Ensure directories

author: Johannes Zellner <johannes@nebulon.de> 2015-06-27 16:07:25 +0200
committer: Johannes Zellner <johannes@nebulon.de> 2015-06-27 16:07:25 +0200
commit: eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa (patch)
tree: d28bf7ef5a13d521d2f6bb41ef72033a267e021f /src
parent: a7f450d7b80feb2c7125813aee56ee6519b33228 (diff)
download: Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.tar.gz
Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.tar.zst
Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.zip
1 files changed, 25 insertions, 18 deletions
diff --git a/src/files.js b/src/files.js
index 55e8978..3812d21 100644
--- a/src/files.js
+++ b/src/files.js
@@ -4,6 +4,7 @@ var fs = require('fs'),
    path = require('path'),
    ejs = require('ejs'),
    rimraf = require('rimraf'),
+    mkdirp = require('mkdirp'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -19,28 +20,33 @@ var FILE_BASE = path.resolve(__dirname, '../files');
 function copyFile(source, target, cb) {
    var cbCalled = false;
-    var rd = fs.createReadStream(source);
+    // ensure directory
-        rd.on("error", function(err) {
+    mkdirp(path.dirname(target), function (error) {
-        done(err);
+        if (error) return cb(error);
-    });
-    var wr = fs.createWriteStream(target);
+        var rd = fs.createReadStream(source);
-        wr.on("error", function(err) {
+            rd.on("error", function(err) {
-        done(err);
+            done(err);
-    });
+        });
-    wr.on("close", function(ex) {
+        var wr = fs.createWriteStream(target);
-        done();
+            wr.on("error", function(err) {
-    });
+            done(err);
+        });
-    rd.pipe(wr);
+        wr.on("close", function(ex) {
+            done();
+        });
+        rd.pipe(wr);
-    function done(err) {
+        function done(err) {
-        if (!cbCalled) {
+            if (!cbCalled) {
-            cb(err);
+                cb(err);
-            cbCalled = true;
+                cbCalled = true;
+            }
        }
-    }
+    });
 }
 function render(view, options) {
@@ -99,7 +105,8 @@ function put(req, res, next) {
 function del(req, res, next) {
    var filePath = req.params[0];
    var absoluteFilePath = getAbsolutePath(filePath);
-    if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));
+    if (!absoluteFilePath) return next(new HttpError(404, 'Not found'));
+    if (absoluteFilePath.slice(FILE_BASE.length) === '') return next(new HttpError(403, 'Forbidden'));
    fs.stat(absoluteFilePath, function (error, result) {
        if (error) return next(new HttpError(404, error));
author	Johannes Zellner <johannes@nebulon.de>	2015-06-27 16:07:25 +0200
committer	Johannes Zellner <johannes@nebulon.de>	2015-06-27 16:07:25 +0200
commit	eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa (patch)
tree	d28bf7ef5a13d521d2f6bb41ef72033a267e021f /src
parent	a7f450d7b80feb2c7125813aee56ee6519b33228 (diff)
download	Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.tar.gz Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.tar.zst Surfer-eaa621841f04c1dfcc5ce98edf357d5a0d8cedfa.zip

diff --git a/src/files.js b/src/files.js index 55e8978..3812d21 100644 --- a/src/files.js +++ b/src/files.js
@@ -4,6 +4,7 @@ var fs = require('fs'),
4	path = require('path'),	4	path = require('path'),
5	ejs = require('ejs'),	5	ejs = require('ejs'),
6	rimraf = require('rimraf'),	6	rimraf = require('rimraf'),
		7	mkdirp = require('mkdirp'),
7	HttpError = require('connect-lastmile').HttpError,	8	HttpError = require('connect-lastmile').HttpError,
8	HttpSuccess = require('connect-lastmile').HttpSuccess;	9	HttpSuccess = require('connect-lastmile').HttpSuccess;
9		10
@@ -19,28 +20,33 @@ var FILE_BASE = path.resolve(__dirname, '../files');
19	function copyFile(source, target, cb) {	20	function copyFile(source, target, cb) {
20	var cbCalled = false;	21	var cbCalled = false;
21		22
22	var rd = fs.createReadStream(source);	23	// ensure directory
23	rd.on("error", function(err) {	24	mkdirp(path.dirname(target), function (error) {
24	done(err);	25	if (error) return cb(error);
25	});
26		26
27	var wr = fs.createWriteStream(target);	27	var rd = fs.createReadStream(source);
28	wr.on("error", function(err) {	28	rd.on("error", function(err) {
29	done(err);	29	done(err);
30	});	30	});
31		31
32	wr.on("close", function(ex) {	32	var wr = fs.createWriteStream(target);
33	done();	33	wr.on("error", function(err) {
34	});	34	done(err);
		35	});
35		36
36	rd.pipe(wr);	37	wr.on("close", function(ex) {
		38	done();
		39	});
		40
		41	rd.pipe(wr);
37		42
38	function done(err) {	43	function done(err) {
39	if (!cbCalled) {	44	if (!cbCalled) {
40	cb(err);	45	cb(err);
41	cbCalled = true;	46	cbCalled = true;
		47	}
42	}	48	}
43	}	49	});
44	}	50	}
45		51
46	function render(view, options) {	52	function render(view, options) {
@@ -99,7 +105,8 @@ function put(req, res, next) {
99	function del(req, res, next) {	105	function del(req, res, next) {
100	var filePath = req.params[0];	106	var filePath = req.params[0];
101	var absoluteFilePath = getAbsolutePath(filePath);	107	var absoluteFilePath = getAbsolutePath(filePath);
102	if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));	108	if (!absoluteFilePath) return next(new HttpError(404, 'Not found'));
		109	if (absoluteFilePath.slice(FILE_BASE.length) === '') return next(new HttpError(403, 'Forbidden'));
103		110
104	fs.stat(absoluteFilePath, function (error, result) {	111	fs.stat(absoluteFilePath, function (error, result) {
105	if (error) return next(new HttpError(404, error));	112	if (error) return next(new HttpError(404, error));