projects
/
squeep-api-dingus
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
serveFile now requires a directory be specified
[squeep-api-dingus]
/
lib
/
dingus.js
diff --git
a/lib/dingus.js
b/lib/dingus.js
index 343283974d7c723a6cbb8eb85fc3e3b942230fff..84c1d14b6a38e4d9050e76eaf7095588f501196d 100644
(file)
--- a/
lib/dingus.js
+++ b/
lib/dingus.js
@@
-27,6
+27,7
@@
const defaultOptions = {
strictAccept: true,
selfBaseUrl: '',
staticMetadata: true,
strictAccept: true,
selfBaseUrl: '',
staticMetadata: true,
+ staticPath: undefined, // no reasonable default
trustProxy: true,
querystring,
};
trustProxy: true,
querystring,
};
@@
-494,6
+495,12
@@
class Dingus {
const _scope = _fileScope('serveFile');
this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
const _scope = _fileScope('serveFile');
this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+ // Require a directory field.
+ if (!directory) {
+ this.logger.debug(_scope, 'rejected unset directory', { fileName });
+ return this.handlerNotFound(req, res, ctx);
+ }
+
// Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
fileName = path.normalize(fileName);
// Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
fileName = path.normalize(fileName);