Improvements in request body handling

package.json

@@ -23,6 +23,7 @@
     "enhanced-switch": "^1.1.8",
     "json5": "^2.2.3",
     "mime": "^4.0.4",
+    "multipart-ts": "^1.1.0",
     "music-metadata": "^10.5.0",
     "yaml": "^2.5.1"
   }

src/api/ApiRequest.ts

@@ -1,6 +1,5 @@
 import http from "node:http";
-import {parse as queryStringParse} from "node:querystring";
-import JsonResponse from "../response/JsonResponse.js";
+import {Component, Multipart} from "multipart-ts";
 import EnhancedSwitch from "enhanced-switch";
 import ErrorResponse from "../response/ErrorResponse.js";
 import ApiResponse from "../response/ApiResponse.js";
@@ -19,8 +18,8 @@ export default class ApiRequest {
         return this._handled;
     }
 
-    #body: JsonResponse.Object | JsonResponse.Array | Buffer = {};
-    public get body(): JsonResponse.Object | JsonResponse.Array | Buffer {
+    #body: FormData | Buffer = Buffer.alloc(0);
+    public get body(): FormData | Buffer {
         return this.#body;
     }
 
@@ -36,47 +35,68 @@ export default class ApiRequest {
 
     public readonly url: URL;
 
+    private static jsonToFormData(json: Record<string, any>, formData: FormData = new FormData(), parentKey: string | null = null): FormData {
+        for (const [k, value] of Object.entries(json)) {
+            const key = parentKey === null ? k : `${parentKey}.${k}`;
+            if (Array.isArray(value))
+                for (const v of value)
+                    formData.append(key, `${v}`);
+            else if (value !== null && typeof value === "object")
+                this.jsonToFormData(value, formData, key)
+            else formData.append(key, `${value}`);
+        }
+        return formData;
+    }
+
+
     public static async create(req: http.IncomingMessage, res: http.ServerResponse, library: Library): Promise<ApiRequest> {
         const request = new ApiRequest(req, res);
 
         request.#auth = await Authorisation.fromReq(request, library);
 
-        const contentType = request.req.headers["content-type"];
-        if (contentType === undefined)
+        if (["CONNECT", "GET", "HEAD", "OPTIONS", "TRACE"].includes(request.method))
             return request;
 
-        const contentLengthHeader = request.req.headers["content-length"];
-        if (contentLengthHeader === undefined)
-            return request;
-        const contentLength = Number.parseInt(contentLengthHeader, 10);
-        if (!Number.isFinite(contentLength) && contentLength <= 0)
+        const contentType = request.req.headers["content-type"]?.split(";")[0];
+        if (contentType === undefined)
             return request;
-        const data = Buffer.alloc(Number.parseInt(contentLengthHeader, 10));
-        let offset = 0;
-        for await (const chunk of request.req) {
-            if (offset + chunk.length > data.length)
-                return request;
-            data.set(chunk, offset);
-            offset += chunk.length;
-        }
-
-        new EnhancedSwitch(contentType.toLowerCase().trim())
-            .case("application/json", () => {
-                try {
-                    request.#body = JSON.parse(data.toString());
-                }
-                catch (e) {
-                    const err: SyntaxError = e as SyntaxError;
-                    request.end(new ErrorResponse(400, "The request body is not valid JSON: " + err.message, {}, err));
-                }
-            })
-            .case("application/x-www-form-urlencoded", () => {
-                request.#body = queryStringParse(data.toString());
-            })
-            .default(() => {
-                request.#body = Buffer.from(data);
-            });
 
+        try {
+            const chunks: Uint8Array[] = []
+            for await (const chunk of req) chunks.push(chunk);
+            const data = Buffer.concat(chunks);
+
+            new EnhancedSwitch(contentType.toLowerCase().trim())
+                .case("application/json", () => {
+                    try {
+                        request.#body = this.jsonToFormData(JSON.parse(data.toString()));
+                    } catch (e) {
+                        const err: SyntaxError = e as SyntaxError;
+                        request.end(new ErrorResponse(400, "The request body is not valid JSON: " + err.message, {}, err));
+                    }
+                })
+                .case("application/x-www-form-urlencoded", () => {
+                    const usp = new URLSearchParams(data.toString());
+                    const formData = new FormData();
+                    for (const [key, value] of usp.entries())
+                        formData.append(key, value);
+                    request.#body = formData;
+                })
+                .case("multipart/form-data", () => {
+                    const multipart = Multipart.part(new Component({
+                        "Content-Type": req.headers["content-type"]!
+                    }, data));
+                    request.#body = multipart.formData();
+                })
+                .default(() => {
+                    request.#body = data;
+                });
+        }
+        catch (error) {
+            if (error instanceof Error)
+                throw new ThrowableResponse(new ErrorResponse(400, error.message, {}, error));
+            throw new ThrowableResponse(new ErrorResponse(500, "Internal server error.", {}, error as any));
+        }
         return request;
     }
 

