strictAccept: true,
selfBaseUrl: '',
staticMetadata: true,
+ staticPath: undefined, // no reasonable default
trustProxy: true,
querystring,
};
const _scope = _fileScope('serveFile');
this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+ // Require a directory field.
+ if (!directory) {
+ this.logger.debug(_scope, 'rejected unset directory', { fileName });
+ return this.handlerNotFound(req, res, ctx);
+ }
+
// Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
fileName = path.normalize(fileName);
size: 8,
blocks: 17,
atimeMs: 1613253436842.815,
- mtimeMs: 1603485933192.8610,
- ctimeMs: 1603485933192.8610,
+ mtimeMs: 1603485933192.861,
+ ctimeMs: 1603485933192.861,
birthtimeMs: 0,
atime: '2021-02-13T21:57:16.843Z',
mtime: '2020-10-23T13:45:33.193Z',
await dingus.serveFile(req, res, ctx, directory, fileName);
assert(dingus.handlerNotFound.called);
});
+ it('requires directory be specified', async function () {
+ await dingus.serveFile(req, res, ctx, '', fileName);
+ assert(!fs.promises.readFile.called);
+ assert(dingus.handlerNotFound.called);
+ });
it('covers fs error', async function () {
const expectedException = new Error('blah');
fs.promises.stat.restore();
projects / squeep-api-dingus / commitdiff