register @fastify/formbody in plugin

hillac · Mar 26, 2024 · 841ef7b · 841ef7b
1 parent 0b38522
commit 841ef7b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/packages/frameworks-fastify/package.json b/packages/frameworks-fastify/package.json
@@ -31,7 +31,7 @@
     "build": "pnpm clean && pnpm providers && tsc",
     "clean": "rm -rf lib index.* src/lib/providers",
     "test": "vitest run -c ../utils/vitest.config.ts",
-    "test:debug": "NODE_OPTIONS=\"--inspect --inspect-brk\" vitest run -c ../utils/vitest.config.ts",
+    "test:debug": "vitest --inspect --inspect-brk --pool threads --poolOptions.threads.singleThread run -c ../utils/vitest.config.ts",
     "providers": "node ../utils/scripts/providers"
   },
   "publishConfig": {
@@ -46,6 +46,7 @@
     "fastify": "^4.25.2"
   },
   "peerDependencies": {
+    "@fastify/formbody": "^7.4.0",
     "fastify": "^4.25.2"
   },
   "keywords": [

diff --git a/packages/frameworks-fastify/src/index.ts b/packages/frameworks-fastify/src/index.ts
@@ -16,16 +16,12 @@
  *
  * ```ts title="src/routes/auth.route.ts"
  * import { FastifyAuth } from "@auth/fastify"
- * import formbodyParser from "@fastify/formbody"
  * import GitHub from "@auth/fastify/providers/github"
  * import Fastify from "fastify"
  *
  * // If app is served through a proxy, trust the proxy to allow HTTPS protocol to be detected
  * const fastify = Fastify({ trustProxy: true });
  *
- * // Make sure to use a form body parser so Auth.js can receive data from the client
- * fastify.register(formbodyParser)
- *
  * fastify.register(FastifyAuth({ providers: [ GitHub ] }), { prefix: '/auth' })
  * ```
  *
@@ -51,6 +47,7 @@
  * import { getSession } from "@auth/fastify"
  * 
  * // Decorating the reply is not required but will optimise performance
+ * // Only decorate the reply with a value type like null, as reference types like objects are shared among all requests, creating a security risk.
  * fastify.decorateReply('session', null)
 
  * export async function authSession(req: FastifyRequest, reply: FastifyReply) {
@@ -136,6 +133,7 @@
 import { Auth, setEnvDefaults, createActionURL } from "@auth/core"
 import type { AuthConfig, Session } from "@auth/core/types"
 import type { FastifyRequest, FastifyPluginAsync } from 'fastify'
+import formbody from '@fastify/formbody'
 import { toWebRequest, toFastifyReply } from "./lib/index.js"
 
 export type {
@@ -148,7 +146,10 @@ export type {
 
 export function FastifyAuth(config: Omit<AuthConfig, "raw">): FastifyPluginAsync {
   setEnvDefaults(process.env, config)
-  return async (fastify, opts) => {
+  return async (fastify) => {
+    if (!fastify.hasContentTypeParser('application/x-www-form-urlencoded')) {
+      fastify.register(formbody)
+    }
     fastify.route({
       method: ['GET', 'POST'],
       url: '/*',

diff --git a/packages/frameworks-fastify/tests/login.test.ts b/packages/frameworks-fastify/tests/login.test.ts
@@ -40,8 +40,6 @@ describe("Integration test with login and getSession", () => {
   it("Should return the session with username after logging in", async () => {
     let expectations: Function = () => {}
 
-    fastify.register(formbodyParser)
-
     fastify.register(FastifyAuth(authConfig), { prefix: "/api/auth" })
 
     fastify.post("/test", async (request, reply) => {
@@ -123,4 +121,10 @@ describe("Integration test with login and getSession", () => {
     const expectationResult = await expectations()
     expect(expectationResult).toEqual(true)
   })
+
+  it("Should not throw when form body parser already registered", async () => {
+    fastify.register(formbodyParser)
+    fastify.register(FastifyAuth(authConfig), { prefix: "/api/auth" })
+    await fastify.ready()
+  })
 })