NotificationsYou must be signed in to change notification settings
Fork753
Star5.5k

- a little hack to enable custom request decryption#86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Open

vietanh85 wants to merge6 commits intoexpressjs:master

base:master

Choose a base branch

fromvietanh85:master

Open

- a little hack to enable custom request decryption#86

vietanh85 wants to merge6 commits intoexpressjs:masterfromvietanh85:master

Conversation

Copy link

vietanh85 commentedMar 25, 2015

Sometime we need to encrypt response and request from client to server to ensure security

- a little hack to enable custom request description

71284a6

vietanh85 changed the title~~- a little hack to enable custom request description~~- a little hack to enable custom request decryption

Mar 25, 2015

Copy link

Contributor

dougwilson commentedMar 25, 2015

Makes sense. Can the decryption be done as a stream instead of a sync decryption?

dougwilson added the pr label

Mar 25, 2015

dougwilson self-assigned this

Mar 25, 2015

dougwilson added the enhancement label

Mar 25, 2015

Copy link

Author

vietanh85 commentedMar 26, 2015

Since, we are using raw-body to convert request stream to a buffer. In addition, I've learned that, there is no way to modify a readable stream in nodejs. So I think we cannot decrypt a stream.

Copy link

Contributor

dougwilson commentedMar 26, 2015

I'm talking about changing the interface here to take a TransformStream, rather than do it prior to calling this module.

vietanh85 added3 commits

March 26, 2015 21:11

Fix comment from@dougwilson: Use TransformStream for decryption inst…

ef06869

…ead of a sync decryption

Fix broken build

513f091

I forgot to update the package.son

ad3cdc0

Copy link

Contributor

dougwilson commentedMar 26, 2015

Ok, sorry we misunderstood. Theuser needs to pass in a TransformStream as the decrypt argument. What we have here is still the same DoS vector.

Copy link

Contributor

dougwilson commentedMar 26, 2015

And if possible, please add tests and make sure decryption occurs after inflation.

vietanh85 added2 commits

March 26, 2015 22:19

Apply comments from@dougwilson

8a6d355

Create new TransformStream every time received the request to avoid `…

35a5919

…write after end` error

dougwilson force-pushed themaster branch from6635cd5 to6b6c52cCompare

May 11, 2015 04:27

dougwilson added the needs rebase label

Jan 16, 2017

dougwilson force-pushed themaster branch from7c962f4 to9437df9Compare

September 9, 2017 00:32

dougwilson force-pushed themaster branch fromc4b9a0b to0f75d30Compare

May 8, 2018 19:36

Fatih86 approved these changes

May 31, 2021

View reviewed changes

dougwilson force-pushed themaster branch from70560b1 tob356758Compare

January 28, 2022 05:13

dougwilson force-pushed themaster branch fromacc026f tob6bfabdCompare

February 15, 2022 00:53

dougwilson force-pushed themaster branch 3 times, most recently from0ad1d88 to2a2f471Compare

April 3, 2022 00:47

Labels

enhancement needs rebase pr

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

- a little hack to enable custom request decryption#86

Are you sure you want to change the base?

- a little hack to enable custom request decryption#86

Uh oh!

Conversation

vietanh85 commentedMar 25, 2015

Uh oh!

dougwilson commentedMar 25, 2015

Uh oh!

vietanh85 commentedMar 26, 2015

Uh oh!

dougwilson commentedMar 26, 2015

Uh oh!

dougwilson commentedMar 26, 2015

Uh oh!

dougwilson commentedMar 26, 2015

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants