Giter VIP home page Giter VIP logo

body-parser's People

Contributors

azhao12345 avatar beeman avatar cha147 avatar commanderroot avatar djchie avatar dougwilson avatar fishrock123 avatar govindrai avatar hopefulllama avatar jdspugh avatar jonathanong avatar lazywithclass avatar ljharb avatar mscdex avatar msemtd avatar sehrope avatar shawninder avatar thethp avatar timokasse avatar tlhunter avatar tomk32 avatar yanxyz avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

body-parser's Issues

Missing body behavior for DELETE method

I believe that bodyParser should not respond with a 400 due to a missing body on a DELETE request.

In a web app I am working on, we do not provide a body in our DELETE rest requests, as all information for the delete is included in the URI. Therefore, Chrome does not send a Content-Length header for ajax delete requests. This causes the bodyParser middleware to respond with a 400 error due to the body buffer having zero length.

While I agree that is necessary for PUT and POST requests, DELETE does not specifically define semantics for the message body. Therefore it should permit a missing body for such requests. According to the spec,

A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.

A simple solution for DELETE requests that are missing a content-length header would be to simply set req.body = {};.

I realize that many server packages support sending a body for DELETE requests, and this would still support that.

Are there any thoughts on this topic, or any considerations I am overlooking that would make implementing this a bad thing?

Add multipart/form-data support

This is just such a basic type of the web, it's hard to keep ignoring it. Because of the pattern of this module, though, we really cannot support files. But I don't see why we can support it, but just drop files. Thoughts?

Should be able to not use qs for urlencoded parsing

It's too bad using qs is the default, but at least we should provide an option to use something else like querystring that can parse flat to reduce the attack surface of applications. This would let users parse with urlencoded and not have to handle complex values.

Should assert content-type charset

Right now this module does not care what the charset is set to in the request, just blindly assuming it is utf-8. This works fine in general, until someone sends non-utf8 data (mainly to urlencoded) and garbage comes out. I'm not suggesting we support all the charsets and codepages, but at least make it an error to specify a charset we know we don't support.

Always export raw body buffer.

Instead of adding raw as a parser type, why not just always export the pre-parsed buffer as req.rawBody?

This way, if required, we can easily forward the unadulterated body buffer to upstream proxies and services, without the content-type conditionals required by the raw type.

Better error logging

SyntaxError: Unexpected token $
  at Object.parse (native)
  at parse (/etc/acme/webauth/node_modules/body-parser/lib/types/json.js:84:17)
  at /etc/acme/webauth/node_modules/body-parser/lib/read.js:102:18
  at IncomingMessage.onEnd (/etc/acme/webauth/node_modules/body-parser/node_modules/raw-body/index.js:136:7)
  at IncomingMessage.g (events.js:180:16)
  at IncomingMessage.emit (events.js:92:17)
  at _stream_readable.js:944:16
  at process._tickDomainCallback (node.js:486:13)

This doesn't help much in debugging the request. Is there a way to catch this and log a simple warning message?

Parsing complex json structure

How to parse this:

{
    "schemas":["urn:scim:schemas:core:1.0"],
    "userName":"bjensen",
    "name":{
        "formatted":"Ms. Barbara J Jensen III",
        "familyName":"Jensen",
        "givenName":"Barbara"
    },
    "emails":[{
        "type":"home",
        "value":"[email protected]"
    }],
}

Here's what I'm working with:

var jsonParser = bodyParser.json({ type: 'application/*+json' } );
router.post('/create-account', jsonParser, function(req, res) { 
  console.log(req.body)
});

Problems with numeric nested form element names

Heys guys!

I have a form that looks more or less like this:

<input type="checkbox" name="checklist[1]" value="1" />
<input type="checkbox" name="checklist[2]" value="1" />
<input type="checkbox" name="checklist[3]" value="1" />

I was expecting that request.body.checklist looked like this (after all checkboxes were checked, of course):

{
'1': '1',
'2': '1',
'3': '1'
}

But what I got was a array, without the indexes I need to associate the result:

['1', '1', '1']

This seems like a bug to me. I would expect the array only for zero-based indexes.

