From 4f49e80e3d5e574c8eeea27bbd1dcf3384c467c8 Mon Sep 17 00:00:00 2001 From: gurumaxi Date: Sun, 10 Jul 2022 09:27:17 +0200 Subject: [PATCH 1/3] feat: added request to allowedPath option --- README.md | 4 ++-- index.d.ts | 4 ++-- index.js | 2 +- test/static.test.js | 43 ++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 47 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b505af9..f9a34c0 100644 --- a/README.md +++ b/README.md @@ -169,9 +169,9 @@ with `ignoreTrailingSlash` set to `true`. #### `allowedPath` -Default: `(pathname, root) => true` +Default: `(pathName, root, request) => true` -This function allows filtering the served files. +This function allows filtering the served files. Also, with the help of the request object a more complex path authentication is possible. If the function returns `true`, the file will be served. If the function returns `false`, Fastify's 404 handler will be called. diff --git a/index.d.ts b/index.d.ts index df3f3ca..058be5e 100644 --- a/index.d.ts +++ b/index.d.ts @@ -2,7 +2,7 @@ // Leo /// -import { FastifyPluginCallback, FastifyReply } from 'fastify'; +import { FastifyPluginCallback, FastifyReply, FastifyRequest } from 'fastify'; import { Stats } from 'fs'; declare module "fastify" { @@ -83,7 +83,7 @@ export interface FastifyStaticOptions extends SendOptions { redirect?: boolean; wildcard?: boolean; list?: boolean | ListOptionsJsonFormat | ListOptionsHtmlFormat; - allowedPath?: (pathName: string, root?: string) => boolean; + allowedPath?: (pathName: string, root?: string, request: FastifyRequest) => boolean; /** * @description * Opt-in to looking for pre-compressed files diff --git a/index.js b/index.js index 56f3939..ed2f6bf 100644 --- a/index.js +++ b/index.js @@ -72,7 +72,7 @@ async function fastifyStatic (fastify, opts) { } } - if (allowedPath && !allowedPath(pathname, options.root)) { + if (allowedPath && !allowedPath(pathname, options.root, request)) { return reply.callNotFound() } diff --git a/test/static.test.js b/test/static.test.js index f3531cd..e43b1c0 100644 --- a/test/static.test.js +++ b/test/static.test.js @@ -973,7 +973,7 @@ t.test('sendFile disabled', (t) => { }) }) -t.test('allowedPath option', (t) => { +t.test('allowedPath option - pathname', (t) => { t.plan(3) const pluginOptions = { @@ -1014,6 +1014,47 @@ t.test('allowedPath option', (t) => { }) }) +t.test('allowedPath option - request', (t) => { + t.plan(3) + + const pluginOptions = { + root: path.join(__dirname, '/static'), + allowedPath: (pathName, root, request) => request.query.key === 'temporaryKey' + } + const fastify = Fastify() + fastify.register(fastifyStatic, pluginOptions) + fastify.listen({ port: 0 }, (err) => { + t.error(err) + + fastify.server.unref() + + t.test('/foobar.html not found', (t) => { + t.plan(2 + GENERIC_ERROR_RESPONSE_CHECK_COUNT) + simple.concat({ + method: 'GET', + url: 'http://localhost:' + fastify.server.address().port + '/foobar.html', + followRedirect: false + }, (err, response, body) => { + t.error(err) + t.equal(response.statusCode, 404) + genericErrorResponseChecks(t, response) + }) + }) + + t.test('/index.css found', (t) => { + t.plan(2) + simple.concat({ + method: 'GET', + url: 'http://localhost:' + fastify.server.address().port + '/index.css?key=temporaryKey', + followRedirect: false + }, (err, response, body) => { + t.error(err) + t.equal(response.statusCode, 200) + }) + }) + }) + }) + t.test('download', (t) => { t.plan(7) From a0cc2c454e00616c812a0c6789512681e25d96e3 Mon Sep 17 00:00:00 2001 From: gurumaxi Date: Mon, 11 Jul 2022 18:16:42 +0200 Subject: [PATCH 2/3] added allowedPath tests --- index.d.ts | 2 +- test/static.test.js | 70 ++++++++++++++++++++++----------------------- test/types/index.ts | 7 +++-- 3 files changed, 41 insertions(+), 38 deletions(-) diff --git a/index.d.ts b/index.d.ts index 058be5e..7bf2785 100644 --- a/index.d.ts +++ b/index.d.ts @@ -83,7 +83,7 @@ export interface FastifyStaticOptions