dx-server 0.11.3 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -11
- package/cjs/dx.d.ts +2 -2
- package/cjs/dx.js +1 -1
- package/cjs/dxHelpers.d.ts +2 -2
- package/cjs/dxHelpers.js +1 -1
- package/cjs/static.d.ts +2 -4
- package/cjs/static.js +2 -50
- package/cjs/staticHelpers.d.ts +5 -3
- package/cjs/staticHelpers.js +33 -2
- package/esm/dx.d.ts +2 -2
- package/esm/dx.js +1 -1
- package/esm/dxHelpers.d.ts +2 -2
- package/esm/dxHelpers.js +1 -1
- package/esm/static.d.ts +2 -4
- package/esm/static.js +3 -48
- package/esm/staticHelpers.d.ts +5 -3
- package/esm/staticHelpers.js +33 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -226,17 +226,10 @@ const serverChain = chain(
|
|
|
226
226
|
)
|
|
227
227
|
|
|
228
228
|
const tcpServer = new Server()
|
|
229
|
-
.on('request',
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
serverChain,
|
|
234
|
-
)()
|
|
235
|
-
} catch (e) {
|
|
236
|
-
console.error(e)
|
|
237
|
-
res.end()
|
|
238
|
-
}
|
|
239
|
-
})
|
|
229
|
+
.on('request', (req, res) => chain(
|
|
230
|
+
dxServer(req, res), // basic dx-server context
|
|
231
|
+
serverChain,
|
|
232
|
+
)())
|
|
240
233
|
|
|
241
234
|
await promisify(tcpServer.listen.bind(tcpServer))(3000)
|
|
242
235
|
console.log('server is listening at 3000')
|
package/cjs/dx.d.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
/// <reference types="node" resolution-mode="require"/>
|
|
4
4
|
import { Readable } from 'node:stream';
|
|
5
5
|
import type { IncomingMessage, ServerResponse } from 'node:http';
|
|
6
|
-
import type {
|
|
6
|
+
import type { SendFileOptions } from './staticHelpers.js';
|
|
7
7
|
export interface Chainable<P extends any[] = any[], R = any, Next = (...np: any[]) => any> {
|
|
8
8
|
(next: Next, ...p: P): R;
|
|
9
9
|
}
|
|
@@ -30,7 +30,7 @@ export declare function setEmpty({ status }?: {
|
|
|
30
30
|
export declare function setHtml(html: string, opts?: {
|
|
31
31
|
status?: number;
|
|
32
32
|
}): void;
|
|
33
|
-
export declare function setFile(filePath: string, options?:
|
|
33
|
+
export declare function setFile(filePath: string, options?: SendFileOptions): void;
|
|
34
34
|
export declare function setBuffer(buffer: Buffer, { status }?: {
|
|
35
35
|
status?: number;
|
|
36
36
|
}): void;
|
package/cjs/dx.js
CHANGED
|
@@ -141,4 +141,4 @@ exports.setRedirect = setRedirect;
|
|
|
141
141
|
// https://github.com/jshttp/content-disposition/blob/1037e24e4790273da96645ad250061f39e77968c/index.js#L186
|
|
142
142
|
// because in most applications, users can specify a simple filename which usually doesn't need to be validated.
|
|
143
143
|
// we leave setDownload() implementation for users, for now.
|
|
144
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
144
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvZHgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBRUEsdURBQWtEO0FBQ2xELGlEQUF1RDtBQXVCdkQsU0FBZ0IsYUFBYSxDQUszQixLQUE0QztJQUM3QyxNQUFNLFVBQVUsR0FBRyxJQUFJLE9BQU8sRUFBK0IsQ0FBQTtJQUM3RCxNQUFNLFFBQVEsR0FBRyxJQUFJLE9BQU8sRUFBc0IsQ0FBQTtJQUNsRCxNQUFNLE9BQU8sR0FBZ0MsQ0FBQyxHQUFHLE1BQWMsRUFBRSxFQUFFO1FBQ2xFLE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO1FBQ3BCLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUFFLFVBQVUsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3pELE1BQU0sS0FBSyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUE7Z0JBQ3BDLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFBO2dCQUN4QixPQUFPLEtBQUssQ0FBQTtZQUNiLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQTtRQUNMLE9BQU8sVUFBVSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUMzQixDQUFDLENBQUE7SUFDRCxNQUFNLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRSxPQUFPLEVBQUU7UUFDdkMsR0FBRyxLQUFJLE9BQU8sUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFBLENBQUEsQ0FBQztRQUNyQyxHQUFHLENBQUMsS0FBSztZQUNSLE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO1lBQ3BCLFVBQVUsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQTtZQUMzQyxRQUFRLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUN6QixDQUFDO0tBQ0QsQ0FBQyxDQUFBO0lBQ0YsT0FBTyxDQUFDLEtBQUssR0FBRyxDQUFDLEdBQUcsTUFBTSxFQUFFLEVBQUUsQ0FBQyxLQUFLLEVBQUMsSUFBSSxFQUFDLEVBQUU7UUFDM0MsTUFBTSxPQUFPLENBQUMsR0FBRyxNQUFNLENBQUMsQ0FBQTtRQUN4QixPQUFPLElBQUksRUFBRSxDQUFBO0lBQ2QsQ0FBQyxDQUFBO0lBQ0QsT0FBTyxDQUFDLEdBQUcsR0FBRyxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRTtRQUM1QixVQUFVLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUE7UUFDM0MsUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUE7SUFDekIsQ0FBQyxDQUFBO0lBQ0QsT0FBTyxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7SUFDdEMsT0FBTyxPQUFPLENBQUE7QUFDZixDQUFDO0FBbkNELHNDQW1DQztBQUVELE1BQU0sY0FBYyxHQUFHLElBQUksb0NBQWlCLEVBR3hDLENBQUE7QUFDSixNQUFNLFNBQVMsR0FBRyxhQUFhLENBQVksT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUMsR0FBRyxPQUFPLEVBQUMsQ0FBQyxDQUFDLENBQUE7QUFDckUsU0FBZ0IsUUFBUSxDQUN2QixHQUFvQixFQUNwQixHQUFtQixFQUNuQixVQUdJLEVBQUU7SUFFTixPQUFPLEtBQUssRUFBQyxJQUFJLEVBQUMsRUFBRTtRQUNuQixTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxFQUFDLEdBQUcsT0FBTyxFQUFDLENBQUMsQ0FBQTtRQUNoQyxNQUFNLE1BQU0sR0FBRyxNQUFNLGNBQWMsQ0FBQyxHQUFHLENBQUMsRUFBQyxHQUFHLEVBQUUsR0FBRyxFQUFDLEVBQUUsSUFBSSxDQUFDLENBQUE7UUFDekQsTUFBTSxJQUFBLHVCQUFRLEVBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUE7UUFDNUMsT0FBTyxNQUFNLENBQUE7SUFDZCxDQUFDLENBQUE7QUFDRixDQUFDO0FBZEQsNEJBY0M7QUFFRCxlQUFlO0FBQ2YsZ0RBQWdEO0FBQ2hELDJGQUEyRjtBQUMzRixnRkFBZ0Y7QUFDaEYsU0FBZ0IsTUFBTSxLQUFxQixPQUFPLGNBQWMsQ0FBQyxRQUFRLEVBQUcsQ0FBQyxHQUFHLENBQUEsQ0FBQSxDQUFDO0FBQWpGLHdCQUFpRjtBQUNqRixTQUFnQixNQUFNLEtBQW9CLE9BQU8sY0FBYyxDQUFDLFFBQVEsRUFBRyxDQUFDLEdBQUcsQ0FBQSxDQUFBLENBQUM7QUFBaEYsd0JBQWdGO0FBRWhGLFNBQWdCLE9BQU8sQ0FBQyxJQUFZLEVBQUUsRUFBQyxNQUFNLEtBQXlCLEVBQUU7SUFDdkUsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixJQUFJLE1BQU07UUFBRSxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUNuQyxFQUFFLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQTtJQUNkLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0FBQ2pCLENBQUM7QUFORCwwQkFNQztBQUVELFNBQWdCLFFBQVEsQ0FBQyxFQUFDLE1BQU0sS0FBeUIsRUFBRTtJQUMxRCxNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtJQUNwQixNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFBO0lBQzFCLElBQUksTUFBTTtRQUFFLEdBQUcsQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFBO0lBQ25DLEVBQUUsQ0FBQyxJQUFJLEdBQUcsU0FBUyxDQUFBO0lBQ25CLEVBQUUsQ0FBQyxJQUFJLEdBQUcsT0FBTyxDQUFBO0FBQ2xCLENBQUM7QUFORCw0QkFNQztBQUVELFNBQWdCLE9BQU8sQ0FBQyxJQUFZLEVBQUUsT0FBNEIsRUFBRTtJQUNuRSxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFBO0lBQ25CLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUE7SUFDMUIsRUFBRSxDQUFDLElBQUksR0FBRyxNQUFNLENBQUE7QUFDakIsQ0FBQztBQUpELDBCQUlDO0FBRUQsU0FBZ0IsT0FBTyxDQUFDLFFBQWdCLEVBQUUsT0FBeUI7SUFDbEUsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixFQUFFLENBQUMsSUFBSSxHQUFHLFFBQVEsQ0FBQTtJQUNsQixFQUFFLENBQUMsSUFBSSxHQUFHLE1BQU0sQ0FBQTtJQUNoQixFQUFFLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQTtBQUNyQixDQUFDO0FBTEQsMEJBS0M7QUFFRCxTQUFnQixTQUFTLENBQUMsTUFBYyxFQUFFLEVBQUMsTUFBTSxLQUF5QixFQUFFO0lBQzNFLE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO0lBQ3BCLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUE7SUFDMUIsSUFBSSxNQUFNO1FBQUUsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUE7SUFDbkMsRUFBRSxDQUFDLElBQUksR0FBRyxNQUFNLENBQUE7SUFDaEIsRUFBRSxDQUFDLElBQUksR0FBRyxRQUFRLENBQUE7QUFDbkIsQ0FBQztBQU5ELDhCQU1DO0FBRUQsU0FBZ0IsYUFBYSxDQUFDLE1BQWdCLEVBQUUsRUFBQyxNQUFNLEtBQXlCLEVBQUU7SUFDakYsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixJQUFJLE1BQU07UUFBRSxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUNuQyxFQUFFLENBQUMsSUFBSSxHQUFHLE1BQU0sQ0FBQTtJQUNoQixFQUFFLENBQUMsSUFBSSxHQUFHLFlBQVksQ0FBQTtBQUN2QixDQUFDO0FBTkQsc0NBTUM7QUFFRCxTQUFnQixZQUFZLENBQUMsTUFBc0IsRUFBRSxFQUFDLE1BQU0sS0FBeUIsRUFBRTtJQUN0RixNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtJQUNwQixNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFBO0lBQzFCLElBQUksTUFBTTtRQUFFLEdBQUcsQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFBO0lBQ25DLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0lBQ2hCLEVBQUUsQ0FBQyxJQUFJLEdBQUcsV0FBVyxDQUFBO0FBQ3RCLENBQUM7QUFORCxvQ0FNQztBQUVELFNBQWdCLE9BQU8sQ0FBQyxJQUFTLEVBQUUsRUFBQyxNQUFNLEtBQXlCLEVBQUU7SUFDcEUsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsSUFBSSxNQUFNO1FBQUUsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUE7SUFFbkMsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixFQUFFLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQTtJQUNkLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0FBQ2pCLENBQUM7QUFQRCwwQkFPQztBQUVELFNBQWdCLFdBQVcsQ0FBQyxHQUFXLEVBQUUsTUFBaUI7SUFDekQsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUN2QixFQUFFLENBQUMsSUFBSSxHQUFHLEdBQUcsQ0FBQTtJQUNiLEVBQUUsQ0FBQyxJQUFJLEdBQUcsVUFBVSxDQUFBO0FBQ3JCLENBQUM7QUFORCxrQ0FNQztBQUVELCtDQUErQztBQUMvQyw0RUFBNEU7QUFFNUUsbURBQW1EO0FBQ25ELHVCQUF1QjtBQUN2QixLQUFLO0FBQ0wscUpBQXFKO0FBRXJKLHdGQUF3RjtBQUN4RixzQ0FBc0M7QUFDdEMsNEdBQTRHO0FBQzVHLGdIQUFnSDtBQUNoSCw0REFBNEQifQ==