Problem when content-length is not set.

Hi,

This issue seem that belong to the "raw-body" package that "body-parser" uses.

I found a problem that when the content-length header field is not set (in case that i'm using ajax with http verb DELETE by browser doesn't send content-length), and data length is smaller than the limit bytes, the "end" event is never fired so my callback handler is never called. Is there any way for solving this issue, such as setting a timeout?

Thanks.

Add smarter handling for jQuery arrays

jQuery does two things somewhat oddly regarding arrays, it would be really helpful if the body parser took these into account.

First, in modern versions of jQuery (>= 1.5), arrays that are included in AJAX data are passed with square brackets appended to their name. This can be overridden by adding the traditional: true parameter on the client side. Even with that parameter, a single array parameter is interpreted as a string.

Ideally, body parser should have tests specifically to cover jQuery's use of arrays, and should treat any parameter whose name has trailing square brackets as an array regardless of the number of elements.

Deprecated middleware

Since today after having done npm update, using

"body-parser": "^1.3.0",
"express": "^4.4.1",

I get the following warning message at the console

body-parser deprecated bodyParser: use individual json/urlencoded middlewares
urlencoded: explicitly specify "extended: true" for extended parsing

How do I get rid of these ?

Thank you.

Parse DELETE body

Hello,

body-parser doesn't seem to parse the body for DELETE HTTP request. I need it for my project, is there a way to do it?

Vincent.

Json Verify Option

In express 3.5 we used to have a json verify option. It was quite nice feature to use to get the fully buffered raw body when dealing with facebook X-Hub Signed Requests.
Could we please get this back in? Thanks.

Passing a boolean value

Hello,

I've been trying to pass a bool value to Node.js but I couldn't.
My json object like { archive: false } before an ajax process. I can get as { "archive": "false" }. I want to use as a bool value in my database.

Is it possible? Can I get as a bool value?

Bug with form arrays and bodyParser

senchalabs/connect#1025 -- I put this error there first, but was directed here.

I just found a wierd bug when using bodyParser and form arrays.

I have a form elements with names of
items[1]
items[2]
etc.

When these submit, I get an array from bodyParser that looks like:
{ items: ['on', 'on'] }

rather than:
{ items: { 1: 'on', 2: 'on' } }

If instead I change the form to have names of
items[id_1]
items[id_2]

it works great (except now I need to replace id_)

dougwilson over on the other form brings up a good point against treating it like an array, but honestly just dropping the values on the floor is worse than the possible problem. Making it always an object if the id's are specified seems like the only answer. That way it works the same as PHP does, which makes a lot of sense.

working together

@dougwilson @jonathanong @andrewrk Hey guys- I hadn't noticed this repo until very recently. We're using Skipper (which currently uses multiparty) in the Sails beta (which is currently on Express 3- we've been waiting to upgrade until after we get everything else out to reduce the number of variables).

Anyways I'm very interested in combining our efforts, whether that's depending on this module, or pulling out shared dependencies, before we upgrade to E4, or after, etc. Would you be down to chat about it this weekend or next week some time?

Allow options to be passed to the qs module when using bodyParser.urlencoded({ extended: true })

I have run into an issue with urlencoded sparse arrays and the way the qs module is handling them:

When creating arrays with specific indices, qs will compact a sparse array to only the existing values preserving their order.

Qs.parse('a[1]=b&a[15]=c');
// { a: ['b', 'c'] }

Ideally I would like to be able to pass options to the qs.parse() call so that I can override the arrayLimit option. I believe the syntax for doing this could look something like this:

bodyParser.urlencoded({
  extended: {
    arrayLimit: 0
  }
})

The extended option would still evaluate to "truthy" and would therefore use the qs module for parsing, but it would also allow developers to override the current hardset arrayLimit option passed to qs.parse() (along with any other qs specific options).

