0

My client given me requirement to encrypt decrypt all request response. So for all encrypted request we wrote down the express middleware to get decrypted request. which is the simple part but while sending response we also have to encrypt response.

One way to do write common function to encrypt data and call that function from all routes. which is time consuming part because we have more than 50+ routes in project. So i was thinking to write middleware like we have done for request which capture response before we send and then we encrypt response after that we send encrypt response to client.

I have searched for solution in google not got any proper solution which worked for me.

routes.js

    router.post('/getUserData', verifyApiKey, async function (req, res, next) {
    let user = await getUserData();
    res.status(200).send(user)
  });

middlware.js

class EncryptDecryptRequestResponse {
    async encryptResponse(req, res, next) {
        console.log('Called encryptResponse');
        console.log('res.body', res.body);
        res.body = encryptData(res.body)
        next();
    }
}

App.js

// Middleware to decrypt request
app.use(decryptRequest);

app.use('/', indexRouter);

// Middleware to encrypt response
app.use(encryptResponse);

but the problem is that i am not getting any console.log from middleware. this is the solution which i used

Dexter
  • 1,804
  • 4
  • 24
  • 53
  • Does this answer your question? [Modify response body before res.send() executes in ExpressJS](https://stackoverflow.com/questions/56648926/modify-response-body-before-res-send-executes-in-expressjs) – eol Jan 18 '21 at 13:36
  • @eol i also tried that solution but that also didn't worked for me – Dexter Jan 18 '21 at 13:41
  • Can you share the code for `indexRouter`? – eol Jan 18 '21 at 13:43
  • check routes.js that is my indexRouter – Dexter Jan 18 '21 at 13:50

1 Answers1

4

I tried to reproduce the problem you're having with overwriting res.send(), but it works fine for me. You need to make sure to setup the interceptor middleware before you define your routes. Consider this simple example:

const express = require('express');
const app = express();

function encryptResponseInterceptor(req, res, next) {
    const originalSend = res.send;

    res.send = function () {
        arguments[0] = encryptResponse(arguments[0]);
        originalSend.apply(res, arguments);
    };
    next();
}

function encryptResponse(originalData) {
    // place your encryption logic here, I'm just adding a string in this example
    return originalData + " modified";
}

// fake method that returns resolves after 1s just for testing
function getUserData() {
    return new Promise(resolve => {
        setTimeout(() => {
            resolve();
        }, 1000)
    })
}

app.use(encryptResponseInterceptor);

app.get("/test", async (req, res, next) => {
    await getUserData();
    res.status(200).send("will be changed");
})

app.listen(3000, () => {
    console.log("server started on 3000");
});
eol
  • 23,236
  • 5
  • 46
  • 64