replace body parser with raw-body

for streams, and for not clobbering the express app outside of our scope
stormpath · Nov 14, 2015 · a2ed987 · a2ed987
1 parent d03c58e
commit a2ed987
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 16 deletions.
diff --git a/lib/controllers/change-password.js b/lib/controllers/change-password.js
@@ -23,7 +23,7 @@ module.exports = function (req, res) {
   var application = req.app.get('stormpathApplication');
   var config = req.app.get('stormpathConfig');
   var logger = req.app.get('stormpathLogger');
-  var sptoken = req.query.sptoken || req.body.sptoken;
+  var sptoken = req.query.sptoken || req.body && req.body.sptoken;
   var view = config.web.changePassword.view;
 
   if (!sptoken) {

diff --git a/lib/helpers/body-parsers.js b/lib/helpers/body-parsers.js
@@ -0,0 +1,46 @@
+'use strict';
+
+var qs = require('qs');
+var getRawBody = require('raw-body');
+
+function jsonParser(req, res, next) {
+  // return bodyParser.json({ limit: '200kb' })(req, res, next);
+  var type = req.headers && req.headers['content-type'];
+  if (type !== 'application/json') {
+    return next();
+  }
+  getRawBody(req, function (err, string) {
+    if (err) {
+      return next(err);
+    }
+    try {
+      req.body = JSON.parse(string.toString());
+      next();
+    } catch (e) {
+      req.body = {};
+      next();
+    }
+  });
+}
+
+function formEncodedParser(req, res, next) {
+  // return bodyParser.urlencoded({ extended: true })(req, res, next);
+  //
+  var type = req.headers && req.headers['content-type'];
+  if (type !== 'application/x-www-form-urlencoded') {
+    req.body = {};
+    return next();
+  }
+  getRawBody(req, function (err, string) {
+    if (err) {
+      return next(err);
+    }
+    req.body = qs.parse(string.toString()) || {};
+    next();
+  });
+}
+
+module.exports = {
+  jsonParser: jsonParser,
+  formEncodedParser: formEncodedParser
+};
diff --git a/lib/helpers/index.js b/lib/helpers/index.js
@@ -14,5 +14,6 @@ module.exports = {
   setTempCookie: require('./set-temp-cookie'),
   validateAccount: require('./validate-account'),
   xsrfValidator: require('./xsrf-validator'),
-  revokeToken: require('./revoke-token')
+  revokeToken: require('./revoke-token'),
+  bodyParsers: require('./body-parsers')
 };
diff --git a/lib/helpers/prep-account-data.js b/lib/helpers/prep-account-data.js
@@ -40,7 +40,7 @@ module.exports = function (formData, stormpathConfig, callback) {
   }
 
   var coreFields = ['username', 'email', 'password', 'givenName', 'middleName', 'surname', 'status', passwordConfirmFieldName];
-  formData.customData = {};
+  formData.customData = typeof formData.customData === 'object' ? formData.customData : {};
 
   async.forEachOf(formData, function (value, key, cb) {
     if (coreFields.indexOf(key) === -1 && key !== 'customData') {

diff --git a/lib/stormpath.js b/lib/stormpath.js
@@ -1,6 +1,5 @@
 'use strict';
 
-var bodyParser = require('body-parser');
 var cookieParser = require('cookie-parser');
 var express = require('express');
 var expressVersion = require('express/package.json').version;
@@ -71,8 +70,8 @@ module.exports.init = function (app, opts) {
   var router = express.Router();
   var client = initClient(app, opts);
 
-  // Parse the request body.
-  router.use(bodyParser.urlencoded({ extended: true }));
+  var jsonParser = helpers.bodyParsers.jsonParser;
+  var formEncodedParser = helpers.bodyParsers.formEncodedParser;
 
