Use jsonOrMultipart instead of jsonOptional and multipart

src/server.js

@@ -36,13 +36,18 @@ async function initializeExpressSync() {
 
     const wsServer = new ws.Server({ noServer: true }); // in noServer mode, we have to handle 'upgrade' and call handleUpgrade
 
+    const REQUEST_TIMEOUT = 60000; // timeout for all requests (see also setTimeout on the httpServer)
+
+    // NOTE: routes that use multi-part have to be whitelisted in the reverse proxy
+    const FILE_SIZE_LIMIT = '256mb', // max file size that can be uploaded (see also client_max_body_size in nginx)
+        FILE_TIMEOUT = 60 * 1000; // increased timeout for file uploads (1 min)
+
     const QUERY_LIMIT = '2mb', // max size for json queries (see also client_max_body_size in nginx)
         FIELD_LIMIT = 2 * 1024 * 1024; // max fields that can appear in multipart
 
-    const REQUEST_TIMEOUT = 60000; // timeout for all requests (see also setTimeout on the httpServer)
-
+    const multipart = middleware.multipart({ maxFieldsSize: FIELD_LIMIT, limit: FILE_SIZE_LIMIT, timeout: FILE_TIMEOUT });
     const json = middleware.json({ strict: true, limit: QUERY_LIMIT }, true); // forces json content-type
-    const jsonOptional = middleware.json({ strict: true, limit: QUERY_LIMIT }, false);
+    const jsonOrMultipart = [ middleware.json({ strict: true, limit: QUERY_LIMIT }, false), multipart ];
 
     app.set('json spaces', 2); // pretty json
     app.enable('trust proxy'); // trust the X-Forwarded-* headers
@@ -65,12 +70,6 @@ async function initializeExpressSync() {
         .use(notFoundHandler)
         .use(middleware.lastMile());
 
-    // NOTE: routes that use multi-part have to be whitelisted in the reverse proxy
-    const FILE_SIZE_LIMIT = '256mb', // max file size that can be uploaded (see also client_max_body_size in nginx)
-        FILE_TIMEOUT = 60 * 1000; // increased timeout for file uploads (1 min)
-
-    const multipart = middleware.multipart({ maxFieldsSize: FIELD_LIMIT, limit: FILE_SIZE_LIMIT, timeout: FILE_TIMEOUT });
-
     // authentication
     const password = routes.accesscontrol.passwordAuth;
     const token = routes.accesscontrol.tokenAuth;
@@ -265,8 +264,8 @@ async function initializeExpressSync() {
     router.get ('/api/v1/appstore/apps/:appstoreId/versions/:versionId',       token, authorizeAdmin, routes.appstore.getAppVersion);
 
     // app routes
-    router.post('/api/v1/apps/install',                          jsonOptional, token, multipart,authorizeAdmin,    routes.apps.install);  // DEPRECATED from 8.1 on in favor of route below
-    router.post('/api/v1/apps',                                  jsonOptional, token, multipart,authorizeAdmin,    routes.apps.install);
+    router.post('/api/v1/apps/install',               jsonOrMultipart, token,                   authorizeAdmin,    routes.apps.install);  // DEPRECATED from 8.1 on in favor of route below
+    router.post('/api/v1/apps',                       jsonOrMultipart, token,                   authorizeAdmin,    routes.apps.install);
     router.get ('/api/v1/apps',                                        token,                   authorizeUser,     routes.apps.listByUser);
     router.get ('/api/v1/apps/:id',                                    token, routes.apps.load, authorizeOperator, routes.apps.getApp);
     router.get ('/api/v1/apps/:id/icon',                                      routes.apps.load,                    routes.apps.getAppIcon);
@@ -298,7 +297,7 @@ async function initializeExpressSync() {
     router.post('/api/v1/apps/:id/configure/upstream_uri',       json, token, routes.apps.load, authorizeOperator, routes.apps.setUpstreamUri);
     router.post('/api/v1/apps/:id/repair',                       json, token, routes.apps.load, authorizeOperator, routes.apps.repair);
     router.post('/api/v1/apps/:id/check_update',                 json, token, routes.apps.load, authorizeOperator, routes.apps.checkUpdate);
-    router.post('/api/v1/apps/:id/update',                       jsonOptional, token, multipart, routes.apps.load, authorizeOperator, routes.apps.update);
+    router.post('/api/v1/apps/:id/update',            jsonOrMultipart, token, routes.apps.load, authorizeOperator, routes.apps.update);
     router.post('/api/v1/apps/:id/restore',                      json, token, routes.apps.load, authorizeOperator, routes.apps.restore);
     router.post('/api/v1/apps/:id/import',                       json, token, routes.apps.load, authorizeOperator, routes.apps.importApp);
     router.post('/api/v1/apps/:id/export',                       json, token, routes.apps.load, authorizeOperator, routes.apps.exportApp);