403 error using node-formidable with expressjs

Question

i've got a problem using node-formidable (https://github.com/felixge/node-formidable) with expressjs: connect-multipart is now deprecated (http://www.senchalabs.org/connect/multipart.html).

I'm trying to use node-formidable to directly parse my uploaded files but can't make it works. Urlencoded forms are working well but not multipart. I'm not sure but i think that it comes from the connect-csrf:

Update: it works well when i remove the csrf middleware.

Error: Forbidden
    at Object.exports.error (/srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/utils.js:63:13)
    at createToken (/srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55)
    at Object.handle (/srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:48:24)
    at next (/srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/proto.js:193:15)
    at next (/srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/middleware/session.js:315:9)
    at /srv/www/mysite.com/nodejs/myapp/node_modules/express/node_modules/connect/lib/middleware/session.js:339:9
    at /srv/www/mysite.com/nodejs/myapp/node_modules/connect-redis/lib/connect-redis.js:101:14
    at try_callback (/srv/www/mysite.com/nodejs/myapp/node_modules/connect-redis/node_modules/redis/index.js:581:9)
    at RedisClient.return_reply (/srv/www/mysite.com/nodejs/myapp/node_modules/connect-redis/node_modules/redis/index.js:671:13)
    at ReplyParser.<anonymous> (/srv/www/mysite.com/nodejs/myapp/node_modules/connect-redis/node_modules/redis/index.js:313:14)

What can i do? Here is my code:

// Body parser
app.use(express.urlencoded());

app.use(function(req, res, next) {

  if (req.is('multipart/form-data') && req.method == "POST") {

    var form = new formidable.IncomingForm();

    form.uploadDir = "mytmpfolder";

    form.parse(req, function(err, fields, files) {
      req.files = files;
    });

  }

  next();

});

// Cookie parser
app.use(express.cookieParser());

// Session
app.use(express.session({
  key: 'secure_session',
  store: new redisStore,
  secret: 'secret',
  proxy: true,
  cookie: {
    secure: true,
    maxAge: null
  }
}));

// CSRF
app.use(express.csrf());
app.use(function(req, res, next){
  res.locals.token = req.csrfToken();
  next();
});

user3338495 user3338495 · Accepted Answer · 2014-02-22T10:40:37

I found a way to finally make it works:

// Body parser
app.use(function(req, res, next) {

  if (req.method == "POST") {

    var form = new formidable.IncomingForm();

    var fieldsObj = {};
    var filesObj = {};

    form.uploadDir = "/srv/www/mysite.com/nodejs/myapp/static/uploads";

    form.on('field', function(field, value) {
      fieldsObj[field] = value;
    });

    form.on('file', function(field, file) {
      filesObj[field] = file;
    });

    form.on('end', function() {
      req.body = fieldsObj;
      req.files = filesObj;
      next();
    });

    form.parse(req);

  }
  else {
    next();
  }

});

403 error using node-formidable with expressjs

1 Answers