etherpad-lite/src/node/hooks/express/padurlsanitize.ts

'use strict';

import {ArgsExpressType} from "../../types/ArgsExpressType";

const padManager = require('../../db/PadManager');

exports.expressCreateServer = (hookName:string, args:ArgsExpressType, cb:Function) => {
  // redirects browser to the pad's sanitized url if needed. otherwise, renders the html
  args.app.param('pad', (req:any, res:any, next:Function, padId:string) => {
    (async () => {
      // ensure the padname is valid and the url doesn't end with a /
      if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
        res.status(404).send('Such a padname is forbidden');
        return;
      }

      const sanitizedPadId = await padManager.sanitizePadId(padId);

      if (sanitizedPadId === padId) {
        // the pad id was fine, so just render it
        next();
      } else {
        // the pad id was sanitized, so we redirect to the sanitized version
        const realURL =
            encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
        res.header('Location', realURL);
        res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
      }
    })().catch((err) => next(err || new Error(err)));
  });
  return cb();
};
lint: src/node/hooks/express/padurlsanitize.js 2021-01-21 21:06:52 +00:00			`'use strict';`

Added typescript to etherpad * Fixed determining file extension. * Added ts-node * Fixed backend tests. * Fixed frontend test runs. * Fixed tests. * Use script approach for starting etherpad. * Change directory to src. * Fixed env. * Change directory * Fixed build arg. * Fixed docker build. * Fixed. * Fixed cypress file path. * Fixed. * Use latest node container. * Fixed windows workflow. * Use tsx and optimized docker image. * Added workflow for type checks. * Fixed. * Added tsconfig. * Converted more files to typescript. * Removed commented keys. * Typed caching middleware. * Added script for checking the types. * Moved SecretRotator to typescript. * Fixed npm installation and moved to types folder. * Use better scripts for watching typescript changes. * Update windows.yml * Fixed order of npm installation. * Converted i18n. * Added more types. * Added more types. * Fixed import. * Fixed tests. * Fixed tests. * Fixed type checking test. * Fixed stats * Added express types. * fixed. 2024-02-05 21:13:02 +01:00			`import {ArgsExpressType} from "../../types/ArgsExpressType";`

