-
Notifications
You must be signed in to change notification settings - Fork 86
Expand file tree
/
Copy pathfs.js
More file actions
128 lines (111 loc) · 3.48 KB
/
fs.js
File metadata and controls
128 lines (111 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/**
* Copyright 2015 Google Inc. All Rights Reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file or at
* https://github.com/firebase/superstatic/blob/master/LICENSE
*/
'use strict';
var crypto = require('crypto');
var fs = require('fs');
var pathjoin = require('join-path');
var RSVP = require('rsvp');
var _ = require('lodash');
var statPromise = RSVP.denodeify(fs.lstat);
var multiStat = function(paths) {
var pathname = paths.shift();
return statPromise(pathname).then(function(stat) {
stat.isSymb = stat.isSymbolicLink();
stat.path = pathname;
return stat;
}, function(err) {
if (paths.length) {
return multiStat(paths);
}
return RSVP.reject(err);
});
};
var symlinkPath = function(requestedpath, fullpath) {
var dirs = requestedpath.split('/');
if( dirs.length < 2) return false;
var basepath = fullpath.replace(new RegExp(requestedpath+"$"),"");
var testpath = basepath;
for( var i = 1; i < dirs.length-1; i++ ){
testpath = pathjoin(testpath, dirs[i]);
var stat = fs.lstatSync(testpath);
if( stat.isSymbolicLink() ){
return true;
}
}
};
module.exports = function(options) {
var etagCache = {};
var cwd = options.cwd || process.cwd();
var publicPaths = options.public || ['.'];
var symlink = options.symlink;
if (!_.isArray(publicPaths)) {
publicPaths = [publicPaths];
}
function _fetchEtag(pathname, stat) {
return new RSVP.Promise(function(resolve, reject) {
var cached = etagCache[pathname];
if (cached && cached.timestamp === stat.mtime) {
return resolve(cached.value);
}
// the file you want to get the hash
var fd = fs.createReadStream(pathname);
var hash = crypto.createHash('md5');
hash.setEncoding('hex');
fd.on('error', function(err) {
reject(err);
});
fd.on('end', function() {
hash.end();
var etag = hash.read();
etagCache[pathname] = {
timestamp: stat.mtime,
value: etag
};
resolve(etag);
});
// read all file and pipe it (write it) to the hash object
return fd.pipe(hash);
});
}
return function(req, pathname) {
pathname = decodeURI(pathname);
// jumping to parent directories is not allowed
if (pathname.indexOf('../') >= 0 || pathname.indexOf('..\\') >= 0 || pathname.toLowerCase().indexOf('..%5c') >= 0) {
return RSVP.resolve(null);
}
var result = {};
var foundPath;
var fullPathnames = publicPaths.map(function(p) {
return pathjoin(cwd, p, pathname);
});
return multiStat(fullPathnames).then(function(stat) {
result.modified = stat.mtime.getTime();
if (!symlink) {
// Symlinks removed by default
if(stat.isSymb) {
return RSVP.reject({code: 'EINVAL'});
}
// If file is not symlink verify its not accessed by symlinked directory
if(symlinkPath(pathname, stat.path)) {
return RSVP.reject({code: 'EINVAL'});
}
}
foundPath = stat.path;
result.size = fs.statSync(foundPath).size;
return _fetchEtag(stat.path, stat);
}).then(function(etag) {
result.etag = etag;
result.stream = fs.createReadStream(foundPath);
return result;
}).catch(function(err) {
if (err.code === 'ENOENT' || err.code === 'ENOTDIR' || err.code === 'EISDIR' || err.code === 'EINVAL') {
return null;
}
return RSVP.reject(err);
});
};
};