body-parser icon indicating copy to clipboard operation
body-parser copied to clipboard

Published 20 hours ago verified publisher icon expressjs

- a little hack to enable custom request decryption

Open vietanh85 opened this issue 9 years ago • 5 comments

  • Sometime we need to encrypt response and request from client to server to ensure security

vietanh85 avatar Mar 25 '15 08:03 vietanh85

Makes sense. Can the decryption be done as a stream instead of a sync decryption?

dougwilson avatar Mar 25 '15 23:03 dougwilson

Since, we are using raw-body to convert request stream to a buffer. In addition, I've learned that, there is no way to modify a readable stream in nodejs. So I think we cannot decrypt a stream.

vietanh85 avatar Mar 26 '15 08:03 vietanh85

I'm talking about changing the interface here to take a TransformStream, rather than do it prior to calling this module.

dougwilson avatar Mar 26 '15 13:03 dougwilson

Ok, sorry we misunderstood. The user needs to pass in a TransformStream as the decrypt argument. What we have here is still the same DoS vector.

dougwilson avatar Mar 26 '15 14:03 dougwilson

And if possible, please add tests and make sure decryption occurs after inflation.

dougwilson avatar Mar 26 '15 14:03 dougwilson