the approach is almost identical to Request; replace the values on the sensitive fields with '********' and JSON.stringify the final object.

Currently, for options requests, there has to be special conditional blocks put in middleware that comes before the options handler on a route you want to be hit to skip if the method == options.

Missing semi-colon in examples/router

Static analysis run of super-router can be found below:
https://codeclimate.com/github/autoric/super-router/examples/router.js

Cannot normalize header values.