Compare commits
3 Commits
1a7fe35f7d
...
f7e79ab35b
| Author | SHA1 | Date |
|---|---|---|
Rahul Padigela
|
f7e79ab35b | |
|
Bennett Buchanan
|
5cd13805ac | |
|
Bennett Buchanan
|
fd19956c33 |
|
|
@ -97,6 +97,18 @@ export default class UtapiRequest {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set request pathname
|
||||||
|
*
|
||||||
|
* @param {string} pathname - pathname from url.parse
|
||||||
|
* of request.url (pathname minus query)
|
||||||
|
* @return {UtapiRequest} itself
|
||||||
|
*/
|
||||||
|
setRequestPathname(pathname) {
|
||||||
|
this._requestPathname = pathname;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get http request object
|
* Get http request object
|
||||||
*
|
*
|
||||||
|
|
@ -133,6 +145,15 @@ export default class UtapiRequest {
|
||||||
return this._requestPath;
|
return this._requestPath;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get request pathname
|
||||||
|
*
|
||||||
|
* @return {string} request pathname
|
||||||
|
*/
|
||||||
|
getRequestPathname() {
|
||||||
|
return this._requestPathname;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get requester ip address
|
* Get requester ip address
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -34,17 +34,52 @@ class UtapiServer {
|
||||||
routes.forEach(item => this.router.addRoute(new Route(item)));
|
routes.forEach(item => this.router.addRoute(new Route(item)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Function to validate a URI component
|
||||||
|
*
|
||||||
|
* @param {string|object} component - path from url.parse of request.url
|
||||||
|
* (pathname plus query) or query from request
|
||||||
|
* @return {string|undefined} If `decodeURIComponent` throws an error,
|
||||||
|
* return the invalid `decodeURIComponent` string, otherwise return
|
||||||
|
* `undefined`
|
||||||
|
*/
|
||||||
|
_checkURIComponent(component) {
|
||||||
|
if (typeof component === 'string') {
|
||||||
|
try {
|
||||||
|
decodeURIComponent(component);
|
||||||
|
} catch (err) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return Object.keys(component).find(x => {
|
||||||
|
try {
|
||||||
|
decodeURIComponent(x);
|
||||||
|
decodeURIComponent(component[x]);
|
||||||
|
} catch (err) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
|
|
||||||
requestListener(req, res, router) {
|
requestListener(req, res, router) {
|
||||||
// disable nagle algorithm
|
// disable nagle algorithm
|
||||||
req.socket.setNoDelay();
|
req.socket.setNoDelay();
|
||||||
const { query, path } = url.parse(req.url, true);
|
const { query, path, pathname } = url.parse(req.url, true);
|
||||||
const utapiRequest = new UtapiRequest()
|
const utapiRequest = new UtapiRequest()
|
||||||
.setRequest(req)
|
.setRequest(req)
|
||||||
.setLog(this.logger.newRequestLogger())
|
.setLog(this.logger.newRequestLogger())
|
||||||
.setResponse(res)
|
.setResponse(res)
|
||||||
.setDatastore(this.datastore)
|
.setDatastore(this.datastore);
|
||||||
.setRequestQuery(query)
|
// Sanity check for valid URI component
|
||||||
.setRequestPath(path);
|
if (this._checkURIComponent(query) || this._checkURIComponent(path)) {
|
||||||
|
return this.errorResponse(utapiRequest, errors.InvalidURI);
|
||||||
|
}
|
||||||
|
utapiRequest.setRequestQuery(query);
|
||||||
|
utapiRequest.setRequestPath(path);
|
||||||
|
utapiRequest.setRequestPathname(pathname);
|
||||||
// temp hack: healthcheck route
|
// temp hack: healthcheck route
|
||||||
if (path === '/_/healthcheck' && (req.method === 'GET'
|
if (path === '/_/healthcheck' && (req.method === 'GET'
|
||||||
|| req.method === 'POST')) {
|
|| req.method === 'POST')) {
|
||||||
|
|
|
||||||
|
|
@ -217,9 +217,10 @@ class Router {
|
||||||
utapiRequest.getAction(), 'utapi')
|
utapiRequest.getAction(), 'utapi')
|
||||||
);
|
);
|
||||||
auth.setHandler(this._vault);
|
auth.setHandler(this._vault);
|
||||||
const requestPlusPath = utapiRequest.getRequest();
|
const request = utapiRequest.getRequest();
|
||||||
requestPlusPath.path = utapiRequest.getRequestPath();
|
request.path = utapiRequest.getRequestPathname();
|
||||||
return auth.server.doAuth(requestPlusPath, log, (err, authResults) => {
|
request.query = utapiRequest.getRequestQuery();
|
||||||
|
return auth.server.doAuth(request, log, (err, authResults) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
return cb(err);
|
return cb(err);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue