问题描述
(使用node.js,express,passport-http)
(Using node.js, express, passport-http)
我有一个执行摘要身份验证的POST路由,尝试使用application-json内容类型.
I have a POST route doing digest auth, trying to application-json content type.
我可以使用摘要执行GET路由,而不会出现问题,并且可以使用基本身份验证执行POST路由而不会出现问题,但是当我尝试使用摘要身份验证执行POST时,我得到了400-错误请求.看起来curl将内容类型放在初始摘要请求中(内容长度为0,因此知道在初始摘要身份验证请求中不发送json正文就足够了),而我这一边(表达)失败了无效的json(空主体):
I can hit the GET route with digest, without issues, and I can hit the POST route with basic auth without issues, but when I try to do the POST with digest auth, I'm getting 400 - Bad Request. It looks like curl puts the content-type on the initial digest request (with a content-length of 0, so it knows enough not to send the json body on the initial digest-auth request), and my side (express) fails with invalid json (empty body):
$ curl -v --digest -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json" http://127.0.0.1:3002/user
* About to connect() to 127.0.0.1 port 3002 (#0)
* Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Digest with user 'org2user2'
> POST /user HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 0
>
< HTTP/1.1 400 Bad Request
< X-Powered-By: Express
< Content-Type: text/plain
< Date: Thu, 21 Mar 2013 15:33:10 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
我似乎无法弄清楚在没有此发送摘要摘要数据包的情况下,只能在随后的实际数据请求中添加内容类型.
I can't seem to figure out the curl magic to send the digest initial packet without this, only adding the content-type in the actual data request that follows.
作为参考,尽管我认为这没有帮助,但这是同一电话的基本笔录:
For reference, although I don't think it helps, here is the BASIC transcript for the same call:
$ curl -v --basic -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json" http://127.0.0.1:3002/user
* About to connect() to 127.0.0.1 port 3002 (#0)
* Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Basic with user 'org2user2'
> POST /user HTTP/1.1
> Authorization: Basic b3JnMnVzZXIyOmxhbWVkdWNr
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 48
>
* upload completely sent off: 48 out of 48 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 51
< Date: Thu, 21 Mar 2013 15:43:48 GMT
< Connection: keep-alive
<
{
"this": "is working",
"that": "is annoying"
* Connection #0 to host 127.0.0.1 left intact
}* Closing connection #0
任何帮助都会很棒.
推荐答案
我遇到了同样的问题.我无法回答有关命令行魔术的问题,以告诉CURL不要在初始请求上发送内容类型(我认为没有魔术).
I ran into this same issue. I can't answer your question about the command line magic to tell CURL not to send the content-type on the initial request (I don't think there is any magic).
但是,我可以告诉您问题的根本原因是Node + Express(connect)通过bodyParser发送初始摘要请求,并且由于存在application/json标头,因此它尝试解析主体(是空的).就个人而言,如果主体为空,我不认为express应该吓坏了,而是只返回一个空的JSON结构(我在下面的工作).
However, I can tell you that the root cause of the issue is that Node+Express(connect) is sending the initial digest request through the bodyParser and since the application/json headers are there it tries to parse the body (which is empty). Personally I don't think express should freak out if the body is empty, instead just return an empty JSON structure (my work around below).
将来可能会有更好的(官方)解决方法,因为此特定问题正在github上进行讨论(已存在1天) https://github.com/senchalabs/connect/issues/415
There may be a better (official) workaround in the future as this particular issue is in discussion right now on github here (1 day old)https://github.com/senchalabs/connect/issues/415
我的解决方法(connect/lib/middleware/json.js:70)
My workaround (connect/lib/middleware/json.js:70)
if (0 == buf.length) {
// return next(400, 'invalid json, empty body');
req.body = {};
return next();
}
这篇关于使用json帖子进行摘要身份验证的卷曲命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!