diff --git a/.gitignore b/.gitignore index ad46b30..13297c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Random files to check for function +sandbox/* + # Logs logs *.log diff --git a/index.js b/index.js index 1cbb46b..9e87b05 100644 --- a/index.js +++ b/index.js @@ -34,13 +34,16 @@ const DIR=settings.dirname; app.use(bodyParser.urlencoded({extended:false})) app.use(bodyParser.json()) +// Check if a given directory is within the main defined directory or not let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirmain).startsWith('..') + + + //Get folder details app.post('/files/ls',(req,res,next)=>{ const location = processing.mergedir(req.body.loc,settings) - //console.log(path.relative( path.normalize(settings.dirname) ,location)) //Make sure not escaping the given path; insecure if(inDir(settings.dirname,location)){ @@ -64,6 +67,11 @@ app.post('/files/ls',(req,res,next)=>{ //next() }) +app.post('/files/ls',(res,rep,next)=>{ + +}) + + //Attempt to upload a file - Placeholder app.put('/files/upload',(req,res)=>{ console.log("Upload attempted") @@ -87,4 +95,8 @@ app.listen(port,()=>{ console.log(`Listening : ${port}`) }) +app.use((err,req,res,next)=>{ + res.status(500).json({error:`${err}`}) +}) + module.exports = app; \ No newline at end of file diff --git a/settings.json b/settings.json index 1317708..d46efb7 100644 --- a/settings.json +++ b/settings.json @@ -1,5 +1,5 @@ { - "dirname":"./", + "dirname":"./sandbox/", "sqlFileName":"test.db", "showHidden":false, "authToUpload":false diff --git a/test.js b/test.js index ac97ab6..c346125 100644 --- a/test.js +++ b/test.js @@ -28,4 +28,10 @@ describe('Page Status',()=>{ done() }) }) + it('POST for some file that does not exist',done=>{ + chai.request(testScript).post('/files/ls').send({'loc':'\\'}).end((err,res)=>{ + res.should.have.status(500) + done() + }) + }) }) \ No newline at end of file