fix(striker-ui-api): protect static files

main
Tsu-ba-me 2 years ago
parent feae630370
commit 5d54b5d855
  1. 39
      striker-ui-api/src/routes/static.ts

@ -1,11 +1,48 @@
import express from 'express'; import express from 'express';
import { existsSync } from 'fs';
import path from 'path';
import { SERVER_PATHS } from '../lib/consts'; import { SERVER_PATHS } from '../lib/consts';
import { assertAuthentication } from '../lib/assertAuthentication';
import { stdout } from '../lib/shell';
const router = express.Router(); const router = express.Router();
const htmlDir = SERVER_PATHS.var.www.html.self;
router.use( router.use(
express.static(SERVER_PATHS.var.www.html.self, { (...args) => {
const { 0: request, 2: next } = args;
const { originalUrl } = request;
if (/^[/]login/.test(originalUrl)) {
stdout(`Static:login requested`);
return assertAuthentication({ fail: (rq, rs, nx) => nx(), succeed: '/' })(
...args,
);
}
const parts = originalUrl.replace(/[/]$/, '').split('/');
const tail = parts.pop() || 'index';
parts.push(`${tail}.html`);
const htmlPath = path.posix.join(htmlDir, ...parts);
const isHtmlExists = existsSync(htmlPath);
if (isHtmlExists) {
stdout(`Static:[${htmlPath}] requested`);
return assertAuthentication({ fail: '/login', failReturnTo: true })(
...args,
);
}
return next();
},
express.static(htmlDir, {
extensions: ['htm', 'html'], extensions: ['htm', 'html'],
}), }),
); );

Loading…
Cancel
Save