Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to add custom "tap" into the request stream #4185

Open
matthieusieben opened this issue Nov 9, 2020 · 0 comments
Open

Ability to add custom "tap" into the request stream #4185

matthieusieben opened this issue Nov 9, 2020 · 0 comments
Assignees
@geek
Labels
feature New functionality or improvement

Comments

@matthieusieben
Copy link

matthieusieben commented Nov 9, 2020
edited

Support plan

  • is this issue currently blocking your project? (yes/no): no
  • is this issue affecting a production system? (yes/no): no

Context

  • node version: 12+
  • module version: 20+
  • environment (e.g. node, browser, native): node
  • used with (e.g. hapi application, another framework, standalone, ...): hapi application
  • any other relevant information:

What problem are you trying to solve?

Ability to perform an integrity check (and prevent any processing of corrupted data) of a request stream

I am currently performing request integrity check but this requires to do the following:

        if (request.payload !== undefined) {
          throw badImplementation('Integrity check requires that the payload was not already processed')
        }

        const hash = createHash(algorithm)

        request.events.on('peek', (chunk, encoding) => {
          hash.update(chunk, encoding)
        })

        request.events.on('finish', () => {
          const payloadDigest = hash.digest('base64')
          if (payloadDigest !== expectedDigest) {
            request.raw.req.destroy(Boom.badData('Corrupted payload'))
          }
        })

There are several issues with that implementation:

  1. It relies on the fact that the finish handler is triggered synchronously (otherwise the destruction of the raw req would occur too late)
  2. It requires that the payload was not previously processed (e.g. by the auth.payload)
  3. We can't prevent the payload to be processed by other listeners

It would be nice to have the ability to manually tap into the request:

  • From the onRequest ext
  • From an authentication scheme

Do you have a new or modified API suggestion to solve the problem?

  const [algo, hash] = getDigestData(request)
  request.tap(new DigestCheck(algo, hash)) // throws if `request.payload` is already set

I would be open to create a PR for this but I would like to make sure that:

  1. You would be open to add this
  2. What kind of API you would see for this
@matthieusieben matthieusieben added the feature New functionality or improvement label Nov 9, 2020
@geek geek self-assigned this Nov 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geek geek

Labels
feature New functionality or improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@geek @matthieusieben