Skip to content

Commit

Permalink
Merge pull request #158 from terreng/bug-fixes
Browse files Browse the repository at this point in the history 
Add wildcard ability for htaccess filename checking
  • Loading branch information
@terreng
terreng authored Sep 4, 2023
2 parents bc72905 + e62e5df commit 0dc8d2d
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 33 deletions.
73 changes: 40 additions & 33 deletions WSC/handlers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,19 +241,21 @@ class DirectoryEntryHandler {
this.htaccessError('Missing Request Path');
return;
}
if (origdata[i].type === 403 && origdata[i].request_path === filerequested) {
const equalsRequestPath = WSC.utils.isExpectedFile(filerequested.trim(), origdata[i].request_path.trim());
if (!equalsRequestPath) continue;
if (origdata[i].type === 403) {
this.error('', 403);
return;
}
if (origdata[i].request_path === filerequested && ['serverSideJavaScript', 'POSTkey'].includes(origdata[i].type)) {
if (['serverSideJavaScript', 'POSTkey'].includes(origdata[i].type)) {
this.error('', 400);
return;
}
if (origdata[i].type === 401 && !auth && ['all files', filerequested].includes(origdata[i].request_path)) {
if (origdata[i].type === 401 && !auth) {
authdata = origdata[i];
auth = true;
}
if ([filerequested, 'all files'].includes(origdata[i].request_path) && [allow, deny].includes(origdata[i].type) && !filefound) {
if ([allow, deny].includes(origdata[i].type) && !filefound) {
data = origdata[i];
filefound = true;
}
Expand Down Expand Up @@ -387,11 +389,12 @@ class DirectoryEntryHandler {
origdata[i].original_request_path = origdata[i].request_path;
origdata[i].filerequested = filerequested;
origdata[i].request_path = WSC.utils.htaccessFileRequested(origdata[i].request_path, this.opts.showIndex);
if (origdata[i].type === 401 && !auth && [filerequested, 'all files'].includes(origdata[i].request_path)) {
const equalsRequestPath = WSC.utils.isExpectedFile(filerequested.trim(), origdata[i].request_path.trim());
if (origdata[i].type === 401 && !auth && equalsRequestPath) {
authdata = origdata[i];
auth = true;
}
if (origdata[i].type === 403 && origdata[i].request_path === filerequested) {
if (origdata[i].type === 403 && equalsRequestPath) {
this.error('', 403);
return;
}
Expand Down Expand Up @@ -488,7 +491,7 @@ class DirectoryEntryHandler {
}
if (this.opts.excludeDotHtml && !this.request.origpath.endsWith("/") && this.request.path !== '') {
const extension = this.request.path.split('.').pop();
const more = this.request.uri.substring(0, this.request.path.origpath);
const more = this.request.uri.substring(this.request.origpath.length);
if (['htm', 'html'].includes(extension)) {
const path = this.request.path;
let newpath;
Expand Down Expand Up @@ -615,8 +618,8 @@ class DirectoryEntryHandler {
}
}
htaccessMain(filerequested) {
const finalpath = WSC.utils.stripOffFile(this.request.origpath);
const file = this.fs.getByPath(finalpath+this.htaccessName);
const htaccessPath = WSC.utils.stripOffFile(this.request.origpath)+this.htaccessName;
const file = this.fs.getByPath(htaccessPath);
if (file.error || !file.isFile) {
this.onEntryMain();
return;
Expand All @@ -629,7 +632,7 @@ class DirectoryEntryHandler {
throw new Error('Not An Array');
}
} catch(e) {
console.error('Config Error', finalpath+this.htaccessName, e);
console.error('Config Error', htaccessPath, e);
this.error('', 500);
this.finish();
return;
Expand Down Expand Up @@ -658,24 +661,29 @@ class DirectoryEntryHandler {
origdata[i].original_request_path = origdata[i].request_path;
origdata[i].filerequested = filerequested;
origdata[i].request_path = WSC.utils.htaccessFileRequested(origdata[i].request_path, this.opts.showIndex);
if (origdata[i].type === 401 && !auth && [filerequested, 'all files'].includes(origdata[i].request_path) && !this.request.isVersioning) {

