Skip to content

ericmdantas/express-content-length-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

express-content-length-validator

Build Status Coverage Status

Make sure your application is not vulnerable to large payload attacks

install

$ npm install express-content-length-validator --save

api

Once you've gotten the content-length module:

    var contentLength = require('express-content-length-validator');

You'll have a single function to work with: validateMax.

contentLength.validateMax(options)

options is an object with three properties:

  • max, which defaults to 999;
  • status, which defaults to 400;
  • message, which defaults to "Invalid payload; too big.".

usage as a middleware

    var contentLength = require('express-content-length-validator');
    var app = require('express')();
    var MAX_CONTENT_LENGTH_ACCEPTED = 9999;

    app.use(contentLength.validateMax({max: MAX_CONTENT_LENGTH_ACCEPTED, status: 400, message: "stop it!"})); // max size accepted for the content-length

    // and then, when you're checking the routes

    app
        .post('/some/url/here', function(req, res)
        {
            /*all is good, the content-length is less than the expected
              so you can keep with your business logic*/
        });

    app.listen(8080);

usage per endpoint

    var contentLength = require('express-content-length-validator');
    var app = require('express')();
    var MAX_CONTENT_LENGTH_ACCEPTED = 9999;

    app.post('/some/url/here', contentLength.validateMax({max: MAX_CONTENT_LENGTH_ACCEPTED, status: 400, message: "send a smaller json, will ya?"}), function(req, res)
    {
        /*all is good, the content-length is less than the expected
        so you can keep with your business logic*/
    });

    app.listen(8080);

It's that easy =]

license

MIT

About

Make sure your application is not vulnerable to large payloads attacks

Resources

Stars

Watchers

Forks

Packages

No packages published