Comments (11)
it's easier just to create your own special parser with https://github.com/stream-utils/raw-body
from body-parser.
Also, if you make your own parser you can calculate the sha1 as the response streams in instead of all in one go.
from body-parser.
Thanks. I can't seem to get that raw-body parser to work correctly in the express 4 flow.
var rawbody = require('raw-body');
app.use(function (req, res, next) {
var length = req.header('content-length');
if(length === undefined) { return next(); }
rawbody(req, { length: length, encoding: 'utf8'}, function (err, buffer) {
if (err) { return next(err); }
var xhub = req.header('X-Hub-Signature');
if(xhub) { req.rawBody = buffer; }
return next();
});
});
app.use(bodyParser());
from body-parser.
what's wrong?
from body-parser.
I've seen the error of my ways. Its my fault. Thanks.
from body-parser.
Okay. Assume the simple usecase: You want to send signed Json requests. I need create a new module that parses json and implements the signing. I agree with @dougwilson that it would be nice to use streams and generate the signature on the fly. But since we do not want to reinvent the wheel, it would be great if we have a module to inherit from and keep at least the json part. But the current state of body-parser
is not well suited for this task. Do you guys have a good idea how to leverage the knowledge of body-parser
for such cases? I do not think, everybody should re-implement a json parser again and again and again.
from body-parser.
I do not think, everybody should re-implement a json parser again and again and again.
Then make a json parser for the signed requests and put it on npm. Then we can point users to it and other people don't have to implement the signature checking over and over. Us adding a "hook" will still make people re-implement the hmac checking over and over...
from body-parser.
All this module does is glue together raw-body and JSON.parse
from body-parser.
yeah there are too many ways to hook stuff. won't be worth it.
what we could do is create another lib body-parse
or somehting that just does the parsing in this lib with the error codes. should make creating different middleware easier.
from body-parser.
I'm going to re-open this issue; We should probably add the old verify
option from connect
2.x into v1 of this module for now until we have a better solution at hand. This option can be used to check the signed requests.
from body-parser.
I'm also a little bias towards adding the old verify
option back in here, because even if we just remove it with a 2.0.0 release, at least I have finally remove the body parsing stuff from connect 2.x/express 3.x
from body-parser.
Related Issues (20)
- 'bodyParser' function is deprecated in index.d.ts file HOT 1
- HTTP:413 Request Entity Too Large HOT 5
- Conform with express-validator on parameter representation
- bodyParser is deprecated, error HOT 1
- bodyparser.json() shown as deprecated? (question) HOT 7
- pass options to qs thru urlencoded? HOT 4
- Cannot catch SyntaxError when user provides invalid JSON in body and content-type: application/json HOT 3
- Support for content-encoding: deflate raw HOT 7
- req.body could not be accessed when send as form data, but works fine with JSON HOT 3
- Pass custom parameters to `qs` HOT 3
- Update iconv-lite to latest 0.6.3 HOT 7
- support for ndjson
- Regular Expression Denial of Service (ReDoS) in [email protected] HOT 3
- Update `debug` dependency (memory leak leading to vulnerability) HOT 1
- api calls made with invalid json HOT 5
- Add support for removing body parser limit HOT 8
- BadRequestError: request size did not match content length HOT 7
- Relaxed versions HOT 1
- How to handle content-type mismatch? HOT 1
- Body is object instead of string with `express.text` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from body-parser.