|
package/cjs/dxHelpers.d.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
/// <reference types="node" resolution-mode="require"/>
|
|
4
4
|
import type { IncomingMessage, ServerResponse } from 'node:http';
|
|
5
5
|
import { Readable } from 'node:stream';
|
|
6
|
-
import { type
|
|
6
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
7
7
|
import './polyfillWithResolvers.js';
|
|
8
8
|
export type DxContext = {
|
|
9
9
|
charset?: BufferEncoding;
|
|
@@ -44,6 +44,6 @@ export type DxContext = {
|
|
|
44
44
|
} | {
|
|
45
45
|
type: 'file';
|
|
46
46
|
data: string;
|
|
47
|
-
options?:
|
|
47
|
+
options?: SendFileOptions;
|
|
48
48
|
});
|
|
49
49
|
export declare function writeRes(req: IncomingMessage, res: ServerResponse, { type, data, charset, jsonBeautify, disableEtag, options }: DxContext): Promise<void>;
|
package/cjs/dxHelpers.js
CHANGED
|
@@ -120,4 +120,4 @@ async function writeRes(req, res, { type, data, charset, jsonBeautify, disableEt
|
|
|
120
120
|
}
|
|
121
121
|
}
|
|
122
122
|
exports.writeRes = writeRes;
|
|
123
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
123
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHhIZWxwZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2R4SGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSw2Q0FBb0M7QUFDcEMseUNBQW1DO0FBQ25DLCtDQUF3RDtBQUN4RCx5REFBd0U7QUFFeEUsc0NBQW1DO0FBb0Q1QixLQUFLLFVBQVUsUUFBUSxDQUFDLEdBQW9CLEVBQUUsR0FBbUIsRUFBRSxFQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsT0FBTyxFQUFZO0lBQzdJLE1BQU0sY0FBYyxHQUFHLENBQUMsV0FBbUIsRUFBRSxFQUFFO1FBQzlDLElBQUksR0FBRyxDQUFDLFdBQVcsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQztZQUFFLE9BQU07UUFDNUQsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsR0FBRyxXQUFXLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxhQUFhLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFBO0lBQ3hGLENBQUMsQ0FBQTtJQUNELElBQUksY0FBYyxDQUFBO0lBRWxCLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDZCxLQUFLLE1BQU07WUFDVixjQUFjLENBQUMsWUFBWSxDQUFDLENBQUE7UUFDN0IsS0FBSyxNQUFNO1lBQ1YsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFBO1lBQzNCLG1CQUFtQjtZQUNuQixjQUFjLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ2pELE1BQUs7UUFDTixLQUFLLFFBQVE7WUFDWixjQUFjLENBQUMsMEJBQTBCLENBQUMsQ0FBQTtZQUMxQyxjQUFjLEdBQUcsSUFBSSxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ2pELE1BQUs7UUFDTixLQUFLLFlBQVk7WUFDaEIsY0FBYyxDQUFDLDBCQUEwQixDQUFDLENBQUE7WUFDMUMsY0FBYyxHQUFHLElBQUksSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsQ0FBQTtZQUNqRCxNQUFLO1FBQ04sS0FBSyxXQUFXO1lBQ2YsY0FBYyxDQUFDLDBCQUEwQixDQUFDLENBQUE7WUFDMUMsY0FBYyxHQUFHLHNCQUFRLENBQUMsT0FBTyxDQUFDLElBQWlELElBQUksSUFBSSxjQUFjLEVBQUUsQ0FBQyxDQUFBO1lBQzVHLE1BQUs7UUFDTixLQUFLLE1BQU07WUFDVixjQUFjLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNsQyxjQUFjLEdBQUcsSUFBSSxLQUFLLFNBQVM7Z0JBQ2xDLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUM7Z0JBQzFCLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQzVGLE1BQUs7UUFDTixLQUFLLFVBQVUsRUFBRSw4Q0FBOEM7WUFDOUQsR0FBRyxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLENBQUE7WUFDL0IsY0FBYyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ3pDLE1BQUs7UUFDTixLQUFLLE1BQU07WUFDVixJQUFJLENBQUM7Z0JBQ0osTUFBTSxJQUFBLGtDQUFlLEVBQ3BCLEdBQUcsRUFDSCxHQUFHLEVBQ0gsSUFBSSxFQUNKLE9BQU8sQ0FDUCxDQUFBO1lBQ0YsQ0FBQztZQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ1osYUFBYTtZQUNkLENBQUM7UUFDRixLQUFLLFNBQVM7WUFDYixrR0FBa0c7WUFDbEcsT0FBTTtRQUNQLEtBQUssT0FBTztZQUNYLGNBQWMsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsQ0FBQTtZQUN6QyxNQUFLO1FBQ047WUFDQyxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUM7Z0JBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsWUFBWSxDQUFDLENBQUE7WUFDL0UsTUFBTSxJQUFJLEtBQUssQ0FBQyw2QkFBNkIsSUFBSSxFQUFFLENBQUMsQ0FBQTtJQUN0RCxDQUFDO0lBRUQsSUFBSSxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDckIsaUVBQWlFO1FBQ2pFLElBQUksR0FBRyxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDMUIsd0NBQXdDO1FBQ3pDLENBQUM7YUFBTSxJQUFJLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5Qix3Q0FBd0M7WUFDeEMsMkNBQTJDO1lBQzNDLHlDQUF5QztZQUN6QyxzQkFBc0I7WUFDdEIscUNBQXFDO1lBQ3JDLGlDQUFpQztRQUNsQyxDQUFDOztZQUFNLE1BQU0sSUFBQSxxQkFBUyxFQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQTtJQUM1QyxDQUFDO1NBQU0sQ0FBQztRQUNQLDBHQUEwRztRQUMxRyw4Q0FBOEM7UUFDOUMsb0NBQW9DO1FBQ3BDLHNDQUFzQztRQUN0Qyx5Q0FBeUM7UUFDekMsb0JBQW9CO1FBQ3BCLElBQUk7UUFDSixzRkFBc0Y7UUFDdEYsc0NBQXNDO1FBQ3RDLHlDQUF5QztRQUN6QyxTQUFTO1FBQ1QsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzNCLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUFDO2dCQUNyQyw0REFBNEQ7Z0JBQzVELEdBQUcsQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLEVBQUUsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFBO2dCQUV0RCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7b0JBQ2xCLE1BQU0sSUFBSSxHQUFHLElBQUEsbUJBQVMsRUFBQyxjQUFjLENBQUMsQ0FBQTtvQkFDdEMsc0RBQXNEO29CQUV0RCxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQTtvQkFDM0IsSUFBSSxJQUFBLHFCQUFXLEVBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxFQUFFLENBQUM7d0JBQzVCLEdBQUcsQ0FBQyxZQUFZLENBQUMsY0FBYyxDQUFDLENBQUE7d0JBQ2hDLEdBQUcsQ0FBQyxZQUFZLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTt3QkFDbEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFBO3dCQUNyQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTt3QkFDcEIsZ0JBQWdCO29CQUNqQixDQUFDOzt3QkFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFBO2dCQUNqQyxDQUFDOztvQkFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFBO1lBQ2pDLENBQUM7aUJBQU0sQ0FBQztnQkFDUCxjQUFjLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO2dCQUN4QixPQUFNLENBQUMsZUFBZTtZQUN2QixDQUFDO1lBQ0QsOEZBQThGO1FBQy9GLENBQUM7UUFFRCxNQUFNLElBQUEscUJBQVMsRUFBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUE7SUFDckMsQ0FBQztBQUNGLENBQUM7QUE5R0QsNEJBOEdDIn0=
|
package/cjs/static.d.ts
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import { type Chainable } from './dx.js';
|
|
2
|
-
import { type
|
|
3
|
-
export declare function chainStatic(pattern: string, { getPathname, ...options }:
|
|
2
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
3
|
+
export declare function chainStatic(pattern: string, { getPathname, ...options }: SendFileOptions & {
|
|
4
4
|
getPathname?(matched: any): string;
|
|
5
|
-
dotfiles?: 'allow' | 'deny' | 'ignore';
|
|
6
|
-
root?: string;
|
|
7
5
|
}): Chainable;
|
package/cjs/static.js
CHANGED
|
@@ -1,14 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.chainStatic = void 0;
|
|
7
4
|
const dx_js_1 = require("./dx.js");
|
|
8
5
|
const staticHelpers_js_1 = require("./staticHelpers.js");
|
|
9
6
|
const bodyHelpers_js_1 = require("./bodyHelpers.js");
|
|
10
|
-
const node_path_1 = __importDefault(require("node:path"));
|
|
11
|
-
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
12
7
|
function chainStatic(pattern, { getPathname, ...options }) {
|
|
13
8
|
const urlPattern = new URLPattern({ pathname: pattern });
|
|
14
9
|
return async (next) => {
|
|
@@ -20,7 +15,7 @@ function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
20
15
|
if (!matched)
|
|
21
16
|
return next();
|
|
22
17
|
try {
|
|
23
|
-
await
|
|
18
|
+
await (0, staticHelpers_js_1.sendFileTrusted)(req, (0, dx_js_1.getRes)(), getPathname?.(matched)
|
|
24
19
|
?? decodeURIComponent(pathname), options);
|
|
25
20
|
}
|
|
26
21
|
catch (e) {
|
|
@@ -29,47 +24,4 @@ function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
29
24
|
};
|
|
30
25
|
}
|
|
31
26
|
exports.chainStatic = chainStatic;
|
|
32
|
-
|
|
33
|
-
options) {
|
|
34
|
-
const { root, dotfiles, ...trustedSendOptions } = options ?? {};
|
|
35
|
-
// null byte(s)
|
|
36
|
-
if (pathname.includes('\0'))
|
|
37
|
-
return (0, dx_js_1.setHtml)('Invalid request', { status: 400 });
|
|
38
|
-
let parts;
|
|
39
|
-
if (root) {
|
|
40
|
-
// normalize
|
|
41
|
-
pathname = node_path_1.default.normalize(`.${node_path_1.default.sep}${pathname}`);
|
|
42
|
-
// malicious path
|
|
43
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
44
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
45
|
-
// explode path parts
|
|
46
|
-
parts = pathname.split(node_path_1.default.sep);
|
|
47
|
-
// join / normalize from optional root dir
|
|
48
|
-
pathname = node_path_1.default.normalize(node_path_1.default.join(root, pathname));
|
|
49
|
-
}
|
|
50
|
-
else {
|
|
51
|
-
// malicious path
|
|
52
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
53
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
54
|
-
// explode path parts
|
|
55
|
-
parts = node_path_1.default.normalize(pathname).split(node_path_1.default.sep);
|
|
56
|
-
// join / normalize from optional root dir
|
|
57
|
-
pathname = node_path_1.default.resolve(pathname);
|
|
58
|
-
}
|
|
59
|
-
// dotfile handling
|
|
60
|
-
if (parts.some(part => part.length > 1 && part[0] === '.'))
