body-parser
cookie-session
body-parser | cookie-session | |
---|---|---|
7 | 3 | |
5,380 | 1,104 | |
0.1% | 0.1% | |
0.0 | 7.2 | |
17 days ago | 3 months ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
body-parser
-
NodeJS Security Best Practices
Using body-parser you can set the limit on the size of the payload
- I built a ready-to-use auth server with TypeScript and Express.js
-
How to use celebrate with Node.js
body-parser is a middleware that parses the body of incoming requests, and exposes the resulting object on req.body
- Why does body-parser use requires in a switch blockquestion
-
Build a Slackbot with Node.js to Monitor your Applications
Now that our app can send us messages, can we send messages back to it? Let's implement the slash command, which will allow us to ask our app for some of its important stats and info. This time, Slack will send an HTTP POST to our app. If we take a look at the Slack docs again, we notice that Slack will send the slash command instruction to the URL we specified in the command set up earlier. We can also see that the POST payload is in the format application/x-www-form-urlencoded. We can set up a body-parser to interpret this data.
-
Creating a Github profile search component in htmx
Our server application is a very simple one. We just render a simple HTML page with a form and input field to search for the user name. And we are using pug as our template engine for the express app and the body-parser library which is Node.js body parsing middleware to parse incoming request bodies in a middleware before your handlers, available under the req.body property.
-
RESTful APIs - Introduction to Express
Body-parser
cookie-session
-
Stop using JSON Web Tokens for user sessions
The lack of logout and XSS are problems, but I ran into a couple apps that completely forgot to expire sessions due to lacking framework support. In nodejs's cookie-session and @google-cloud/connect-firestore sessions never expire. This issue impacts downstream software including, awkwardly enough, Google's Passkey demo apps. There isn't interest in fixing this.
Make sure your app is actually using a JWT framework, not a lesser version, and implements basic security practices.
[1] https://github.com/expressjs/cookie-session
[2] https://github.com/googleapis/nodejs-firestore-session
-
Node Authentication Questions
Side note: a JWT in an HttpOnly cookie, which is what some people advocate, is still a cookie-based session. Using a library like cookie-session would already give you the ability to have a signature-verified JSON payload, just like using a JWT would.
-
JWT should not be your default for sessions
Frameworks usually sign cookies by default, or at least offer an option to do so. Some (like Ruby on Rails) can encrypt them for you too. There's nothing really stopping you from storing data in them just like you would a JWT. In fact, frameworks and session libraries often use this cookie storage by default (even in the Node ecosystem, e.g: koa-session, express cookie-session), since an in-memory store can grow to an arbitrary size. Of course, you can also just store a JWT in a cookie, which has the advantage of being standardized in terms of claims and signing algorithms etc.
What are some alternatives?
cors - Node.js CORS middleware
vue-cookies - A simple Vue.js plugin for handling browser cookies
cookie-parser - Parse HTTP request cookies
csurf - CSRF token middleware
postman-app-support - Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
session - Simple session middleware for Express
google-search-results-nodejs - SerpApi client library for Node.js. Previously: Google Search Results Node.js.
himalaya - JavaScript HTML to JSON Parser
a12n-server - An open source lightweight OAuth2 server
Express - Fast, unopinionated, minimalist web framework for node.
session - Simple session middleware for koa