   // Indicates whether or not the client is ready.
   var isClientReady = false;
@@ -135,9 +134,9 @@ module.exports.init = function (app, opts) {
         if (web.angularPath) {
           serveAngular(web.register.uri);
         } else {
-          router.get(web.register.uri, controllers.register);
+          router.get(web.register.uri, formEncodedParser, controllers.register);
         }
-        router.post(web.register.uri, bodyParser.json({ limit: '11mb' }), controllers.register);
+        router.post(web.register.uri, formEncodedParser, jsonParser, controllers.register);
       }
     }
 
@@ -151,7 +150,7 @@ module.exports.init = function (app, opts) {
         } else {
           router.get(web.login.uri, controllers.login);
         }
-        router.post(web.login.uri, bodyParser.json({ limit: '200kb' }), controllers.login);
+        router.post(web.login.uri, formEncodedParser, jsonParser, controllers.login);
       }
     }
 
@@ -176,18 +175,18 @@ module.exports.init = function (app, opts) {
         router.get(web.forgotPassword.uri, controllers.idSiteRedirect({ path: web.idSite.forgotUri }));
       } else {
         router.get(web.forgotPassword.uri, controllers.forgotPassword);
-        router.post(web.forgotPassword.uri, bodyParser.json({ limit: '200kb' }), controllers.forgotPassword);
+        router.post(web.forgotPassword.uri, formEncodedParser, jsonParser, controllers.forgotPassword);
       }
     }
 
     if (web.changePassword.enabled) {
       router.get(web.changePassword.uri, controllers.changePassword);
-      router.post(web.changePassword.uri, bodyParser.json({ limit: '200kb' }), bodyParser.urlencoded({ extended: false }), controllers.changePassword);
+      router.post(web.changePassword.uri, formEncodedParser, jsonParser, controllers.changePassword);
     }
 
     if (web.verifyEmail.enabled) {
-      router.get(web.verifyEmail.uri, controllers.verifyEmail);
-      router.post(web.verifyEmail.uri, bodyParser.json({ limit: '200kb' }), bodyParser.urlencoded({ extended: false }), controllers.verifyEmail);
+      router.get(web.verifyEmail.uri, formEncodedParser, controllers.verifyEmail);
+      router.post(web.verifyEmail.uri, formEncodedParser, jsonParser, controllers.verifyEmail);
     }
 
     if (web.angularPath || web.me.enabled) {
@@ -197,7 +196,7 @@ module.exports.init = function (app, opts) {
     }
 
     if (web.oauth2.enabled) {
-      router.all(web.oauth2.uri, stormpathMiddleware, controllers.getToken);
+      router.all(web.oauth2.uri, stormpathMiddleware, formEncodedParser, controllers.getToken);
     }
 
     client.getApplication(config.application.href, function (err, application) {

diff --git a/package.json b/package.json
@@ -23,7 +23,6 @@
   "main": "./index",
   "dependencies": {
     "async": "^1.4.2",
-    "body-parser": "^1.10.0",
     "cookie-parser": "^1.3.5",
     "cookies": "^0.5.0",
     "deep-extend": "^0.4.0",
@@ -33,6 +32,8 @@
     "lodash": "^3.10.1",
     "njwt": "^0.2.3",
     "parse-iso-duration": "^1.0.0",
+    "qs": "^5.2.0",
+    "raw-body": "^2.1.4",
     "request": "^2.63.0",
     "stormpath": "^0.14.0",
     "stormpath-config": "0.0.12",

diff --git a/test/controllers/test-register.js b/test/controllers/test-register.js
@@ -720,7 +720,10 @@ describe('register', function () {
             email: email,
             color: color,
             music: music,
-            password: password
+            password: password,
+            customData: {
+              hello: 'world'
+            }
           })
           .expect(302)
           .end(function (err) {
@@ -746,6 +749,7 @@ describe('register', function () {
                 assert.equal(account.email, email);
                 assert.equal(data.color, color);
                 assert.equal(data.music, music);
+                assert.equal(data.hello, 'world');
 
                 done();
               });