Prevent json files from being pre-emptively parsed when uploading as …

…file We introduce the express-unless library in order to pattern match against the two endpoints createObject and updateObject and ensure that the express.json middleware skips execution on those two endpoints. Signed-off-by: Jeremy Ho <jujaga@gmail.com>
bcgov · Aug 18, 2023 · affe160 · affe160
1 parent 5612188
commit affe160
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/app/app.js b/app/app.js
@@ -1,8 +1,9 @@
+const Problem = require('api-problem');
 const compression = require('compression');
 const config = require('config');
 const cors = require('cors');
 const express = require('express');
-const Problem = require('api-problem');
+const { unless } = require('express-unless');
 const { ValidationError } = require('express-validation');
 
 const { AuthMode, DEFAULTCORS } = require('./src/components/constants');
@@ -25,9 +26,17 @@ const state = {
 let probeId;
 
 const app = express();
+const jsonParser = express.json({ limit: config.get('server.bodyLimit') });
+jsonParser.unless = unless;
 app.use(compression());
 app.use(cors(DEFAULTCORS));
-app.use(express.json({ limit: config.get('server.bodyLimit') }));
+app.use(jsonParser.unless({
+  path: [{
+    // Matches on only the createObject and updateObject endpoints
+    url: /.*\/object(\/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})?(\/)?$/i,
+    methods: ['PUT']
+  }]
+}));
 app.use(express.urlencoded({ extended: true }));
 
 // Skip if running tests

diff --git a/app/package-lock.json b/app/package-lock.json
diff --git a/app/package.json b/app/package.json
@@ -41,6 +41,7 @@
     "date-fns": "^2.30.0",
     "express": "^4.18.2",
     "express-basic-auth": "^1.2.1",
+    "express-unless": "^2.1.3",
     "express-validation": "^4.1.0",
     "express-winston": "^4.2.0",
     "js-yaml": "^4.1.0",