mockaton 8.7.6 → 8.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/StaticDispatcher.js +10 -12
  3. package/src/config.js +3 -3
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "mockaton",
3
3
  "description": "A deterministic server-side for developing and testing frontend clients",
4
4
  "type": "module",
5
- "version": "8.7.6",
5
+ "version": "8.7.7",
6
6
  "main": "index.js",
7
7
  "types": "index.d.ts",
8
8
  "license": "MIT",
package/src/StaticDispatcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { join, resolve } from 'node:path'
2
- import fs, { readFileSync } from 'node:fs'
2
+ import fs, { readFileSync, realpathSync } from 'node:fs'
3
3
 
4
4
  import { config } from './config.js'
5
5
  import { mimeFor } from './utils/mime.js'
@@ -8,19 +8,14 @@ import { sendNotFound, sendInternalServerError } from './utils/http-response.js'
8
8
 
9
9
 
10
10
  export function isStatic(req) {
11
- if (!config.staticDir || !isWithinStaticDir(req.url))
11
+ if (!config.staticDir)
12
12
  return false
13
- const f = resolvePath(req.url)
13
+ const f = resolvedAllowedPath(req.url)
14
14
  return f && !config.ignore.test(f)
15
15
  }
16
16
 
17
- function isWithinStaticDir(url) {
18
- const candidate = resolve(join(config.staticDir, url))
19
- return candidate.startsWith(config.staticDir)
20
- }
21
-
22
17
  export async function dispatchStatic(req, response) {
23
- const file = resolvePath(req.url)
18
+ const file = resolvedAllowedPath(req.url)
24
19
  if (!file)
25
20
  sendNotFound(response)
26
21
  else if (req.headers.range)
@@ -29,11 +24,14 @@ export async function dispatchStatic(req, response) {
29
24
  sendFile(response, file)
30
25
  }
31
26
 
32
- function resolvePath(url) {
33
- let candidate = join(config.staticDir, url)
27
+ function resolvedAllowedPath(url) {
28
+ let candidate = resolve(join(config.staticDir, url))
34
29
  if (isDirectory(candidate))
35
30
  candidate = join(candidate, 'index.html')
36
- if (isFile(candidate))
31
+ if (!isFile(candidate))
32
+ return false
33
+ candidate = realpathSync(candidate)
34
+ if (candidate.startsWith(config.staticDir))
37
35
  return candidate
38
36
  }
39
37
 
package/src/config.js CHANGED
@@ -1,4 +1,4 @@
1
- import { resolve } from 'node:path'
1
+ import { realpathSync } from 'node:fs'
2
2
  import { isDirectory } from './utils/fs.js'
3
3
  import { openInBrowser } from './utils/openInBrowser.js'
4
4
  import { jsToJsonPlugin } from './MockDispatcherPlugins.js'
@@ -68,8 +68,8 @@ export function setup(options) {
68
68
  onReady: is(Function)
69
69
  })
70
70
 
71
- config.mocksDir = resolve(config.mocksDir)
72
- config.staticDir = resolve(config.staticDir)
71
+ config.mocksDir = realpathSync(config.mocksDir)
72
+ config.staticDir = realpathSync(config.staticDir)
73
73
  }
74
74
 
75
75