Skip to content

Release 0.103.1#833

Merged
tudddorrr merged 6 commits intomainfrom
develop
Feb 15, 2026
Merged

Release 0.103.1#833
tudddorrr merged 6 commits intomainfrom
develop

Conversation

@tudddorrr
Copy link
Collaborator

No description provided.

@tudddorrr tudddorrr added the release This pull request contains a release label Feb 15, 2026
@claude
Copy link

claude bot commented Feb 15, 2026

PR Review

The bulk of this PR is housekeeping: MikroORM 6.6.4 → 6.6.6, whitespace fixes in test describe names, and empty email env vars added to .env.test. The substantive change is the new decodeParamsMiddleware.


🟡 Code Quality

decodeURIComponent can throw on malformed params

decodeURIComponent raises a URIError for invalid percent-encoded sequences (e.g. a lone % or %zz). Since this middleware is prepended to every route, any request with a malformed URL param would throw an unhandled URIError. The error middleware will likely catch it but return a 500 instead of the more appropriate 400.

// Current - throws URIError on malformed input
ctx.params[param] = decodeURIComponent(ctx.params[param])

// Safer alternative
try {
  ctx.params[param] = decodeURIComponent(ctx.params[param])
} catch {
  ctx.throw(400, `Invalid URL encoding in route parameter: ${param}`)
}

The new test covers the happy path but there's no test for a request with a malformed param (e.g. %zz in the internal name).


🔵 Minor

Missing test for other special characters

The test only covers spaces (with spacewith%20space). Other characters that appear in internalName values (e.g. slashes, +, unicode) could have different behaviour depending on how koa-tree-router handles them before the middleware runs. A test for a + character would be worth adding since + is not decoded by decodeURIComponent (only %2B is), which might surprise callers who expect + to mean space.

@tudddorrr tudddorrr merged commit 07f5dab into main Feb 15, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release This pull request contains a release

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant