node-http-server – Diff between revs 31 and 32
?pathlinks?
Rev 31 | Rev 32 | |||
---|---|---|---|---|
Line 246... | Line 246... | |||
246 | Handler.prototype.process = function(config, request, response, root) { |
246 | Handler.prototype.process = function(config, request, response, root) { |
|
247 | EventEmitter.call(this); |
247 | EventEmitter.call(this); |
|
248 | var self = this; |
248 | var self = this; |
|
Line 249... | Line 249... | |||
249 | |
249 | |
|
250 | // Get client details. |
250 | // Get client details. |
|
251 | const requestAddress = request.socket.address(); |
251 | const address = request.socket.address(); |
|
252 | // Get requested URL. |
252 | // Get requested URL. |
|
253 | const requestURL = url.parse( |
253 | const requestURL = url.parse( |
|
254 | request.url, true |
254 | request.url, true |
|
Line 294... | Line 294... | |||
294 | fs.realpath(requestPath, (error, resolvedPath) => { |
294 | fs.realpath(requestPath, (error, resolvedPath) => { |
|
295 | // If the path does not exist, then return early. |
295 | // If the path does not exist, then return early. |
|
296 | if (error) { |
296 | if (error) { |
|
297 | self.emit('log', { |
297 | self.emit('log', { |
|
298 | message: 'Unknown path requested: ' + |
298 | message: 'Unknown path requested: ' + |
|
299 | requestAddress.address + ':' + |
299 | address.address + ':' + |
|
300 | requestAddress.port + |
300 | address.port + |
|
301 | ' requesting: ' + |
301 | ' requesting: ' + |
|
302 | requestURL.pathname, |
302 | requestURL.pathname, |
|
303 | severity: 'warning' |
303 | severity: 'warning' |
|
304 | }); |
304 | }); |
|
305 | self.emit('done', { |
305 | self.emit('data', { |
|
306 | status: 404, |
306 | status: 404, |
|
307 | data: new stream.Readable({ |
307 | data: new stream.Readable({ |
|
308 | read(size) { |
308 | read(size) { |
|
309 | this.push(null); |
309 | this.push(null); |
|
310 | } |
310 | } |
|
311 | }), |
311 | }), |
|
312 | type: 'text/plain' |
312 | type: 'text/plain' |
|
313 | }); |
313 | }); |
|
314 | return; |
314 | return; |
|
315 | } |
315 | } |
|
- | 316 | |
||
316 | // Check for path traversals early on and bail if the requested path does not |
317 | // Check for path traversals early on and bail if the requested path does not |
|
317 | // lie within the specified document root. |
318 | // lie within the specified document root. |
|
318 | isRooted(resolvedPath, root, path.sep, (rooted) => { |
319 | isRooted(resolvedPath, root, path.sep, (rooted) => { |
|
319 | if (!rooted) { |
320 | if (!rooted) { |
|
320 | self.emit('log', { |
321 | self.emit('log', { |
|
321 | message: 'Attempted path traversal: ' + |
322 | message: 'Attempted path traversal: ' + |
|
322 | requestAddress.address + ':' + |
323 | address.address + ':' + |
|
323 | requestAddress.port + |
324 | address.port + |
|
324 | ' requesting: ' + |
325 | ' requesting: ' + |
|
325 | requestURL.pathname, |
326 | requestURL.pathname, |
|
326 | severity: 'warning' |
327 | severity: 'warning' |
|
327 | }); |
328 | }); |
|
328 | self.emit('done', { |
329 | self.emit('done', { |
|
Line 350... | Line 351... | |||
350 | }); |
351 | }); |
|
351 | // Requested location requires authentication. |
352 | // Requested location requires authentication. |
|
352 | authentication.check(request, response, (request, response) => { |
353 | authentication.check(request, response, (request, response) => { |
|
353 | self.emit('log', { |
354 | self.emit('log', { |
|
354 | message: 'Authenticated client: ' + |
355 | message: 'Authenticated client: ' + |
|
355 | requestAddress.address + ':' + |
356 | address.address + ':' + |
|
356 | requestAddress.port + |
357 | address.port + |
|
357 | ' accessing: ' + |
358 | ' accessing: ' + |
|
358 | requestURL.pathname, |
359 | requestURL.pathname, |
|
359 | severity: 'info' |
360 | severity: 'info' |
|
360 | }); |
361 | }); |
|
361 | process.nextTick(() => |
362 | process.nextTick(() => |
|
362 | serve(self, |
363 | serve(self, |
|
363 | config, |
364 | config, |
|
364 | requestPath, |
365 | requestPath, |
|
365 | requestURL.pathname, |
366 | requestURL.pathname, |
|
366 | requestAddress |
367 | address |
|
367 | ) |
368 | ) |
|
368 | ); |
369 | ); |
|
369 | }); |
370 | }); |
|
370 | return; |
371 | return; |
|
371 | } |
372 | } |
|
Line 372... | Line 373... | |||
372 | |
373 | |
|
373 | // If no authentication is required then serve the request. |
374 | // If no authentication is required then serve the request. |
|
374 | self.emit('log', { |
375 | self.emit('log', { |
|
375 | message: 'Client: ' + |
376 | message: 'Client: ' + |
|
376 | requestAddress.address + ':' + |
377 | address.address + ':' + |
|
377 | requestAddress.port + |
378 | address.port + |
|
378 | ' accessing: ' + |
379 | ' accessing: ' + |
|
379 | requestURL.pathname, |
380 | requestURL.pathname, |
|
380 | severity: 'info' |
381 | severity: 'info' |
|
381 | }); |
382 | }); |
|
382 | process.nextTick(() => |
383 | process.nextTick(() => |
|
383 | serve(self, |
384 | serve(self, |
|
384 | config, |
385 | config, |
|
385 | requestPath, |
386 | requestPath, |
|
386 | requestURL.pathname, |
387 | requestURL.pathname, |
|
387 | requestAddress |
388 | address |
|
388 | ) |
389 | ) |
|
389 | ); |
390 | ); |
|
390 | }); |
391 | }); |