@jnode/server 2.2.0 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +3 -1
  2. package/package.json +1 -1
  3. package/src/handlers.js +6 -6
package/README.md CHANGED
@@ -401,7 +401,9 @@ Serves a single file with support for HTTP Range requests, caching headers, and
401
401
  ### Handler: `FolderHandler(folder[, options])`
402
402
 
403
403
  - `folder` [\<string\>](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#string_type) Path to the folder to serve files from.
404
- - `options` [\<Object\>](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object) Same as [`FileHandler` options](#handler-filehandlerfile-options).
404
+ - `options` [\<Object\>](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object)
405
+ - `allowHiddenFile` [\<boolean\>](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#boolean_type) Allows access to hidden directories and files (whose names begin with `.`).
406
+ - Same as [`FileHandler` options](#handler-filehandlerfile-options).
405
407
 
406
408
  Serves files from a folder based on remaining path segments. Automatically resolves paths and prevents directory traversal attacks. Internally uses `FileHandler`.
407
409
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jnode/server",
3
- "version": "2.2.0",
3
+ "version": "2.2.2",
4
4
  "description": "Simple web server package for Node.js.",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/handlers.js CHANGED
@@ -183,6 +183,7 @@ class FolderHandler {
183
183
  const file = path.resolve(this.folder, ...env.path.slice(env.pathPointer));
184
184
 
185
185
  // safety check
186
+ if (file.includes(path.sep + '.') && !this.options.allowHiddenFile) throw 404;
186
187
  const rel = path.relative(this.folder, file);
187
188
  if (rel.startsWith('..') || path.isAbsolute(rel)) throw 404;
188
189
 
@@ -220,18 +221,17 @@ class RedirectHandler {
220
221
 
221
222
  // prebuild headers
222
223
  this._statusCode = this.options.statusCode ?? 307;
223
- this._headers = {
224
+ }
225
+
226
+ handle(ctx, env) {
227
+ ctx.res.writeHead(this._statusCode, {
224
228
  'Location': this.options.base ?
225
229
  this.options.base +
226
230
  (this.options.base.endsWith('/') ? '' : '/') +
227
231
  env.path.slice(env.pathPointer).map(encodeURIComponent).join('/') :
228
232
  this.location,
229
233
  ...this.options.headers
230
- };
231
- }
232
-
233
- handle(ctx, env) {
234
- ctx.res.writeHead(this._statusCode, this._headers);
234
+ });
235
235
  ctx.res.end();
236
236
  }
237
237
  }