|
|
61
|
-
switch (dotfiles) {
|
|
62
|
-
case 'allow':
|
|
63
|
-
break;
|
|
64
|
-
case 'deny':
|
|
65
|
-
return (0, dx_js_1.setHtml)('Forbidden', { status: 403 });
|
|
66
|
-
case 'ignore':
|
|
67
|
-
default:
|
|
68
|
-
throw new Error('Forbidden: dotfiles are not allowed');
|
|
69
|
-
}
|
|
70
|
-
// pathEndsWithSep
|
|
71
|
-
if (pathname[pathname.length - 1] === node_path_1.default.sep)
|
|
72
|
-
return (0, dx_js_1.setHtml)('Forbidden: directory access is not allowed', { status: 403 });
|
|
73
|
-
return (0, staticHelpers_js_1.sendFileTrusted)(req, res, pathname, trustedSendOptions);
|
|
74
|
-
}
|
|
75
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxtQ0FBK0Q7QUFDL0QseURBQTJFO0FBQzNFLHFEQUEyQztBQUUzQywwREFBNEI7QUFFNUIsTUFBTSxjQUFjLEdBQUcsNEJBQTRCLENBQUE7QUFFbkQsU0FBZ0IsV0FBVyxDQUMxQixPQUFlLEVBQ2YsRUFBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLEVBUXZCO0lBRUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsRUFBQyxRQUFRLEVBQUUsT0FBTyxFQUFDLENBQUMsQ0FBQTtJQUN0RCxPQUFPLEtBQUssRUFBQyxJQUFJLEVBQUMsRUFBRTtRQUNuQixNQUFNLEdBQUcsR0FBRyxJQUFBLGNBQU0sR0FBRSxDQUFBO1FBQ3BCLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxLQUFLLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxNQUFNO1lBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtRQUVoRSxNQUFNLEVBQUMsUUFBUSxFQUFDLEdBQUcsSUFBQSwyQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ2xDLE1BQU0sT0FBTyxHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBQyxRQUFRLEVBQUMsQ0FBQyxDQUFBO1FBQzNDLElBQUksQ0FBQyxPQUFPO1lBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtRQUUzQixJQUFJLENBQUM7WUFDSixNQUFNLFFBQVEsQ0FDYixHQUFHLEVBQ0gsSUFBQSxjQUFNLEdBQUUsRUFDUCxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUM7bUJBQ3BCLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxFQUMvQixPQUFPLENBQ1AsQ0FBQTtRQUNGLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1osT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxpR0FBaUc7UUFDakgsQ0FBQztJQUNGLENBQUMsQ0FBQTtBQUNGLENBQUM7QUFqQ0Qsa0NBaUNDO0FBRUQsS0FBSyxVQUFVLFFBQVEsQ0FDdEIsR0FBb0IsRUFDcEIsR0FBbUIsRUFDbkIsUUFBZ0IsRUFBRSw4QkFBOEI7QUFDaEQsT0FLQztJQUVELE1BQU0sRUFBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLEdBQUcsa0JBQWtCLEVBQUMsR0FBRyxPQUFPLElBQUksRUFBRSxDQUFBO0lBRTdELGVBQWU7SUFDZixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1FBQUUsT0FBTyxJQUFBLGVBQU8sRUFBQyxpQkFBaUIsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBRTdFLElBQUksS0FBZSxDQUFBO0lBQ25CLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVixZQUFZO1FBQ1osUUFBUSxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLElBQUksbUJBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sSUFBQSxlQUFPLEVBQUMsV0FBVyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7UUFFN0UscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLG1CQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxtQkFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsT0FBTyxJQUFBLGVBQU8sRUFBQyxXQUFXLEVBQUUsRUFBQyxNQUFNLEVBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQTtRQUU3RSxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxtQkFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsbUJBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDO1FBQUUsUUFBUSxRQUFRLEVBQUUsQ0FBQztZQUM5RSxLQUFLLE9BQU87Z0JBQ1gsTUFBSztZQUNOLEtBQUssTUFBTTtnQkFDVixPQUFPLElBQUEsZUFBTyxFQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1lBQzNDLEtBQUssUUFBUSxDQUFDO1lBQ2Q7Z0JBQ0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3hELENBQUM7SUFFRCxrQkFBa0I7SUFDbEIsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsS0FBSyxtQkFBSSxDQUFDLEdBQUc7UUFBRSxPQUFPLElBQUEsZUFBTyxFQUFDLDRDQUE0QyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFM0gsT0FBTyxJQUFBLGtDQUFlLEVBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsa0JBQWtCLENBQUMsQ0FBQTtBQUMvRCxDQUFDIn0=
|
|
27
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBc0Q7QUFDdEQseURBQXdFO0FBQ3hFLHFEQUEyQztBQUUzQyxTQUFnQixXQUFXLENBQzFCLE9BQWUsRUFDZixFQUFDLFdBQVcsRUFBRSxHQUFHLE9BQU8sRUFJdkI7SUFFRCxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxFQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUMsQ0FBQyxDQUFBO0lBQ3RELE9BQU8sS0FBSyxFQUFDLElBQUksRUFBQyxFQUFFO1FBQ25CLE1BQU0sR0FBRyxHQUFHLElBQUEsY0FBTSxHQUFFLENBQUE7UUFDcEIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRWhFLE1BQU0sRUFBQyxRQUFRLEVBQUMsR0FBRyxJQUFBLDJCQUFVLEVBQUMsR0FBRyxDQUFDLENBQUE7UUFDbEMsTUFBTSxPQUFPLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFDLFFBQVEsRUFBQyxDQUFDLENBQUE7UUFDM0MsSUFBSSxDQUFDLE9BQU87WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRTNCLElBQUksQ0FBQztZQUNKLE1BQU0sSUFBQSxrQ0FBZSxFQUNwQixHQUFHLEVBQ0gsSUFBQSxjQUFNLEdBQUUsRUFDUCxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUM7bUJBQ3BCLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxFQUMvQixPQUFPLENBQ1AsQ0FBQTtRQUNGLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1osT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxpR0FBaUc7UUFDakgsQ0FBQztJQUNGLENBQUMsQ0FBQTtBQUNGLENBQUM7QUE3QkQsa0NBNkJDIn0=
|
package/cjs/staticHelpers.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
3
3
|
import './polyfillWithResolvers.js';
|
|
4
|
-
export interface
|
|
4
|
+
export interface SendFileOptions {
|
|
5
|
+
allowDotfiles?: boolean;
|
|
6
|
+
root?: string;
|
|
5
7
|
disableAcceptRanges?: boolean;
|
|
6
8
|
disableLastModified?: boolean;
|
|
7
9
|
etag?: 'disabled' | 'strong' | 'weak';
|
|
@@ -12,5 +14,5 @@ export interface TrustedSendOptions {
|
|
|
12
14
|
start?: number;
|
|
13
15
|
}
|
|
14
16
|
export declare function sendFileTrusted(req: IncomingMessage, res: ServerResponse, pathname: string, // plain path, not URI-encoded
|
|
15
|
-
{ start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
16
|
-
immutable, }?:
|
|
17
|
+
{ root, allowDotfiles, start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
18
|
+
immutable, }?: SendFileOptions): Promise<void>;
|
package/cjs/staticHelpers.js
CHANGED
|
@@ -15,9 +15,40 @@ const node_fs_1 = require("node:fs");
|
|
|
15
15
|
const onFinished_js_1 = require("./vendors/onFinished.js");
|
|
16
16
|
const node_util_1 = require("node:util");
|
|
17
17
|
const BYTES_RANGE_REGEXP = /^ *bytes=/;
|
|
18
|
+
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
18
19
|
async function sendFileTrusted(req, res, pathname, // plain path, not URI-encoded
|
|
19
|
-
{ start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
20
|
+
{ root, allowDotfiles, start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
20
21
|
immutable, } = {}) {
|
|
22
|
+
// null byte(s)
|
|
23
|
+
if (pathname.includes('\0'))
|
|
24
|
+
throw new Error('Forbidden');
|
|
25
|
+
let parts;
|
|
26
|
+
if (root) {
|
|
27
|
+
// normalize
|
|
28
|
+
pathname = node_path_1.default.normalize(`.${node_path_1.default.sep}${pathname}`);
|
|
29
|
+
// malicious path
|
|
30
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
31
|
+
throw new Error('Forbidden');
|
|
32
|
+
// explode path parts
|
|
33
|
+
parts = pathname.split(node_path_1.default.sep);
|
|
34
|
+
// join / normalize from optional root dir
|
|
35
|
+
pathname = node_path_1.default.normalize(node_path_1.default.join(root, pathname));
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
// malicious path
|
|
39
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
40
|
+
throw new Error('Forbidden');
|
|
41
|
+
// explode path parts
|
|
42
|
+
parts = node_path_1.default.normalize(pathname).split(node_path_1.default.sep);
|
|
43
|
+
// join / normalize from optional root dir
|
|
44
|
+
pathname = node_path_1.default.resolve(pathname);
|
|
45
|
+
}
|
|
46
|
+
// dotfile handling
|
|
47
|
+
if (parts.some(part => part.length > 1 && part[0] === '.') && !allowDotfiles)
|
|
48
|
+
throw new Error('Forbidden: dotfiles are not allowed');
|
|
49
|
+
// pathEndsWithSep
|
|
50
|
+
if (pathname[pathname.length - 1] === node_path_1.default.sep)
|
|
51
|
+
throw new Error('Forbidden: directory access is not allowed');
|
|
21
52
|
const fileStat = await (0, promises_1.stat)(pathname);
|
|
22
53
|
// not found, check extensions
|
|
23
54
|
// if (err.code === 'ENOENT' && !path.extname(pathname) && !pathEndsWithSep) throw err
|
|
@@ -161,4 +192,4 @@ function isRangeFresh(req, res) {
|
|
|
161
192
|
function contentRange(type, size, range) {
|
|
162
193
|
return `${type} ${range ? range.start + '-' + range.end : '*'}/${size}`;
|
|
163
194
|
}
|
|
164
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
195