extends SendOptions { redirect?: boolean; wildcard?: boolean; list?: boolean | ListOptionsJsonFormat | ListOptionsHtmlFormat; - allowedPath?: (pathName: string, root?: string, request: FastifyRequest) => boolean; + allowedPath?: (pathName: string, root: string, request: FastifyRequest) => boolean; /** * @description * Opt-in to looking for pre-compressed files diff --git a/test/static.test.js b/test/static.test.js index e43b1c0..7ee74c5 100644 --- a/test/static.test.js +++ b/test/static.test.js @@ -1015,45 +1015,45 @@ t.test('allowedPath option - pathname', (t) => { }) t.test('allowedPath option - request', (t) => { - t.plan(3) - - const pluginOptions = { - root: path.join(__dirname, '/static'), - allowedPath: (pathName, root, request) => request.query.key === 'temporaryKey' - } - const fastify = Fastify() - fastify.register(fastifyStatic, pluginOptions) - fastify.listen({ port: 0 }, (err) => { - t.error(err) - - fastify.server.unref() - - t.test('/foobar.html not found', (t) => { - t.plan(2 + GENERIC_ERROR_RESPONSE_CHECK_COUNT) - simple.concat({ - method: 'GET', - url: 'http://localhost:' + fastify.server.address().port + '/foobar.html', - followRedirect: false - }, (err, response, body) => { - t.error(err) - t.equal(response.statusCode, 404) - genericErrorResponseChecks(t, response) - }) + t.plan(3) + + const pluginOptions = { + root: path.join(__dirname, '/static'), + allowedPath: (pathName, root, request) => request.query.key === 'temporaryKey' + } + const fastify = Fastify() + fastify.register(fastifyStatic, pluginOptions) + fastify.listen({ port: 0 }, (err) => { + t.error(err) + + fastify.server.unref() + + t.test('/foobar.html not found', (t) => { + t.plan(2 + GENERIC_ERROR_RESPONSE_CHECK_COUNT) + simple.concat({ + method: 'GET', + url: 'http://localhost:' + fastify.server.address().port + '/foobar.html', + followRedirect: false + }, (err, response, body) => { + t.error(err) + t.equal(response.statusCode, 404) + genericErrorResponseChecks(t, response) }) - - t.test('/index.css found', (t) => { - t.plan(2) - simple.concat({ - method: 'GET', - url: 'http://localhost:' + fastify.server.address().port + '/index.css?key=temporaryKey', - followRedirect: false - }, (err, response, body) => { - t.error(err) - t.equal(response.statusCode, 200) - }) + }) + + t.test('/index.css found', (t) => { + t.plan(2) + simple.concat({ + method: 'GET', + url: 'http://localhost:' + fastify.server.address().port + '/index.css?key=temporaryKey', + followRedirect: false + }, (err, response, body) => { + t.error(err) + t.equal(response.statusCode, 200) }) }) }) +}) t.test('download', (t) => { t.plan(7) diff --git a/test/types/index.ts b/test/types/index.ts index ab955b9..3ac9ce0 100644 --- a/test/types/index.ts +++ b/test/types/index.ts @@ -1,4 +1,4 @@ -import fastify from 'fastify' +import fastify, { FastifyRequest } from 'fastify' import { expectAssignable, expectError } from 'tsd' import fastifyStatic, { FastifyStaticOptions } from '../..' @@ -24,7 +24,10 @@ const options: FastifyStaticOptions = { setHeaders: (res: any, pathName: any) => { res.setHeader('test', pathName) }, - preCompressed: false + preCompressed: false, + allowedPath: (pathName: string, root: string, request: FastifyRequest) => { + return true; + } } expectError({ From 61bd0fb88fc100a2a3c3776f24ef4969d70bf353 Mon Sep 17 00:00:00 2001 From: Manuel Spigolon Date: Sat, 30 Jul 2022 13:19:10 +0200 Subject: [PATCH 3/3] fix: test type --- test/types/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/types/index.ts b/test/types/index.ts index 7536ec5..d596076 100644 --- a/test/types/index.ts +++ b/test/types/index.ts @@ -1,4 +1,4 @@ -import fastify, { FastifyInstance, FastifyPluginCallback } from 'fastify' +import fastify, { FastifyInstance, FastifyPluginCallback, FastifyRequest } from 'fastify' import { Server } from 'http'; import { expectAssignable, expectError, expectType } from 'tsd' import * as fastifyStaticStar from '../..';