X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2Ffiles.js;h=48f91a816574808cea9939c2ee4006cb5354066d;hb=8c3ae0719e1f7d266ee04d86e7e1c3756745d372;hp=55e8978ac59908b78a5ffbac2ea2b40e7b76f69c;hpb=a7f450d7b80feb2c7125813aee56ee6519b33228;p=perso%2FImmae%2FProjets%2FNodejs%2FSurfer.git diff --git a/src/files.js b/src/files.js index 55e8978..48f91a8 100644 --- a/src/files.js +++ b/src/files.js @@ -4,43 +4,54 @@ var fs = require('fs'), path = require('path'), ejs = require('ejs'), rimraf = require('rimraf'), + debug = require('debug')('files'), + mkdirp = require('mkdirp'), HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess; -exports = module.exports = { - get: get, - put: put, - del: del -}; +var gBasePath; + +exports = module.exports = function (basePath) { + gBasePath = basePath; -var FILE_BASE = path.resolve(__dirname, '../files'); + return { + get: get, + put: put, + del: del + }; +}; // http://stackoverflow.com/questions/11293857/fastest-way-to-copy-file-in-node-js function copyFile(source, target, cb) { var cbCalled = false; - var rd = fs.createReadStream(source); - rd.on("error", function(err) { - done(err); - }); + // ensure directory + mkdirp(path.dirname(target), function (error) { + if (error) return cb(error); - var wr = fs.createWriteStream(target); - wr.on("error", function(err) { - done(err); - }); + var rd = fs.createReadStream(source); + rd.on("error", function(err) { + done(err); + }); - wr.on("close", function(ex) { - done(); - }); + var wr = fs.createWriteStream(target); + wr.on("error", function(err) { + done(err); + }); + + wr.on("close", function(ex) { + done(); + }); - rd.pipe(wr); + rd.pipe(wr); - function done(err) { - if (!cbCalled) { - cb(err); - cbCalled = true; + function done(err) { + if (!cbCalled) { + cb(err); + cbCalled = true; + } } - } + }); } function render(view, options) { @@ -48,9 +59,9 @@ function render(view, options) { } function getAbsolutePath(filePath) { - var absoluteFilePath = path.resolve(FILE_BASE, filePath); + var absoluteFilePath = path.resolve(gBasePath, filePath); - if (absoluteFilePath.indexOf(FILE_BASE) !== 0) return null; + if (absoluteFilePath.indexOf(gBasePath) !== 0) return null; return absoluteFilePath; } @@ -62,7 +73,7 @@ function get(req, res, next) { fs.stat(absoluteFilePath, function (error, result) { if (error) return next(new HttpError(404, error)); - console.log('get', absoluteFilePath); + debug('get', absoluteFilePath); if (result.isFile()) return res.sendfile(absoluteFilePath); if (result.isDirectory()) return res.status(200).send({ entries: fs.readdirSync(absoluteFilePath) }); @@ -82,7 +93,7 @@ function put(req, res, next) { fs.stat(absoluteFilePath, function (error, result) { if (error && error.code !== 'ENOENT') return next(new HttpError(500, error)); - console.log('put', absoluteFilePath, req.files.file); + debug('put', absoluteFilePath, req.files.file); if (result && result.isDirectory()) return next(new HttpError(409, 'cannot put on directories')); if (!result || result.isFile()) { @@ -99,7 +110,8 @@ function put(req, res, next) { function del(req, res, next) { var filePath = req.params[0]; var absoluteFilePath = getAbsolutePath(filePath); - if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed')); + if (!absoluteFilePath) return next(new HttpError(404, 'Not found')); + if (absoluteFilePath.slice(gBasePath.length) === '') return next(new HttpError(403, 'Forbidden')); fs.stat(absoluteFilePath, function (error, result) { if (error) return next(new HttpError(404, error));