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUNBLHNDQUFtQztBQUNuQywwREFBNEI7QUFDNUIsK0NBQXFDO0FBQ3JDLCtDQUF3RDtBQUN4RCwrQ0FBeUQ7QUFDekQsaURBQXVFO0FBQ3ZFLDZEQUFtRDtBQUNuRCxxQ0FBd0M7QUFDeEMsMkRBQWtEO0FBQ2xELHlDQUFtQztBQUVuQyxNQUFNLGtCQUFrQixHQUFHLFdBQVcsQ0FBQTtBQUN0QyxNQUFNLGNBQWMsR0FBRyw0QkFBNEIsQ0FBQTtBQXFCNUMsS0FBSyxVQUFVLGVBQWUsQ0FDcEMsR0FBb0IsRUFDcEIsR0FBbUIsRUFDbkIsUUFBZ0IsRUFBRSw4QkFBOEI7QUFDaEQsRUFDQyxJQUFJLEVBQUUsYUFBYSxFQUNuQixLQUFLLEdBQUcsQ0FBQyxFQUFFLEdBQUcsRUFDZCxtQkFBbUIsRUFDbkIsbUJBQW1CLEVBQ25CLElBQUksR0FBRyxRQUFRLEVBQ2YsbUJBQW1CLEVBQ25CLE1BQU0sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxHQUFHLEdBQUcsSUFBSSxFQUFFLFNBQVM7QUFDN0MsU0FBUyxNQUNXLEVBQUU7SUFFdkIsZUFBZTtJQUNmLElBQUksUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBRXpELElBQUksS0FBZSxDQUFBO0lBQ25CLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVixZQUFZO1FBQ1osUUFBUSxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLElBQUksbUJBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7UUFFL0QscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLG1CQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxtQkFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUUvRCxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLG1CQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxtQkFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsbUJBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO0lBRXBJLGtCQUFrQjtJQUNsQixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLG1CQUFJLENBQUMsR0FBRztRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsNENBQTRDLENBQUMsQ0FBQTtJQUU3RyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsZUFBSSxFQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ3JDLDhCQUE4QjtJQUM5QixzRkFBc0Y7SUFDdEYsc0JBQXNCO0lBQ3RCLHdCQUF3QjtJQUN4QixrQkFBa0I7SUFDbEIsbUJBQW1CO0lBQ25CLFlBQVk7SUFDWixJQUFJO0lBRUosSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRXpGLElBQUksR0FBRyxDQUFDLFdBQVc7UUFBRSxPQUFNO0lBRTNCLDBCQUEwQjtJQUUxQixJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBRXBHLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQ3pGO1lBQ0MsbUJBQW1CLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxFQUFFO1lBQzlDLFNBQVMsSUFBSSxXQUFXO1NBQ3hCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDNUIsQ0FBQTtJQUVELElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFBO0lBRXpILElBQUksSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxLQUFLLE1BQU0sQ0FBQyxDQUFDLENBQUMsSUFBQSxpQkFBTyxFQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLElBQUEsdUJBQWEsRUFBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDOUosNkJBQTZCO0lBRTdCLGVBQWU7SUFDZixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsRUFBRSxJQUFBLGlDQUF1QixFQUFDLG1CQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLDBCQUEwQixDQUFDLENBQUE7SUFFekosMEJBQTBCO0lBQzFCLG1CQUFtQjtJQUNuQixJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7UUFDdkksOEJBQThCO1FBQzlCLFdBQVc7UUFDWCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQ3JDLElBQUksS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFBO1lBQ2xDLElBQ0MsQ0FBQyxJQUFJO21CQUNGLENBQUMsS0FBSyxLQUFLLEdBQUcsSUFBSSxJQUFBLHlCQUFjLEVBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxLQUFLLElBQUksSUFBSSxLQUFLLEtBQUssSUFBSSxHQUFHLElBQUksSUFBSSxJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksQ0FBQyxDQUFDO2dCQUMzSCxNQUFNLElBQUksS0FBSyxDQUFDLGdFQUFnRSxDQUFDLENBQUE7UUFDcEYsQ0FBQztRQUVELG9GQUFvRjtRQUNwRixJQUFJLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztZQUNyQixNQUFNLGVBQWUsR0FBRyxJQUFBLHdCQUFhLEVBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUE7WUFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLFlBQVksR0FBRyxJQUFBLHdCQUFhLEVBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFBO2dCQUNsRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxZQUFZLEdBQUcsZUFBZTtvQkFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDBFQUEwRSxDQUFDLENBQUE7WUFDdkosQ0FBQztRQUNGLENBQUM7UUFDRCxpQ0FBaUM7UUFFakMsYUFBYTtRQUNiLElBQ0MsQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxLQUFLLEdBQUcsQ0FBQztlQUN0RSxJQUFBLGdCQUFLLEVBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRTtnQkFDckIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2dCQUMzQixrRUFBa0U7Z0JBQ2xFLGVBQWUsRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQzdFLENBQUMsRUFDRCxDQUFDO1lBQ0YsNEJBQTRCO1lBQzVCLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUE7WUFDcEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFBO1lBQ2xDLEdBQUcsQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLENBQUE7WUFDakMsR0FBRyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUNoQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixPQUFPLEtBQUssTUFBTSxJQUFBLHFCQUFTLEVBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO1FBQ2pELENBQUM7SUFDRixDQUFDO0lBRUQsa0NBQWtDO0lBQ2xDLElBQUksR0FBRyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUE7SUFDdkIsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsR0FBRyxLQUFLLENBQUMsQ0FBQTtJQUM5QixJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUM3QixJQUFJLEdBQUcsR0FBRyxLQUFLO1lBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQTtJQUM3QixDQUFDO0lBRUQsZ0JBQWdCO0lBQ2hCLElBQUksTUFBTSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFBO0lBQzlCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDbkUsUUFBUTtRQUNSLElBQUksU0FBUyxHQUFHLElBQUEsMkJBQVUsRUFBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUMsT0FBTyxFQUFFLElBQUksRUFBQyxDQUFDLENBQUE7UUFFeEQsbUJBQW1CO1FBQ25CLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQztZQUFFLFNBQVMsR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUUzQyxnQkFBZ0I7UUFDaEIsSUFBSSxTQUFTLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUN0QixnQkFBZ0I7WUFDaEIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBRTFELHNDQUFzQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLHFFQUFxRSxDQUFDLENBQUE7WUFDdEYsMkJBQTJCO1lBQzNCLDhEQUE4RDtZQUM5RCxLQUFLO1FBQ04sQ0FBQztRQUVELGtGQUFrRjtRQUNsRixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hELGdCQUFnQjtZQUNoQixHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBRXhFLDZCQUE2QjtZQUM3QixLQUFLLElBQUksU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQTtZQUMzQixHQUFHLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUNoRCxDQUFDO0lBQ0YsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsS0FBSyxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUV0QyxpQkFBaUI7SUFDakIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUVwQyxlQUFlO0lBQ2YsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07UUFBRSxPQUFPLEtBQUssTUFBTSxJQUFBLHFCQUFTLEVBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBRTNFLDhCQUE4QjtJQUM5QixNQUFNLE1BQU0sR0FBRyxJQUFBLDBCQUFnQixFQUFDLFFBQVEsRUFBRSxFQUFDLEtBQUssRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7SUFFaEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLGFBQWEsRUFBUSxDQUFBO0lBRTNDLElBQUEsMEJBQVUsRUFBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDeEIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLEVBQUU7UUFDeEIsT0FBTyxFQUFFLENBQUE7UUFDVCxLQUFLLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ2xCLENBQUMsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQy9CLFNBQVMsT0FBTztRQUNmLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQTtJQUNqQixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFBO0FBQ3JCLENBQUM7QUFoTUQsMENBZ01DO0FBRUQsU0FBUyxZQUFZLENBQUUsR0FBb0IsRUFBRSxHQUFtQjtJQUMvRCxNQUFNLE9BQU8sR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRXZDLElBQUksQ0FBQyxPQUFPO1FBQUUsT0FBTyxJQUFJLENBQUE7SUFFekIsbUJBQW1CO0lBQ25CLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDbEMsT0FBTyxJQUFJLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUN0QyxDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUE7SUFDbkQsT0FBTyxJQUFBLHdCQUFhLEVBQUMsWUFBWSxDQUFDLElBQUksSUFBQSx3QkFBYSxFQUFDLE9BQU8sQ0FBQyxDQUFBO0FBQzdELENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLEtBQUs7SUFDdkMsT0FBTyxHQUFHLElBQUksSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQTtBQUN4RSxDQUFDIn0=
|
package/esm/dx.d.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
/// <reference types="node" resolution-mode="require"/>
|
|
4
4
|
import { Readable } from 'node:stream';
|
|
5
5
|
import type { IncomingMessage, ServerResponse } from 'node:http';
|
|
6
|
-
import type {
|
|
6
|
+
import type { SendFileOptions } from './staticHelpers.js';
|
|
7
7
|
export interface Chainable<P extends any[] = any[], R = any, Next = (...np: any[]) => any> {
|
|
8
8
|
(next: Next, ...p: P): R;
|
|
9
9
|
}
|
|
@@ -30,7 +30,7 @@ export declare function setEmpty({ status }?: {
|
|
|
30
30
|
export declare function setHtml(html: string, opts?: {
|
|
31
31
|
status?: number;
|
|
32
32
|
}): void;
|
|
33
|
-
export declare function setFile(filePath: string, options?:
|
|
33
|
+
export declare function setFile(filePath: string, options?: SendFileOptions): void;
|
|
34
34
|
export declare function setBuffer(buffer: Buffer, { status }?: {
|
|
35
35
|
status?: number;
|
|
36
36
|
}): void;
|
package/esm/dx.js
CHANGED
|
@@ -125,4 +125,4 @@ export function setRedirect(url, status) {
|
|
|
125
125
|
// https://github.com/jshttp/content-disposition/blob/1037e24e4790273da96645ad250061f39e77968c/index.js#L186
|
|
126
126
|
// because in most applications, users can specify a simple filename which usually doesn't need to be validated.
|
|
127
127
|
// we leave setDownload() implementation for users, for now.
