Breaking change with query string validation from 8.6.0 to 9.0.2

[dynajoe]

I'm receiving a validation failure for requests that worked before upgrading from 8.6.0 to 9.0.2.

The validation that previously worked for query strings of the form ?sensor.battery.eq=4.02:

query: Joi.object({
   type: Joi.string()
}).pattern(/sensor\.[a-z0-9_]+\.(gte|gt|lte|lt|ne|eq)/i, Joi.number())

This is no longer valid after the upgrade. I get the error:

{"statusCode":400,"error":"Bad Request","message":"\\"sensor\\" is not allowed","validation":{"source":"query","keys":["sensor"]}}

in 8.6.0 -- request.query was:

{ 'sensor.battery.eq': 4.02 }

In 9.0.2 -- request.query now looks like:

// request.query
{ sensor: { battery: { eq: '4.02' } } }

[dynajoe]

This seems to be the reason for the breakage:

ljharb/qs@6ee5df7

[hueniverse]

This comes from an improperly documented change in qs.

@nlf can you help figure out what's the best way to handle this?

[bear]

@nlf may be slow in responding to this thread as he is currently back woods camping

[dynajoe]

There is an option in qs to disable this behavior. Perhaps hapi could expose this or disable it?

[hueniverse]

You can already pass options to qs for both payload and query string processing.

[nlf]

Yeah, dots should've been disabled by default, this one is my fault. For right now you can pass allowDots: false in your options for qs and it will resolve your issue.

[hueniverse]

We're stuck with this now. I've updated the release notes to reflect this change.

[dynajoe]

How is this being exposed in 13.5.0?

[dynajoe]

I found the information I needed from the migration docs:

const Url = require('url');
const Qs = require('qs');

const onRequest = function (request, reply) {

    const uri = request.raw.req.url;
    const parsed = Url.parse(uri, false);
    parsed.query = Qs.parse(parsed.query);
    request.setUrl(parsed);

    return reply.continue();
};

server.ext('onRequest', onRequest);