aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xapp.js1
-rw-r--r--package.json5
-rw-r--r--src/files.js43
3 files changed, 30 insertions, 19 deletions
diff --git a/app.js b/app.js
index a985db7..196473f 100755
--- a/app.js
+++ b/app.js
@@ -22,6 +22,7 @@ router.delete('/api/files/*', files.del);
22app.use(morgan('dev')); 22app.use(morgan('dev'));
23app.use(compression()); 23app.use(compression());
24app.use(bodyParser.json()); 24app.use(bodyParser.json());
25app.use(express.static(__dirname + '/files'));
25app.use(router); 26app.use(router);
26app.use(lastMile()); 27app.use(lastMile());
27 28
diff --git a/package.json b/package.json
index cf08457..e5eb25d 100644
--- a/package.json
+++ b/package.json
@@ -14,13 +14,16 @@
14 "license": "MIT", 14 "license": "MIT",
15 "dependencies": { 15 "dependencies": {
16 "body-parser": "^1.13.1", 16 "body-parser": "^1.13.1",
17 "commander": "^2.8.1",
17 "compression": "^1.5.0", 18 "compression": "^1.5.0",
18 "connect-lastmile": "0.0.10", 19 "connect-lastmile": "0.0.10",
19 "connect-timeout": "^1.6.2", 20 "connect-timeout": "^1.6.2",
20 "ejs": "^2.3.1", 21 "ejs": "^2.3.1",
21 "express": "^4.12.4", 22 "express": "^4.12.4",
23 "mkdirp": "^0.5.1",
22 "morgan": "^1.6.0", 24 "morgan": "^1.6.0",
23 "multiparty": "^4.1.2", 25 "multiparty": "^4.1.2",
24 "rimraf": "^2.4.0" 26 "rimraf": "^2.4.0",
27 "superagent": "^1.2.0"
25 } 28 }
26} 29}
diff --git a/src/files.js b/src/files.js
index 55e8978..3812d21 100644
--- a/src/files.js
+++ b/src/files.js
@@ -4,6 +4,7 @@ var fs = require('fs'),
4 path = require('path'), 4 path = require('path'),
5 ejs = require('ejs'), 5 ejs = require('ejs'),
6 rimraf = require('rimraf'), 6 rimraf = require('rimraf'),
7 mkdirp = require('mkdirp'),
7 HttpError = require('connect-lastmile').HttpError, 8 HttpError = require('connect-lastmile').HttpError,
8 HttpSuccess = require('connect-lastmile').HttpSuccess; 9 HttpSuccess = require('connect-lastmile').HttpSuccess;
9 10
@@ -19,28 +20,33 @@ var FILE_BASE = path.resolve(__dirname, '../files');
19function copyFile(source, target, cb) { 20function copyFile(source, target, cb) {
20 var cbCalled = false; 21 var cbCalled = false;
21 22
22 var rd = fs.createReadStream(source); 23 // ensure directory
23 rd.on("error", function(err) { 24 mkdirp(path.dirname(target), function (error) {
24 done(err); 25 if (error) return cb(error);
25 });
26 26
27 var wr = fs.createWriteStream(target); 27 var rd = fs.createReadStream(source);
28 wr.on("error", function(err) { 28 rd.on("error", function(err) {
29 done(err); 29 done(err);
30 }); 30 });
31 31
32 wr.on("close", function(ex) { 32 var wr = fs.createWriteStream(target);
33 done(); 33 wr.on("error", function(err) {
34 }); 34 done(err);
35 });
35 36
36 rd.pipe(wr); 37 wr.on("close", function(ex) {
38 done();
39 });
40
41 rd.pipe(wr);
37 42
38 function done(err) { 43 function done(err) {
39 if (!cbCalled) { 44 if (!cbCalled) {
40 cb(err); 45 cb(err);
41 cbCalled = true; 46 cbCalled = true;
47 }
42 } 48 }
43 } 49 });
44} 50}
45 51
46function render(view, options) { 52function render(view, options) {
@@ -99,7 +105,8 @@ function put(req, res, next) {
99function del(req, res, next) { 105function del(req, res, next) {
100 var filePath = req.params[0]; 106 var filePath = req.params[0];
101 var absoluteFilePath = getAbsolutePath(filePath); 107 var absoluteFilePath = getAbsolutePath(filePath);
102 if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed')); 108 if (!absoluteFilePath) return next(new HttpError(404, 'Not found'));
109 if (absoluteFilePath.slice(FILE_BASE.length) === '') return next(new HttpError(403, 'Forbidden'));
103 110
104 fs.stat(absoluteFilePath, function (error, result) { 111 fs.stat(absoluteFilePath, function (error, result) {
105 if (error) return next(new HttpError(404, error)); 112 if (error) return next(new HttpError(404, error));
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 08:03:49 +0000