body-parser
body-parser copied to clipboard
- a little hack to enable custom request decryption
- Sometime we need to encrypt response and request from client to server to ensure security
Makes sense. Can the decryption be done as a stream instead of a sync decryption?
Since, we are using raw-body to convert request stream to a buffer. In addition, I've learned that, there is no way to modify a readable stream in nodejs. So I think we cannot decrypt a stream.
I'm talking about changing the interface here to take a TransformStream, rather than do it prior to calling this module.
Ok, sorry we misunderstood. The user needs to pass in a TransformStream as the decrypt argument. What we have here is still the same DoS vector.
And if possible, please add tests and make sure decryption occurs after inflation.