src/lib/UtapiRequest.js

@@ -97,18 +97,6 @@ export default class UtapiRequest {
         return this;
     }
 
-    /**
-     * Set request pathname
-     *
-     * @param {string} pathname - pathname from url.parse
-     * of request.url (pathname minus query)
-     * @return {UtapiRequest} itself
-     */
-    setRequestPathname(pathname) {
-        this._requestPathname = pathname;
-        return this;
-    }
-
     /**
      * Get http request object
      *
@@ -145,15 +133,6 @@ export default class UtapiRequest {
         return this._requestPath;
     }
 
-    /**
-     * Get request pathname
-     *
-     * @return {string} request pathname
-     */
-    getRequestPathname() {
-        return this._requestPathname;
-    }
-
     /**
      * Get requester ip address
      *

src/lib/server.js

@@ -34,52 +34,17 @@ class UtapiServer {
         routes.forEach(item => this.router.addRoute(new Route(item)));
     }
 
-    /**
-     * Function to validate a URI component
-     *
-     * @param {string|object} component - path from url.parse of request.url
-     * (pathname plus query) or query from request
-     * @return {string|undefined} If `decodeURIComponent` throws an error,
-     * return the invalid `decodeURIComponent` string, otherwise return
-     * `undefined`
-     */
-    _checkURIComponent(component) {
-        if (typeof component === 'string') {
-            try {
-                decodeURIComponent(component);
-            } catch (err) {
-                return true;
-            }
-        } else {
-            return Object.keys(component).find(x => {
-                try {
-                    decodeURIComponent(x);
-                    decodeURIComponent(component[x]);
-                } catch (err) {
-                    return true;
-                }
-                return false;
-            });
-        }
-        return undefined;
-    }
-
     requestListener(req, res, router) {
         // disable nagle algorithm
         req.socket.setNoDelay();
-        const { query, path, pathname } = url.parse(req.url, true);
+        const { query, path } = url.parse(req.url, true);
         const utapiRequest = new UtapiRequest()
             .setRequest(req)
             .setLog(this.logger.newRequestLogger())
             .setResponse(res)
-            .setDatastore(this.datastore);
+            .setDatastore(this.datastore)
-        // Sanity check for valid URI component
+            .setRequestQuery(query)
-        if (this._checkURIComponent(query) || this._checkURIComponent(path)) {
+            .setRequestPath(path);
-            return this.errorResponse(utapiRequest, errors.InvalidURI);
-        }
-        utapiRequest.setRequestQuery(query);
-        utapiRequest.setRequestPath(path);
-        utapiRequest.setRequestPathname(pathname);
         // temp hack: healthcheck route
         if (path === '/_/healthcheck' && (req.method === 'GET'
             || req.method === 'POST')) {

src/router/Router.js

@@ -217,10 +217,9 @@ class Router {
             utapiRequest.getAction(), 'utapi')
         );
         auth.setHandler(this._vault);
-        const request = utapiRequest.getRequest();
+        const requestPlusPath = utapiRequest.getRequest();
-        request.path = utapiRequest.getRequestPathname();
+        requestPlusPath.path = utapiRequest.getRequestPath();
-        request.query = utapiRequest.getRequestQuery();
+        return auth.server.doAuth(requestPlusPath, log, (err, authResults) => {
-        return auth.server.doAuth(request, log, (err, authResults) => {
             if (err) {
                 return cb(err);
             }