Node.js express correct use of bodyParser middleware

Question

I am new to node.js and express and have been experimenting with them for a while. Now I am confused with the design of the express framework related to parsing the request

Answer 1

Your second method is fine. Remember you can also pass arrays of middleware functions to app.post, app.get and friends. So you can define an array called uploadMiddleware with your things that handle POST bodies, uploads, etc, and use that.

app.post('/test1', uploadMiddleware, routeHandler1);

The examples are for beginners. Beginner code to help you get the damn thing working on day 1 and production code that is efficient and secure are often very different. You make a certainly valid point about not accepting uploads to arbitrary paths. As to parsing all request bodies being 'very inefficient', that depends on the ratio of invalid/attack POST requests to legitimate requests that are sent to your application. The average background radiation of attack probe requests is probably not enough to worry about until your site starts to get popular.

Also here's a blog post with further details of the security considerations of bodyParser.