"express route-specific" example is not working

The "express route-specific" example is not working, specifically req.body always contains a value so this condition is always false:

 if (!req.body) return res.sendStatus(400)

And this is because of this:

  return function jsonParser(req, res, next) {
    if (req._body) return next()
    req.body = req.body || {} // <- A value is set to a blank object even if typeis fails

    if (!typeis(req, type)) return next()

Which is here:

req.body = req.body || {}

So two questions that I have is:

  • If the user does not set a Content-Type header at all, how do I default to application/json so I always get a populated object instead of an empty one? Or at the very least how do I tell them they are missing that Content-Type header?
  • If the Content-Type is set, how do I determine that it is not correct and send them an appropriate error?

qs' depth

Hi there,

I'm using express + body-parser in my app and I ran into some very odd issue with deeper keys in a nested object coming out with brackets surrounding the keys, took me a while to figure out what was causing it.

Apparently qs accepts a depth option in order to go deeper... is there any support planned for this, or should I write my own qs parser in that case?

Cheers

Currently mandatory use of "Content-Type": "application/json" header

In the past, this module used to parse json data no matter the Content-Type header was set or not, but since the inclusion of the type-is module, it has changed and now even if the data sent from the client is in json format, it won't parse it unless the Content-Type header is set to application/json.

Is this the way to use this module from now on or is this something intended to be changed in the future?

Cheers!

Cannot call method 'getFileName' of undefined

Hi i'm using v1.3.0 & occasionally get following error :

TypeError: Cannot call method 'getFileName' of undefined
at callSiteLocation (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:221:23)
at Function.log (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:166:12)
at deprecate (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:103:9)
at Function.urlencoded (/mnt/applane/dev/node_modules/body-parser/lib/types/urlencoded.js:41:5)
at bodyParser (/mnt/applane/dev/node_modules/body-parser/index.js:74:29)
at eval (eval at wrapfunction (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:344:5), :3:11)
at Layer.handle (/mnt/applane/dev/node_modules/ApplaneDB/lib/Http.js:391:13)
at trim_prefix (/mnt/applane/dev/node_modules/express/lib/router/index.js:254:17)
at /mnt/applane/dev/node_modules/express/lib/router/index.js:216:9
at Function.proto.process_params (/mnt/applane/dev/node_modules/express/lib/router/index.js:286:12)

req.files

This is more of a question than an issue, but where is the file handling middleware in Express 4?

Custom error in case of malformed JSON

In case of marformed json, body-parser passes generic SyntaxError. I perform error processing in the end of middleware chain, while app.use(bodyParser.json()); is at the beginning. Other middlewares can potentially throw SyntaxError too. Currently I can not distinguish SyntaxError which comes from body-parser (I wish to respond with 400 Bad Request) and other SyntaxErrors (I respond with 500 Server Error), so I workaround it intercepting and wrapping SyntaxError just after body-parser, like this:

// Parse JSON requests using body-parser
app.use(bodyParser.json());

// Intercept SyntaxError from body-parser
app.use(function(err, req, res, next) {
  if (err && err.name == 'SyntaxError') {
    // Wrap error
    next(new VError(err, 'Malformed JSON'));
  } else {
    next(err);
  }
});

...other middlewares...

// Handle errors
app.use(function(err, req, res, next) {
  if (err) switch (err.name) {
    case 'VError':
      err = err.cause();
      switch (err.name) {
        case 'ValidationError':
        case 'SyntaxError':
          logger.debug(err.stack);
          res.json(400, err.errors); // Bad request
          break;
      }
      break;
    default:
      logger.error(err.stack);
      res.send(500);
      return;
  }
});

Is it possible to add custom error for this scenario? Or maybe I misunderstood something?
Thank you in advance for help!

Crash, if first character is "{" but json is still invalid

Hi,

I came up with an error, where client tried to post "javascript", not JSON to the express server.

e.g. body was

{ key: "value" }

This caused express app probably crashed and sent error code 0 back to client.

This affects only json body parser

Exposing middleware logic as API

Have you ever thought of exposing the body-parser middlewares as APIs that can be invoked programmatically, not as middleware, like qs does? With qs, I can do something like req.query = qs.parse(parseurl(req).query, {}); and I'd love to be able to do the same with body-parser. If not, not big deal as I can create some async chain that will call the two body-parsers in order and then call my middleware logic function. I just figured I'd ask, might even submit the PR if you're open to the idea.

