Always export raw body buffer. about body-parser HOT 12 CLOSED

Hi @luisrudge in the future, please open a new issue. I'm providing an example for you here, but if you need to reply, please do so in a new issue, not here.

app.use(bodyParser.json({verify:function(req,res,buf){req.rawBody=buf}}))

This will, of course, increase the risk of DoS attacks on your server.

from body-parser.

This would effectively mean every request would now require twice the RAM usage.

If you look in the readme, you should see that you should only be parsing the body if you need it. This means that if you are going to forward the body as a proxy, this module should not even get invoked on those requests at all and you can simply read raw from the req stream.

If you really want yo use twice the RAM, you can always (ab)use the verify function to use it to attach the raw body buffer to each request.

from body-parser.

A PR implementing this will be rejected, sorry (you can see all the past rejected PRs as well). This makes it easier to DoS a server and encourages bad practices

from body-parser.

This would effectively mean every request would now require twice the RAM usage.

Good point. The body buffer hangs around on every request regardless though. I'm guessing we're letting the gc collect it in getBody?

from body-parser.

This means that if you are going to forward the body as a proxy, this module should not even get invoked on those requests at all and you can simply read raw from the req stream.

This would be hard considering the conditions required to detect if a registered route indeed will lead to a proxy. I guess I just want the best of both worlds :)

from body-parser.

Yes, if there is no reference, it is collected, as part of how JS works. If you add a reference from req to the Buffer, then the Buffer would now live as long as req instead.

from body-parser.

This would be hard considering the conditions required to detect if a registered route indeed will lead to a proxy. I guess I just want the best of both worlds :)

Well, I would be more than happy to help you. We can discuss why it is hard, how we can make it better, etc. Right now i don't know enough about your route architecture to really say :) But hopefully you are not using this module in a global app.use() directive.

Feel free to post examples, etc. and we can definitely work towards a good solution.

from body-parser.

But hopefully you are not using this module in a global app.use() directive.

In my particular context we always needed a parsed req.body at least for non-GET requests. Proxies came about later. I'll be rethinking this nonetheless.

from body-parser.

That's fine. There is a lazy parsing pattern you can do with this middleware/any middleware which may work out for you if you can replace all req.body references with an async req.getBody(function (err, body){ call. Would that be doable?

from body-parser.

I need to have the parsed body and the raw body on all requests to a specific route. How can I do that?

app.use(function(req, res, next) {
  var data = '';
  req.on('data', function(chunk) {
    data += chunk
  })
  req.on('end', function() {
    req.rawBody = data;
    next();
  });
});

app.use(bodyParser.json());

Doing this, the request hangs forever. I'm assuming that's because the body stream has already been read.

from body-parser.

@dougwilson ok. thanks and sorry about the issue!

from body-parser.

Hi @lxe I'm going to close this issue for now, but if you have any additional questions, please feel free to respond here or even open a new issue :)

from body-parser.