From edaadaf8e4dc9f47718f46527d3805afba463117 Mon Sep 17 00:00:00 2001 From: Bastien Wermeille Date: Fri, 14 Apr 2023 11:30:56 +0200 Subject: [PATCH 1/7] Fixes #5689 allow directory and file --- .../vite/src/node/server/middlewares/static.ts | 3 ++- packages/vite/src/node/utils.ts | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts index f59961085e923f..992131626d9f6d 100644 --- a/packages/vite/src/node/server/middlewares/static.ts +++ b/packages/vite/src/node/server/middlewares/static.ts @@ -13,6 +13,7 @@ import { isImportRequest, isInternalRequest, isParentDirectory, + isSameFileUri, isWindows, removeLeadingSlash, shouldServeFile, @@ -195,7 +196,7 @@ export function isFileServingAllowed( if (server.moduleGraph.safeModulesPath.has(file)) return true - if (server.config.server.fs.allow.some((dir) => isParentDirectory(dir, file))) + if (server.config.server.fs.allow.some((uri) => isFileReadable(uri) ? isSameFileUri(uri, file) : isParentDirectory(uri, file))) return true return false diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts index 14a016f94311ec..51f40614ee9826 100644 --- a/packages/vite/src/node/utils.ts +++ b/packages/vite/src/node/utils.ts @@ -240,6 +240,22 @@ export function isParentDirectory(dir: string, file: string): boolean { ) } +/** + * Check if 2 file name are identical + * + * Warning: parameters are not validated, only works with normalized absolute paths + * + * @param file1 - normalized absolute path + * @param file2 - normalized absolute path + * @returns true if dir is a parent of file + */ +export function isSameFileUri(file1: string, file2: string): boolean { + return ( + file1 == file2 || + (isCaseInsensitiveFS && file1.toLowerCase() == file2.toLowerCase()) + ) +} + export const queryRE = /\?.*$/s const postfixRE = /[?#].*$/s From 2475a1841cef20f1d81e7b5d29f7d78208e9ba0b Mon Sep 17 00:00:00 2001 From: Bastien Wermeille Date: Fri, 14 Apr 2023 11:57:40 +0200 Subject: [PATCH 2/7] Change documentation --- docs/config/server-options.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/config/server-options.md b/docs/config/server-options.md index ab0f1b261ddb7c..abb8c49c1ad5c1 100644 --- a/docs/config/server-options.md +++ b/docs/config/server-options.md @@ -259,6 +259,8 @@ Restrict serving files outside of workspace root. Restrict files that could be served via `/@fs/`. When `server.fs.strict` is set to `true`, accessing files outside this directory list that aren't imported from an allowed file will result in a 403. +Both directories and files can be provided. + Vite will search for the root of the potential workspace and use it as default. A valid workspace met the following conditions, otherwise will fall back to the [project root](/guide/#index-html-and-project-root). - contains `workspaces` field in `package.json` @@ -291,7 +293,8 @@ export default defineConfig({ // search up for workspace root searchForWorkspaceRoot(process.cwd()), // your custom rules - '/path/to/custom/allow', + '/path/to/custom/allow_directory', + '/path/to/custom/allow_file.demo' ], }, }, From 2f1112541e0e15224ba56b0af72a80e4dd179398 Mon Sep 17 00:00:00 2001 From: Ph0tonic Date: Fri, 14 Apr 2023 12:33:40 +0200 Subject: [PATCH 3/7] Format code --- packages/vite/src/node/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts index 51f40614ee9826..513ef00bb6b698 100644 --- a/packages/vite/src/node/utils.ts +++ b/packages/vite/src/node/utils.ts @@ -252,7 +252,7 @@ export function isParentDirectory(dir: string, file: string): boolean { export function isSameFileUri(file1: string, file2: string): boolean { return ( file1 == file2 || - (isCaseInsensitiveFS && file1.toLowerCase() == file2.toLowerCase()) + (isCaseInsensitiveFS && file1.toLowerCase() == file2.toLowerCase()) ) } From ca3cd56aebf032e23c357b5362301a054b0d5beb Mon Sep 17 00:00:00 2001 From: Bastien Wermeille Date: Mon, 17 Apr 2023 10:08:30 +0200 Subject: [PATCH 4/7] Fix lint warnings --- packages/vite/src/node/utils.