src/resource/Playlist.ts

@@ -146,30 +146,33 @@ namespace Playlist {
         private static readonly notFound = new ErrorResponse(404, "The requested playlist could not be found.");
 
         private readonly extract = {
-            name(body: any): string {
-                if (!("name" in body)) throw new ThrowableResponse(new FieldErrorResponse({name: "Please enter a name for this playlist."}));
-                if (typeof body.name !== "string") throw new ThrowableResponse(new FieldErrorResponse({name: "Must be a string."}));
-                if (body.name.length > 128) throw new ThrowableResponse(new FieldErrorResponse({note: "Must be 128 characters or less."}));
-                return body.name;
+            name(body: FormData): string {
+                const name = body.get("name");
+                if (name === null) throw new ThrowableResponse(new FieldErrorResponse({name: "Please enter a name for this playlist."}));
+                if (typeof name !== "string") throw new ThrowableResponse(new FieldErrorResponse({name: "Must be a string."}));
+                if (name.length > 128) throw new ThrowableResponse(new FieldErrorResponse({name: "Must be 128 characters or less."}));
+                return name;
             },
-            user(auth: Authorisation, users: User.Repository, body: any): User.ID {
-                if (!auth.has(Token.Scope.PLAYLISTS_WRITE_ALL) || !("user" in body)) return auth.user.id;
-                if (typeof body.user !== "string") throw new ThrowableResponse(new FieldErrorResponse({user: "Must be a string."}));
-                const user = users.get(new User.ID(body.user));
+            user(auth: Authorisation, users: User.Repository, body: FormData): User.ID {
+                const userId = body.get("user");
+                if (!auth.has(Token.Scope.PLAYLISTS_WRITE_ALL) || userId === null) return auth.user.id;
+                if (typeof userId !== "string") throw new ThrowableResponse(new FieldErrorResponse({user: "Must be a string."}));
+                const user = users.get(new User.ID(userId));
                 if (user === null) throw new ThrowableResponse(new FieldErrorResponse({user: "A user with the provided ID does not exist."}, {}, 404));
                 return user.id;
             },
-            visibility(body: any): Playlist.Visibility {
-                if (!("visibility" in body)) throw new ThrowableResponse(new FieldErrorResponse({visibility: "Please select playlist visibility."}));
-                if (typeof body.visibility !== "string") throw new ThrowableResponse(new FieldErrorResponse({visibility: "Must be a string."}));
-                if (!Object.values(Playlist.Visibility).includes(body.visibility as Playlist.Visibility)) throw new ThrowableResponse(new FieldErrorResponse({visibility: "Invalid visibility setting."}));
-                return body.visibility as Playlist.Visibility;
+            visibility(body: FormData): Playlist.Visibility {
+                const visibility = body.get("visibility");
+                if (visibility === null) throw new ThrowableResponse(new FieldErrorResponse({visibility: "Please select playlist visibility."}));
+                if (typeof visibility !== "string") throw new ThrowableResponse(new FieldErrorResponse({visibility: "Must be a string."}));
+                if (!Object.values(Playlist.Visibility).includes(visibility as Playlist.Visibility)) throw new ThrowableResponse(new FieldErrorResponse({visibility: "Invalid visibility setting."}));
+                return visibility as Playlist.Visibility;
             },
-            tracks(tracks: Track.Repository, body: any): Track.ID[] {
-                if (!("tracks" in body)) throw new ThrowableResponse(new FieldErrorResponse({tracks: "Please select the tracks for this playlist."}));
-                if (!Array.isArray(body.tracks)) throw new ThrowableResponse(new FieldErrorResponse({tracks: "Must be an array."}));
+            tracks(tracks: Track.Repository, body: FormData): Track.ID[] {
+                if (!body.has("tracks")) throw new ThrowableResponse(new FieldErrorResponse({tracks: "Please select the tracks for this playlist."}));
+                const tracksBody = body.getAll("tracks");
                 const ids: Track.ID[] = [];
-                for (const track of body.tracks) {
+                for (const track of tracksBody) {
                     if (typeof track !== "string") continue;
                     const id = new Track.ID(track);
                     if (tracks.get(id) === null) throw new ThrowableResponse(new FieldErrorResponse({tracks: `Track ${id} does not exist.`}, {}, 404));
@@ -195,11 +198,11 @@ namespace Playlist {
 
