Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: fix limitation of a file path
  • Loading branch information
andrepolischuk committed Jan 24, 2023
1 parent a1779b0 commit f7cae5d
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 5 deletions.
Empty file added fixture/private/index.js
Empty file.
Empty file.
Empty file added fixture/public/index.js
Empty file.
2 changes: 1 addition & 1 deletion index.js
Expand Up @@ -6,7 +6,7 @@ var mime = require('mime');

module.exports = function(root) {
if (typeof root !== 'string') return;
root = path.normalize(root);
root = path.normalize(root + '/');

return function(req, res, fn) {
if (!/^(GET|HEAD)$/.test(req.method)) return fn();
Expand Down
55 changes: 51 additions & 4 deletions test.js
Expand Up @@ -3,7 +3,7 @@ var test = require('ava');
var http = require('http');
var request = require('supertest');
var servst = require('./');
var statics = servst(__dirname);
var statics = servst(__dirname + '/fixture/public');

var app = http.createServer(function (req, res) {
statics(req, res, function (err) {
Expand All @@ -29,9 +29,32 @@ test.cb('return 200 for GET /', function (t) {
});
});

test.cb('return 200 for GET /test.js', function (t) {
test.cb('return 200 for GET /index.js', function (t) {
request(app)
.get('/index.js')
.expect(200)
.expect('Content-Type', /javascript/)
.end(function (err) {
t.ifError(err);
t.end();
});
});

test.cb('return 404 for GET /test.js', function (t) {
request(app)
.get('/test.js')
.expect(404)
.expect('Content-Type', /text/)
.expect('Not found')
.end(function (err) {
t.ifError(err);
t.end();
});
});

test.cb('return 200 for GET relative /public/index.js', function (t) {
request(app)
.get('/../public/index.js')
.expect(200)
.expect('Content-Type', /javascript/)
.end(function (err) {
Expand All @@ -40,9 +63,33 @@ test.cb('return 200 for GET /test.js', function (t) {
});
});

test.cb('return 404 GET /test2.js', function (t) {
test.cb('return 404 for GET relative /public/test.js', function (t) {
request(app)
.get('/../public/test.js')
.expect(404)
.expect('Content-Type', /text/)
.expect('Not found')
.end(function (err) {
t.ifError(err);
t.end();
});
});

test.cb('return 404 for GET relative /private/index.js', function (t) {
request(app)
.get('/../private/index.js')
.expect(404)
.expect('Content-Type', /text/)
.expect('Not found')
.end(function (err) {
t.ifError(err);
t.end();
});
});

test.cb('return 404 for GET relative /public-isprivate/index.js', function (t) {
request(app)
.get('/test2.js')
.get('/../public-isprivate/index.js')
.expect(404)
.expect('Content-Type', /text/)
.expect('Not found')
Expand Down

0 comments on commit f7cae5d

Please sign in to comment.