|
|
128
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
128
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvZHgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFDLGlCQUFpQixFQUFDLE1BQU0sa0JBQWtCLENBQUE7QUFDbEQsT0FBTyxFQUFpQixRQUFRLEVBQUMsTUFBTSxnQkFBZ0IsQ0FBQTtBQXVCdkQsTUFBTSxVQUFVLGFBQWEsQ0FLM0IsS0FBNEM7SUFDN0MsTUFBTSxVQUFVLEdBQUcsSUFBSSxPQUFPLEVBQStCLENBQUE7SUFDN0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxPQUFPLEVBQXNCLENBQUE7SUFDbEQsTUFBTSxPQUFPLEdBQWdDLENBQUMsR0FBRyxNQUFjLEVBQUUsRUFBRTtRQUNsRSxNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtRQUNwQixJQUFJLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFBRSxVQUFVLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUN6RCxNQUFNLEtBQUssR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFBO2dCQUNwQyxRQUFRLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQTtnQkFDeEIsT0FBTyxLQUFLLENBQUE7WUFDYixDQUFDLENBQUMsRUFBRSxDQUFDLENBQUE7UUFDTCxPQUFPLFVBQVUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7SUFDM0IsQ0FBQyxDQUFBO0lBQ0QsTUFBTSxDQUFDLGNBQWMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFO1FBQ3ZDLEdBQUcsS0FBSSxPQUFPLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQSxDQUFBLENBQUM7UUFDckMsR0FBRyxDQUFDLEtBQUs7WUFDUixNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtZQUNwQixVQUFVLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUE7WUFDM0MsUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUE7UUFDekIsQ0FBQztLQUNELENBQUMsQ0FBQTtJQUNGLE9BQU8sQ0FBQyxLQUFLLEdBQUcsQ0FBQyxHQUFHLE1BQU0sRUFBRSxFQUFFLENBQUMsS0FBSyxFQUFDLElBQUksRUFBQyxFQUFFO1FBQzNDLE1BQU0sT0FBTyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUE7UUFDeEIsT0FBTyxJQUFJLEVBQUUsQ0FBQTtJQUNkLENBQUMsQ0FBQTtJQUNELE9BQU8sQ0FBQyxHQUFHLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUU7UUFDNUIsVUFBVSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFBO1FBQzNDLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFBO0lBQ3pCLENBQUMsQ0FBQTtJQUNELE9BQU8sQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ3RDLE9BQU8sT0FBTyxDQUFBO0FBQ2YsQ0FBQztBQUVELE1BQU0sY0FBYyxHQUFHLElBQUksaUJBQWlCLEVBR3hDLENBQUE7QUFDSixNQUFNLFNBQVMsR0FBRyxhQUFhLENBQVksT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUMsR0FBRyxPQUFPLEVBQUMsQ0FBQyxDQUFDLENBQUE7QUFDckUsTUFBTSxVQUFVLFFBQVEsQ0FDdkIsR0FBb0IsRUFDcEIsR0FBbUIsRUFDbkIsVUFHSSxFQUFFO0lBRU4sT0FBTyxLQUFLLEVBQUMsSUFBSSxFQUFDLEVBQUU7UUFDbkIsU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsRUFBQyxHQUFHLE9BQU8sRUFBQyxDQUFDLENBQUE7UUFDaEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxjQUFjLENBQUMsR0FBRyxDQUFDLEVBQUMsR0FBRyxFQUFFLEdBQUcsRUFBQyxFQUFFLElBQUksQ0FBQyxDQUFBO1FBQ3pELE1BQU0sUUFBUSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFBO1FBQzVDLE9BQU8sTUFBTSxDQUFBO0lBQ2QsQ0FBQyxDQUFBO0FBQ0YsQ0FBQztBQUVELGVBQWU7QUFDZixnREFBZ0Q7QUFDaEQsMkZBQTJGO0FBQzNGLGdGQUFnRjtBQUNoRixNQUFNLFVBQVUsTUFBTSxLQUFxQixPQUFPLGNBQWMsQ0FBQyxRQUFRLEVBQUcsQ0FBQyxHQUFHLENBQUEsQ0FBQSxDQUFDO0FBQ2pGLE1BQU0sVUFBVSxNQUFNLEtBQW9CLE9BQU8sY0FBYyxDQUFDLFFBQVEsRUFBRyxDQUFDLEdBQUcsQ0FBQSxDQUFBLENBQUM7QUFFaEYsTUFBTSxVQUFVLE9BQU8sQ0FBQyxJQUFZLEVBQUUsRUFBQyxNQUFNLEtBQXlCLEVBQUU7SUFDdkUsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixJQUFJLE1BQU07UUFBRSxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUNuQyxFQUFFLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQTtJQUNkLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0FBQ2pCLENBQUM7QUFFRCxNQUFNLFVBQVUsUUFBUSxDQUFDLEVBQUMsTUFBTSxLQUF5QixFQUFFO0lBQzFELE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO0lBQ3BCLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUE7SUFDMUIsSUFBSSxNQUFNO1FBQUUsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUE7SUFDbkMsRUFBRSxDQUFDLElBQUksR0FBRyxTQUFTLENBQUE7SUFDbkIsRUFBRSxDQUFDLElBQUksR0FBRyxPQUFPLENBQUE7QUFDbEIsQ0FBQztBQUVELE1BQU0sVUFBVSxPQUFPLENBQUMsSUFBWSxFQUFFLE9BQTRCLEVBQUU7SUFDbkUsT0FBTyxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQTtJQUNuQixNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFBO0lBQzFCLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0FBQ2pCLENBQUM7QUFFRCxNQUFNLFVBQVUsT0FBTyxDQUFDLFFBQWdCLEVBQUUsT0FBeUI7SUFDbEUsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixFQUFFLENBQUMsSUFBSSxHQUFHLFFBQVEsQ0FBQTtJQUNsQixFQUFFLENBQUMsSUFBSSxHQUFHLE1BQU0sQ0FBQTtJQUNoQixFQUFFLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQTtBQUNyQixDQUFDO0FBRUQsTUFBTSxVQUFVLFNBQVMsQ0FBQyxNQUFjLEVBQUUsRUFBQyxNQUFNLEtBQXlCLEVBQUU7SUFDM0UsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7SUFDcEIsTUFBTSxFQUFFLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQTtJQUMxQixJQUFJLE1BQU07UUFBRSxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUNuQyxFQUFFLENBQUMsSUFBSSxHQUFHLE1BQU0sQ0FBQTtJQUNoQixFQUFFLENBQUMsSUFBSSxHQUFHLFFBQVEsQ0FBQTtBQUNuQixDQUFDO0FBRUQsTUFBTSxVQUFVLGFBQWEsQ0FBQyxNQUFnQixFQUFFLEVBQUMsTUFBTSxLQUF5QixFQUFFO0lBQ2pGLE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO0lBQ3BCLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUE7SUFDMUIsSUFBSSxNQUFNO1FBQUUsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUE7SUFDbkMsRUFBRSxDQUFDLElBQUksR0FBRyxNQUFNLENBQUE7SUFDaEIsRUFBRSxDQUFDLElBQUksR0FBRyxZQUFZLENBQUE7QUFDdkIsQ0FBQztBQUVELE1BQU0sVUFBVSxZQUFZLENBQUMsTUFBc0IsRUFBRSxFQUFDLE1BQU0sS0FBeUIsRUFBRTtJQUN0RixNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtJQUNwQixNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFBO0lBQzFCLElBQUksTUFBTTtRQUFFLEdBQUcsQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFBO0lBQ25DLEVBQUUsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFBO0lBQ2hCLEVBQUUsQ0FBQyxJQUFJLEdBQUcsV0FBVyxDQUFBO0FBQ3RCLENBQUM7QUFFRCxNQUFNLFVBQVUsT0FBTyxDQUFDLElBQVMsRUFBRSxFQUFDLE1BQU0sS0FBeUIsRUFBRTtJQUNwRSxNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtJQUNwQixJQUFJLE1BQU07UUFBRSxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQTtJQUVuQyxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFBO0lBQzFCLEVBQUUsQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFBO0lBQ2QsRUFBRSxDQUFDLElBQUksR0FBRyxNQUFNLENBQUE7QUFDakIsQ0FBQztBQUVELE1BQU0sVUFBVSxXQUFXLENBQUMsR0FBVyxFQUFFLE1BQWlCO0lBQ3pELE1BQU0sR0FBRyxHQUFHLE1BQU0sRUFBRSxDQUFBO0lBQ3BCLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUE7SUFDMUIsR0FBRyxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUE7SUFDdkIsRUFBRSxDQUFDLElBQUksR0FBRyxHQUFHLENBQUE7SUFDYixFQUFFLENBQUMsSUFBSSxHQUFHLFVBQVUsQ0FBQTtBQUNyQixDQUFDO0FBRUQsK0NBQStDO0FBQy9DLDRFQUE0RTtBQUU1RSxtREFBbUQ7QUFDbkQsdUJBQXVCO0FBQ3ZCLEtBQUs7QUFDTCxxSkFBcUo7QUFFckosd0ZBQXdGO0FBQ3hGLHNDQUFzQztBQUN0Qyw0R0FBNEc7QUFDNUcsZ0hBQWdIO0FBQ2hILDREQUE0RCJ9
|
package/esm/dxHelpers.d.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
/// <reference types="node" resolution-mode="require"/>
|
|
4
4
|
import type { IncomingMessage, ServerResponse } from 'node:http';
|
|
5
5
|
import { Readable } from 'node:stream';
|
|
6
|
-
import { type
|
|
6
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
7
7
|
import './polyfillWithResolvers.js';
|
|
8
8
|
export type DxContext = {
|
|
9
9
|
charset?: BufferEncoding;
|
|
@@ -44,6 +44,6 @@ export type DxContext = {
|
|
|
44
44
|
} | {
|
|
45
45
|
type: 'file';
|
|
46
46
|
data: string;
|
|
47
|
-
options?:
|
|
47
|
+
options?: SendFileOptions;
|
|
48
48
|
});
|
|
49
49
|
export declare function writeRes(req: IncomingMessage, res: ServerResponse, { type, data, charset, jsonBeautify, disableEtag, options }: DxContext): Promise<void>;
|
package/esm/dxHelpers.js
CHANGED
|
@@ -116,4 +116,4 @@ export async function writeRes(req, res, { type, data, charset, jsonBeautify, di
|
|
|
116
116
|
await promisify(res.end.bind(res))();
|
|
117
117
|
}
|
|
118
118
|
}
|
|
119
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
119
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHhIZWxwZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2R4SGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQUMsUUFBUSxFQUFDLE1BQU0sYUFBYSxDQUFBO0FBQ3BDLE9BQU8sRUFBQyxTQUFTLEVBQUMsTUFBTSxXQUFXLENBQUE7QUFDbkMsT0FBTyxFQUFDLFNBQVMsRUFBRSxXQUFXLEVBQUMsTUFBTSxtQkFBbUIsQ0FBQTtBQUN4RCxPQUFPLEVBQUMsZUFBZSxFQUF1QixNQUFNLG9CQUFvQixDQUFBO0FBRXhFLE9BQU8sNEJBQTRCLENBQUE7QUFvRG5DLE1BQU0sQ0FBQyxLQUFLLFVBQVUsUUFBUSxDQUFDLEdBQW9CLEVBQUUsR0FBbUIsRUFBRSxFQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsT0FBTyxFQUFZO0lBQzdJLE1BQU0sY0FBYyxHQUFHLENBQUMsV0FBbUIsRUFBRSxFQUFFO1FBQzlDLElBQUksR0FBRyxDQUFDLFdBQVcsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQztZQUFFLE9BQU07UUFDNUQsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsR0FBRyxXQUFXLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxhQUFhLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFBO0lBQ3hGLENBQUMsQ0FBQTtJQUNELElBQUksY0FBYyxDQUFBO0lBRWxCLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDZCxLQUFLLE1BQU07WUFDVixjQUFjLENBQUMsWUFBWSxDQUFDLENBQUE7UUFDN0IsS0FBSyxNQUFNO1lBQ1YsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFBO1lBQzNCLG1CQUFtQjtZQUNuQixjQUFjLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ2pELE1BQUs7UUFDTixLQUFLLFFBQVE7WUFDWixjQUFjLENBQUMsMEJBQTBCLENBQUMsQ0FBQTtZQUMxQyxjQUFjLEdBQUcsSUFBSSxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ2pELE1BQUs7UUFDTixLQUFLLFlBQVk7WUFDaEIsY0FBYyxDQUFDLDBCQUEwQixDQUFDLENBQUE7WUFDMUMsY0FBYyxHQUFHLElBQUksSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsQ0FBQTtZQUNqRCxNQUFLO1FBQ04sS0FBSyxXQUFXO1lBQ2YsY0FBYyxDQUFDLDBCQUEwQixDQUFDLENBQUE7WUFDMUMsY0FBYyxHQUFHLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBaUQsSUFBSSxJQUFJLGNBQWMsRUFBRSxDQUFDLENBQUE7WUFDNUcsTUFBSztRQUNOLEtBQUssTUFBTTtZQUNWLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFBO1lBQ2xDLGNBQWMsR0FBRyxJQUFJLEtBQUssU0FBUztnQkFDbEMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQztnQkFDMUIsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxDQUFDLENBQUE7WUFDNUYsTUFBSztRQUNOLEtBQUssVUFBVSxFQUFFLDhDQUE4QztZQUM5RCxHQUFHLENBQUMsU0FBUyxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQTtZQUMvQixjQUFjLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLENBQUE7WUFDekMsTUFBSztRQUNOLEtBQUssTUFBTTtZQUNWLElBQUksQ0FBQztnQkFDSixNQUFNLGVBQWUsQ0FDcEIsR0FBRyxFQUNILEdBQUcsRUFDSCxJQUFJLEVBQ0osT0FBTyxDQUNQLENBQUE7WUFDRixDQUFDO1lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDWixhQUFhO1lBQ2QsQ0FBQztRQUNGLEtBQUssU0FBUztZQUNiLGtHQUFrRztZQUNsRyxPQUFNO1FBQ1AsS0FBSyxPQUFPO1lBQ1gsY0FBYyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1lBQ3pDLE1BQUs7UUFDTjtZQUNDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQztnQkFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQTtZQUMvRSxNQUFNLElBQUksS0FBSyxDQUFDLDZCQUE2QixJQUFJLEVBQUUsQ0FBQyxDQUFBO0lBQ3RELENBQUM7SUFFRCxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNyQixpRUFBaUU7UUFDakUsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUMxQix3Q0FBd0M7UUFDekMsQ0FBQzthQUFNLElBQUksR0FBRyxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzlCLHdDQUF3QztZQUN4QywyQ0FBMkM7WUFDM0MseUNBQXlDO1lBQ3pDLHNCQUFzQjtZQUN0QixxQ0FBcUM7WUFDckMsaUNBQWlDO1FBQ2xDLENBQUM7O1lBQU0sTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBQzVDLENBQUM7U0FBTSxDQUFDO1FBQ1AsMEdBQTBHO1FBQzFHLDhDQUE4QztRQUM5QyxvQ0FBb0M7UUFDcEMsc0NBQXNDO1FBQ3RDLHlDQUF5QztRQUN6QyxvQkFBb0I7UUFDcEIsSUFBSTtRQUNKLHNGQUFzRjtRQUN0RixzQ0FBc0M7UUFDdEMseUNBQXlDO1FBQ3pDLFNBQVM7UUFDVCxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDM0IsSUFBSSxNQUFNLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JDLDREQUE0RDtnQkFDNUQsR0FBRyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUE7Z0JBRXRELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDbEIsTUFBTSxJQUFJLEdBQUcsU0FBUyxDQUFDLGNBQWMsQ0FBQyxDQUFBO29CQUN0QyxzREFBc0Q7b0JBRXRELEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxDQUFBO29CQUMzQixJQUFJLFdBQVcsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLEVBQUUsQ0FBQzt3QkFDNUIsR0FBRyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTt3QkFDaEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFBO3dCQUNsQyxHQUFHLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUFDLENBQUE7d0JBQ3JDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFBO3dCQUNwQixnQkFBZ0I7b0JBQ2pCLENBQUM7O3dCQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7Z0JBQ2pDLENBQUM7O29CQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7WUFDakMsQ0FBQztpQkFBTSxDQUFDO2dCQUNQLGNBQWMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7Z0JBQ3hCLE9BQU0sQ0FBQyxlQUFlO1lBQ3ZCLENBQUM7WUFDRCw4RkFBOEY7UUFDL0YsQ0FBQztRQUVELE1BQU0sU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQTtJQUNyQyxDQUFDO0FBQ0YsQ0FBQyJ9
|
package/esm/static.d.ts
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import { type Chainable } from './dx.js';
|
|
2
|
-
import { type
|
|
3
|
-
export declare function chainStatic(pattern: string, { getPathname, ...options }:
|
|
2
|
+
import { type SendFileOptions } from './staticHelpers.js';
|
|
3
|
+
export declare function chainStatic(pattern: string, { getPathname, ...options }: SendFileOptions & {
|
|
4
4
|
getPathname?(matched: any): string;
|
|
5
|
-
dotfiles?: 'allow' | 'deny' | 'ignore';
|
|
6
|
-
root?: string;
|
|
7
5
|
}): Chainable;
|
package/esm/static.js
CHANGED
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import { getReq, getRes
|
|
1
|
+
import { getReq, getRes } from './dx.js';
|
|
2
2
|
import { sendFileTrusted } from './staticHelpers.js';
|
|
3
3
|
import { urlFromReq } from './bodyHelpers.js';
|
|
4
|
-
import path from 'node:path';
|
|
5
|
-
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
6
4
|
export function chainStatic(pattern, { getPathname, ...options }) {
|
|
7
5
|
const urlPattern = new URLPattern({ pathname: pattern });
|
|
8
6
|
return async (next) => {
|
|
@@ -14,7 +12,7 @@ export function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
14
12
|
if (!matched)
|
|
15
13
|
return next();
|
|
16
14
|
try {
|
|
17
|
-
await
|
|
15
|
+
await sendFileTrusted(req, getRes(), getPathname?.(matched)
|
|
18
16
|
?? decodeURIComponent(pathname), options);
|
|
19
17
|
}
|
|
20
18
|
catch (e) {
|
|
@@ -22,47 +20,4 @@ export function chainStatic(pattern, { getPathname, ...options }) {
|
|
|
22
20
|
}
|
|
23
21
|
};
|
|
24
22
|
}
|
|
25
|
-
|
|
26
|
-
options) {
|
|
27
|
-
const { root, dotfiles, ...trustedSendOptions } = options ?? {};
|
|
28
|
-
// null byte(s)
|
|
29
|
-
if (pathname.includes('\0'))
|
|
30
|
-
return setHtml('Invalid request', { status: 400 });
|
|
31
|
-
let parts;
|
|
32
|
-
if (root) {
|
|
33
|
-
// normalize
|
|
34
|
-
pathname = path.normalize(`.${path.sep}${pathname}`);
|
|
35
|
-
// malicious path
|
|
36
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
37
|
-
return setHtml('Forbidden', { status: 403 });
|
|
38
|
-
// explode path parts
|
|
39
|
-
parts = pathname.split(path.sep);
|
|
40
|
-
// join / normalize from optional root dir
|
|
41
|
-
pathname = path.normalize(path.join(root, pathname));
|
|
42
|
-
}
|
|
43
|
-
else {
|
|
44
|
-
// malicious path
|
|
45
|
-
if (UP_PATH_REGEXP.test(pathname))
|
|
46
|
-
return setHtml('Forbidden', { status: 403 });
|
|
47
|
-
// explode path parts
|
|
48
|
-
parts = path.normalize(pathname).split(path.sep);
|
|
49
|
-
// join / normalize from optional root dir
|
|
50
|
-
pathname = path.resolve(pathname);
|
|
51
|
-
}
|
|
52
|
-
// dotfile handling
|
|
53
|
-
if (parts.some(part => part.length > 1 && part[0] === '.'))
|
|
54
|
-
switch (dotfiles) {
|
|
55
|
-
case 'allow':
|
|
56
|
-
break;
|
|
57
|
-
case 'deny':
|
|
58
|
-
return setHtml('Forbidden', { status: 403 });
|
|
59
|
-
case 'ignore':
|
|
60
|
-
default:
|
|
61
|
-
throw new Error('Forbidden: dotfiles are not allowed');
|
|
62
|
-
}
|
|
63
|
-
// pathEndsWithSep
|
|
64
|
-
if (pathname[pathname.length - 1] === path.sep)
|
|
65
|
-
return setHtml('Forbidden: directory access is not allowed', { status: 403 });
|
|
66
|
-
return sendFileTrusted(req, res, pathname, trustedSendOptions);
|
|
67
|
-
}
|
|
68
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQWlCLE1BQU0sRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFDLE1BQU0sU0FBUyxDQUFBO0FBQy9ELE9BQU8sRUFBQyxlQUFlLEVBQTBCLE1BQU0sb0JBQW9CLENBQUE7QUFDM0UsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLGtCQUFrQixDQUFBO0FBRTNDLE9BQU8sSUFBSSxNQUFNLFdBQVcsQ0FBQTtBQUU1QixNQUFNLGNBQWMsR0FBRyw0QkFBNEIsQ0FBQTtBQUVuRCxNQUFNLFVBQVUsV0FBVyxDQUMxQixPQUFlLEVBQ2YsRUFBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLEVBUXZCO0lBRUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsRUFBQyxRQUFRLEVBQUUsT0FBTyxFQUFDLENBQUMsQ0FBQTtJQUN0RCxPQUFPLEtBQUssRUFBQyxJQUFJLEVBQUMsRUFBRTtRQUNuQixNQUFNLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQTtRQUNwQixJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssTUFBTTtZQUFFLE9BQU8sSUFBSSxFQUFFLENBQUE7UUFFaEUsTUFBTSxFQUFDLFFBQVEsRUFBQyxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNsQyxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUMsUUFBUSxFQUFDLENBQUMsQ0FBQTtRQUMzQyxJQUFJLENBQUMsT0FBTztZQUFFLE9BQU8sSUFBSSxFQUFFLENBQUE7UUFFM0IsSUFBSSxDQUFDO1lBQ0osTUFBTSxRQUFRLENBQ2IsR0FBRyxFQUNILE1BQU0sRUFBRSxFQUNQLFdBQVcsRUFBRSxDQUFDLE9BQU8sQ0FBQzttQkFDcEIsa0JBQWtCLENBQUMsUUFBUSxDQUFDLEVBQy9CLE9BQU8sQ0FDUCxDQUFBO1FBQ0YsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWixPQUFPLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQSxDQUFDLGlHQUFpRztRQUNqSCxDQUFDO0lBQ0YsQ0FBQyxDQUFBO0FBQ0YsQ0FBQztBQUVELEtBQUssVUFBVSxRQUFRLENBQ3RCLEdBQW9CLEVBQ3BCLEdBQW1CLEVBQ25CLFFBQWdCLEVBQUUsOEJBQThCO0FBQ2hELE9BS0M7SUFFRCxNQUFNLEVBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxHQUFHLGtCQUFrQixFQUFDLEdBQUcsT0FBTyxJQUFJLEVBQUUsQ0FBQTtJQUU3RCxlQUFlO0lBQ2YsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUFFLE9BQU8sT0FBTyxDQUFDLGlCQUFpQixFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFN0UsSUFBSSxLQUFlLENBQUE7SUFDbkIsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNWLFlBQVk7UUFDWixRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLElBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1FBRTdFLHFCQUFxQjtRQUNyQixLQUFLLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFaEMsMENBQTBDO1FBQzFDLFFBQVEsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUE7SUFDckQsQ0FBQztTQUFNLENBQUM7UUFDUCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1FBRTdFLHFCQUFxQjtRQUNyQixLQUFLLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBRWhELDBDQUEwQztRQUMxQyxRQUFRLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQTtJQUNsQyxDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUM7UUFBRSxRQUFRLFFBQVEsRUFBRSxDQUFDO1lBQzlFLEtBQUssT0FBTztnQkFDWCxNQUFLO1lBQ04sS0FBSyxNQUFNO2dCQUNWLE9BQU8sT0FBTyxDQUFDLFdBQVcsRUFBRSxFQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO1lBQzNDLEtBQUssUUFBUSxDQUFDO1lBQ2Q7Z0JBQ0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3hELENBQUM7SUFFRCxrQkFBa0I7SUFDbEIsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsS0FBSyxJQUFJLENBQUMsR0FBRztRQUFFLE9BQU8sT0FBTyxDQUFDLDRDQUE0QyxFQUFFLEVBQUMsTUFBTSxFQUFFLEdBQUcsRUFBQyxDQUFDLENBQUE7SUFFM0gsT0FBTyxlQUFlLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsa0JBQWtCLENBQUMsQ0FBQTtBQUMvRCxDQUFDIn0=
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3N0YXRpYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQWlCLE1BQU0sRUFBRSxNQUFNLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDdEQsT0FBTyxFQUF1QixlQUFlLEVBQUMsTUFBTSxvQkFBb0IsQ0FBQTtBQUN4RSxPQUFPLEVBQUMsVUFBVSxFQUFDLE1BQU0sa0JBQWtCLENBQUE7QUFFM0MsTUFBTSxVQUFVLFdBQVcsQ0FDMUIsT0FBZSxFQUNmLEVBQUMsV0FBVyxFQUFFLEdBQUcsT0FBTyxFQUl2QjtJQUVELE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDLEVBQUMsUUFBUSxFQUFFLE9BQU8sRUFBQyxDQUFDLENBQUE7SUFDdEQsT0FBTyxLQUFLLEVBQUMsSUFBSSxFQUFDLEVBQUU7UUFDbkIsTUFBTSxHQUFHLEdBQUcsTUFBTSxFQUFFLENBQUE7UUFDcEIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRWhFLE1BQU0sRUFBQyxRQUFRLEVBQUMsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDbEMsTUFBTSxPQUFPLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFDLFFBQVEsRUFBQyxDQUFDLENBQUE7UUFDM0MsSUFBSSxDQUFDLE9BQU87WUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO1FBRTNCLElBQUksQ0FBQztZQUNKLE1BQU0sZUFBZSxDQUNwQixHQUFHLEVBQ0gsTUFBTSxFQUFFLEVBQ1AsV0FBVyxFQUFFLENBQUMsT0FBTyxDQUFDO21CQUNwQixrQkFBa0IsQ0FBQyxRQUFRLENBQUMsRUFDL0IsT0FBTyxDQUNQLENBQUE7UUFDRixDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNaLE9BQU8sSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFBLENBQUMsaUdBQWlHO1FBQ2pILENBQUM7SUFDRixDQUFDLENBQUE7QUFDRixDQUFDIn0=
|
package/esm/staticHelpers.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