const equalsRequestPath = WSC.utils.isExpectedFile(filerequested.trim(), origdata[i].request_path.trim());

if (origdata[i].type === 401 && !auth && equalsRequestPath && !this.request.isVersioning) {
auth = true;
authdata = origdata[i];
}
if (this.request.origpath.split('/').pop() === origdata[i].original_request_path && origdata[i].type === 'POSTkey') {
hasPost = true;
}
//console.log(origdata[i].request_path === filerequested);
if (equalsRequestPath && origdata[i].type === 'additional header') {
additionalHeaders = true;
htaccessHeaders.push(origdata[i]);
}

if (origdata[i].type === 'directory listing' &&
this.request.origpath.split('/').pop() === '' &&
!filefound) {
this.request.origpath.split('/').pop() === '') {
data = origdata[i];
filefound = true;
}
if (origdata[i].type === 'send directory contents' && origdata[i].request_path === filerequested) {
const extension = origdata[i].original_request_path.split('.').pop();
if (['htm', 'html'].includes(extension)) {
data = origdata[i];
filefound = true;
}
}
if (origdata[i].type === 'serverSideJavaScript' && !filefound) {
if (filefound) continue;
if (origdata[i].type === 'serverSideJavaScript') {
if (this.request.origpath.split('/').pop() === origdata[i].original_request_path ||
(['html', 'htm'].includes(origdata[i].original_request_path.split('.').pop()) &&
origdata[i].original_request_path.split('/').pop().split('.')[0] === this.request.origpath.split('/').pop() &&
Expand All @@ -687,24 +695,23 @@ class DirectoryEntryHandler {
filefound = true;
}
}
if ([filerequested, 'all files'].includes(origdata[i].request_path) && origdata[i].type === 'versioning' && !filefound && !this.request.isVersioning) {
if (!equalsRequestPath) continue;
if (origdata[i].type === 'send directory contents') {
const extension = origdata[i].original_request_path.split('.').pop();
if (['htm', 'html'].includes(extension)) {
data = origdata[i];
filefound = true;
}
}
if (origdata[i].type === 'versioning' && !this.request.isVersioning) {
data = origdata[i];
filefound = true;
}
if ([filerequested, 'all files'].includes(origdata[i].request_path) &&
!filefound &&
!['allow delete', 'allow put', 'deny delete', 'deny put', 401, 'directory listing', 'additional header', 'send directory contents', 'POSTkey', 'serverSideJavaScript', 'versioning'].includes(origdata[i].type)) {
if (!['allow delete', 'allow put', 'deny delete', 'deny put', 401, 'directory listing', 'additional header', 'send directory contents', 'POSTkey', 'serverSideJavaScript', 'versioning'].includes(origdata[i].type)) {
data = origdata[i];
filefound = true;
}
if (this.request.origpath.split('/').pop() === origdata[i].original_request_path && origdata[i].type === 'POSTkey') {
hasPost = true;
}
//console.log(origdata[i].request_path === filerequested);
if ([filerequested, 'all files'].includes(origdata[i].request_path) && origdata[i].type === 'additional header') {
additionalHeaders = true;
htaccessHeaders.push(origdata[i]);
}

}
//console.log(data);
//console.log(authdata);
Expand Down
8 changes: 8 additions & 0 deletions WSC/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,14 @@ module.exports = {
if (origpath === '/') return '/';
return origpath.substring(0, origpath.length - origpath.split('/').pop().length);
},
isExpectedFile: function(file, expected) {
if (expected === "all files") return true;
if (!expected.includes("*")) return (file === expected);
if (expected === "*") return true;
if (expected.startsWith("*.") && file.split(expected.substring(1)).pop() === "") return true;
if (expected.endsWith(".*") && file.split(expected.substring(0, expected.length-1))[0] === "") return true;
return (file === expected);
},
isHidden: function(path) {
//RegExp from https://stackoverflow.com/questions/18973655/how-to-ignore-hidden-files-in-fs-readdir-result/37030655#37030655
const a = path.split('/');
Expand Down

0 comments on commit 0dc8d2d

Please sign in to comment.