node-http-server

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 29  →  ?path2? @ 30
/src/handler.js
@@ -9,7 +9,7 @@
const fs = require('fs');
const mime = require('mime');
const auth = require("http-auth");
const JSONStream = require('JSONStream');
const stream = require('stream');
 
// Checks whether userPath is a child of rootPath.
function isRooted(userPath, rootPath, separator, callback) {
@@ -24,7 +24,6 @@
// Check if the file is accessible.
fs.access(file, fs.constants.R_OK, (error) => {
if (error) {
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
@@ -31,14 +30,18 @@
client.port +
' requesting inaccessible path: ' +
file,
severity: 'warning',
status: 403
severity: 'warning'
}, {
status: 403,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
@@ -45,7 +48,8 @@
client.port +
' sent file: ' +
file,
severity: 'info',
severity: 'info'
}, {
status: 200,
data: fs
.createReadStream(file),
@@ -53,8 +57,6 @@
.lookup(file)
});
});
 
});
}
 
// Serves a directory listing or the document index in case it exists.
@@ -67,7 +69,7 @@
directory.toUpperCase() === href.toUpperCase())) {
fs.readdir(directory, (error, paths) => {
if (error) {
process.nextTick(() => {
console.log("listing forbidden...");
callback({
message: 'Client: ' +
client.address + ':' +
@@ -74,13 +76,19 @@
client.port +
' could not access directory: ' +
directory,
severity: 'warning',
status: 500
severity: 'warning'
}, {
status: 500,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
process.nextTick(() => {
console.log("sending listing...");
callback({
message: 'Client: ' +
client.address + ':' +
@@ -87,16 +95,22 @@
client.port +
' accessed directory listing: ' +
directory,
severity: 'warning',
severity: 'info'
}, {
status: 200,
data: JSONStream.parse(paths)
data: new stream.Readable({
read(size) {
this.push(JSON.stringify(paths));
this.push(null);
}
}),
type: 'application/json'
});
});
});
return;
}
// Could not access directory index file and directory listing not allowed.
process.nextTick(() => {
console.log("no dirindex...");
callback({
message: 'Client: ' +
client.address + ':' +
@@ -103,18 +117,22 @@
client.port +
' no index file found and accessing forbiden index: ' +
href,
severity: 'warning',
status: 400
severity: 'warning'
}, {
status: 403,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
 
}
 
// Serve the document index.
fs.access(root, fs.constants.R_OK, (error) => {
if (error) {
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
@@ -121,13 +139,18 @@
client.port +
' unable to access path: ' +
directory,
severity: 'warning',
status: 403
severity: 'warning'
}, {
status: 403,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
process.nextTick(() => {
callback({
message: 'Client: ' +
client.address + ':' +
@@ -134,7 +157,8 @@
client.port +
' sent file: ' +
root,
severity: 'info',
severity: 'info'
}, {
status: 200,
data: fs.createReadStream(root),
type: mime.lookup(root)
@@ -141,7 +165,6 @@
});
});
});
});
}
 
// Determines whether the requested filesystem request path is a directory or a file.
@@ -155,8 +178,15 @@
address.port +
' accessing non-existent document: ' +
local,
severity: 'warning',
status: 404
severity: 'warning'
}, {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
return;
}
@@ -173,7 +203,6 @@
// then there is no file to serve.
if (config.site.reject.some((expression) => expression.test(file)) ||
!config.site.accept.some((expression) => expression.test(file))) {
process.nextTick(() => {
callback({
message: 'Client: ' +
address.address + ':' +
@@ -180,10 +209,16 @@
address.port +
' requested disallowed file: ' +
file,
severity: 'warning',
status: 404
severity: 'warning'
}, {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
 
@@ -195,7 +230,6 @@
 
module.exports = {
process: (config, request, response, root, callback) => {
process.nextTick(() => {
const requestAddress = request.socket.address();
const requestURL = url.parse(
request.url, true
@@ -241,7 +275,6 @@
fs.realpath(requestPath, (error, resolvedPath) => {
// If the path does not exist, then return early.
if (error) {
process.nextTick(() => {
callback({
message: 'Unknown path requested: ' +
requestAddress.address + ':' +
@@ -248,10 +281,16 @@
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning',
status: 404
severity: 'warning'
}, {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
// Check for path traversals early on and bail if the requested path does not
@@ -258,7 +297,6 @@
// lie within the specified document root.
isRooted(resolvedPath, root, path.sep, (rooted) => {
if (!rooted) {
process.nextTick(() => {
callback({
message: 'Attempted path traversal: ' +
requestAddress.address + ':' +
@@ -265,10 +303,16 @@
requestAddress.port +
' requesting: ' +
requestURL.pathname,
severity: 'warning',
status: 404
severity: 'warning'
}, {
status: 404,
data: new stream.Readable({
read(size) {
this.push(null);
}
}),
type: 'text/plain'
});
});
return;
}
 
@@ -285,7 +329,6 @@
});
// Requested location requires authentication.
authentication.check(request, response, (request, response) => {
process.nextTick(() => {
callback({
message: 'Authenticated client: ' +
requestAddress.address + ':' +
@@ -294,7 +337,6 @@
requestURL.pathname,
severity: 'info'
});
});
serve(config,
requestPath,
requestURL.pathname,
@@ -306,7 +348,6 @@
}
 
// If no authentication is required then serve the request.
process.nextTick(() => {
callback({
message: 'Client: ' +
requestAddress.address + ':' +
@@ -315,7 +356,6 @@
requestURL.pathname,
severity: 'info'
});
});
serve(config,
requestPath,
requestURL.pathname,
@@ -324,6 +364,5 @@
);
});
});
});
}
};