Menu
I am pretty new to node.js services and I am facing a problem with multipart/form-data content type. I need a way to disable body parser functionality for specific request. I am using restify 2.6.1. Below are some snippet of the configuration.
My setup is:
App.js :
server.use(restify.authorizationParser());
server.use(restify.dateParser());
server.use(restify.queryParser());
server.use(restify.jsonp());
server.use(restify.bodyParser());
server.use(restifyValidator);
server.use(restify.gzipResponse());
server.use(passport.initialize());
server.use(restify.conditionalRequest());
Route.js :
app.post({path: '/test/upload/:upload_image_name', version: ver}, uploadCtr.uploadImage);
app.post( {path: '/test/upload/:upload_image_name', version:ver }, passport.authenticate('bearer',{ session: false}),uploadCtr.uploadImage);
Without restify.bodyParser() the upload image is working( but everything which is relying on the json parser is failing )
Thanks in advance.
615
Well, you can pretty much just search bodyParser , and replace it with express !
Express body-parser is an npm module used to process data sent in an HTTP request body. It provides four express middleware for parsing JSON, Text, URL-encoded, and raw data sets over an HTTP request body.
body-parser doesn't have to be installed as a separate package because it is a dependency of express version 4.16. 0+. body-parser isn't a dependency between version 4.0. 0 and 4.16.
You shouldn't use bodyParser() for every route by default. In fact, you should only use bodyParser() for routes that require multipart uploads.
All servers using express.bodyParser are vulnerable to an attack which creates an unlimited number of temp files on the server, potentially filling up all the disk space, which is likely to cause the server to hang.
Demonstration
This problem is extremely easy to demonstrate. Here's a simple express app:
var express = require('express'); var app = express(); app.use(express.bodyParser()); app.post('/test', function(req, resp) { resp.send('ok'); }); app.listen(9001);Seems pretty innocuous right?
Now check how many temp files you have with something like this:
$ ls /tmp | wc -l 33Next simulate uploading a multipart form:
$ curl -X POST -F foo=@tmp/somefile.c http://localhost:9001/test okGo back and check our temp file count:
$ ls /tmp | wc -l 34That's a problem.
http://andrewkelley.me/post/do-not-use-bodyparser-with-express-js.html
This problem also exists with Restify.
You can solve the problem by replacing .bodyParser() with:
server.use( restify.queryParser() );
server.use( restify.jsonBodyParser() );
But to answer your question about a particular route, you should move any middleware that you don't need for all routes into route specific middleware:
server.get('/route', restify.queryParser(), restify.jsonBodyParser(), routeHandler);
This can also take an array:
var routeMiddleware = [
restify.queryParser(),
restify.jsonBodyParser()
];
server.get('/route', routeMiddleware, routeHandler);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
