projects / squeep-api-dingus / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
serveFile now requires a directory be specified
[squeep-api-dingus] / lib / dingus.js
diff --git a/lib/dingus.js b/lib/dingus.js
index 343283974d7c723a6cbb8eb85fc3e3b942230fff..84c1d14b6a38e4d9050e76eaf7095588f501196d 100644 (file)
--- a/lib/dingus.js
+++ b/lib/dingus.js
@@ -27,6 +27,7 @@ const defaultOptions = {
   strictAccept: true,
   selfBaseUrl: '',
   staticMetadata: true,
+  staticPath: undefined, // no reasonable default
   trustProxy: true,
   querystring,
 };
@@ -494,6 +495,12 @@ class Dingus {
     const _scope = _fileScope('serveFile');
     this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
 
+    // Require a directory field.
+    if (!directory) {
+      this.logger.debug(_scope, 'rejected unset directory', { fileName });
+      return this.handlerNotFound(req, res, ctx);
+    }
+
     // Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
     fileName = path.normalize(fileName);
 
@squeep/api-dingus nodejs module - an in-house minimal API server framework