node-http-server – Diff between revs 31 and 32
?pathlinks?
| Rev 31 | Rev 32 | |||
|---|---|---|---|---|
| Line 246... | Line 246... | |||
| 246 | Handler.prototype.process = function(config, request, response, root) { |
246 | Handler.prototype.process = function(config, request, response, root) { |
|
| 247 | EventEmitter.call(this); |
247 | EventEmitter.call(this); |
|
| 248 | var self = this; |
248 | var self = this; |
|
| Line 249... | Line 249... | |||
| 249 | |
249 | |
|
| 250 | // Get client details. |
250 | // Get client details. |
|
| 251 | const requestAddress = request.socket.address(); |
251 | const address = request.socket.address(); |
|
| 252 | // Get requested URL. |
252 | // Get requested URL. |
|
| 253 | const requestURL = url.parse( |
253 | const requestURL = url.parse( |
|
| 254 | request.url, true |
254 | request.url, true |
|
| Line 294... | Line 294... | |||
| 294 | fs.realpath(requestPath, (error, resolvedPath) => { |
294 | fs.realpath(requestPath, (error, resolvedPath) => { |
|
| 295 | // If the path does not exist, then return early. |
295 | // If the path does not exist, then return early. |
|
| 296 | if (error) { |
296 | if (error) { |
|
| 297 | self.emit('log', { |
297 | self.emit('log', { |
|
| 298 | message: 'Unknown path requested: ' + |
298 | message: 'Unknown path requested: ' + |
|
| 299 | requestAddress.address + ':' + |
299 | address.address + ':' + |
|
| 300 | requestAddress.port + |
300 | address.port + |
|
| 301 | ' requesting: ' + |
301 | ' requesting: ' + |
|
| 302 | requestURL.pathname, |
302 | requestURL.pathname, |
|
| 303 | severity: 'warning' |
303 | severity: 'warning' |
|
| 304 | }); |
304 | }); |
|
| 305 | self.emit('done', { |
305 | self.emit('data', { |
|
| 306 | status: 404, |
306 | status: 404, |
|
| 307 | data: new stream.Readable({ |
307 | data: new stream.Readable({ |
|
| 308 | read(size) { |
308 | read(size) { |
|
| 309 | this.push(null); |
309 | this.push(null); |
|
| 310 | } |
310 | } |
|
| 311 | }), |
311 | }), |
|
| 312 | type: 'text/plain' |
312 | type: 'text/plain' |
|
| 313 | }); |
313 | }); |
|
| 314 | return; |
314 | return; |
|
| 315 | } |
315 | } |
|
| - | 316 | |
||
| 316 | // Check for path traversals early on and bail if the requested path does not |
317 | // Check for path traversals early on and bail if the requested path does not |
|
| 317 | // lie within the specified document root. |
318 | // lie within the specified document root. |
|
| 318 | isRooted(resolvedPath, root, path.sep, (rooted) => { |
319 | isRooted(resolvedPath, root, path.sep, (rooted) => { |
|
| 319 | if (!rooted) { |
320 | if (!rooted) { |
|
| 320 | self.emit('log', { |
321 | self.emit('log', { |
|
| 321 | message: 'Attempted path traversal: ' + |
322 | message: 'Attempted path traversal: ' + |
|
| 322 | requestAddress.address + ':' + |
323 | address.address + ':' + |
|
| 323 | requestAddress.port + |
324 | address.port + |
|
| 324 | ' requesting: ' + |
325 | ' requesting: ' + |
|
| 325 | requestURL.pathname, |
326 | requestURL.pathname, |
|
| 326 | severity: 'warning' |
327 | severity: 'warning' |
|
| 327 | }); |
328 | }); |
|
| 328 | self.emit('done', { |
329 | self.emit('done', { |
|
| Line 350... | Line 351... | |||
| 350 | }); |
351 | }); |
|
| 351 | // Requested location requires authentication. |
352 | // Requested location requires authentication. |
|
| 352 | authentication.check(request, response, (request, response) => { |
353 | authentication.check(request, response, (request, response) => { |
|
| 353 | self.emit('log', { |
354 | self.emit('log', { |
|
| 354 | message: 'Authenticated client: ' + |
355 | message: 'Authenticated client: ' + |
|
| 355 | requestAddress.address + ':' + |
356 | address.address + ':' + |
|
| 356 | requestAddress.port + |
357 | address.port + |
|
| 357 | ' accessing: ' + |
358 | ' accessing: ' + |
|
| 358 | requestURL.pathname, |
359 | requestURL.pathname, |
|
| 359 | severity: 'info' |
360 | severity: 'info' |
|
| 360 | }); |
361 | }); |
|
| 361 | process.nextTick(() => |
362 | process.nextTick(() => |
|
| 362 | serve(self, |
363 | serve(self, |
|
| 363 | config, |
364 | config, |
|
| 364 | requestPath, |
365 | requestPath, |
|
| 365 | requestURL.pathname, |
366 | requestURL.pathname, |
|
| 366 | requestAddress |
367 | address |
|
| 367 | ) |
368 | ) |
|
| 368 | ); |
369 | ); |
|
| 369 | }); |
370 | }); |
|
| 370 | return; |
371 | return; |
|
| 371 | } |
372 | } |
|
| Line 372... | Line 373... | |||
| 372 | |
373 | |
|
| 373 | // If no authentication is required then serve the request. |
374 | // If no authentication is required then serve the request. |
|
| 374 | self.emit('log', { |
375 | self.emit('log', { |
|
| 375 | message: 'Client: ' + |
376 | message: 'Client: ' + |
|
| 376 | requestAddress.address + ':' + |
377 | address.address + ':' + |
|
| 377 | requestAddress.port + |
378 | address.port + |
|
| 378 | ' accessing: ' + |
379 | ' accessing: ' + |
|
| 379 | requestURL.pathname, |
380 | requestURL.pathname, |
|
| 380 | severity: 'info' |
381 | severity: 'info' |
|
| 381 | }); |
382 | }); |
|
| 382 | process.nextTick(() => |
383 | process.nextTick(() => |
|
| 383 | serve(self, |
384 | serve(self, |
|
| 384 | config, |
385 | config, |
|
| 385 | requestPath, |
386 | requestPath, |
|
| 386 | requestURL.pathname, |
387 | requestURL.pathname, |
|
| 387 | requestAddress |
388 | address |
|
| 388 | ) |
389 | ) |
|
| 389 | ); |
390 | ); |
|
| 390 | }); |
391 | }); |
|