mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 06:37:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

factored out static serve and pad name check combinators

Browse source
This commit is contained in:
Montana Scott Rowe 2012-01-19 09:46:06 -06:00
parent fcb3b11c0e
commit 08040e7444
1 changed files with 34 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

70
node/server.js
View file

@ -112,12 +112,33 @@ function padAccessCombinator(securityManager, req, res, callback, errorback){
)*/ )*/
} }
function getStatic(req, res){ function getStatic(req, res){
res.header("Server", serverName); res.header("Server", serverName);
var filePath = path.normalize( var filePath = path.normalize(
__dirname + "/.." + __dirname + "/.." +
req.url.replace(/\.\./g, '').split("?")[0] req.url.replace(/\.\./g, '').split("?")[0]
); );
res.sendfile(filePath, { maxAge: exports.maxAge }); res.sendfile(filePath, { maxAge: exports.maxAge });
}
function getMinified(req, res, next)
{
res.header("Server", serverName);
var id = req.params.id;
if(id == "pad.js" || id == "timeslider.js")
{
minify.minifyJS(req,res,id);
}
else
{
next();
}
}
function checkPadName(padManager, req, res, callback){
//ensure the padname is valid and the url doesn't end with a /
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url))
return res.send("Such a padname is forbidden", 404);
return callback();
} }
async.waterfall([ async.waterfall([
//initalize the database //initalize the database
@ -159,30 +180,10 @@ async.waterfall([
}); });
//serve static files //serve static files
app.get('/static/*', function(req, res) app.get('/static/*', getStatic);
{
res.header("Server", serverName);
var filePath = path.normalize(__dirname + "/.." +
req.url.replace(/\.\./g, '').split("?")[0]);
res.sendfile(filePath, { maxAge: exports.maxAge });
});
//serve minified files //serve minified files
app.get('/minified/:id', function(req, res, next) app.get('/minified/:id', getMinified);
{
res.header("Server", serverName);
var id = req.params.id;
if(id == "pad.js" || id == "timeslider.js")
{
minify.minifyJS(req,res,id);
}
else
{
next();
}
});
//checks for padAccess //checks for padAccess
function hasPadAccess(req, res, callback) function hasPadAccess(req, res, callback)
@ -294,13 +295,9 @@ async.waterfall([
//redirects browser to the pad's sanitized url if needed. otherwise, renders the html //redirects browser to the pad's sanitized url if needed. otherwise, renders the html
function goToPad(req, res, render) { function goToPad(req, res, render) {
//ensure the padname is valid and the url doesn't end with a / return checkPadName(
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url)) padManager, req, res,
{ function callback(){
res.send('Such a padname is forbidden', 404);
}
else
{
padManager.sanitizePadId(req.params.pad, function(padId) { padManager.sanitizePadId(req.params.pad, function(padId) {
//the pad id was sanitized, so we redirect to the sanitized version //the pad id was sanitized, so we redirect to the sanitized version
if(padId != req.params.pad) if(padId != req.params.pad)
@ -315,7 +312,8 @@ async.waterfall([
render(); render();
} }
}); });
} }
);
} }
//serve pad.html under /p //serve pad.html under /p