         public override create(req: ApiRequest): ApiResponse | Promise<ApiResponse> {
             req.require(Token.Scope.PLAYLISTS_WRITE);
-            this.validateBodyType(req.body);
-            const name = this.extract.name(req.body);
-            const user = this.extract.user(req.auth!, this.library.repositories.users, req.body);
-            const visibility = this.extract.visibility(req.body);
-            const tracks = this.extract.tracks(this.library.repositories.tracks, req.body);
+            const body = this.validateBodyType(req.body);
+            const name = this.extract.name(body);
+            const user = this.extract.user(req.auth!, this.library.repositories.users, body);
+            const visibility = this.extract.visibility(body);
+            const tracks = this.extract.tracks(this.library.repositories.tracks, body);
 
             const playlist = new Playlist(Playlist.ID.random(), name, user, visibility, tracks);
             this.library.repositories.playlists.save(playlist);
@@ -234,13 +237,13 @@ namespace Playlist {
 
         protected override put(req: ApiRequest, id: string): ApiResponse {
             req.require(Token.Scope.PLAYLISTS_WRITE);
-            this.validateBodyType(req.body);
+            const body = this.validateBodyType(req.body);
             const playlist = this.library.repositories.playlists.get(new Playlist.ID(id));
             if (playlist === null || (!playlist.user.equals(req.auth!.user.id) && playlist.visibility === Playlist.Visibility.PRIVATE)) return Playlist.Controller.notFound;
             if (!playlist.user.equals(req.auth!.user.id)) req.require(Token.Scope.PLAYLISTS_WRITE_ALL);
-            const name = this.extract.name(req.body);
-            const visibility = this.extract.visibility(req.body);
-            const tracks = this.extract.tracks(this.library.repositories.tracks, req.body);
+            const name = this.extract.name(body);
+            const visibility = this.extract.visibility(body);
+            const tracks = this.extract.tracks(this.library.repositories.tracks, body);
             playlist.name = name;
             playlist.visibility = visibility;
             playlist.tracks = tracks;
@@ -250,22 +253,22 @@ namespace Playlist {
 
         protected override patch(req: ApiRequest, id: string): ApiResponse {
             req.require(Token.Scope.PLAYLISTS_WRITE);
-            this.validateBodyType(req.body);
+            const body = this.validateBodyType(req.body);
             const playlist = this.library.repositories.playlists.get(new Playlist.ID(id));
             if (playlist === null || (!playlist.user.equals(req.auth!.user.id) && playlist.visibility === Playlist.Visibility.PRIVATE)) return Playlist.Controller.notFound;
             if (!playlist.user.equals(req.auth!.user.id)) req.require(Token.Scope.PLAYLISTS_WRITE_ALL);
-            if ("name" in req.body) playlist.name = this.extract.name(req.body);
-            if ("visibility" in req.body) playlist.visibility = this.extract.visibility(req.body);
-            if ("tracks" in req.body) playlist.tracks = this.extract.tracks(this.library.repositories.tracks, req.body);
+            if ("name" in req.body) playlist.name = this.extract.name(body);
+            if ("visibility" in req.body) playlist.visibility = this.extract.visibility(body);
+            if ("tracks" in req.body) playlist.tracks = this.extract.tracks(this.library.repositories.tracks, body);
             this.library.repositories.playlists.save(playlist);
             return new JsonResponse(playlist.json());
         }
 
-        private validateBodyType(body: JsonResponse.Object | JsonResponse.Array | Buffer) {
+        private validateBodyType(body: FormData | Buffer) {
             if (Buffer.isBuffer(body)) throw new ThrowableResponse(new ErrorResponse(415, "The request body has unsupported media type.", {
                 Accept: "application/json, application/x-www-form-urlencoded"
             }));
-            if (Array.isArray(body)) throw new ThrowableResponse(new ErrorResponse(422, "The request body is an array; expected an object."));
+            return body;
         }
     }
 }