Request
assertMethod(event, expected, allowHead?)
Asserts that the incoming request method is of the expected type using isMethod
.
If the method is not allowed, it will throw a 405 error with the message "HTTP method is not allowed".
If allowHead
is true
, it will allow HEAD
requests to pass if the expected method is GET
.
Example:
export default defineEventHandler((event) => {
assertMethod(event, "GET");
// Handle GET request, otherwise throw 405 error
});
getHeader(event, name)
Get a request header by name.
Example:
export default defineEventHandler((event) => {
const contentType = getRequestHeader(event, "content-type"); // "application/json"
});
getHeaders(event)
Get the request headers object.
Array headers are joined with a comma.
Example:
export default defineEventHandler((event) => {
const headers = getRequestHeaders(event); // { "content-type": "application/json", "x-custom-header": "value" }
});
getQuery(event)
Get the query params object from the request URL parsed with unjs/ufo.
Example:
export default defineEventHandler((event) => {
const query = getQuery(event); // { key: "value", key2: ["value1", "value2"] }
});
getRequestHeader(event, name)
Get a request header by name.
Example:
export default defineEventHandler((event) => {
const contentType = getRequestHeader(event, "content-type"); // "application/json"
});
getRequestHeaders(event)
Get the request headers object.
Array headers are joined with a comma.
Example:
export default defineEventHandler((event) => {
const headers = getRequestHeaders(event); // { "content-type": "application/json", "x-custom-header": "value" }
});
getRequestHost(event, opts: { xForwardedHost? })
Get the request hostname.
If xForwardedHost
is true
, it will use the x-forwarded-host
header if it exists.
If no host header is found, it will default to "localhost".
Example:
export default defineEventHandler((event) => {
const host = getRequestHost(event); // "example.com"
});
getRequestIP(event, opts: { xForwardedFor? })
Try to get the client IP address from the incoming request.
If xForwardedFor
is true
, it will use the x-forwarded-for
header set by proxies if it exists.
Note: Make sure that this header can be trusted (your application running behind a CDN or reverse proxy) before enabling.
If IP cannot be determined, it will default to undefined
.
Example:
export default defineEventHandler((event) => {
const ip = getRequestIP(event); // "192.0.2.0"
});
getRequestProtocol(event, opts: { xForwardedProto? })
Get the request protocol.
If x-forwarded-proto
header is set to "https", it will return "https". You can disable this behavior by setting xForwardedProto
to false
.
If protocol cannot be determined, it will default to "http".
Example:
export default defineEventHandler((event) => {
const protocol = getRequestProtocol(event); // "https"
});
getRequestURL(event, opts: { xForwardedHost?, xForwardedProto? })
Generate the full incoming request URL using getRequestProtocol
, getRequestHost
and event.path
.
If xForwardedHost
is true
, it will use the x-forwarded-host
header if it exists.
If xForwardedProto
is false
, it will not use the x-forwarded-proto
header.
Example:
export default defineEventHandler((event) => {
const url = getRequestURL(event); // "https://example.com/path"
});
getRouterParam(event, name, opts: { decode? })
Get a matched route param by name.
If decode
option is true
, it will decode the matched route param using decodeURI
.
Example:
export default defineEventHandler((event) => {
const param = getRouterParam(event, "key");
});
getRouterParams(event, opts: { decode? })
Get matched route params.
If decode
option is true
, it will decode the matched route params using decodeURI
.
Example:
export default defineEventHandler((event) => {
const params = getRouterParams(event); // { key: "value" }
});
getValidatedQuery(event, validate)
Get the query params object from the request URL parsed with unjs/ufo and validated with validate function.
You can use a simple function to validate the query object or a library like zod
to define a schema.
Example:
export default defineEventHandler((event) => {
const query = getValidatedQuery(event, (data) => {
return "key" in data && typeof data.key === "string";
});
});
Example:
import { z } from "zod";
export default defineEventHandler((event) => {
const query = getValidatedQuery(
event,
z.object({
key: z.string(),
}),
);
});
getValidatedRouterParams(event, validate, opts: { decode? })
Get matched route params and validate with validate function.
If decode
option is true
, it will decode the matched route params using decodeURI
.
You can use a simple function to validate the params object or a library like zod
to define a schema.
Example:
export default defineEventHandler((event) => {
const params = getValidatedRouterParams(event, (data) => {
return "key" in data && typeof data.key === "string";
});
});
Example:
import { z } from "zod";
export default defineEventHandler((event) => {
const params = getValidatedRouterParams(
event,
z.object({
key: z.string(),
}),
);
});
isMethod(event, expected, allowHead?)
Checks if the incoming request method is of the expected type.
If allowHead
is true
, it will allow HEAD
requests to pass if the expected method is GET
.
Example:
export default defineEventHandler((event) => {
if (isMethod(event, "GET")) {
// Handle GET request
} else if (isMethod(event, ["POST", "PUT"])) {
// Handle POST or PUT request
}
});
toWebRequest(event)
Convert the H3Event to a WebRequest object.
NOTE: This function is not stable and might have edge cases that are not handled properly.
getRequestFingerprint(event, opts)
Get a unique fingerprint for the incoming request.
Body utils
getRequestWebStream(event)
Captures a stream from a request.
readBody(event, options: { strict? })
Reads request body and tries to safely parse using destr.
Be aware that this utility is not restricted to application/json
and will parse application/x-www-form-urlencoded
content types. Because of this, authenticated GET
/POST
handlers may be at risk of a CSRF attack, and must check the content-type
header manually.
Example:
export default defineEventHandler(async (event) => {
const body = await readBody(event);
});
readFormData(event)
Constructs a FormData object from an event, after converting it to a a web request.
Example:
export default defineEventHandler(async (event) => {
const formData = await readFormData(event);
const email = formData.get("email");
const password = formData.get("password");
});
readMultipartFormData(event)
Tries to read and parse the body of an H3Event as multipart form.
Example:
export default defineEventHandler(async (event) => {
const formData = await readMultipartFormData(event);
// The result could look like:
// [
// {
// "data": "other",
// "name": "baz",
// },
// {
// "data": "something",
// "name": "some-other-data",
// },
// ];
});
readRawBody(event, encoding)
Reads body of the request and returns encoded raw string (default), or Buffer
if encoding is falsy.
Example:
export default defineEventHandler(async (event) => {
const body = await readRawBody(event, "utf-8");
});
readValidatedBody(event, validate)
Tries to read the request body via readBody
, then uses the provided validation function and either throws a validation error or returns the result.
You can use a simple function to validate the body or use a library like zod
to define a schema.
Example:
export default defineEventHandler(async (event) => {
const body = await readValidatedBody(event, (body) => {
return typeof body === "object" && body !== null;
});
});
Example:
import { z } from "zod";
export default defineEventHandler(async (event) => {
const objectSchema = z.object();
const body = await readValidatedBody(event, objectSchema.safeParse);
});