How do I set the bodyParser upload limit to specific routes rather than globally in the middleware?

Question

Here's an example (Express 3) middleware setup thats worked for me globally:

app.configure(function () {
    app.use(express.static(__dirname + "/public"));
    app.use(express.bodyParser({
          keepExtensions: true,
          limit: 10000000, // set 10MB limit
          defer: true              
    }));
    //... more config stuff
}

For security reasons, I don't want to allow 500GB+ posts on routes other than /upload, so I'm trying to figure out how to specify the limit on specific routes, rather than globally in the middleware.

I know the multipart middleware in bodyParser() already sniffs out content types, but I want to limit it even further.

This does not seem to work in express 3:

app.use('/', express.bodyParser({
  keepExtensions: true,
  limit: 1024 * 1024 * 10,
  defer: true              
}));
app.use('/upload', express.bodyParser({
  keepExtensions: true,
  limit: 1024 * 1024 * 1024 * 500,
  defer: true              
}));

I get an error Error: Request Entity Too Large when I try to upload a 3MB file on the upload URL.

How do you do this correctly?

Answer 1

Actually as suggested by hexacyanide above, app.use() works on limiting single route.
The problem comes from the ordering of route paths.
Going to example above, if you put '/upload' first, then the bodyParser should match that rule first.

So put the code like so (I am using Express 4.0 +):

app.use("/PATH_WITH_LIMIT", bodyParser({ 
    limit: 1024 * 1000
}));
app.use("/",bodyParser());

You can see how express binds the middleware on app.use() method call here.

Answer 2

Just specify the optional path option when using app.use().

app.use('/', express.bodyParser({
  keepExtensions: true,
  limit: 1024 * 1024 * 10,
  defer: true              
}));
app.use('/upload', express.bodyParser({
  keepExtensions: true,
  limit: 1024 * 1024 * 1024 * 500,
  defer: true              
}));