lint: Run `eslint --fix` on `src/` 2020-11-23 13:24:19 -05:00			`const padManager = require('../../db/PadManager');`
Bugfix for not loading plugins until after db, plus moved padursanitize into own module 2012-02-24 23:38:37 +01:00
Added typescript to etherpad * Fixed determining file extension. * Added ts-node * Fixed backend tests. * Fixed frontend test runs. * Fixed tests. * Use script approach for starting etherpad. * Change directory to src. * Fixed env. * Change directory * Fixed build arg. * Fixed docker build. * Fixed. * Fixed cypress file path. * Fixed. * Use latest node container. * Fixed windows workflow. * Use tsx and optimized docker image. * Added workflow for type checks. * Fixed. * Added tsconfig. * Converted more files to typescript. * Removed commented keys. * Typed caching middleware. * Added script for checking the types. * Moved SecretRotator to typescript. * Fixed npm installation and moved to types folder. * Use better scripts for watching typescript changes. * Update windows.yml * Fixed order of npm installation. * Converted i18n. * Added more types. * Added more types. * Fixed import. * Fixed tests. * Fixed tests. * Fixed type checking test. * Fixed stats * Added express types. * fixed. 2024-02-05 21:13:02 +01:00			`exports.expressCreateServer = (hookName:string, args:ArgsExpressType, cb:Function) => {`
prepare to async: trivial reformatting This change is only cosmetic. Its aim is do make it easier to understand the async changes that are going to be merged later on. It was extracted from the original work from Ray Bellis. To verify that nothing has changed, you can run the following command on each file touched by this commit: npm install uglify-es diff --unified <(uglify-js --beautify bracketize <BEFORE.js>) <(uglify-js --beautify bracketize <AFTER.js>) This is a complete script that does the same automatically (works from a mercurial clone): ```bash #!/usr/bin/env bash set -eu REVISION=<THIS_REVISION> PARENT_REV=$(hg identify --rev "${REVISION}" --template '{p1rev}') FILE_LIST=$(hg status --no-status --change ${REVISION}) UGLIFYJS="node_modules/uglify-es/bin/uglifyjs" for FILE_NAME in ${FILE_LIST[@]}; do echo "Checking ${FILE_NAME}" diff --unified \ <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${PARENT_REV}" "${FILE_NAME}")) \ <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${REVISION}" "${FILE_NAME}")) done ``` 2019-02-08 23:20:57 +01:00			`// redirects browser to the pad's sanitized url if needed. otherwise, renders the html`
Added typescript to etherpad * Fixed determining file extension. * Added ts-node * Fixed backend tests. * Fixed frontend test runs. * Fixed tests. * Use script approach for starting etherpad. * Change directory to src. * Fixed env. * Change directory * Fixed build arg. * Fixed docker build. * Fixed. * Fixed cypress file path. * Fixed. * Use latest node container. * Fixed windows workflow. * Use tsx and optimized docker image. * Added workflow for type checks. * Fixed. * Added tsconfig. * Converted more files to typescript. * Removed commented keys. * Typed caching middleware. * Added script for checking the types. * Moved SecretRotator to typescript. * Fixed npm installation and moved to types folder. * Use better scripts for watching typescript changes. * Update windows.yml * Fixed order of npm installation. * Converted i18n. * Added more types. * Added more types. * Fixed import. * Fixed tests. * Fixed tests. * Fixed type checking test. * Fixed stats * Added express types. * fixed. 2024-02-05 21:13:02 +01:00			`args.app.param('pad', (req:any, res:any, next:Function, padId:string) => {`
padurlsanitize: Don't crash if `sanitizePadId()` throws Let Express send a 500 status code to the user instead. Co-authored-by: Richard Hansen <rhansen@rhansen.org> 2021-07-05 06:12:02 +02:00			`(async () => {`
			`// ensure the padname is valid and the url doesn't end with a /`
			`if (!padManager.isValidPadId(padId) \|\| /\/$/.test(req.url)) {`
			`res.status(404).send('Such a padname is forbidden');`
			`return;`
			`}`
padurlsanitize: early return, no functional changes 2018-08-29 01:38:55 +02:00
padurlsanitize: Don't crash if `sanitizePadId()` throws Let Express send a 500 status code to the user instead. Co-authored-by: Richard Hansen <rhansen@rhansen.org> 2021-07-05 06:12:02 +02:00			`const sanitizedPadId = await padManager.sanitizePadId(padId);`
padurlsanitize.js: rewritten to consume promises 2019-01-23 16:36:28 +00:00
padurlsanitize: Don't crash if `sanitizePadId()` throws Let Express send a 500 status code to the user instead. Co-authored-by: Richard Hansen <rhansen@rhansen.org> 2021-07-05 06:12:02 +02:00			`if (sanitizedPadId === padId) {`
			`// the pad id was fine, so just render it`
			`next();`
			`} else {`
			`// the pad id was sanitized, so we redirect to the sanitized version`
			`const realURL =`
			`encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;`
			`res.header('Location', realURL);`
			res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
			`}`
			`})().catch((err) => next(err \|\| new Error(err)));`
Bugfix for not loading plugins until after db, plus moved padursanitize into own module 2012-02-24 23:38:37 +01:00			`});`
hooks: Call the callback when done If a hook function neither calls the callback nor returns a (non-undefined) value then there's no way for the hook system to know if/when the hook function has finished. 2020-10-10 22:51:26 -04:00			`return cb();`
lint: Run `eslint --fix` on `src/` 2020-11-23 13:24:19 -05:00			`};`