3
3
|
import './polyfillWithResolvers.js';
|
|
4
|
-
export interface
|
|
4
|
+
export interface SendFileOptions {
|
|
5
|
+
allowDotfiles?: boolean;
|
|
6
|
+
root?: string;
|
|
5
7
|
disableAcceptRanges?: boolean;
|
|
6
8
|
disableLastModified?: boolean;
|
|
7
9
|
etag?: 'disabled' | 'strong' | 'weak';
|
|
@@ -12,5 +14,5 @@ export interface TrustedSendOptions {
|
|
|
12
14
|
start?: number;
|
|
13
15
|
}
|
|
14
16
|
export declare function sendFileTrusted(req: IncomingMessage, res: ServerResponse, pathname: string, // plain path, not URI-encoded
|
|
15
|
-
{ start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
16
|
-
immutable, }?:
|
|
17
|
+
{ root, allowDotfiles, start, end, disableAcceptRanges, disableLastModified, etag, disableCacheControl, maxAge, // 1 year
|
|
18
|
+
immutable, }?: SendFileOptions): Promise<void>;
|
package/esm/staticHelpers.js
CHANGED
|
@@ -9,9 +9,40 @@ import { createReadStream } from 'node:fs';
|
|
|
9
9
|
import { onFinished } from './vendors/onFinished.js';
|
|
10
10
|
import { promisify } from 'node:util';
|
|
11
11
|
const BYTES_RANGE_REGEXP = /^ *bytes=/;
|
|
12
|
+
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
|
|
12
13
|
export async function sendFileTrusted(req, res, pathname, // plain path, not URI-encoded
|
|
13
|
-
{ start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
14
|
+
{ root, allowDotfiles, start = 0, end, disableAcceptRanges, disableLastModified, etag = 'strong', disableCacheControl, maxAge = 60 * 60 * 24 * 365 * 1000, // 1 year
|
|
14
15
|
immutable, } = {}) {
|
|
16
|
+
// null byte(s)
|
|
17
|
+
if (pathname.includes('\0'))
|
|
18
|
+
throw new Error('Forbidden');
|
|
19
|
+
let parts;
|
|
20
|
+
if (root) {
|
|
21
|
+
// normalize
|
|
22
|
+
pathname = path.normalize(`.${path.sep}${pathname}`);
|
|
23
|
+
// malicious path
|
|
24
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
25
|
+
throw new Error('Forbidden');
|
|
26
|
+
// explode path parts
|
|
27
|
+
parts = pathname.split(path.sep);
|
|
28
|
+
// join / normalize from optional root dir
|
|
29
|
+
pathname = path.normalize(path.join(root, pathname));
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
// malicious path
|
|
33
|
+
if (UP_PATH_REGEXP.test(pathname))
|
|
34
|
+
throw new Error('Forbidden');
|
|
35
|
+
// explode path parts
|
|
36
|
+
parts = path.normalize(pathname).split(path.sep);
|
|
37
|
+
// join / normalize from optional root dir
|
|
38
|
+
pathname = path.resolve(pathname);
|
|
39
|
+
}
|
|
40
|
+
// dotfile handling
|
|
41
|
+
if (parts.some(part => part.length > 1 && part[0] === '.') && !allowDotfiles)
|
|
42
|
+
throw new Error('Forbidden: dotfiles are not allowed');
|
|
43
|
+
// pathEndsWithSep
|
|
44
|
+
if (pathname[pathname.length - 1] === path.sep)
|
|
45
|
+
throw new Error('Forbidden: directory access is not allowed');
|
|
15
46
|
const fileStat = await stat(pathname);
|
|
16
47
|
// not found, check extensions
|
|
17
48
|
// if (err.code === 'ENOENT' && !path.extname(pathname) && !pathEndsWithSep) throw err
|
|
@@ -154,4 +185,4 @@ function isRangeFresh(req, res) {
|
|
|
154
185
|
function contentRange(type, size, range) {
|
|
155
186
|
return `${type} ${range ? range.start + '-' + range.end : '*'}/${size}`;
|
|
156
187
|
}
|
|
157
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sNEJBQTRCLENBQUE7QUFDbkMsT0FBTyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQzVCLE9BQU8sRUFBQyxJQUFJLEVBQUMsTUFBTSxrQkFBa0IsQ0FBQTtBQUNyQyxPQUFPLEVBQUMsYUFBYSxFQUFFLE9BQU8sRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3hELE9BQU8sRUFBQyx1QkFBdUIsRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3pELE9BQU8sRUFBQyxLQUFLLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBQyxNQUFNLG9CQUFvQixDQUFBO0FBQ3ZFLE9BQU8sRUFBQyxVQUFVLEVBQUMsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRCxPQUFPLEVBQUMsZ0JBQWdCLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDeEMsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLHlCQUF5QixDQUFBO0FBQ2xELE9BQU8sRUFBQyxTQUFTLEVBQUMsTUFBTSxXQUFXLENBQUE7QUFFbkMsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUE7QUFpQnRDLE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNwQyxHQUFvQixFQUNwQixHQUFtQixFQUNuQixRQUFnQixFQUFFLDhCQUE4QjtBQUNoRCxFQUNDLEtBQUssR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUNkLG1CQUFtQixFQUNuQixtQkFBbUIsRUFDbkIsSUFBSSxHQUFHLFFBQVEsRUFDZixtQkFBbUIsRUFDbkIsTUFBTSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxJQUFJLEVBQUUsU0FBUztBQUM3QyxTQUFTLE1BQzBCLEVBQUU7SUFFdEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDckMsOEJBQThCO0lBQzlCLHNGQUFzRjtJQUN0RixzQkFBc0I7SUFDdEIsd0JBQXdCO0lBQ3hCLGtCQUFrQjtJQUNsQixtQkFBbUI7SUFDbkIsWUFBWTtJQUNaLElBQUk7SUFFSixJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUU7UUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDRDQUE0QyxDQUFDLENBQUE7SUFFekYsSUFBSSxHQUFHLENBQUMsV0FBVztRQUFFLE9BQU07SUFFM0IsMEJBQTBCO0lBRTFCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFFcEcsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFDekY7WUFDQyxtQkFBbUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLEVBQUU7WUFDOUMsU0FBUyxJQUFJLFdBQVc7U0FDeEIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUM1QixDQUFBO0lBRUQsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUE7SUFFekgsSUFBSSxJQUFJLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sYUFBYSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQTtJQUM5Siw2QkFBNkI7SUFFN0IsZUFBZTtJQUNmLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLHVCQUF1QixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksMEJBQTBCLENBQUMsQ0FBQTtJQUV6SiwwQkFBMEI7SUFDMUIsbUJBQW1CO0lBQ25CLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQztRQUN2SSw4QkFBOEI7UUFDOUIsV0FBVztRQUNYLE1BQU0sS0FBSyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7UUFDckMsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7WUFDbEMsSUFDQyxDQUFDLElBQUk7bUJBQ0YsQ0FBQyxLQUFLLEtBQUssR0FBRyxJQUFJLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLEtBQUssSUFBSSxJQUFJLEtBQUssS0FBSyxJQUFJLEdBQUcsSUFBSSxJQUFJLElBQUksR0FBRyxLQUFLLEtBQUssSUFBSSxDQUFDLENBQUM7Z0JBQzNILE1BQU0sSUFBSSxLQUFLLENBQUMsZ0VBQWdFLENBQUMsQ0FBQTtRQUNwRixDQUFDO1FBRUQsb0ZBQW9GO1FBQ3BGLElBQUksSUFBSSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ3JCLE1BQU0sZUFBZSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDLENBQUMsQ0FBQTtZQUN6RSxJQUFJLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sWUFBWSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUE7Z0JBQ2xFLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxJQUFJLFlBQVksR0FBRyxlQUFlO29CQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMEVBQTBFLENBQUMsQ0FBQTtZQUN2SixDQUFDO1FBQ0YsQ0FBQztRQUNELGlDQUFpQztRQUVqQyxhQUFhO1FBQ2IsSUFDQyxDQUFDLEdBQUcsQ0FBQyxVQUFVLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLEtBQUssR0FBRyxDQUFDO2VBQ3RFLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFO2dCQUNyQixJQUFJLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7Z0JBQzNCLGtFQUFrRTtnQkFDbEUsZUFBZSxFQUFFLElBQUksS0FBSyxNQUFNLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7YUFDN0UsQ0FBQyxFQUNELENBQUM7WUFDRiw0QkFBNEI7WUFDNUIsR0FBRyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFBO1lBQ3BDLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGdCQUFnQixDQUFDLENBQUE7WUFDbEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxlQUFlLENBQUMsQ0FBQTtZQUNqQyxHQUFHLENBQUMsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFBO1lBQ2hDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFBO1lBQ3BCLE9BQU8sS0FBSyxNQUFNLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUE7UUFDakQsQ0FBQztJQUNGLENBQUM7SUFFRCxrQ0FBa0M7SUFDbEMsSUFBSSxHQUFHLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQTtJQUN2QixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQyxDQUFBO0lBQzlCLElBQUksR0FBRyxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLEdBQUcsR0FBRyxLQUFLLEdBQUcsQ0FBQyxDQUFBO1FBQzdCLElBQUksR0FBRyxHQUFHLEtBQUs7WUFBRSxHQUFHLEdBQUcsS0FBSyxDQUFBO0lBQzdCLENBQUM7SUFFRCxnQkFBZ0I7SUFDaEIsSUFBSSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUE7SUFDOUIsSUFBSSxDQUFDLG1CQUFtQixJQUFJLGtCQUFrQixDQUFDLElBQUksQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUNuRSxRQUFRO1FBQ1IsSUFBSSxTQUFTLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsRUFBQyxPQUFPLEVBQUUsSUFBSSxFQUFDLENBQUMsQ0FBQTtRQUV4RCxtQkFBbUI7UUFDbkIsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDO1lBQUUsU0FBUyxHQUFHLENBQUMsQ0FBQyxDQUFBO1FBRTNDLGdCQUFnQjtRQUNoQixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1lBQ3RCLGdCQUFnQjtZQUNoQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUE7WUFFMUQsc0NBQXNDO1lBQ3RDLE1BQU0sSUFBSSxLQUFLLENBQUMscUVBQXFFLENBQUMsQ0FBQTtZQUN0RiwyQkFBMkI7WUFDM0IsOERBQThEO1lBQzlELEtBQUs7UUFDTixDQUFDO1FBRUQsa0ZBQWtGO1FBQ2xGLElBQUksU0FBUyxLQUFLLENBQUMsQ0FBQyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDaEQsZ0JBQWdCO1lBQ2hCLEdBQUcsQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFBO1lBQ3BCLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLFlBQVksQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7WUFFeEUsNkJBQTZCO1lBQzdCLEtBQUssSUFBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFBO1lBQzNCLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsQ0FBQyxDQUFBO1FBQ2hELENBQUM7SUFDRixDQUFDO0lBRUQsbUJBQW1CO0lBQ25CLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxLQUFLLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQyxDQUFBO0lBRXRDLGlCQUFpQjtJQUNqQixHQUFHLENBQUMsU0FBUyxDQUFDLGdCQUFnQixFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBRXBDLGVBQWU7SUFDZixJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssTUFBTTtRQUFFLE9BQU8sS0FBSyxNQUFNLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUE7SUFFM0UsOEJBQThCO0lBQzlCLE1BQU0sTUFBTSxHQUFHLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxFQUFDLEtBQUssRUFBRSxHQUFHLEVBQUMsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7SUFFaEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLGFBQWEsRUFBUSxDQUFBO0lBRTNDLFVBQVUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDeEIsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLEVBQUU7UUFDeEIsT0FBTyxFQUFFLENBQUE7UUFDVCxLQUFLLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ2xCLENBQUMsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQy9CLFNBQVMsT0FBTztRQUNmLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQTtJQUNqQixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFBO0FBQ3JCLENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxHQUFvQixFQUFFLEdBQW1CO0lBQy9ELE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7SUFFdkMsSUFBSSxDQUFDLE9BQU87UUFBRSxPQUFPLElBQUksQ0FBQTtJQUV6QixtQkFBbUI7SUFDbkIsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQTtRQUNsQyxPQUFPLElBQUksSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3RDLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQTtJQUNuRCxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUMsSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUE7QUFDN0QsQ0FBQztBQUVELFNBQVMsWUFBWSxDQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsS0FBSztJQUN2QyxPQUFPLEdBQUcsSUFBSSxJQUFJLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFBO0FBQ3hFLENBQUMifQ==
