Ensure directories

eaa62184 · Johannes Zellner · a7f450d7 · eaa62184 · eaa62184 · eaa62184
Commit eaa62184 authored Jun 27, 2015 by Johannes Zellner
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 19 deletions

app.js app.js +1 -0

package.json package.json +4 -1

files.js src/files.js +25 -18

No files found.
--- a/app.js
+++ b/app.js
@@ -22,6 +22,7 @@ router.delete('/api/files/*', files.del);
 app.use(morgan('dev'));
 app.use(compression());
 app.use(bodyParser.json());
+app.use(express.static(__dirname + '/files'));
 app.use(router);
 app.use(lastMile());

--- a/package.json
+++ b/package.json
@@ -14,13 +14,16 @@
  "license": "MIT",
  "dependencies": {
    "body-parser": "^1.13.1",
+    "commander": "^2.8.1",
    "compression": "^1.5.0",
    "connect-lastmile": "0.0.10",
    "connect-timeout": "^1.6.2",
    "ejs": "^2.3.1",
    "express": "^4.12.4",
+    "mkdirp": "^0.5.1",
    "morgan": "^1.6.0",
    "multiparty": "^4.1.2",
-    "rimraf": "^2.4.0"
+    "rimraf": "^2.4.0",
+    "superagent": "^1.2.0"
  }
 }
--- a/src/files.js
+++ b/src/files.js
@@ -4,6 +4,7 @@ var fs = require('fs'),
    path = require('path'),
    ejs = require('ejs'),
    rimraf = require('rimraf'),
+    mkdirp = require('mkdirp'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -19,28 +20,33 @@ var FILE_BASE = path.resolve(__dirname, '../files');
 function copyFile(source, target, cb) {
    var cbCalled = false;
-    var rd = fs.createReadStream(source);
+    // ensure directory
-        rd.on("error", function(err) {
+    mkdirp(path.dirname(target), function (error) {
-        done(err);
+        if (error) return cb(error);
-    });
-    var wr = fs.createWriteStream(target);
+        var rd = fs.createReadStream(source);
-        wr.on("error", function(err) {
+            rd.on("error", function(err) {
-        done(err);
+            done(err);
-    });
+        });
-    wr.on("close", function(ex) {
+        var wr = fs.createWriteStream(target);
-        done();
+            wr.on("error", function(err) {
-    });
+            done(err);
+        });
-    rd.pipe(wr);
+        wr.on("close", function(ex) {
+            done();
+        });
+        rd.pipe(wr);
-    function done(err) {
+        function done(err) {
-        if (!cbCalled) {
+            if (!cbCalled) {
-            cb(err);
+                cb(err);
-            cbCalled = true;
+                cbCalled = true;
+            }
        }
-    }
+    });
 }
 function render(view, options) {
@@ -99,7 +105,8 @@ function put(req, res, next) {
 function del(req, res, next) {
    var filePath = req.params[0];
    var absoluteFilePath = getAbsolutePath(filePath);
-    if (!absoluteFilePath) return next(new HttpError(403, 'Path not allowed'));
+    if (!absoluteFilePath) return next(new HttpError(404, 'Not found'));
+    if (absoluteFilePath.slice(FILE_BASE.length) === '') return next(new HttpError(403, 'Forbidden'));
    fs.stat(absoluteFilePath, function (error, result) {
        if (error) return next(new HttpError(404, error));