Error: unsupported charset "UTF8"

Hi

After I upgrade body-parser module from 1.3.x to last version (1.9) this message error occurred

Error: unsupported charset "UTF8"
    at urlencodedParser (/mypath/node_modules/body-parser/lib/types/urlencoded.js:76:17)
    at Layer.handle [as handle_request] (/mypath/node_modules/express/lib/router/layer.js:76:5)
    at trim_prefix (/mypath/node_modules/express/lib/router/index.js:270:13)
    at /mypath/node_modules/express/lib/router/index.js:237:9
    at Function.proto.process_params (/mypath/node_modules/express/lib/router/index.js:312:12)
    at /mypath/node_modules/express/lib/router/index.js:228:12
    at Function.match_layer (/mypath/node_modules/express/lib/router/index.js:295:3)
    at next (/mypath/node_modules/express/lib/router/index.js:189:10)
    at expressInit (/mypath/node_modules/express/lib/middleware/init.js:23:5)
    at Layer.handle [as handle_request] (/mypath/node_modules/express/lib/router/layer.js:76:5)

Ensure bodyParser.urlencoded doesn't transform request body to json

From #39
How can I ensure the raw request body is what is sent? Here's what I'm toying with:

var bodyParser = require('body-parser');

router.use(function(req, res, next) {
    var data = '';
    req.on('data', function(chunk) {
            data += chunk;
        }); 
    req.on('end', function() {
            req.rawBody = data;
            next();
        }); 
});
// retrieve all request body objects
router.use(cookieParser());
router.use(bodyParser());
router.use(methodOverride());

router.post('/login', function(req, res) {
  console.log(req.rawBody);
  if (!req.body) return res.sendStatus(400);

  var options = httpconn.httpOptions({
    resource: 'uaa',
    resourcePath: '/uaa/login.do',
    method: 'POST',
    headers: {'Referer': httpconn.buildUri('uaa') + '/uaa/login'}
  });
  var httpRequest = application.httprequest(options, function(response) {
      if(response.statusCode == 302) {
        res.send(response.headers);
      } 
  });
  httpRequest.write(qs.stringify(req.rawBody));
  httpRequest.end();

To use the req.rawBody middleware, I needed to use -H 'Content-Type: text/plain'.

I want to ensure that a request with application/x-www-form-urlencoded maintains the request body as username=myname&password=mypass without transforming to {'username':'myname','password':'mypass'}

urlencoded parser

I see that you have arrayLimit set to 100 which you pass onto qs module when the extended parser is being used, but this is not configurable by the end user, neither parameterLimit effects this. Can you expose this? This seems pretty trivial to me.

build-your-own-parser

If you look at the middleware, after I had refactored it, all they are is a call to typeis and a call to read. We should add something like bodyParser.generic() to let people roll their owner simple body parsers.

Having problems since an update.

I had this working before but now have updated to newer body parser in which I have tried both

  app.use(bodyParser.urlencoded({
    extended: false
  }));

and

  app.use(bodyParser.urlencoded({
    extended: true
  }));

with no success.

I've got the following form posting

<form action='/testform' method="post">
  <input type="text" name="first_name" value="John">
  <input type="text" name="last_name" value="Doe">
  <input type="text" name="food[name]" value="Lasagna">
  <input type="text" name="food[type]" value="Dinner">
  <input type="text" name="food[origin]" value="Italy">
  <input type="text" name="order[0][quantity]" value="5">
  <input type="text" name="order[0][size]" value="small">
  <input type="text" name="order[0][status]" value="frozen">
  <input type="text" name="order[1][quantity]" value="2">
  <input type="text" name="order[1][size]" value="large">
  <input type="text" name="order[1][status]" value="cooked">
  <input type="hidden" name="_csrf" value="<%- token %>">
  <input name="submit" type="submit" value="submit"/>
</form>

with extended:false, looking at req.body I get:

{ first_name: 'John',
  last_name: 'Doe',
  'food[name]': 'Lasagna',
  'food[type]': 'Dinner',
  'food[origin]': 'Italy',
  'order[0][quantity]': '5',
  'order[0][size]': 'small',
  'order[0][status]': 'frozen',
  'order[1][quantity]': '2',
  'order[1][size]': 'large',
  'order[1][status]': 'cooked',
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

or with extended: true

{ first_name: 'John',
  last_name: 'Doe',
  food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
  order: [ { status: 'frozen' }, { status: 'cooked' } ],
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

What I expect:

{ first_name: 'John',
  last_name: 'Doe',
  food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
  order: [ { quantity: 5, size:'small', status: 'frozen' }, { quantity: 2, size: 'large', status: 'cooked' } ],
  _csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
  submit: 'submit' }

Multipart form data without any error!!!

