bodyParser.text() renders Parse unable to process requests (outputs "Unauthorized")

[iop280]

Issue Description

I'm attempting to log request payloads for monitoring reasons and it seems that everytime I use the bodyParser.text() in my express server (I'm logging Parse JS SDK calls, and it appears that only the bodyParser.text places the payload in req.body), the parse-server is not able to use the rest of the request.

When bodyParser.text() is in place, all requests respond with:
ParseError {code: undefined, message: "unauthorized"}

Do you know why this is the case?

app.use(bodyParser.text());
app.use('/parse/classes/:className/:id?', function (req, res, next) {
  var params = req.params;
  var className = params.className;
  var objectId = params.id;
  var originalURL = req.originalUrl;

  if (objectId && !seenParseModifyClassRules.className) {
    nr.addNamingRule('^\/parse\/classes\/' + className + '\/.+', 'Create|Modify/' + className);
    console.log(req.body);
    seenParseModifyClassRules[className] = true;
  } else if (!objectId && !seenParseGeneralClassRules.className) {
    nr.addNamingRule('^\/parse\/classes\/' + className + '$', 'Query|General/' + className);
    console.log(req.body);
    seenParseGeneralClassRules[className] = true;
  }
  next();
});

var mountPath = process.env.PARSE_MOUNT || '/parse';
app.use(mountPath, api);

Steps to reproduce

On the JS side, I merely use a call with the following code:

const userQuery = new Parse.Query('_User');
userQuery.contains('firstName', 'Tom');
userQuery.find().then((asdf) => {
   console.log(asdf);
 }, (error) => {
   console.log(error);
});

Expected Results

I expect the Parse-Server to console log the request payload, and the response to return the Parse Query.

Actual Outcome

Parse-Server logs the request payload, but Parse Query is responded with "unauthorized"

Environment Setup

• Server
  • parse-server version (Be specific! Don't say 'latest'.) : ^2.7.4
  • Operating System: Windows 10
  • Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Local

[flovilmart]

Your body parser is conflicting with the JSON body parser that parse-server internally use.

[iop280]

@flovilmart - what solution would you suggest to allow the requests to be parsed by both the Express server as well as Parse-Server?

[Koosmann]

@flovilmart - We are also looking for a solution for this, we just need some mechanism to inspect the request before allowing to proceed to parse-server (note: we'd be using this as a workaround for a hook like this: #4524)

[flovilmart]

Feel free to open a pull request if you find a solution, but it’s unlikely we’ll look for one given the very narrow use case you’re describing.

[Koosmann]

@flovilmart Sounds good! I'm wondering if parse-server could default to using req.body if it exists, so it doesn't try to re-read the stream. I could look into submitting this, but I imagine there might be wide implications to a change like this too.

[flovilmart]

As you mention, there may be other implications. I’m not sure we’d want to slow the processing for everyone else just for your case. Also, you could always restore the contents of the body after inspecting it.

[Koosmann]

That makes sense, and thanks for the input @flovilmart! I dug into this a little more and realized it's probably more in the scope of the bodyParser module versus parse-server itself and gained some insight here (https://github.com/expressjs/body-parser/issues/207) where it says there's a flag that can be set req._body = true to tell instances of bodyParser down the line that req.body is already available.

Lastly, I think I may have diverged a bit from the original author's topic, sorry for not opening a new thread!

[flovilmart]

It’s fine, it complements the original concern with a potential way to workaround!

[iop280]

@Koosmann thanks for digging into this - super helpful, thanks!