X-Git-Url: http://git.squeep.com/?p=squeep-api-dingus;a=blobdiff_plain;f=lib%2Fdingus.js;h=84c1d14b6a38e4d9050e76eaf7095588f501196d;hp=343283974d7c723a6cbb8eb85fc3e3b942230fff;hb=93ad1b3d6b0fbe384f8f8fcd7c09d285060fa65f;hpb=842a9b1e5b62aa642a53269a8466fd1e021e4ff2

diff --git a/lib/dingus.js b/lib/dingus.js
index 3432839..84c1d14 100644
--- a/lib/dingus.js
+++ b/lib/dingus.js
@@ -27,6 +27,7 @@ const defaultOptions = {
   strictAccept: true,
   selfBaseUrl: '',
   staticMetadata: true,
+  staticPath: undefined, // no reasonable default
   trustProxy: true,
   querystring,
 };
@@ -494,6 +495,12 @@ class Dingus {
     const _scope = _fileScope('serveFile');
     this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
 
+    // Require a directory field.
+    if (!directory) {
+      this.logger.debug(_scope, 'rejected unset directory', { fileName });
+      return this.handlerNotFound(req, res, ctx);
+    }
+
     // Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
     fileName = path.normalize(fileName);