refactor(core): Parse Webhook request bodies on-demand (#6394)

Also,
1. Consistent CORS support ~on all three webhook types~ waiting webhooks never supported CORS. I'll fix that in another PR
2. [Fixes binary-data handling when request body is text, json, or xml](https://linear.app/n8n/issue/NODE-505/webhook-binary-data-handling-fails-for-textplain-files).
3. Reduced number of middleware that each request has to go through.
4. Removed the need to maintain webhook endpoints in the auth-exception list.
5. Skip all middlewares (apart from `compression`) on Webhook routes. 
6. move `multipart/form-data` support out of individual nodes
7. upgrade `formidable`
8. fix the filenames on binary-data in webhooks nodes
9. add unit tests and integration tests for webhook request handling, and increase test coverage

packages/cli/package.json

@@ -68,17 +68,18 @@
     "@oclif/dev-cli": "^1.22.2",
     "@types/basic-auth": "^1.1.3",
     "@types/bcryptjs": "^2.4.2",
-    "@types/body-parser-xml": "^2.0.2",
     "@types/compression": "1.0.1",
     "@types/connect-history-api-fallback": "^1.3.1",
     "@types/convict": "^6.1.1",
+    "@types/content-disposition": "^0.5.5",
+    "@types/content-type": "^1.1.5",
     "@types/cookie-parser": "^1.4.2",
     "@types/express": "^4.17.6",
+    "@types/formidable": "^3.4.0",
     "@types/json-diff": "^1.0.0",
     "@types/jsonwebtoken": "^9.0.1",
     "@types/localtunnel": "^1.9.0",
     "@types/lodash": "^4.14.195",
-    "@types/parseurl": "^1.3.1",
     "@types/passport-jwt": "^3.0.6",
     "@types/psl": "^1.1.0",
     "@types/replacestream": "^4.0.1",
@@ -91,6 +92,7 @@
     "@types/uuid": "^8.3.2",
     "@types/validator": "^13.7.0",
     "@types/ws": "^8.5.4",
+    "@types/xml2js": "^0.4.11",
     "@types/yamljs": "^0.2.31",
     "chokidar": "^3.5.2",
     "concurrently": "^8.2.0",
@@ -110,8 +112,6 @@
     "axios": "^0.21.1",
     "basic-auth": "^2.0.1",
     "bcryptjs": "^2.4.3",
-    "body-parser": "^1.20.1",
-    "body-parser-xml": "^2.0.3",
     "bull": "^4.10.2",
     "cache-manager": "^5.2.3",
     "cache-manager-ioredis-yet": "^1.2.2",
@@ -122,6 +122,8 @@
     "compression": "^1.7.4",
     "connect-history-api-fallback": "^1.6.0",
     "convict": "^6.2.4",
+    "content-disposition": "^0.5.4",
+    "content-type": "^1.0.4",
     "cookie-parser": "^1.4.6",
     "crypto-js": "~4.1.1",
     "csrf": "^3.1.0",
@@ -134,6 +136,7 @@
     "express-prom-bundle": "^6.6.0",
     "fast-glob": "^3.2.5",
     "flatted": "^3.2.4",
+    "formidable": "^3.5.0",
     "google-timezones-json": "^1.1.0",
     "handlebars": "4.7.7",
     "inquirer": "^7.0.1",
@@ -157,7 +160,6 @@
     "open": "^7.0.0",
     "openapi-types": "^10.0.0",
     "p-cancelable": "^2.0.0",
-    "parseurl": "^1.3.3",
     "passport": "^0.6.0",
     "passport-cookie": "^1.0.9",
     "passport-jwt": "^4.0.0",
@@ -167,6 +169,7 @@
     "posthog-node": "^2.2.2",
     "prom-client": "^13.1.0",
     "psl": "^1.8.0",
+    "raw-body": "^2.5.1",
     "reflect-metadata": "^0.1.13",
     "replacestream": "^4.0.3",
     "samlify": "^2.8.9",
@@ -185,6 +188,7 @@
     "validator": "13.7.0",
     "winston": "^3.3.3",
     "ws": "^8.12.0",
+    "xml2js": "^0.5.0",
     "xmllint-wasm": "^3.0.1",
     "yamljs": "^0.3.0"
   }