2024-04-17 21:29:15 +02:00
|
|
|
"use strict";
|
2021-01-21 21:06:52 +00:00
|
|
|
|
2024-04-17 21:29:15 +02:00
|
|
|
import { ArgsExpressType } from "../../types/ArgsExpressType";
|
2024-02-05 21:13:02 +01:00
|
|
|
|
2024-04-17 21:29:15 +02:00
|
|
|
const padManager = require("../../db/PadManager");
|
2012-02-24 23:38:37 +01:00
|
|
|
|
2024-04-17 21:29:15 +02:00
|
|
|
exports.expressCreateServer = (
|
|
|
|
|
hookName: string,
|
|
|
|
|
args: ArgsExpressType,
|
|
|
|
|
cb: Function,
|
|
|
|
|
) => {
|
|
|
|
|
// redirects browser to the pad's sanitized url if needed. otherwise, renders the html
|
|
|
|
|
args.app.param("pad", (req: any, res: any, next: Function, padId: string) => {
|
|
|
|
|
(async () => {
|
|
|
|
|
// ensure the padname is valid and the url doesn't end with a /
|
|
|
|
|
if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
|
|
|
|
|
res.status(404).send("Such a padname is forbidden");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-08-29 01:38:55 +02:00
|
|
|
|
2024-04-17 21:29:15 +02:00
|
|
|
const sanitizedPadId = await padManager.sanitizePadId(padId);
|
2019-01-23 16:36:28 +00:00
|
|
|
|
2024-04-17 21:29:15 +02:00
|
|
|
if (sanitizedPadId === padId) {
|
|
|
|
|
// the pad id was fine, so just render it
|
|
|
|
|
next();
|
|
|
|
|
} else {
|
|
|
|
|
// the pad id was sanitized, so we redirect to the sanitized version
|
|
|
|
|
const realURL =
|
|
|
|
|
encodeURIComponent(sanitizedPadId) +
|
|
|
|
|
new URL(req.url, "http://invalid.invalid").search;
|
|
|
|
|
res.header("Location", realURL);
|
|
|
|
|
res
|
|
|
|
|
.status(302)
|
|
|
|
|
.send(
|
|
|
|
|
`You should be redirected to <a href="${realURL}">${realURL}</a>`,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
})().catch((err) => next(err || new Error(err)));
|
|
|
|
|
});
|
|
|
|
|
return cb();
|
2020-11-23 13:24:19 -05:00
|
|
|
};
|
