Compare commits

..

No commits in common. "f7e79ab35b7ebc1e3c98b0a314523954c4535db1" and "1a7fe35f7dbfd5539c86edd842c7b5d1aba04431" have entirely different histories.

3 changed files with 7 additions and 64 deletions

View File

@ -97,18 +97,6 @@ export default class UtapiRequest {
return this;
}
/**
* Set request pathname
*
* @param {string} pathname - pathname from url.parse
* of request.url (pathname minus query)
* @return {UtapiRequest} itself
*/
setRequestPathname(pathname) {
this._requestPathname = pathname;
return this;
}
/**
* Get http request object
*
@ -145,15 +133,6 @@ export default class UtapiRequest {
return this._requestPath;
}
/**
* Get request pathname
*
* @return {string} request pathname
*/
getRequestPathname() {
return this._requestPathname;
}
/**
* Get requester ip address
*

View File

@ -34,52 +34,17 @@ class UtapiServer {
routes.forEach(item => this.router.addRoute(new Route(item)));
}
/**
* Function to validate a URI component
*
* @param {string|object} component - path from url.parse of request.url
* (pathname plus query) or query from request
* @return {string|undefined} If `decodeURIComponent` throws an error,
* return the invalid `decodeURIComponent` string, otherwise return
* `undefined`
*/
_checkURIComponent(component) {
if (typeof component === 'string') {
try {
decodeURIComponent(component);
} catch (err) {
return true;
}
} else {
return Object.keys(component).find(x => {
try {
decodeURIComponent(x);
decodeURIComponent(component[x]);
} catch (err) {
return true;
}
return false;
});
}
return undefined;
}
requestListener(req, res, router) {
// disable nagle algorithm
req.socket.setNoDelay();
const { query, path, pathname } = url.parse(req.url, true);
const { query, path } = url.parse(req.url, true);
const utapiRequest = new UtapiRequest()
.setRequest(req)
.setLog(this.logger.newRequestLogger())
.setResponse(res)
.setDatastore(this.datastore);
// Sanity check for valid URI component
if (this._checkURIComponent(query) || this._checkURIComponent(path)) {
return this.errorResponse(utapiRequest, errors.InvalidURI);
}
utapiRequest.setRequestQuery(query);
utapiRequest.setRequestPath(path);
utapiRequest.setRequestPathname(pathname);
.setDatastore(this.datastore)
.setRequestQuery(query)
.setRequestPath(path);
// temp hack: healthcheck route
if (path === '/_/healthcheck' && (req.method === 'GET'
|| req.method === 'POST')) {

View File

@ -217,10 +217,9 @@ class Router {
utapiRequest.getAction(), 'utapi')
);
auth.setHandler(this._vault);
const request = utapiRequest.getRequest();
request.path = utapiRequest.getRequestPathname();
request.query = utapiRequest.getRequestQuery();
return auth.server.doAuth(request, log, (err, authResults) => {
const requestPlusPath = utapiRequest.getRequest();
requestPlusPath.path = utapiRequest.getRequestPath();
return auth.server.doAuth(requestPlusPath, log, (err, authResults) => {
if (err) {
return cb(err);
}