node-http-server – Blame information for rev 8

Subversion Repositories:
Rev:
Rev Author Line No. Line
8 office 1 #!/usr/bin/env node
2 ///////////////////////////////////////////////////////////////////////////
3 // Copyright (C) 2017 Wizardry and Steamworks - License: GNU GPLv3 //
4 ///////////////////////////////////////////////////////////////////////////
5  
6 const url = require('url');
7 const path = require('path');
8 const fs = require('fs');
9 const mime = require('mime');
10  
11 // Check for path traversal.
12 function isRooted(userPath, rootPath, separator) {
13 userPath = userPath.split(separator).filter(Boolean);
14 rootPath = rootPath.split(separator).filter(Boolean);
15 return userPath.length >= rootPath.length &&
16 rootPath.every((e, i) => e === userPath[i]);
17 }
18  
19 module.exports = {
20 error: {
21 level: {
22 INFO: 1,
23 WARN: 2,
24 ERROR: 3
25 }
26 },
27 handleClient: (config, request, response, root, callback) => {
28 process.nextTick(() => {
29 const requestAddress = request.socket.address();
30 const requestedURL = url.parse(request.url, true);
31  
32 callback('Client: ' +
33 requestAddress.address + ':' +
34 requestAddress.port +
35 ' accessing: ' +
36 requestedURL.pathname,
37 module.exports.error.level.INFO
38 );
39  
40 const trimmedPath = requestedURL
41 .pathname
42 .split('/')
43 .filter(Boolean)
44 .join('/');
45 const filesystemPath = trimmedPath === '/' ?
46 path.join(root, trimmedPath) :
47 path.resolve(root, trimmedPath);
48  
49 if (!isRooted(filesystemPath, root, path.sep)) {
50 callback('Attempted path traversal: ' +
51 requestAddress.address + ':' +
52 requestAddress.port +
53 ' requesting: ' +
54 requestedURL.pathname,
55 module.exports.error.level.WARN
56 );
57 response.statusCode = 403;
58 response.end();
59 return;
60 }
61  
62 fs.stat(filesystemPath, (error, stats) => {
63 // Document does not exist.
64 if (error) {
65 response.statusCode = 404;
66 response.end();
67 return;
68 }
69  
70 switch (stats.isDirectory()) {
71 case true: // Directory is requested so provide directory indexes.
72 const root = path.resolve(filesystemPath, config.site.index);
73 fs.stat(root, (error, stats) => {
74 if (error) {
75 fs.readdir(filesystemPath, (error, paths) => {
76 if (error) {
77 callback('Could not list directory: ' +
78 filesystemPath,
79 module.exports.error.level.ERROR
80 );
81 response.statusCode = 500;
82 response.end();
83 return;
84 }
85 callback('Directory listing requested for: ' +
86 filesystemPath,
87 module.exports.error.level.INFO
88 );
89 response.statusCode = 200;
90 response.write(JSON.stringify(paths));
91 response.end();
92 });
93  
94 return;
95 }
96  
97 fs.access(filesystemPath, fs.constants.R_OK, (error) => {
98 if (error) {
99 callback('The server was unable to access the filesystem path: ' +
100 filesystemPath,
101 module.exports.error.level.WARN
102 );
103 response.statusCode = 403;
104 response.end();
105 return;
106 }
107  
108 // Set MIME content type.
109 response.setHeader('Content-Type', mime.lookup(root));
110  
111 var readStream = fs.createReadStream(root)
112 .on('open', () => {
113 response.statusCode = 200;
114 readStream.pipe(response);
115 })
116 .on('error', () => {
117 response.statusCode = 500;
118 response.end();
119 });
120  
121 });
122  
123 });
124 break;
125 default: // Browser requesting file.
126 // Check if the file is accessible.
127 fs.access(filesystemPath, fs.constants.R_OK, (error) => {
128 if (error) {
129 response.statusCode = 403;
130 response.end();
131 return;
132 }
133  
134 response.setHeader('Content-Type', mime.lookup(filesystemPath));
135  
136 var readStream = fs.createReadStream(filesystemPath)
137 .on('open', () => {
138 response.statusCode = 200;
139 readStream.pipe(response);
140 })
141 .on('error', () => {
142 response.statusCode = 500;
143 response.end();
144 });
145  
146 });
147 break;
148 }
149 })
150 });
151 }
152 };