@react-router/node 7.9.3-pre.0 → 7.9.4-pre.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +10 -2
  2. package/dist/index.js +18 -2
  3. package/dist/index.mjs +18 -2
  4. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,11 +1,19 @@
1
1
  # `@react-router/node`
2
2
 
3
- ## 7.9.3-pre.0
3
+ ## 7.9.4-pre.0
4
4
 
5
5
  ### Patch Changes
6
6
 
7
+ - Validate format of incoming session ids ([#14426](https://github.com/remix-run/react-router/pull/14426))
7
8
  - Updated dependencies:
8
- - `react-router@7.9.3-pre.0`
9
+ - `react-router@7.9.4-pre.0`
10
+
11
+ ## 7.9.3
12
+
13
+ ### Patch Changes
14
+
15
+ - Updated dependencies:
16
+ - `react-router@7.9.3`
9
17
 
10
18
  ## 7.9.2
11
19
 
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- * @react-router/node v7.9.3-pre.0
2
+ * @react-router/node v7.9.4-pre.0
3
3
  *
4
4
  * Copyright (c) Remix Software Inc.
5
5
  *
@@ -77,6 +77,9 @@ function createFileSessionStorage({
77
77
  let id = Buffer.from(randomBytes).toString("hex");
78
78
  try {
79
79
  let file = getFile(dir, id);
80
+ if (!file) {
81
+ throw new Error("Error generating session");
82
+ }
80
83
  await import_node_fs.promises.mkdir(path.dirname(file), { recursive: true });
81
84
  await import_node_fs.promises.writeFile(file, content, { encoding: "utf-8", flag: "wx" });
82
85
  return id;
@@ -88,6 +91,9 @@ function createFileSessionStorage({
88
91
  async readData(id) {
89
92
  try {
90
93
  let file = getFile(dir, id);
94
+ if (!file) {
95
+ return null;
96
+ }
91
97
  let content = JSON.parse(await import_node_fs.promises.readFile(file, "utf-8"));
92
98
  let data = content.data;
93
99
  let expires = typeof content.expires === "string" ? new Date(content.expires) : null;
@@ -104,6 +110,9 @@ function createFileSessionStorage({
104
110
  async updateData(id, data, expires) {
105
111
  let content = JSON.stringify({ data, expires });
106
112
  let file = getFile(dir, id);
113
+ if (!file) {
114
+ return;
115
+ }
107
116
  await import_node_fs.promises.mkdir(path.dirname(file), { recursive: true });
108
117
  await import_node_fs.promises.writeFile(file, content, "utf-8");
109
118
  },
@@ -111,8 +120,12 @@ function createFileSessionStorage({
111
120
  if (!id) {
112
121
  return;
113
122
  }
123
+ let file = getFile(dir, id);
124
+ if (!file) {
125
+ return;
126
+ }
114
127
  try {
115
- await import_node_fs.promises.unlink(getFile(dir, id));
128
+ await import_node_fs.promises.unlink(file);
116
129
  } catch (error) {
117
130
  if (error.code !== "ENOENT") throw error;
118
131
  }
@@ -120,6 +133,9 @@ function createFileSessionStorage({
120
133
  });
121
134
  }
122
135
  function getFile(dir, id) {
136
+ if (!/^[0-9a-f]{16}$/i.test(id)) {
137
+ return null;
138
+ }
123
139
  return path.join(dir, id.slice(0, 4), id.slice(4));
124
140
  }
125
141
 
package/dist/index.mjs CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- * @react-router/node v7.9.3-pre.0
2
+ * @react-router/node v7.9.4-pre.0
3
3
  *
4
4
  * Copyright (c) Remix Software Inc.
5
5
  *
@@ -37,6 +37,9 @@ function createFileSessionStorage({
37
37
  let id = Buffer.from(randomBytes).toString("hex");
38
38
  try {
39
39
  let file = getFile(dir, id);
40
+ if (!file) {
41
+ throw new Error("Error generating session");
42
+ }
40
43
  await fsp.mkdir(path.dirname(file), { recursive: true });
41
44
  await fsp.writeFile(file, content, { encoding: "utf-8", flag: "wx" });
42
45
  return id;
@@ -48,6 +51,9 @@ function createFileSessionStorage({
48
51
  async readData(id) {
49
52
  try {
50
53
  let file = getFile(dir, id);
54
+ if (!file) {
55
+ return null;
56
+ }
51
57
  let content = JSON.parse(await fsp.readFile(file, "utf-8"));
52
58
  let data = content.data;
53
59
  let expires = typeof content.expires === "string" ? new Date(content.expires) : null;
@@ -64,6 +70,9 @@ function createFileSessionStorage({
64
70
  async updateData(id, data, expires) {
65
71
  let content = JSON.stringify({ data, expires });
66
72
  let file = getFile(dir, id);
73
+ if (!file) {
74
+ return;
75
+ }
67
76
  await fsp.mkdir(path.dirname(file), { recursive: true });
68
77
  await fsp.writeFile(file, content, "utf-8");
69
78
  },
@@ -71,8 +80,12 @@ function createFileSessionStorage({
71
80
  if (!id) {
72
81
  return;
73
82
  }
83
+ let file = getFile(dir, id);
84
+ if (!file) {
85
+ return;
86
+ }
74
87
  try {
75
- await fsp.unlink(getFile(dir, id));
88
+ await fsp.unlink(file);
76
89
  } catch (error) {
77
90
  if (error.code !== "ENOENT") throw error;
78
91
  }
@@ -80,6 +93,9 @@ function createFileSessionStorage({
80
93
  });
81
94
  }
82
95
  function getFile(dir, id) {
96
+ if (!/^[0-9a-f]{16}$/i.test(id)) {
97
+ return null;
98
+ }
83
99
  return path.join(dir, id.slice(0, 4), id.slice(4));
84
100
  }
85
101
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@react-router/node",
3
- "version": "7.9.3-pre.0",
3
+ "version": "7.9.4-pre.0",
4
4
  "description": "Node.js platform abstractions for React Router",
5
5
  "bugs": {
6
6
  "url": "https://github.com/remix-run/react-router/issues"
@@ -52,11 +52,11 @@
52
52
  "tsup": "^8.3.0",
53
53
  "typescript": "^5.1.6",
54
54
  "wireit": "0.14.9",
55
- "react-router": "7.9.3-pre.0"
55
+ "react-router": "7.9.4-pre.0"
56
56
  },
57
57
  "peerDependencies": {
58
58
  "typescript": "^5.1.0",
59
- "react-router": "7.9.3-pre.0"
59
+ "react-router": "7.9.4-pre.0"
60
60
  },
61
61
  "peerDependenciesMeta": {
62
62
  "typescript": {