Json Verify Option about body-parser HOT 11 CLOSED

it's easier just to create your own special parser with https://github.com/stream-utils/raw-body

from body-parser.

Also, if you make your own parser you can calculate the sha1 as the response streams in instead of all in one go.

from body-parser.

Thanks. I can't seem to get that raw-body parser to work correctly in the express 4 flow.

var rawbody = require('raw-body');
app.use(function (req, res, next) {
        var length = req.header('content-length');
        if(length === undefined) { return next(); }
        rawbody(req, { length: length, encoding: 'utf8'}, function (err, buffer) {
            if (err) { return next(err); }
            var xhub = req.header('X-Hub-Signature');
            if(xhub) { req.rawBody = buffer; }
            return next();
        });
    });
app.use(bodyParser());

from body-parser.

what's wrong?

from body-parser.

I've seen the error of my ways. Its my fault. Thanks.

from body-parser.

Okay. Assume the simple usecase: You want to send signed Json requests. I need create a new module that parses json and implements the signing. I agree with @dougwilson that it would be nice to use streams and generate the signature on the fly. But since we do not want to reinvent the wheel, it would be great if we have a module to inherit from and keep at least the json part. But the current state of body-parser is not well suited for this task. Do you guys have a good idea how to leverage the knowledge of body-parser for such cases? I do not think, everybody should re-implement a json parser again and again and again.

from body-parser.

I do not think, everybody should re-implement a json parser again and again and again.

Then make a json parser for the signed requests and put it on npm. Then we can point users to it and other people don't have to implement the signature checking over and over. Us adding a "hook" will still make people re-implement the hmac checking over and over...

from body-parser.

All this module does is glue together raw-body and JSON.parse

from body-parser.

yeah there are too many ways to hook stuff. won't be worth it.

what we could do is create another lib body-parse or somehting that just does the parsing in this lib with the error codes. should make creating different middleware easier.

from body-parser.

I'm going to re-open this issue; We should probably add the old verify option from connect 2.x into v1 of this module for now until we have a better solution at hand. This option can be used to check the signed requests.

from body-parser.

I'm also a little bias towards adding the old verify option back in here, because even if we just remove it with a 2.0.0 release, at least I have finally remove the body parsing stuff from connect 2.x/express 3.x

from body-parser.