/src/handler.js |
@@ -10,6 +10,8 @@ |
const mime = require('mime'); |
const auth = require("http-auth"); |
const stream = require('stream'); |
const util = require('util'); |
const EventEmitter = require('events').EventEmitter; |
|
// Checks whether userPath is a child of rootPath. |
function isRooted(userPath, rootPath, separator, callback) { |
@@ -20,11 +22,11 @@ |
} |
|
// Serves files. |
function files(config, file, client, callback) { |
function files(self, config, file, client) { |
// Check if the file is accessible. |
fs.access(file, fs.constants.R_OK, (error) => { |
if (error) { |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -31,7 +33,8 @@ |
' requesting inaccessible path: ' + |
file, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 403, |
data: new stream.Readable({ |
read(size) { |
@@ -42,7 +45,7 @@ |
}); |
return; |
} |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -49,7 +52,8 @@ |
' sent file: ' + |
file, |
severity: 'info' |
}, { |
}); |
self.emit('data', { |
status: 200, |
data: fs |
.createReadStream(file), |
@@ -60,7 +64,7 @@ |
} |
|
// Serves a directory listing or the document index in case it exists. |
function index(config, directory, href, client, callback) { |
function index(self, config, directory, href, client) { |
const root = path.resolve(directory, config.site.index); |
fs.stat(root, (error, stats) => { |
if (error) { |
@@ -69,8 +73,7 @@ |
directory.toUpperCase() === href.toUpperCase())) { |
fs.readdir(directory, (error, paths) => { |
if (error) { |
console.log("listing forbidden..."); |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -77,7 +80,8 @@ |
' could not access directory: ' + |
directory, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 500, |
data: new stream.Readable({ |
read(size) { |
@@ -88,8 +92,7 @@ |
}); |
return; |
} |
console.log("sending listing..."); |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -96,7 +99,8 @@ |
' accessed directory listing: ' + |
directory, |
severity: 'info' |
}, { |
}); |
self.emit('data', { |
status: 200, |
data: new stream.Readable({ |
read(size) { |
@@ -110,8 +114,7 @@ |
return; |
} |
// Could not access directory index file and directory listing not allowed. |
console.log("no dirindex..."); |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -118,7 +121,8 @@ |
' no index file found and accessing forbiden index: ' + |
href, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 403, |
data: new stream.Readable({ |
read(size) { |
@@ -133,7 +137,7 @@ |
// Serve the document index. |
fs.access(root, fs.constants.R_OK, (error) => { |
if (error) { |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -140,7 +144,8 @@ |
' unable to access path: ' + |
directory, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 403, |
data: new stream.Readable({ |
read(size) { |
@@ -151,7 +156,7 @@ |
}); |
return; |
} |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
client.address + ':' + |
client.port + |
@@ -158,7 +163,8 @@ |
' sent file: ' + |
root, |
severity: 'info' |
}, { |
}); |
self.emit('data', { |
status: 200, |
data: fs.createReadStream(root), |
type: mime.lookup(root) |
@@ -168,11 +174,11 @@ |
} |
|
// Determines whether the requested filesystem request path is a directory or a file. |
function serve(config, local, href, address, callback) { |
function serve(self, config, local, href, address) { |
fs.stat(local, (error, stats) => { |
// Document does not exist. |
if (error) { |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
address.address + ':' + |
address.port + |
@@ -179,7 +185,8 @@ |
' accessing non-existent document: ' + |
local, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 404, |
data: new stream.Readable({ |
read(size) { |
@@ -193,7 +200,7 @@ |
|
if (stats.isDirectory()) { |
// Directory is requested so provide directory indexes. |
index(config, local, href, address, callback); |
index(self, config, local, href, address); |
return; |
} |
if (stats.isFile()) { |
@@ -203,7 +210,7 @@ |
// then there is no file to serve. |
if (config.site.reject.some((expression) => expression.test(file)) || |
!config.site.accept.some((expression) => expression.test(file))) { |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
address.address + ':' + |
address.port + |
@@ -210,7 +217,8 @@ |
' requested disallowed file: ' + |
file, |
severity: 'warning' |
}, { |
}); |
self.emit('data', { |
status: 404, |
data: new stream.Readable({ |
read(size) { |
@@ -223,14 +231,25 @@ |
} |
|
// A file was requested so provide the file. |
files(config, local, address, callback); |
files(self, config, local, address); |
} |
}); |
} |
|
module.exports = { |
process: (config, request, response, root, callback) => { |
// Constructor. |
function Handler() { |
// Create events emitters for logging and data. |
EventEmitter.call(this); |
}; |
|
// Process a request. |
Handler.prototype.process = function(config, request, response, root) { |
EventEmitter.call(this); |
var self = this; |
|
// Get client details. |
const requestAddress = request.socket.address(); |
// Get requested URL. |
const requestURL = url.parse( |
request.url, true |
); |
@@ -253,7 +272,7 @@ |
true |
) |
.pathname; |
callback({ |
self.emit('log', { |
message: 'Rewrite path: ' + |
originalPath + |
' to: ' + |
@@ -275,7 +294,7 @@ |
fs.realpath(requestPath, (error, resolvedPath) => { |
// If the path does not exist, then return early. |
if (error) { |
callback({ |
self.emit('log', { |
message: 'Unknown path requested: ' + |
requestAddress.address + ':' + |
requestAddress.port + |
@@ -282,7 +301,8 @@ |
' requesting: ' + |
requestURL.pathname, |
severity: 'warning' |
}, { |
}); |
self.emit('done', { |
status: 404, |
data: new stream.Readable({ |
read(size) { |
@@ -297,7 +317,7 @@ |
// lie within the specified document root. |
isRooted(resolvedPath, root, path.sep, (rooted) => { |
if (!rooted) { |
callback({ |
self.emit('log', { |
message: 'Attempted path traversal: ' + |
requestAddress.address + ':' + |
requestAddress.port + |
@@ -304,7 +324,8 @@ |
' requesting: ' + |
requestURL.pathname, |
severity: 'warning' |
}, { |
}); |
self.emit('done', { |
status: 404, |
data: new stream.Readable({ |
read(size) { |
@@ -329,7 +350,7 @@ |
}); |
// Requested location requires authentication. |
authentication.check(request, response, (request, response) => { |
callback({ |
self.emit('log', { |
message: 'Authenticated client: ' + |
requestAddress.address + ':' + |
requestAddress.port + |
@@ -337,11 +358,13 @@ |
requestURL.pathname, |
severity: 'info' |
}); |
serve(config, |
process.nextTick(() => |
serve(self, |
config, |
requestPath, |
requestURL.pathname, |
requestAddress, |
callback |
requestAddress |
) |
); |
}); |
return; |
@@ -348,7 +371,7 @@ |
} |
|
// If no authentication is required then serve the request. |
callback({ |
self.emit('log', { |
message: 'Client: ' + |
requestAddress.address + ':' + |
requestAddress.port + |
@@ -356,13 +379,19 @@ |
requestURL.pathname, |
severity: 'info' |
}); |
serve(config, |
process.nextTick(() => |
serve(self, |
config, |
requestPath, |
requestURL.pathname, |
requestAddress, |
callback |
requestAddress |
) |
); |
}); |
}); |
} |
|
return this; |
}; |
|
util.inherits(Handler, EventEmitter); |
module.exports = Handler; |