Chapril/drop.chapril.org-firefoxsend
Chapril/drop.chapril.org-firefoxsend
24
1
Fork 0
Code Issues Releases Activity

validate id param without middleware

Browse Source
This commit is contained in:
Danny Coates 2018-02-05 17:21:32 -08:00
parent aae61f9451
commit 1c5e47b4c4
No known key found for this signature in database
GPG Key ID: 4C442633C62E00CB
2 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
server/routes/index.js
View File

@ -5,11 +5,11 @@ const languages = require('../languages');
const storage = require('../storage');
const config = require('../config');
const pages = require('./pages');
const validation = require('../validation');
const { negotiateLanguages } = require('fluent-langneg');
const IS_DEV = config.env === 'development';
const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g;
const langData = require('cldr-core/supplemental/likelySubtags.json');
const idregx = '([0-9a-fA-F]{10})';
module.exports = function(app) {
app.use(function(req, res, next) {
@ -82,22 +82,21 @@ module.exports = function(app) {
next();
});
app.use(bodyParser.json());
app.use(validation.middleware);
app.get('/', pages.index);
app.get('/legal', pages.legal);
app.get('/jsconfig.js', require('./jsconfig'));
app.get('/share/:id', pages.blank);
app.get('/download/:id', pages.download);
app.get(`/share/:id${idregx}`, pages.blank);
app.get(`/download/:id${idregx}`, pages.download);
app.get('/completed', pages.blank);
app.get('/unsupported/:reason', pages.unsupported);
app.get('/api/download/:id', require('./download'));
app.get('/api/exists/:id', require('./exists'));
app.get('/api/metadata/:id', require('./metadata'));
app.get(`/api/download/:id${idregx}`, require('./download'));
app.get(`/api/exists/:id${idregx}`, require('./exists'));
app.get(`/api/metadata/:id${idregx}`, require('./metadata'));
app.post('/api/upload', require('./upload'));
app.post('/api/delete/:id', require('./delete'));
app.post('/api/password/:id', require('./password'));
app.post('/api/params/:id', require('./params'));
app.post('/api/info/:id', require('./info'));
app.post(`/api/delete/:id${idregx}`, require('./delete'));
app.post(`/api/password/:id${idregx}`, require('./password'));
app.post(`/api/params/:id${idregx}`, require('./params'));
app.post(`/api/info/:id${idregx}`, require('./info'));
app.get('/__version__', function(req, res) {
res.sendFile(require.resolve('../../dist/version.json'));

12
server/validation.js
View File

@ -1,12 +0,0 @@
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = {
middleware: function(req, res, next) {
if (req.params.id && !validateID(req.params.id)) {
return res.sendStatus(404);
}
next();
}
};