Skip to content

Commit

Permalink
fix: security problem (#1799)
Browse files Browse the repository at this point in the history
  • Loading branch information
alexander-akait authored Mar 29, 2024
1 parent 54e4a96 commit 5a4d9e8
Showing 1 changed file with 13 additions and 12 deletions.
25 changes: 13 additions & 12 deletions src/middleware.js
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ function wrapper(context) {

resolve(next());
},
req
req,
);
});
}
Expand All @@ -99,7 +99,8 @@ function wrapper(context) {
const extra = {};
const filename = getFilenameFromUrl(
context,
/** @type {string} */ (req.url)
/** @type {string} */ (req.url),
extra,
);

if (!filename) {
Expand Down Expand Up @@ -149,7 +150,7 @@ function wrapper(context) {
*/
(header) => {
setHeaderForResponse(res, header.key, header.value);
}
},
);
}

Expand All @@ -165,7 +166,7 @@ function wrapper(context) {
setHeaderForResponse(
res,
"Content-Type",
context.options.mimeTypeDefault
context.options.mimeTypeDefault,
);
}
}
Expand Down Expand Up @@ -213,7 +214,7 @@ function wrapper(context) {
setHeaderForResponse(
res,
"Content-Range",
getValueContentRangeHeader("bytes", size)
getValueContentRangeHeader("bytes", size),
);
setHeaderForResponse(res, "Content-Type", "text/html; charset=utf-8");

Expand All @@ -224,7 +225,7 @@ function wrapper(context) {
setHeaderForResponse(
res,
"Content-Length",
Buffer.byteLength(document)
Buffer.byteLength(document),
);

if (context.options.modifyResponseData) {
Expand All @@ -233,7 +234,7 @@ function wrapper(context) {
req,
res,
document,
byteLength
byteLength,
));
}

Expand All @@ -242,11 +243,11 @@ function wrapper(context) {
return;
} else if (parsedRanges === -2) {
context.logger.error(
"A malformed 'Range' header was provided. A regular response will be sent for this request."
"A malformed 'Range' header was provided. A regular response will be sent for this request.",
);
} else if (parsedRanges.length > 1) {
context.logger.error(
"A 'Range' header with multiple ranges was provided. Multiple ranges are not supported, so a regular response will be sent for this request."
"A 'Range' header with multiple ranges was provided. Multiple ranges are not supported, so a regular response will be sent for this request.",
);
}

Expand All @@ -259,8 +260,8 @@ function wrapper(context) {
getValueContentRangeHeader(
"bytes",
size,
/** @type {import("range-parser").Ranges} */ (parsedRanges)[0]
)
/** @type {import("range-parser").Ranges} */ (parsedRanges)[0],
),
);

[{ start, end }] = parsedRanges;
Expand Down Expand Up @@ -304,7 +305,7 @@ function wrapper(context) {
req,
res,
bufferOrStream,
byteLength
byteLength,
));
}

Expand Down

0 comments on commit 5a4d9e8

Please sign in to comment.