Ensure directories

diff --git a/app.js b/app.js
index a985db769ba2c5fd68f945d595df6a0eae17e29b..196473f85b566a8e81e04a7eedcbcefe95caba02 100755 (executable)
--- a/app.js
+++ b/app.js
@@ -22,6 +22,7 @@ router.delete('/api/files/*', files.del);
 app.use(morgan('dev'));
 app.use(compression());
 app.use(bodyParser.json());
+app.use(express.static(__dirname + '/files'));
 app.use(router);
 app.use(lastMile());
 

diff --git a/package.json b/package.json
index cf08457ac5e79f94f5654850ca0c7365df7c27e9..e5eb25d916d06abbebbb5978fc0d0cf881f4c032 100644 (file)
--- a/package.json
+++ b/package.json
@@ -14,13 +14,16 @@
   "license": "MIT",
   "dependencies": {
     "body-parser": "^1.13.1",
+    "commander": "^2.8.1",
     "compression": "^1.5.0",
     "connect-lastmile": "0.0.10",
     "connect-timeout": "^1.6.2",
     "ejs": "^2.3.1",
     "express": "^4.12.4",
+    "mkdirp": "^0.5.1",
     "morgan": "^1.6.0",
     "multiparty": "^4.1.2",
-    "rimraf": "^2.4.0"
+    "rimraf": "^2.4.0",
+    "superagent": "^1.2.0"
   }
 }

diff --git a/src/files.js b/src/files.js
index 55e8978ac59908b78a5ffbac2ea2b40e7b76f69c..3812d21d063327cbeb726d1f26eeacc1c6794e32 100644 (file)
--- a/src/files.js
+++ b/src/files.js
@@ -4,6 +4,7 @@ var fs = require('fs'),
     path = require('path'),
     ejs = require('ejs'),
     rimraf = require('rimraf'),
+    mkdirp = require('mkdirp'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
@@ -19,28 +20,33 @@ var FILE_BASE = path.resolve(__dirname, '../files');
 function copyFile(source, target, cb) {
     var cbCalled = false;
 
-    var rd = fs.createReadStream(source);
-        rd.on("error", function(err) {
-        done(err);
-    });
+    // ensure directory
+    mkdirp(path.dirname(target), function (error) {
+        if (error) return cb(error);
 
-    var wr = fs.createWriteStream(target);
-        wr.on("error", function(err) {
-        done(err);
-    });
+        var rd = fs.createReadStream(source);
+            rd.on("error", function(err) {
+            done(err);
+        });
 
-    wr.on("close", function(ex) {
-        done();
-    });
+        var wr = fs.createWriteStream(target);
+            wr.on("error", function(err) {
+            done(err);
+        });
 
-    rd.pipe(wr);
+        wr.on("close", function(ex) {
+            done();
+        });
+
+        rd.pipe(wr);
 
-    function done(err) {
-        if (!cbCalled) {
-            cb(err);
-            cbCalled = true;
+        function done(err) {
+            if (!cbCalled) {
+                cb(err);
+                cbCalled = true;
+            }
         }
-    }
+    });
 }
 
 function render(view, options) {
@@ -99,7 +105,8 @@ function put(req, res, next) {
 function del(req, res, next) {
     var filePath = req.params[0];
     var absoluteFilePath = getAbsolutePath(filePath);
-    if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));
+    if (!absoluteFilePath) return next(new HttpError(404, 'Not found'));
+    if (absoluteFilePath.slice(FILE_BASE.length) === '') return next(new HttpError(403, 'Forbidden'));
 
     fs.stat(absoluteFilePath, function (error, result) {
         if (error) return next(new HttpError(404, error));