Skip to content
Permalink
Browse files Browse the repository at this point in the history
Return index.html for directory req's and prevent directory traversal…
… req's
  • Loading branch information
saxman committed Sep 2, 2014
1 parent 7bcc3c9 commit 34b8b0c
Showing 1 changed file with 20 additions and 3 deletions.
23 changes: 20 additions & 3 deletions http-server.js
@@ -1,5 +1,6 @@
var http = require('http');
var fs = require('fs');
var path = require('path');

fs.exists = fs.exists || require('path').exists;

Expand All @@ -17,7 +18,7 @@ var MIME_TYPE_JS = 'text/javascript';
var MIME_TYPE_CSS = 'text/css';

function log(code, string) {
//console.log('[' + code + '] ' + string);
// console.log('[' + code + '] ' + string);
}

var server = http.createServer(function(request, response) {
Expand All @@ -28,17 +29,33 @@ var server = http.createServer(function(request, response) {
filePath = filePath.substr(0, filePath.indexOf('?'));
}

filePath = '.' + filePath;
// Get the absolute path for the request
filePath = path.resolve('.' + filePath);

// Rejesct queries ouside of the server root
var serverPath = path.resolve('.');
if (filePath.indexOf(serverPath) != 0 ) {
log(403, filePath);
response.writeHeader(403);
response.end();

return;
}

fs.exists(filePath, function(exists) {
if (!exists) {
log(404, filePath)
log(404, filePath);
response.writeHead(404);
response.end();

return;
}

// Return index.html if directroy requested.
if (fs.statSync(filePath).isDirectory()) {
filePath += '/index.html';
}

var mimeType = '';
var fileType = -1;

Expand Down

0 comments on commit 34b8b0c

Please sign in to comment.