atreyabain/nodejs-fm
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

Fix sandboxing(#1)

Browse Source
This commit is contained in:
Atreya Bain
2019-05-24 11:04:51 +05:30
parent 5e41f1ceb0
commit 41534493b7
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -1,4 +1,7 @@
# nodejs-fm # nodejs-fm
[![Build Status](https://travis-ci.org/chrisvrose/nodejs-fm.svg?branch=master)](https://travis-ci.org/chrisvrose/nodejs-fm)
A simple file manager for managing files on a remote fs using Node. A simple file manager for managing files on a remote fs using Node.
Dependencies: `express` `body-parser` `sqlite` Dependencies: `express` `body-parser` `sqlite`

6
index.js
View File

@@ -44,7 +44,7 @@ let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirma
app.post('/files/ls',(req,res,next)=>{ app.post('/files/ls',(req,res,next)=>{
const location = processing.mergedir(req.body.loc,settings) const location = processing.mergedir(req.body.loc,settings)
const nloc = path.normalize(req.body.loc);
//Make sure not escaping the given path; insecure //Make sure not escaping the given path; insecure
if(inDir(settings.dirname,location)){ if(inDir(settings.dirname,location)){
fs.readdir(location,{withFileTypes:true},(err,files)=>{ fs.readdir(location,{withFileTypes:true},(err,files)=>{
@@ -53,8 +53,8 @@ app.post('/files/ls',(req,res,next)=>{
} }
else{ else{
res.json({ res.json({
"location": location , "loc": nloc ,
"back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(location,'..')):null, "back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(nloc,'..')):null,
"contents":processing.dirprocess(files,location,settings) "contents":processing.dirprocess(files,location,settings)
}) })
} }

2
static/base.js
View File

@@ -20,7 +20,7 @@ function updateContents(contents){
//console.log(contents) //console.log(contents)
// Change top header contents // Change top header contents
$('#files-location').html(currDir.loc) $('#files-location').html(contents.loc)
// if empty, return null, this shouldnt execute if the server is responding properly but ok // if empty, return null, this shouldnt execute if the server is responding properly but ok
if(contents===null) { if(contents===null) {

2
test.js
View File

@@ -18,6 +18,8 @@ describe('Page Status',()=>{
it('POST /files/ls the home page',(done)=>{ it('POST /files/ls the home page',(done)=>{
chai.request(testScript).post('/files/ls').send({'loc':'/'}).end((err,res)=>{ chai.request(testScript).post('/files/ls').send({'loc':'/'}).end((err,res)=>{
res.should.have.status(200) res.should.have.status(200)
res.body.should.have.property('loc').eql('/')
res.body.should.have.property('back').eql(null)
//TODO: MAKE SURE JSON FILE //TODO: MAKE SURE JSON FILE
done() done()
}) })