|
|
188
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljSGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9zdGF0aWNIZWxwZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sNEJBQTRCLENBQUE7QUFDbkMsT0FBTyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQzVCLE9BQU8sRUFBQyxJQUFJLEVBQUMsTUFBTSxrQkFBa0IsQ0FBQTtBQUNyQyxPQUFPLEVBQUMsYUFBYSxFQUFFLE9BQU8sRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3hELE9BQU8sRUFBQyx1QkFBdUIsRUFBQyxNQUFNLG1CQUFtQixDQUFBO0FBQ3pELE9BQU8sRUFBQyxLQUFLLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBQyxNQUFNLG9CQUFvQixDQUFBO0FBQ3ZFLE9BQU8sRUFBQyxVQUFVLEVBQUMsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRCxPQUFPLEVBQUMsZ0JBQWdCLEVBQUMsTUFBTSxTQUFTLENBQUE7QUFDeEMsT0FBTyxFQUFDLFVBQVUsRUFBQyxNQUFNLHlCQUF5QixDQUFBO0FBQ2xELE9BQU8sRUFBQyxTQUFTLEVBQUMsTUFBTSxXQUFXLENBQUE7QUFFbkMsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUE7QUFDdEMsTUFBTSxjQUFjLEdBQUcsNEJBQTRCLENBQUE7QUFxQm5ELE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNwQyxHQUFvQixFQUNwQixHQUFtQixFQUNuQixRQUFnQixFQUFFLDhCQUE4QjtBQUNoRCxFQUNDLElBQUksRUFBRSxhQUFhLEVBQ25CLEtBQUssR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUNkLG1CQUFtQixFQUNuQixtQkFBbUIsRUFDbkIsSUFBSSxHQUFHLFFBQVEsRUFDZixtQkFBbUIsRUFDbkIsTUFBTSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxJQUFJLEVBQUUsU0FBUztBQUM3QyxTQUFTLE1BQ1csRUFBRTtJQUV2QixlQUFlO0lBQ2YsSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7SUFFekQsSUFBSSxLQUFlLENBQUE7SUFDbkIsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNWLFlBQVk7UUFDWixRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLElBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxFQUFFLENBQUMsQ0FBQTtRQUVwRCxpQkFBaUI7UUFDakIsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7UUFFL0QscUJBQXFCO1FBQ3JCLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUVoQywwQ0FBMEM7UUFDMUMsUUFBUSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQTtJQUNyRCxDQUFDO1NBQU0sQ0FBQztRQUNQLGlCQUFpQjtRQUNqQixJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUUvRCxxQkFBcUI7UUFDckIsS0FBSyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUVoRCwwQ0FBMEM7UUFDMUMsUUFBUSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEMsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixJQUFJLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFBO0lBRXBJLGtCQUFrQjtJQUNsQixJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLElBQUksQ0FBQyxHQUFHO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRTdHLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ3JDLDhCQUE4QjtJQUM5QixzRkFBc0Y7SUFDdEYsc0JBQXNCO0lBQ3RCLHdCQUF3QjtJQUN4QixrQkFBa0I7SUFDbEIsbUJBQW1CO0lBQ25CLFlBQVk7SUFDWixJQUFJO0lBRUosSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO1FBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFBO0lBRXpGLElBQUksR0FBRyxDQUFDLFdBQVc7UUFBRSxPQUFNO0lBRTNCLDBCQUEwQjtJQUUxQixJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQztRQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBRXBHLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQ3pGO1lBQ0MsbUJBQW1CLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxFQUFFO1lBQzlDLFNBQVMsSUFBSSxXQUFXO1NBQ3hCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FDNUIsQ0FBQTtJQUVELElBQUksQ0FBQyxtQkFBbUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFBO0lBRXpILElBQUksSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxLQUFLLE1BQU0sQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLGFBQWEsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDOUosNkJBQTZCO0lBRTdCLGVBQWU7SUFDZixJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUM7UUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLGNBQWMsRUFBRSx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLDBCQUEwQixDQUFDLENBQUE7SUFFekosMEJBQTBCO0lBQzFCLG1CQUFtQjtJQUNuQixJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7UUFDdkksOEJBQThCO1FBQzlCLFdBQVc7UUFDWCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQ3JDLElBQUksS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFBO1lBQ2xDLElBQ0MsQ0FBQyxJQUFJO21CQUNGLENBQUMsS0FBSyxLQUFLLEdBQUcsSUFBSSxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxLQUFLLElBQUksSUFBSSxLQUFLLEtBQUssSUFBSSxHQUFHLElBQUksSUFBSSxJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksQ0FBQyxDQUFDO2dCQUMzSCxNQUFNLElBQUksS0FBSyxDQUFDLGdFQUFnRSxDQUFDLENBQUE7UUFDcEYsQ0FBQztRQUVELG9GQUFvRjtRQUNwRixJQUFJLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztZQUNyQixNQUFNLGVBQWUsR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUE7WUFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsRUFBRSxDQUFDO2dCQUM3QixNQUFNLFlBQVksR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFBO2dCQUNsRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxZQUFZLEdBQUcsZUFBZTtvQkFBRSxNQUFNLElBQUksS0FBSyxDQUFDLDBFQUEwRSxDQUFDLENBQUE7WUFDdkosQ0FBQztRQUNGLENBQUM7UUFDRCxpQ0FBaUM7UUFFakMsYUFBYTtRQUNiLElBQ0MsQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxLQUFLLEdBQUcsQ0FBQztlQUN0RSxLQUFLLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRTtnQkFDckIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2dCQUMzQixrRUFBa0U7Z0JBQ2xFLGVBQWUsRUFBRSxJQUFJLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO2FBQzdFLENBQUMsRUFDRCxDQUFDO1lBQ0YsNEJBQTRCO1lBQzVCLEdBQUcsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtZQUNwQyxHQUFHLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUE7WUFDcEMsR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFBO1lBQ2xDLEdBQUcsQ0FBQyxZQUFZLENBQUMsZUFBZSxDQUFDLENBQUE7WUFDakMsR0FBRyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUNoQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixPQUFPLEtBQUssTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO1FBQ2pELENBQUM7SUFDRixDQUFDO0lBRUQsa0NBQWtDO0lBQ2xDLElBQUksR0FBRyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUE7SUFDdkIsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsR0FBRyxLQUFLLENBQUMsQ0FBQTtJQUM5QixJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxHQUFHLEdBQUcsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUM3QixJQUFJLEdBQUcsR0FBRyxLQUFLO1lBQUUsR0FBRyxHQUFHLEtBQUssQ0FBQTtJQUM3QixDQUFDO0lBRUQsZ0JBQWdCO0lBQ2hCLElBQUksTUFBTSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFBO0lBQzlCLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDbkUsUUFBUTtRQUNSLElBQUksU0FBUyxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUMsT0FBTyxFQUFFLElBQUksRUFBQyxDQUFDLENBQUE7UUFFeEQsbUJBQW1CO1FBQ25CLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQztZQUFFLFNBQVMsR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUUzQyxnQkFBZ0I7UUFDaEIsSUFBSSxTQUFTLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUN0QixnQkFBZ0I7WUFDaEIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBRTFELHNDQUFzQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLHFFQUFxRSxDQUFDLENBQUE7WUFDdEYsMkJBQTJCO1lBQzNCLDhEQUE4RDtZQUM5RCxLQUFLO1FBQ04sQ0FBQztRQUVELGtGQUFrRjtRQUNsRixJQUFJLFNBQVMsS0FBSyxDQUFDLENBQUMsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2hELGdCQUFnQjtZQUNoQixHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQTtZQUNwQixHQUFHLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBRXhFLDZCQUE2QjtZQUM3QixLQUFLLElBQUksU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQTtZQUMzQixHQUFHLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUMsQ0FBQTtRQUNoRCxDQUFDO0lBQ0YsQ0FBQztJQUVELG1CQUFtQjtJQUNuQixHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsS0FBSyxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUV0QyxpQkFBaUI7SUFDakIsR0FBRyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUVwQyxlQUFlO0lBQ2YsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU07UUFBRSxPQUFPLEtBQUssTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBRTNFLDhCQUE4QjtJQUM5QixNQUFNLE1BQU0sR0FBRyxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsRUFBQyxLQUFLLEVBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQTtJQUN2RCxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBRWhCLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQVEsQ0FBQTtJQUUzQyxVQUFVLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFBO0lBQ3hCLE1BQU0sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxFQUFFO1FBQ3hCLE9BQU8sRUFBRSxDQUFBO1FBQ1QsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUNsQixDQUFDLENBQUMsQ0FBQTtJQUNGLE1BQU0sQ0FBQyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQTtJQUMvQixTQUFTLE9BQU87UUFDZixNQUFNLENBQUMsT0FBTyxFQUFFLENBQUE7SUFDakIsQ0FBQztJQUVELE9BQU8sS0FBSyxDQUFDLE9BQU8sQ0FBQTtBQUNyQixDQUFDO0FBRUQsU0FBUyxZQUFZLENBQUUsR0FBb0IsRUFBRSxHQUFtQjtJQUMvRCxNQUFNLE9BQU8sR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRXZDLElBQUksQ0FBQyxPQUFPO1FBQUUsT0FBTyxJQUFJLENBQUE7SUFFekIsbUJBQW1CO0lBQ25CLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDbEMsT0FBTyxJQUFJLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUN0QyxDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLENBQUE7SUFDbkQsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDLElBQUksYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFBO0FBQzdELENBQUM7QUFFRCxTQUFTLFlBQVksQ0FBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLEtBQUs7SUFDdkMsT0FBTyxHQUFHLElBQUksSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQTtBQUN4RSxDQUFDIn0=
|