Hello everybody,

i am thinking that should be nice to have an error when i am using bodyparser with unsupported multipart form data request.

I spent a lot of my time to understand it!!!

thanks!

"RangeError: Maximum call stack size exceeded" (urlencode) / "SyntaxError: Unexpected token" (json)

Hello.
I have this code:

var express = require("express")
var bp = require("body-parser")
var app = express()
var bpurle= app.use(bp.urlencoded({ extended: false }))
var bpjson= app.use(bp.json())
app.post("/urle", bpurle, function(req, res) {
    if (req.body === undefined) {return(console.log("There aren't any data"))}
    console.log("Received data via URL-Encode:\n" + req.body)
})
app.post("/json", bpjson, function(req, res) {
    if (req.body === undefined) {return(console.log("There aren't any data"))}
    console.log("Received data via JSON:\n" + JSON.stringify(req.body,null,2))
})
app.listen(4000)

When I execute...

curl -X POST http://127.0.0.1:4000/urle -d "data1=value1&data2=1234"

...I get this error:

RangeError: Maximum call stack size exceeded
    at next (/home/q2dg/node_modules/express/lib/router/index.js:168:16)
    at next (/home/q2dg/node_modules/express/lib/router/route.js:100:14)
    at Layer.handle_error (/home/q2dg/node_modules/express/lib/router/layer.js:54:12)
    at next (/home/q2dg/node_modules/express/lib/router/route.js:108:13)
    at /home/q2dg/node_modules/express/lib/router/index.js:603:15
    at next (/home/q2dg/node_modules/express/lib/router/index.js:246:14)
    at next (/home/q2dg/node_modules/express/lib/router/route.js:100:14)
    at Layer.handle_error (/home/q2dg/node_modules/express/lib/router/layer.js:54:12)
    at next (/home/q2dg/node_modules/express/lib/router/route.js:108:13)
    at /home/q2dg/node_modules/express/lib/router/index.js:603:15

When I execute...

curl -X POST http://127.0.0.1:4000/json -d "{'data1':'value1','data2':'1234'}" -H "Content-Type:application/json"

...I get this error:

SyntaxError: Unexpected token '
    at Object.parse (native)
    at parse (/home/q2dg/node_modules/body-parser/lib/types/json.js:76:17)
    at /home/q2dg/node_modules/body-parser/lib/read.js:98:18
    at IncomingMessage.onEnd (/home/q2dg/node_modules/body-parser/node_modules/raw-body/index.js:136:7)
    at IncomingMessage.g (events.js:199:16)
    at IncomingMessage.emit (events.js:104:17)
    at _stream_readable.js:907:16
    at process._tickCallback (node.js:372:11)

Thanks!

Req.Body Truncated in Versions >= 1.6.0

Upon updating my project dependencies I realized that url encoded data originating from my client app seemed to be getting severely truncated. Installing previous tags back to 1.5.x seemed to remedy the problem.. 2 quick screenshots illustrate these issues:

installed tag 1.5.2
bp-1 5 2

installed tag 1.6.0
bp-1 6 0

Big difference!
Haven't pinned down the change that's responsible for this error, but I thought you should know about this. I'm sticking with the 1.5's for the time being.
Thanks.

req.query.param_name returns undefined.

I am currently running an Express 4.x project with the app using the body-parser module app.use(bodyParser());

Whenever I am trying to access the query parameters vs req.query.param (e.g. req.query.offset) a value of undefined is returned. However when I run req.query() the expected query string is returned offset=0

Is there something I am not adding to my application or am I using req.query incorrectly?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.