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts index 51f40614ee9826..7248f052e16965 100644 --- a/packages/vite/src/node/utils.ts +++ b/packages/vite/src/node/utils.ts @@ -251,8 +251,8 @@ export function isParentDirectory(dir: string, file: string): boolean { */ export function isSameFileUri(file1: string, file2: string): boolean { return ( - file1 == file2 || - (isCaseInsensitiveFS && file1.toLowerCase() == file2.toLowerCase()) + file1 === file2 || + (isCaseInsensitiveFS && file1.toLowerCase() === file2.toLowerCase()) ) } From 38469aebc5bbde6ddf4bd0fa8dc23bf453bbd9ac Mon Sep 17 00:00:00 2001 From: Bastien Wermeille Date: Fri, 21 Apr 2023 14:27:17 +0200 Subject: [PATCH 5/7] Simplify check --- packages/vite/src/node/server/middlewares/static.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts index 96294a5792417a..c08845048ee848 100644 --- a/packages/vite/src/node/server/middlewares/static.ts +++ b/packages/vite/src/node/server/middlewares/static.ts @@ -200,7 +200,7 @@ export function isFileServingAllowed( if (server.moduleGraph.safeModulesPath.has(file)) return true - if (server.config.server.fs.allow.some((uri) => isFileReadable(uri) ? isSameFileUri(uri, file) : isParentDirectory(uri, file))) + if (server.config.server.fs.allow.some((uri) => isSameFileUri(uri, file) || isParentDirectory(uri, file))) return true return false From 3a108db64514bde2186c1139d7d210aae01f29ef Mon Sep 17 00:00:00 2001 From: Bastien Wermeille Date: Fri, 21 Apr 2023 15:18:55 +0200 Subject: [PATCH 6/7] Improve comments --- packages/vite/src/node/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts index 7248f052e16965..6c973976235125 100644 --- a/packages/vite/src/node/utils.ts +++ b/packages/vite/src/node/utils.ts @@ -247,7 +247,7 @@ export function isParentDirectory(dir: string, file: string): boolean { * * @param file1 - normalized absolute path * @param file2 - normalized absolute path - * @returns true if dir is a parent of file + * @returns true if both files url are identical */ export function isSameFileUri(file1: string, file2: string): boolean { return ( From 6cd271056954ee7b69047d9eb014eadfa5dc4fd3 Mon Sep 17 00:00:00 2001 From: Ph0tonic Date: Fri, 21 Apr 2023 15:38:27 +0200 Subject: [PATCH 7/7] Run prettier --- docs/config/server-options.md | 2 +- packages/vite/src/node/server/middlewares/static.ts | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/config/server-options.md b/docs/config/server-options.md index abb8c49c1ad5c1..51059c01799a62 100644 --- a/docs/config/server-options.md +++ b/docs/config/server-options.md @@ -294,7 +294,7 @@ export default defineConfig({ searchForWorkspaceRoot(process.cwd()), // your custom rules '/path/to/custom/allow_directory', - '/path/to/custom/allow_file.demo' + '/path/to/custom/allow_file.demo', ], }, }, diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts index c08845048ee848..caa9848aca21c7 100644 --- a/packages/vite/src/node/server/middlewares/static.ts +++ b/packages/vite/src/node/server/middlewares/static.ts @@ -200,7 +200,11 @@ export function isFileServingAllowed( if (server.moduleGraph.safeModulesPath.has(file)) return true - if (server.config.server.fs.allow.some((uri) => isSameFileUri(uri, file) || isParentDirectory(uri, file))) + if ( + server.config.server.fs.allow.some( + (uri) => isSameFileUri(uri, file) || isParentDirectory(uri, file), + ) + ) return true return false